last executing test programs:

28m43.759670865s ago: executing program 4 (id=1279):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x5000, &(0x7f0000000180)={&(0x7f00000000c0)={0x2c, 0x40, 0x1, 0x7fffc, 0x4, {0x2}, [@nested={0x4, 0x48}, @nested={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x10, 0x0, 0x1, [@nested={0x4, 0x8}, @typed={0x8, 0x1, 0x0, 0x0, @u32=0xbe9}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000000)=0x8008, 0xffffff6a)
r4 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x1)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x1, 0x6)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r6, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r7], 0x3c}}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x68, 0x2, 0xf016, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001240)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r6, {}, {0x0, 0x1}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0xc9, 0x8}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc084)

28m42.334742611s ago: executing program 4 (id=1283):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x6e}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mprotect(&(0x7f00001af000/0x1000)=nil, 0x1000, 0x1)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r2, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000340)={0x2, &(0x7f00000000c0)=[{0x28, 0x7, 0x0, 0xa56e}, {0x6, 0xfe, 0x0, 0xa1a}]}, 0x8)
sendmmsg(r0, &(0x7f0000002900)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000b40)="97a797c5", 0xa797}], 0x1}}], 0x1, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8005, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000040)={0x4, 0x33524742, 0x1, @discrete={0x5, 0x2}})
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r5)
r6 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
renameat(r7, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8004, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_X86_SETUP_MCE(r10, 0x4008ae9c, &(0x7f0000000640)={0x10, 0x0, 0x4})
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20, &(0x7f0000002880)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000100)=@updsa={0x108, 0x1a, 0xa, 0x70bd2b, 0x25dfdbfb, {{@in=@multicast1, @in=@multicast1, 0x4e24, 0xfff7, 0x4e22, 0x0, 0x2, 0x20}, {@in6=@mcast1, 0x4d3, 0x3c}, @in=@multicast1, {0x1, 0x8, 0x6, 0x6a6796, 0x225b, 0x802, 0x8, 0x4000000661}, {0xe6, 0x8000000000000001, 0x4, 0x7fd}, {0x6, 0x80000000, 0x800007}, 0x70bd25, 0x3503, 0x2, 0x2, 0xf, 0x80}, [@encap={0x1c, 0x4, {0xffffffffffffffff, 0x4e24, 0x4e23, @in=@loopback}}]}, 0x108}, 0x1, 0x0, 0x0, 0xc008040}, 0x4000010)

28m41.283189974s ago: executing program 4 (id=1289):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x3, 0x8, 0xfa11, 0x1}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000b"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0x8800)
mknod$loop(0x0, 0xfff, 0x0)
execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002f00)='fdinfo\x00')
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
r4 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000004c0)={r4, r3, 0x9, 0x0, @val=@netkit={@void, @value=r3}}, 0x1c)
setsockopt$packet_int(r4, 0x107, 0x3, 0x0, 0x0)
kexec_load(0x0, 0x0, 0x0, 0x0)
getpid()
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f00000001c0), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r5, r5, r5}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0xfffff000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e2000000400060008000a00b5"], 0x48}}, 0x4000)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a000000020000", 0x7)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r7, &(0x7f0000000300)="cd", 0x1, 0x8804, &(0x7f0000000100)={0xa, 0x4e23, 0x80, @loopback, 0xfffffffe}, 0x1c)

28m39.041877428s ago: executing program 4 (id=1296):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_dev$vim2m(&(0x7f0000000000), 0xb173, 0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x184}, 0x1, 0x0, 0x0, 0x40000}, 0x4840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000a40)={'dummy0\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000100000000000002a0000000c00018008000100", @ANYRES32=r4], 0x20}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1d0)
mknodat(0xffffffffffffff9c, 0x0, 0xc000, 0x0)
rename(&(0x7f00000001c0)='./file1/file2\x00', &(0x7f0000000240)='./file0/file2\x00')
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r5 = dup(0xffffffffffffffff)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x19)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000003c0)={0x2, 0x1, 0x1})
syz_open_dev$tty1(0xc, 0x4, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, 0x0, 0x40000)
recvmmsg$unix(r5, &(0x7f0000002880)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/167, 0xa7}, {&(0x7f0000000400)=""/170, 0xaa}, {&(0x7f00000004c0)=""/122, 0x7a}], 0x3, &(0x7f0000000540)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x54}}, {{&(0x7f00000005c0), 0x6e, &(0x7f00000008c0)=[{&(0x7f0000000380)=""/22, 0x16}, {&(0x7f0000000640)=""/157, 0x9d}, {&(0x7f00000007c0)=""/209, 0xd1}, {&(0x7f0000000700)=""/35, 0x23}, {&(0x7f0000000740)=""/64, 0x40}], 0x5, &(0x7f0000000900)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb4}}, {{&(0x7f00000009c0)=@abs, 0x6e, &(0x7f0000000a40), 0x0, &(0x7f0000000a80)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x5c}}, {{&(0x7f0000000b00)=@abs, 0x6e, &(0x7f0000000d40)=[{&(0x7f0000000b80)=""/3, 0x3}, {&(0x7f0000000bc0)=""/116, 0x74}, {&(0x7f0000000c40)=""/228, 0xe4}], 0x3, &(0x7f0000000d80)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xac}}, {{&(0x7f0000000e40)=@abs, 0x6e, &(0x7f00000023c0)=[{&(0x7f0000000ec0)=""/220, 0xdc}, {&(0x7f0000000fc0)=""/2, 0x2}, {&(0x7f0000001000)=""/233, 0xe9}, {&(0x7f0000001100)=""/245, 0xf5}, {&(0x7f0000001200)=""/147, 0x93}, {&(0x7f00000012c0)=""/93, 0x5d}, {&(0x7f0000001340)=""/78, 0x4e}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000002fc0)=""/4096, 0x1000}], 0x9, &(0x7f0000002440)}}, {{&(0x7f0000002540), 0x6e, &(0x7f00000027c0)=[{&(0x7f00000025c0)=""/21, 0x15}, {&(0x7f0000002600)=""/7, 0x7}, {&(0x7f0000002640)=""/28, 0x1c}, {&(0x7f0000002680)=""/22, 0x16}, {&(0x7f00000026c0)=""/186, 0xba}, {&(0x7f0000002780)=""/9, 0x9}], 0x6, &(0x7f0000002800)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x60}}], 0x6, 0x40016000, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e23, @private=0xa010101}}, 0x7, 0x3fe, 0x2, 0x41, 0x6, 0x5, 0x6}, &(0x7f0000000080)=0x9c)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3400000010000108000000000000000000040400", @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="08001b000000"], 0x34}}, 0x24048180)

28m37.114560806s ago: executing program 4 (id=1302):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1451c2, 0x0)
ftruncate(r0, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) (fail_nth: 18)
sendfile(r1, r0, 0x0, 0x578410eb)

28m36.144780897s ago: executing program 4 (id=1305):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x8, 0x0, 0xffffffff}, 0x10)
r4 = syz_io_uring_setup(0x8d2, &(0x7f0000000380)={0x0, 0x0, 0x1000, 0x0, 0x379}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f00000002c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x3e82, 0x60, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x2, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0x6)
r8 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec24, 0x0, 0x0, 0x500a0333}, &(0x7f0000000440)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r11 = syz_io_uring_setup(0x497, &(0x7f00000004c0)={0x0, 0x465e, 0x400, 0x7, 0x31d}, &(0x7f00000001c0)=<r12=>0x0, &(0x7f0000000300))
r13 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
syz_usb_control_io(r13, 0x0, 0x0)
syz_usb_control_io$hid(r13, &(0x7f0000000340)={0x14, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r11, @ANYRESHEX=r3, @ANYRESOCT=r2], 0x0}, 0x0)
syz_usb_control_io$hid(r13, 0x0, 0x0)
r14 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r14, 0xc018480d, 0x0)
ioctl$HIDIOCSUSAGE(r14, 0x4018480c, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f0000000140)=@IORING_OP_WRITE={0x17, 0x9, 0x4000, @fd=r14, 0x9, 0x0, 0x0, 0x2})
syz_memcpy_off$IO_URING_METADATA_FLAGS(r12, 0xc, &(0x7f00000000c0)=0x1, 0x0, 0x4)
syz_io_uring_submit(r5, r10, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x1, r7, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r8, 0x47ba, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

28m20.298006255s ago: executing program 32 (id=1305):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x8, 0x0, 0xffffffff}, 0x10)
r4 = syz_io_uring_setup(0x8d2, &(0x7f0000000380)={0x0, 0x0, 0x1000, 0x0, 0x379}, &(0x7f00000001c0)=<r5=>0x0, &(0x7f00000002c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x47ba, 0x3e82, 0x60, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x2, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r7, 0x6)
r8 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec24, 0x0, 0x0, 0x500a0333}, &(0x7f0000000440)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r11 = syz_io_uring_setup(0x497, &(0x7f00000004c0)={0x0, 0x465e, 0x400, 0x7, 0x31d}, &(0x7f00000001c0)=<r12=>0x0, &(0x7f0000000300))
r13 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001300)=ANY=[@ANYBLOB="12010000000000205804115000000000000109022400010000000009040000050300000009210000000122940309058103"], 0x0)
syz_usb_control_io(r13, 0x0, 0x0)
syz_usb_control_io$hid(r13, &(0x7f0000000340)={0x14, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYRESHEX=r11, @ANYRESHEX=r3, @ANYRESOCT=r2], 0x0}, 0x0)
syz_usb_control_io$hid(r13, 0x0, 0x0)
r14 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r14, 0xc018480d, 0x0)
ioctl$HIDIOCSUSAGE(r14, 0x4018480c, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f0000000140)=@IORING_OP_WRITE={0x17, 0x9, 0x4000, @fd=r14, 0x9, 0x0, 0x0, 0x2})
syz_memcpy_off$IO_URING_METADATA_FLAGS(r12, 0xc, &(0x7f00000000c0)=0x1, 0x0, 0x4)
syz_io_uring_submit(r5, r10, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x0, 0x1, r7, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r8, 0x47ba, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

20m11.784579566s ago: executing program 2 (id=2949):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20000804}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r3)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0xffffffff, 0x80, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x3, 0x8, 0x5, 0xfffffffd}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x211}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0xc04c001}, 0x200088d0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000050}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$F2FS_IOC_GET_PIN_FILE(r3, 0x8004f50e, &(0x7f0000000140))

20m10.915109461s ago: executing program 2 (id=2952):
fsopen(&(0x7f0000000000)='hfsplus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x895, &(0x7f0000000140)={0x0, 0x8c36, 0x80, 0xfffffffe, 0xbfdffddc}, &(0x7f00000001c0), &(0x7f00000000c0))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe80, 0x0, &(0x7f0000000280)="61df718305a35997984d4763fcac", 0x0, 0xe697, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5d114b6b, 0x12, r2, 0x0)

20m9.608862026s ago: executing program 2 (id=2954):
r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup/pids.max\x00', 0xc8442, 0x93)
write$cgroup_int(r0, &(0x7f0000000300)=0x4000000000, 0x12)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_io_uring_setup(0x2bc, &(0x7f0000000140)={0x0, 0xa581, 0x0, 0x2, 0x1000111}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, r6, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r7, 0x1bfd, 0x3e44, 0x8, 0x0, 0x0)
sendto$inet(r3, &(0x7f00000002c0)='!', 0x2a000, 0x2000c8d4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000040)=""/185)

20m5.52750031s ago: executing program 2 (id=2960):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0x4c, 0x0, 0x8, 0x5, 0x0, 0x0, {0x3, 0x0, 0x5}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x9100}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_UNACK={0x8, 0xb, 0x1, 0x0, 0xffff}, @CTA_TIMEOUT_TCP_RETRANS={0x8, 0xa, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_TCP_SYN_RECV={0x8}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8044)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="001004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r3, 0x0, &(0x7f00000005c0)={0x24, &(0x7f0000000340)={0x40, 0x14, 0x6, "ce8cb76e1b61"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

20m4.616411573s ago: executing program 2 (id=2962):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x87)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='freezer.parent_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000001440)={'#! ', '', [{0x20, '#! '}]}, 0xfffffffffffffdd5)
sendfile(r0, r1, &(0x7f0000000000)=0x4, 0xffff)

20m3.836201s ago: executing program 2 (id=2963):
socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000200)={0xd8a, 0x20000800, 0x2000, 0x0, 0x3, 0x1, 0x1, 0x1}, 0x10)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYRESHEX=r2, @ANYRESOCT=r1, @ANYBLOB="18eefd0de2da28e94ae4375f796c4c5a1269c0e0a2801888ee62b72faa656918f6fffa1d3c87c6cfa98c805f3c5ca3901bcf1d7a24cf1196728a029373ff8f019025121ecf5bbe94eb99ab391c28cb3bd6be6ea80073ee", @ANYRESDEC], 0x110)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x3)
ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
bind$qrtr(r5, &(0x7f0000000000)={0x2a, 0x2, 0x4000}, 0xc)
dup(0xffffffffffffffff)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000140)={0x0, 0xc, 0x0, 0x0, 0x2, "810000cc2b000000000000fa25ffff00ffffff"})
r8 = syz_open_pts(r7, 0x141601)
fcntl$setstatus(r2, 0x4, 0x102800)
write(r8, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100)=0x19)
close_range(r6, 0xffffffffffffffff, 0x0)

20m3.041743556s ago: executing program 33 (id=2963):
socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000200)={0xd8a, 0x20000800, 0x2000, 0x0, 0x3, 0x1, 0x1, 0x1}, 0x10)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYRESHEX=r2, @ANYRESOCT=r1, @ANYBLOB="18eefd0de2da28e94ae4375f796c4c5a1269c0e0a2801888ee62b72faa656918f6fffa1d3c87c6cfa98c805f3c5ca3901bcf1d7a24cf1196728a029373ff8f019025121ecf5bbe94eb99ab391c28cb3bd6be6ea80073ee", @ANYRESDEC], 0x110)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x3)
ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
bind$qrtr(r5, &(0x7f0000000000)={0x2a, 0x2, 0x4000}, 0xc)
dup(0xffffffffffffffff)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000140)={0x0, 0xc, 0x0, 0x0, 0x2, "810000cc2b000000000000fa25ffff00ffffff"})
r8 = syz_open_pts(r7, 0x141601)
fcntl$setstatus(r2, 0x4, 0x102800)
write(r8, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100)=0x19)
close_range(r6, 0xffffffffffffffff, 0x0)

7.912172175s ago: executing program 0 (id=7007):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40000042)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
mkdir(&(0x7f0000000000)='./file0\x00', 0x42)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000001c0), 0x800000000000217, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40110)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x20, 0xff, 0x2, 0x1000b45, 0x6, 0x8ee, 0x0, 0x6}, 0x0)
brk(0x400000ffc000)
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0xff, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x745f80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971})
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f00000000c0)={0x1, 0x0, [{0x0, 0x2, 0x3b5226e561a29688, 0x0, @msi={0xc, 0xffff8d35, 0x9, 0x5}}]})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
fsopen(0x0, 0x1)
getsockname$packet(r4, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000600)={'syztnl0\x00', 0x0})
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000240)='mand\x00', 0x0, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000580), 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000200), 0x4)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000000280)='\x00\x00\xb2\bX\xaad\x10\a}\xb6_\xda\xc3\xed\xee\xfeS\x8d\x9cSd\xec\xb1\x1a\x00\x00', 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x1314, 0x1184, 0x150, 0x150, 0x1184, 0xf8010000, 0x124c, 0x238, 0x238, 0x124c, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, [], [], 'team_slave_0\x00', 'hsr0\x00', {0xff}, {}, 0x84}, 0x0, 0x111c, 0x1184, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x1, 0x1, './cgroup.net/syz0\x00', 0x1000000, {0x8}}}, @common=@hbh={{0x48}, {0x3, 0x4, 0x1, [0x1ff, 0x3, 0xe, 0x1, 0x54f, 0xe, 0x0, 0xa, 0x1, 0xe5, 0x1, 0x400, 0x9, 0x5, 0xe, 0xfe0], 0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [0x0, 0x0, 0x0, 0xff000000], [0x0, 0x0, 0xff000000], 'batadv_slave_0\x00', 'gre0\x00', {}, {}, 0x87}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x1370)
socket(0x2d, 0x2, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00'})

6.22849719s ago: executing program 0 (id=7012):
socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000000)={{{@in=@loopback, @in=@multicast2}}, {{@in6=@local}, 0x0, @in6=@private2}}, &(0x7f0000000100)=0xe4)
syz_io_uring_setup(0xec2, &(0x7f00000003c0)={0x0, 0x0, 0x101, 0x7}, &(0x7f0000000580)=<r0=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x2245, 0xfa11, 0xffffffff}, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000780)={'macvtap0\x00', &(0x7f0000000680)=@ethtool_link_settings={0x1, 0x2, 0x0, 0x0, 0xf, 0xeb, 0x38, 0x2, 0x0, 0x4, [0xffffffff, 0xffffe022, 0xfffffe00, 0xfffff000, 0xe3a0, 0x4ac, 0x3c85aa8b, 0x6]}})
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x21800, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x0, 0x0, &(0x7f0000000c00)='GPL\x00', 0x4, 0x0, 0x0, 0x41000}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
unshare(0x8040480)
socket$unix(0x1, 0x5, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00, 0xa00})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0))
fsopen(&(0x7f0000000080)='qnx4\x00', 0x1)
fstat(0xffffffffffffffff, &(0x7f00000002c0))
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket(0x11, 0x3, 0x100000)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f00000001c0)={0x80000020, 0x0, 0x40000000}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYBLOB="c98631bc3276c8af338e32212004680b26a41561da99cf3184926c1985ada87f9f529fd332c840fbaa477838280899e535d7c93401f102c6c74a12987ac6513e4c5c767edea0b4238daf9d9d2c380168bb9cc1160276327cd4b30ef85c7558e0693c5668b58e07b5ed6aad46d4a098f985368084a8b829070bb64b3dec6df30952b567ab459ec25ac42b5da0230d75f5e854929ec64512703b129c96e7"], 0x5c}, 0x1, 0x0, 0x0, 0x20}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r3], 0x30}}, 0x0)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$vhost_vsock(0xffffff9c, &(0x7f0000000140), 0x2, 0x0)

6.071656451s ago: executing program 6 (id=7013):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x24008000)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x29)
ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000000)=0x3)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x8}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xad01a927d4210f60}}}, 0x5c}, 0x1, 0x0, 0x0, 0x8800}, 0x80)

5.935298313s ago: executing program 6 (id=7015):
r0 = syz_open_dev$amidi(&(0x7f0000000000), 0xd0df, 0x40)
r1 = syz_open_dev$vivid(&(0x7f0000000040), 0x2, 0x2)
ioctl$XFS_IOC_COMMIT_RANGE(r0, 0x40585883, &(0x7f0000000080)={r1, 0x0, 0x7e, 0xfffffffffffff001, 0x3, 0xf, [0x2, 0x1, 0x65a, 0x7ff, 0x5, 0x9]})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x2710, @host}, 0x10)
r2 = getpid()
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x1, r2})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000001c0)={'geneve1\x00', &(0x7f0000000180)=@ethtool_test={0x1a, 0x7, 0xdf48, 0x4, [0x9, 0x7, 0x4a17, 0x9]}})
r3 = openat2(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x404000, 0x1, 0x8}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000002c0)=@filter={'filter\x00', 0xe, 0x4, 0x418, 0xffffffff, 0x110, 0x1fc, 0x1fc, 0xffffffff, 0xffffffff, 0x350, 0x350, 0x350, 0xffffffff, 0x4, &(0x7f0000000280), {[{{@uncond, 0x0, 0xec, 0x110, 0x0, {}, [@common=@dst={{0x48}, {0x8, 0x6, 0x0, [0x4, 0x5, 0x2, 0xfb, 0xf, 0x2, 0x7, 0x1, 0x2c, 0x9, 0x401, 0x5, 0x8, 0x4, 0x6, 0x7], 0xc}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x3}}}, {{@ipv6={@private0, @dev={0xfe, 0x80, '\x00', 0x2b}, [0xff, 0xffffffff, 0xff], [0x0, 0xffffffff, 0xff, 0xff], 'netdevsim0\x00', 'veth1_to_team\x00', {}, {0xff}, 0x8e980cad0093c972, 0x3, 0x4, 0x56}, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@hl={{0x24}, {0x3, 0x2}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0x130, 0x154, 0x0, {}, [@common=@srh1={{0x8c}, {0x6c, 0x1d, 0xf8, 0xe2, 0x7, @private2, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x12}, [0xff000000, 0xff, 0xff000000], [0x0, 0xffffff00, 0xffffff00], [0xff000000, 0xffffff00, 0xffffff00, 0xffffff00], 0x1010, 0x2050}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x474)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x50, r3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x8d6bde23ed796c4f, &(0x7f0000000740)=0x3cb, 0x0, 0x4)
getresuid(&(0x7f0000000780), &(0x7f00000007c0)=<r5=>0x0, &(0x7f0000000800)=<r6=>0x0)
r7 = getgid()
fchown(r0, r6, r7)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000840)='!.#\x00', 0x0, r0)
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f0000000880)=r3, 0x1)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000c80)={{{@in=@empty, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@loopback}}, &(0x7f0000000d80)=0xe4)
stat(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000008c0)={0x1cc, 0x39, 0x300, 0x70bd2c, 0x25dfdbfd, "", [@generic="f543fc538939b94407487eee605a8d566ebf7b13dd9cf98776a8e4e60cf78796c0ca7d40a2af0c553d728bc85d4e2f961b853a3768fbf9c96ed897c47092f856ce1855adf39d3748c7e8a115f0fe93ab0c893fafb33490a3a26a3af0322fe57c4dff74d3050d336a65cd307242c62b02a5084bfbff3408d743ed18a244a03a9708e3cf58867f58ce28938b960bdbd16faf8b72b1a81d72a5da673920d361ab455a6ca4a8edf7cb16825541f271c99c0522ec0d3709b9701d208d235c1d85cf3fdd2a1fd346d8bf7ddc3dc9f63a8551", @typed={0x8, 0x8b, 0x0, 0x0, @fd=r1}, @typed={0xc, 0x80, 0x0, 0x0, @u64=0x8}, @typed={0x4, 0x4}, @nested={0x28, 0xa5, 0x0, 0x1, [@nested={0x4, 0x40}, @generic="f430862e71d27532d922d2fae7ed038a61013d8ead095fd3b62d01ba", @nested={0x4, 0x69}]}, @generic="4164781b03198939c3cd5725c0f0a980d9bd7e42d4db80ecb41f3a2d1fcd05bb8dafdd1b1bffbc8b1181ff0caa340ad30c6c6df12fb8deb1c10fbc0d5cf7ef7bcaa2b8ad9c5a510d357e5b38832b6b3ed091a085013be264929585f9c15d8bf734295fac3ca328853759ea8a7a0e8df7a5910c3ce26f0615bf220a2e92a7bebd772cc6a78f849bfe4901849b3e88e192a92852e2170fc8c8c2ceaf19cdcbdc744e39c10aaa9b43155688bb"]}, 0x1cc}, {&(0x7f0000000ac0)={0x18, 0x11, 0x800, 0x70bd25, 0x25dfdbfd, "", [@typed={0x8, 0x134, 0x0, 0x0, @u32=0x3}]}, 0x18}, {&(0x7f0000000b00)={0x120, 0x11, 0x2, 0x70bd26, 0x25dfdbfe, "", [@nested={0x10e, 0x11f, 0x0, 0x1, [@typed={0x8, 0xfe, 0x0, 0x0, @ipv4=@multicast2}, @generic="1a7face2f4b634a5d363f63887dc23feda1479c8848d8d81cf6b4cd6a292a7a1721e7986a36afe8714ae1c79466c2b697a1e5deba3787d29b3329db1760b32e8d1a510538e5244c1ecc42ed8cdc824847a839419a5cee6caa7e75df050df0d62766a89cf07c80d01cbaa9e3fa6483d368801e8353038af0ab97661ce7fd372b3a18da2be33476bb1ea2f", @typed={0xc, 0xdc, 0x0, 0x0, @u64=0xfffffffffffffff9}, @typed={0x6a, 0xb0, 0x0, 0x0, @binary="7d654628926b4598534d99c0e117ca3db1b9c88f780dda9b5874a87bafaccb4e1f0b26f7f8282f37aff41310fc22d3f2ba1d14498c889db806efd3765d44d35743f4cef9bcdbb8e1091155b8a4ab0a031e3743fb5faf62192e3a984fceef93198418c67fd39a"}]}]}, 0x120}], 0x3, &(0x7f0000000e80)=[@rights={{0xc}}, @cred={{0x18, 0x1, 0x2, {r2, r8, r7}}}, @cred={{0x18, 0x1, 0x2, {r2, r5, r9}}}, @rights={{0x14, 0x1, 0x1, [r0, r1]}}, @rights={{0x20, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r3, r3]}}], 0x70, 0x10}, 0x0)
openat$dma_heap(0xffffff9c, &(0x7f0000000f40), 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000f80)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000002fc0))
syz_open_dev$video4linux(&(0x7f0000003000), 0xff, 0x54443)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r10, &(0x7f0000003040)={0x28, 0x0, 0x2711, @hyper}, 0x10)
lstat(&(0x7f0000003080)='./file0\x00', &(0x7f00000030c0)={0x0, 0x0, 0x0, 0x0, <r11=>0x0})
fchown(r1, r11, r9)
r12 = syz_io_uring_setup(0x1e31, &(0x7f0000003140)={0x0, 0x8909, 0x200, 0x2, 0xe5, 0x0, r3}, &(0x7f00000031c0), &(0x7f0000003200))
io_uring_register$IORING_REGISTER_PERSONALITY(r12, 0x9, 0x0, 0x0)
setsockopt$RXRPC_SECURITY_KEYRING(r3, 0x110, 0x2, &(0x7f0000003240)='\x00', 0x1)

5.7957252s ago: executing program 6 (id=7017):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0xff)
sendmmsg$inet6(r1, &(0x7f0000004f00)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x1, 0x0)

5.730710738s ago: executing program 6 (id=7018):
socket$netlink(0x10, 0x3, 0x9)
r0 = epoll_create1(0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x48})
io_setup(0x8, &(0x7f0000004200)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x0, 0x2, r1, 0x0, 0x0, 0xa}])
ioctl$FS_IOC_SETFLAGS(r0, 0x40088a01, &(0x7f0000000000)=0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmsg$unix(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000000540)=""/204, 0xcc}, {&(0x7f0000000740)=""/149, 0x95}, {&(0x7f0000000800)=""/176, 0xb0}], 0x4, &(0x7f0000000200)=[@rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {0x0, <r5=>0x0}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x54}, 0x10000)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="718d5ca243e33b12674f5e84a635b45c8799b57f0463ce10d553a5b07814c0fe8c1902e218470de8573a1f6d99cbf80e81ceb5a9438aeb7cd4c08af9bd855efdf7f020ac4259aa5f705494836a4ce21d825ba7d14917fe7f1b50410c50fc9488bdefd89fb00807e2a5881c7cd23102905de1f805449ff16eb7a4444599c01c4a3b30c01354814b50a3e229b756c69970f6e423782d1aa2c8e6766003db677b83ef3d9944baed41d1ed114560f95d3be680937c5c4082d90cf60c606c13a0b050e34d675faf7f232c1f703a3034b27affdbfc8d297fd139ab60e23749055afb535a37805d5619274d26041c62dd", @ANYRESHEX=r5], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r6}, &(0x7f0000000480), &(0x7f00000004c0)='%pB    \x00'}, 0x20)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x1)
r10 = eventfd(0x5ef)
ioctl$KVM_IOEVENTFD(r9, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xeeeea000, 0x0, r10})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r9, 0x4020aed2, &(0x7f00000000c0)={0xffff1000, 0x206000, 0x8})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r9, 0x4020aed2, &(0x7f0000000140)={0xffff0000, 0x106000})
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, 0x0, 0x80084)

5.394865155s ago: executing program 1 (id=7022):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x674081, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
unshare(0x8040480)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0xffffffff)
r6 = eventfd2(0x44, 0x1)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x6, 0x0, 0x4, r6, 0x1})
ioctl$KVM_HYPERV_EVENTFD(r5, 0x4018aebd, &(0x7f0000000140)={0x2, r6, 0x1})
fcntl$notify(r4, 0x402, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r7, 0x5407, &(0x7f0000000040)={0x4, 0x5, 0x7, 0x4, 0xe, "03f37fe99f4da288"})
ioctl$TIOCMSET(r7, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f0000000240)={0x6, 0x4, 0x2, r6})
unshare(0x2a020480)
r8 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r9 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x2)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f0000000340)={r8, 0xb, {0x0, 0x0, 0x0, 0x9, 0xa0e, 0x0, 0x2, 0x2, 0x10, "dd2969943eebef80e9574e512a76b415b58af03d60f54a91298688cd5460884d46cc0c76c95039b4b23f611de83a86b3f04b8e0000000d00", "35d42d1c529602b58491048d190b2ab895d5bdd77430812e4db30700000000ecea2b83507e1e774cbec2db1774220bb99efe000000f7ffffffffffffe800", "b7b0d261e620e7c5ce3dad114bf61645ea5edba56ed7aa2c47ef95aea141ada2", [0xfffffffffffffffe, 0x404]}})
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000010140)={0x237, 0x7d, 0x0, {{0x500, 0xf6, 0x0, 0xfffffffa, {0x0, 0x1}, 0x1b300000, 0x0, 0x0, 0x8000, 0x1f, '\x04nodev{cvf\x8ex%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\v\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x17, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x0fX\x05\x02\xb6n\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x05\x00\x00\x00\x00\x00\x00\x00\xc2g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x237)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f00000005c0)=@base={0x5, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x10000000, '\x00', 0x0, 0xffffffffffffffff, 0x20, 0x2}, 0x50)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'gre0\x00', 0x2})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x339)
write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xfffffffffffffeea)

5.254878808s ago: executing program 0 (id=7024):
syz_clone(0x1144280, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)=0xfd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
gettid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)
close(0xffffffffffffffff)

3.736697688s ago: executing program 5 (id=7027):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x3a4, &(0x7f00000000c0)=ANY=[])
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={<r3=>0x0}, &(0x7f0000000480)=0xc)
syz_open_procfs(r3, &(0x7f00000004c0)='timers\x00')
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000600)=""/79, 0x0, 0x10000})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r4 = syz_open_dev$evdev(&(0x7f0000000180), 0x8, 0x80)
ioctl$EVIOCGSW(r4, 0x8040451b, &(0x7f0000000340)=""/242)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="000302000000020360567b0c2f3156bbf257263b88391efe7a3322414c417866"], 0x0, 0x0, 0x0}, 0x0)

3.631304736s ago: executing program 1 (id=7028):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0)
close(r0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f0000000400)={0xd8, "a05dff91123d148e8bfd27af8f7f1b1e1990c8cf03e4d7e875848853414dab5819898935124d90d081492d4b2ab0a850dc8111f5860885715b2173728be2b71436d092acb921a0000ab1fa5086702c1dabc6dfc30cd11463b143644d358f7d17673dca3c33141b7f3e85be908af2c38ffa169dfd14b47b60007e4ad8f814fa030de8eb7c639012ab90d4921522d7090a016c42a8d83689dc65e73eb2b24d8fb973a2705fd6eb482028f431970b571af26dc6855441fcbb988dfa77359eab694dc2db375af518a3ebbc492e57e2efe1a169a08a819b320953"})
r2 = fsopen(&(0x7f0000000780)='virtiofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b/\\\\o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r3, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x11, r3, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @multicast})

3.471557668s ago: executing program 1 (id=7029):
clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000140)={0x2, 'vlan0\x00', {0x3}, 0x6})
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r1, &(0x7f0000000d40)=ANY=[@ANYBLOB=' \''], 0x33)
r2 = gettid()
syz_pidfd_open(r2, 0x0)
close(r1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000480)={0xe000201c})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, &(0x7f0000000140)={&(0x7f0000000440)=[0x1, 0x1, 0x6, 0x2f, 0x4, 0x40000000, 0x6, 0x3, 0x5, 0x5, 0xe, 0x3ff, 0x6, 0x0, 0x401, 0x401, 0x401, 0x6, 0x8, 0x80, 0xfffffffb, 0x7ff, 0x0, 0x0, 0x5e, 0xfff, 0xc0, 0x0, 0x6, 0x9, 0x3, 0xffff, 0x9, 0xfffffbff, 0x2, 0x40, 0x79521cad, 0x2, 0x7ff, 0x3, 0xfff, 0xfffff6bd, 0xff, 0x727, 0x2, 0xf15, 0x8d, 0x80000001, 0x9, 0x3ff, 0xc, 0x8, 0x7fffffff, 0x7, 0xfffffffd, 0x1, 0x9, 0x8, 0x1000000, 0x1, 0x7, 0xd, 0xff, 0x1, 0x3, 0x8, 0x8, 0x2, 0x6, 0x80000001, 0x2, 0x6, 0x9, 0x4, 0xfffffff4, 0x401, 0x5, 0x5, 0xfffffffc, 0x7, 0xfffff801, 0x1ff, 0x4, 0x7, 0x80000000, 0x9, 0x6, 0x3, 0x7f, 0x5, 0x0, 0xe, 0x9d4, 0x9, 0x80000000, 0xc, 0x5, 0x1, 0x3e44, 0x4, 0xffffffff, 0x6, 0x2, 0x0, 0x8, 0x8, 0x0, 0x8, 0x7, 0x0, 0x5, 0x7, 0x7, 0x0, 0x4, 0x1, 0x526, 0x6, 0x8554, 0x19d9, 0x7fff, 0x5, 0x9, 0x14, 0x81, 0x5, 0xd, 0x9, 0x9, 0x2, 0x10, 0x3eb4, 0x9, 0x6, 0x8, 0x9, 0x3, 0x717, 0x2, 0x9, 0x3, 0x9, 0x0, 0x7f, 0x10001, 0x4, 0x3, 0xc, 0x4a, 0x0, 0x949, 0x5, 0x3ff, 0x3, 0x9, 0x3, 0x74be5b67, 0x70, 0x791, 0xf0, 0x6, 0xa4, 0x800, 0x0, 0xc59, 0xd, 0xad, 0x0, 0x7fff, 0x5, 0x3, 0x80000000, 0x2, 0x0, 0x4, 0xfffff000, 0x400, 0xc3, 0x200, 0xfffffffd, 0x2, 0x9, 0x40, 0xf70a, 0x6, 0x4, 0x80000001, 0x6, 0x3, 0xef61, 0x10, 0x4, 0x1ff, 0x2, 0x1, 0x9, 0x1000, 0x9, 0x3, 0x5, 0x7, 0xfffffffe, 0x8, 0x6, 0x2, 0x80000001, 0x5, 0x8, 0x0, 0x1, 0x7, 0x80000000, 0x6, 0x5, 0x9, 0x6, 0x9, 0x80, 0xe068, 0x4, 0x12000, 0x200, 0x0, 0x1, 0x6, 0x8, 0x7, 0x3, 0x2, 0xfffffffa, 0x7, 0x5, 0xffffffff, 0x1000, 0x6, 0x93, 0x4680, 0x3, 0xfffffff7, 0xf4, 0x7, 0x5, 0x8, 0xc01, 0x7, 0x3, 0x7, 0x4ed, 0x7ff, 0xa1, 0x1, 0xffff, 0x7, 0x6, 0xc7, 0xfed, 0x401, 0x46, 0x7ff, 0x3, 0x4, 0x5, 0x5678e40f, 0x1, 0xe7f1, 0x4, 0xff, 0x7, 0x2, 0xb, 0x0, 0x7f, 0x4, 0x7, 0x9, 0x7, 0x7, 0x800, 0x6, 0x3, 0x24, 0x20, 0x4, 0x1b71, 0x1, 0x40, 0x8, 0xb, 0x3, 0xb, 0x6, 0x0, 0x757e, 0x8001, 0x84b9, 0x40, 0x5, 0x2, 0x7, 0x40, 0x5, 0x5, 0xd295, 0x5, 0x9, 0x1, 0x7, 0xfffffff8, 0x6, 0x4, 0x1, 0x9, 0x74, 0x1, 0x3, 0x10000, 0x0, 0x6, 0x6, 0x89, 0xa7, 0xfffffff7, 0x8, 0x80000000, 0x6, 0x2, 0xac6, 0x5, 0x8, 0x475, 0x7fff, 0x5, 0x5, 0x2, 0x4, 0xa47, 0x3, 0x5, 0x40, 0xa, 0x2, 0x6, 0x5b, 0x2, 0xfffffffc, 0x2, 0x5, 0xfffff005, 0x6, 0x9, 0x76, 0x8, 0x6, 0xd54, 0xffff, 0x5, 0x8c000, 0x9, 0x2, 0x3, 0x0, 0x0, 0xa7, 0x100, 0xfffffffd, 0x401, 0x5, 0x0, 0x8f95, 0x2, 0x9, 0x4, 0x3, 0x80000000, 0x0, 0x2, 0x10, 0x1ccb6586, 0x6572b0b3, 0x5, 0x41d8, 0x2, 0xad4, 0x6, 0x3, 0x0, 0x81, 0x6, 0x81, 0x7fffffff, 0x4, 0x1000000, 0x5, 0x9, 0x20080000, 0x3, 0xffff5977, 0x6d, 0x7fff, 0x0, 0x80000001, 0x2, 0x2246, 0x5, 0x4, 0x3ff, 0x10000, 0x7f, 0x6, 0x2, 0xfffffff8, 0x8, 0x6, 0x4, 0xffffffff, 0x6, 0x101, 0x9, 0x2, 0x1, 0x67, 0x8000000, 0x0, 0x80, 0xfffffeff, 0x7, 0xa, 0x8001, 0x0, 0x401, 0x2, 0x9, 0x8, 0x8, 0x3, 0x84, 0x8, 0x5, 0x4, 0xfff, 0x2, 0x80000001, 0x3, 0x4c46, 0x1, 0xd, 0x9, 0xffffb589, 0xf9, 0x6, 0x400, 0x88, 0x9, 0x5, 0x8001, 0x3, 0x80000000, 0x5, 0x80, 0x7f50, 0x90ae, 0x1, 0x1, 0x3, 0x0, 0x788, 0x0, 0x9, 0x8, 0x8, 0xb, 0x25, 0x8, 0x5, 0x0, 0x2, 0x1, 0x8, 0x9, 0x621, 0x2, 0x9, 0x3, 0xeaf8, 0xd, 0x7, 0x8000, 0x3, 0x10, 0x9, 0x3ff, 0x9, 0xfffffff5, 0x629c, 0x0, 0x4, 0xffff, 0x2, 0x10000, 0x58d, 0x8, 0x1, 0x5, 0xed, 0x7ff, 0x8, 0x8, 0x0, 0x7, 0x9, 0x28c6, 0x3ff, 0x7fcefea9, 0x10, 0x1ff, 0x2, 0xfff, 0x0, 0x1ea, 0x1, 0x9, 0xca2, 0xcc9, 0x9ebf, 0x3, 0xc, 0xe, 0xfb8a, 0x1, 0x4, 0x8a3, 0xd094, 0x2, 0xfffffffe, 0x2, 0x8, 0x7d, 0x7, 0x7, 0x1, 0x100, 0x2, 0x7f, 0x8, 0x9, 0xb, 0xd3cc, 0x1, 0x0, 0x0, 0x4, 0x3, 0x38b, 0x1, 0x7ff, 0x544, 0x1, 0x7ff, 0x0, 0xffd, 0xfffffff7, 0x80000001, 0xffffffa6, 0x3, 0xa8000000, 0x81, 0x2, 0x8000, 0xfffffffd, 0xb3ea, 0x7, 0x10000, 0x8, 0x4, 0x1, 0x0, 0x9, 0x7, 0xff5c, 0x4, 0x40, 0x5, 0x1000, 0x2, 0x7ff, 0x5, 0x9, 0x6, 0x1c8eb122, 0x3, 0x401, 0x10001, 0x5, 0x400, 0x80000001, 0x4, 0x9, 0x1, 0x1ff, 0x0, 0x8, 0x7, 0x10d2, 0x5, 0x6, 0x80000001, 0x5, 0x0, 0xfff, 0x5, 0x3, 0xaf0, 0x4, 0x0, 0x9, 0x0, 0x9, 0x0, 0x1, 0x9, 0x1, 0x0, 0x0, 0x9, 0xfff, 0x5, 0x0, 0x4e, 0x8, 0x500000, 0x3, 0xdd4, 0x2, 0x753, 0x2, 0x8, 0x7a9f2f07, 0x400, 0x9, 0x9, 0x1ff, 0x5, 0x1589, 0x6, 0x1, 0x80, 0x8, 0x8, 0xa660, 0x9bd, 0x2, 0x7, 0x26b7, 0x1, 0x0, 0x0, 0xfffffffc, 0x8, 0x8, 0x8, 0x9, 0x7, 0xfffffffc, 0x5, 0x3, 0x10, 0xfffffff9, 0xafe, 0x893b, 0x9, 0x7ff, 0x1, 0x401, 0x2, 0x1, 0x80, 0x5, 0x7, 0x0, 0x6e44, 0x577, 0xa, 0x3, 0xe, 0x2, 0x5, 0x3, 0x8, 0xd, 0x2, 0xb, 0x5, 0x7, 0x7, 0x8, 0x9, 0x401, 0x30000, 0x4, 0x0, 0x4, 0x1000, 0xd492, 0x37c, 0x6, 0x5, 0x65ce8d, 0x9, 0x6, 0x1, 0x0, 0x5, 0xfffffff8, 0x1000, 0x1, 0x70d, 0x7, 0x6c23dc95, 0x6, 0x2, 0xfff, 0xc41, 0x6, 0x0, 0x0, 0x81, 0x5d46, 0x6231968a, 0x2f, 0x1, 0x5, 0x9, 0xffffff81, 0x7fffffff, 0x1, 0x7, 0x7, 0xff, 0x33d7, 0xf, 0x8547, 0x0, 0x9, 0x101, 0x3, 0xa3, 0x9, 0x193, 0x9, 0x2, 0x101, 0x4, 0x4, 0x0, 0x1, 0x3, 0x1, 0x4, 0xc24, 0x10000, 0x8, 0x9, 0x5, 0x80000000, 0x9, 0x12aa, 0x3, 0x400, 0x6, 0xe2f2, 0x4, 0xd, 0x315, 0xe, 0x7fffffff, 0x35, 0x7, 0x1, 0x6a, 0xd, 0xffffffff, 0x2, 0x49, 0x3ff, 0xc5, 0x80, 0x1, 0x100, 0x1, 0x1, 0x800, 0x4dd, 0x477, 0x5, 0x3ff, 0xff, 0xc295, 0x1, 0xfffffff8, 0x3, 0x0, 0x4, 0x83, 0x3, 0x7fffffff, 0x101, 0x0, 0x2, 0x8001, 0x800, 0xf, 0x0, 0x3056121b, 0x9, 0xfffffffb, 0x7fffffff, 0xe, 0x2, 0x800001, 0x2, 0x20000000, 0x48c11b0b, 0x1, 0x9, 0x80000000, 0x8, 0x6, 0x3ff, 0x8, 0x3, 0x9ee, 0x10001, 0x9, 0x80, 0x83, 0x40, 0x5, 0xffffff00, 0x6, 0x9, 0x0, 0x0, 0x5, 0xffffffff, 0xf, 0x0, 0x2, 0x9, 0x418d, 0x9, 0x401, 0x6, 0x10c, 0x6, 0x0, 0x8, 0x7, 0x8000, 0x3, 0x2, 0x3, 0x3ff, 0x3ff, 0x4, 0x9, 0x5, 0x2, 0x8, 0xfffffffc, 0x81d, 0x80000000, 0xada, 0x8, 0x195, 0x7, 0x71905d29, 0x101, 0x1, 0x21330607, 0x6, 0x9, 0x9, 0x6, 0x8, 0xc, 0x5, 0x8, 0x38, 0xffff, 0x7, 0xfffffc01, 0x6, 0x9d, 0x5, 0x5, 0x8, 0x3, 0x4, 0x8, 0xb, 0x3ff, 0x8001, 0x800, 0x7ff, 0x6, 0xb03, 0x3, 0x10, 0x200, 0xfffffff4, 0x8, 0xfffffffb, 0x40, 0x8, 0x80000001, 0x800, 0x0, 0x4, 0x7, 0xec8, 0x7, 0x3ff, 0x69, 0x0, 0xfffffc00, 0xffffff6b, 0x5, 0x0, 0x7, 0xffff, 0x1, 0x9, 0x80000000, 0xffff8000, 0x9, 0x496, 0x2, 0xa, 0x10, 0x6, 0x3, 0x9, 0x80000001, 0x3ff, 0x4, 0x9, 0x3, 0x2, 0xe6f0, 0x2, 0x2, 0x0, 0x4, 0x3, 0x2, 0xfffffff7, 0x3, 0x4, 0x9, 0x4, 0x10, 0x101, 0x5c, 0xffffbd1f, 0x7fff, 0x2, 0x8, 0xfffffff7, 0x1, 0x7, 0x3c, 0x5, 0xfc1, 0x3, 0x6, 0x1, 0x5, 0xfffffffc, 0x6, 0xfffffff3, 0x9, 0xc7f1, 0xc948, 0x57, 0x4, 0xf, 0xffffffff, 0x3, 0x3, 0x5, 0xffffff2c, 0x7, 0x7, 0x3, 0x6, 0x8, 0x52a7c310, 0x3c9c8e8b, 0x0, 0x1ff, 0x3d4, 0x81, 0x0, 0x7, 0x9, 0x8, 0x81, 0xb, 0x3, 0x101, 0x8001, 0x0, 0x81, 0x7f, 0xffff62d1, 0x40, 0x5, 0xc918, 0x6, 0x8, 0x0, 0xf, 0x0, 0x100], 0x6, 0x400})
r5 = openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0185648, &(0x7f0000000080)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f911, 0x80008002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}})
socket$netlink(0x10, 0x3, 0x4)
epoll_wait(r4, &(0x7f00000002c0)=[{}], 0x1, 0x9450)

2.759101211s ago: executing program 3 (id=7031):
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x28, 0x10, 0x0, 0x101, 0x0, 0x25dfdbfe, {0x7}, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x6}, @nested={0xc, 0xe8, 0x0, 0x1, [@typed={0x8, 0x31, 0x0, 0x0, @uid}]}]}, 0x28}}, 0x0)
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0)
ioctl$FE_SET_PROPERTY(r1, 0x40086f52, &(0x7f0000000000)={0x2, &(0x7f00000006c0)=[{0x17, '\x00', @buffer={"14820b2d91f0c06c826beb2926fd8eef61a4900fd15cdd7ab57c88993f58828e", 0x20}, 0x6}, {0x4}]})
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="934300006d"], 0xfe33)
r2 = socket(0x11, 0x3, 0x0)
socket$inet6(0x2d, 0x6, 0x1)
socket$inet6(0xa, 0x5, 0x9)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f00000000c0)=0x48a, 0x4)
sendmmsg(r2, &(0x7f0000000bc0)=[{{&(0x7f0000000400)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000040)="d479183d7d98d1c1a4b5f3e38500", 0xe}], 0x1}}], 0x1, 0x24044015)

2.325358006s ago: executing program 1 (id=7032):
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4024587b, &(0x7f0000000280)={{<r0=>0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x80280, &(0x7f0000000040)={@_ha_fsid={[0xfffffff8, 0x3]}, {0x6, 0x806, 0x9, 0x3}}, 0xb8, &(0x7f0000000080)={@_ha_fsid}, &(0x7f00000000c0)=0x4}, 0x1, &(0x7f0000000240)=[{0x1, 0x8, &(0x7f0000000100)='+,\\@${+}#(%%^\x00', &(0x7f0000000140)="12d1d65789be6ffa4071958e53719462a1efcc87cedc9fc1a0d670c20c84d38016cf99195c11eb6ffb19d08b83ccaaeb04411b30eb3b61e68fb61d0c6e15c885612d0c26d264896b39c1530b952e47995407e5b606e739e88a73f0162bbe05585b43ded9c12bcf4fff12b3deb699095531093326173069e13249e394781314f3e29ad0e85024a2f739648d1c7ae2987a907282beb3f1e0f2704fcd8becef8dfc841601a78e21b662f55bbed5b25ba1e16189ec22f7cb0735aedd05d2c68815042f643de32e6caeaa2cbfa5d7af115926ff44381695feebcce64f18bb7d802babc622d542705c", 0xe6, 0x12}]})
ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f00000002c0))
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000300)={[0x0, 0x0, 0x101, 0x1, 0x1, 0x6, 0x7, 0x3, 0x15b, 0x3, 0x8, 0x9, 0x8001, 0x0, 0x0, 0x463], 0x1, 0x100000})
clock_gettime(0x0, &(0x7f0000001700)={<r1=>0x0, <r2=>0x0})
futex_waitv(&(0x7f00000011c0)=[{0x10000, &(0x7f00000003c0)=0xfffffffffffffc22, 0x2}, {0x0, &(0x7f0000000400)=0x4, 0x82}, {0x9, &(0x7f0000000440)=0x5, 0x2}, {0x3, &(0x7f0000000480)=0xb, 0x2}, {0xf, &(0x7f00000004c0)=0x4, 0x82}, {0x3, &(0x7f0000000500)=0x9, 0x82}, {0x8, &(0x7f0000000540)=0x4, 0x2}, {0x0, &(0x7f0000000580)=0x3, 0x82}, {0x1, &(0x7f00000005c0)=0x4, 0x82}, {0x4, &(0x7f0000000600)=0x80, 0x82}, {0x1, &(0x7f0000000640)=0x6, 0x82}, {0x1000, &(0x7f0000000680), 0x2}, {0x7ff, &(0x7f00000006c0)=0x7, 0x2}, {0x0, &(0x7f0000000700)=0x1, 0x82}, {0x8, &(0x7f0000000740)=0x5, 0x2}, {0x40, &(0x7f0000000780)=0x8000000000000001, 0x2}, {0x3, &(0x7f00000007c0)=0x8000000000000001, 0x2}, {0x1, &(0x7f0000000800)=0x72, 0x2}, {0x800, &(0x7f0000000840)=0x87d, 0x2}, {0x34d5, &(0x7f0000000880)=0x100000000000000, 0x2}, {0x2, &(0x7f00000008c0), 0x82}, {0x9, &(0x7f0000000900)=0x1, 0x82}, {0x5, &(0x7f0000000940)=0x4, 0x82}, {0x2, &(0x7f0000000980)=0xff, 0x80}, {0x80000001, &(0x7f00000009c0)=0xffffffffffffffff, 0x2}, {0x7fffffff, &(0x7f0000000a00)=0xfffffffffffffffb, 0x2}, {0x2, &(0x7f0000000a40)=0x800, 0x2}, {0x7fffffffffffffff, &(0x7f0000000a80), 0x2}, {0x3, &(0x7f0000000ac0)=0x1, 0x2}, {0x1, &(0x7f0000000b00), 0x2}, {0xdaa, &(0x7f0000000b40)=0x323c, 0x82}, {0x2, &(0x7f0000000b80)=0x5, 0x2}, {0x100000000, &(0x7f0000000bc0)=0x6812, 0x82}, {0x4, &(0x7f0000000c00)=0x2f37, 0x2}, {0x7, &(0x7f0000000c40)=0x5, 0x82}, {0x100000000, &(0x7f0000000c80)=0x7, 0x82}, {0x7f4db2db, &(0x7f0000000cc0)=0xe6f, 0x2}, {0x5, &(0x7f0000000d00)=0x3, 0x82}, {0x9, &(0x7f0000000d40)=0x8000, 0x2}, {0x40, &(0x7f0000000d80)=0xb, 0x2}, {0x4, &(0x7f0000000dc0)=0x3, 0x106}, {0x7, &(0x7f0000000e00)=0x8, 0x82}, {0x5, &(0x7f0000000e40)=0x3ff, 0x2}, {0x3, &(0x7f0000000e80)=0x7, 0x82}, {0x9, &(0x7f0000000ec0)=0x83, 0x82}, {0x3, &(0x7f0000000f00)=0x4, 0x2}, {0x6, &(0x7f0000000f40), 0x2}, {0x6, &(0x7f0000000f80)=0x45e8, 0x80}, {0x9, &(0x7f0000000fc0)=0x1, 0x82}, {0x6, &(0x7f0000001000)=0x7fff}, {0x7, &(0x7f0000001040)=0x7, 0x82}, {0xd, &(0x7f0000001080)=0x3, 0x82}, {0xfffffffffffffffd, &(0x7f00000010c0)=0x6bc, 0x82}, {0x4, &(0x7f0000001100)=0x3, 0x2}, {0x3, &(0x7f0000001140)=0x7, 0x2}, {0x0, &(0x7f0000001180)=0x8, 0x2}], 0x38, 0x0, &(0x7f0000001740)={r1, r2+60000000}, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x9, 0x100010, r0, 0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000001780)=@IORING_OP_SHUTDOWN={0x22, 0x1, 0x0, r0, 0x0, 0x0, 0x1, 0x0, 0x1, {0x0, r4}})
socket$pppoe(0x18, 0x1, 0x0)
io_getevents(0x0, 0x6, 0x2, &(0x7f00000017c0)=[{}, {}], 0x0)
openat$binderfs(0xffffff9c, &(0x7f0000001800)='./binderfs2/custom1\x00', 0x0, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000001840))
connect$inet6(r0, &(0x7f0000001880)={0xa, 0x4e21, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f00000018c0)={0xad9, 0x7, 0x1, 'queue1\x00', 0x400000})
clock_gettime(0x0, &(0x7f0000001980)={<r5=>0x0, <r6=>0x0})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc04c560f, &(0x7f0000001ac0)=@multiplanar_userptr={0x7a62, 0x2, 0x4, 0x4, 0x9, {r5, r6/1000+60000}, {0x1, 0x8, 0x40, 0xc3, 0x6, 0x1, "26adc232"}, 0x5ba3bb1c, 0x2, {&(0x7f0000001a40)=[{0xfffffbff, 0x0, {&(0x7f00000019c0)}, 0x9}, {0x9, 0x4, {&(0x7f0000001a00)}, 0x2}]}, 0x0, 0x0, r0})
io_setup(0x6, &(0x7f0000001b40)=<r7=>0x0)
io_pgetevents(r7, 0x5d81, 0x9, &(0x7f0000001b80)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000001cc0)={0x77359400}, &(0x7f0000001d40)={&(0x7f0000001d00)={[0x6, 0x2]}, 0x8})
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000001d80)={<r8=>0x0, 0x1000, "e133383fabdd49d9d9ac14e19be7c091e2a1a7b9e7498769a79d9a18d3dfbfea67a040aa7a4a6168a1add107c62fa1068ca1ee3399656e9092275ec96a4eb5b03d4ba05a146890f795f75241baca28e12b14834d953d790b8208645c9fcbabdc65a7be8f1ee07c05600a2b99562fde8b86cb65fc03983e3341ce98a23f1f9b8234c446b8626eb9a4743f3722ff1ff3d59e3a98311679776ba096defa9a7aa43be641dc02700c83edb761e0b6a51c2dc92c057016d89f5fed333bb4dab94da4877ebfa57b775e6f67ca76914334ba0375dc0287a101a1347861efdd282bb6de30ecdfc24802f64e38d30d9507696f4ba8a9e09515434a4a466c84ab74bba9c7073bea27056b2072decb2c6a12550a9600e1fb8e235d7647461b5c439e1edcec625147cfec54e818c3d57e7660645bca7457b1c24289b807392c9cdb1f49e7492da4e67dd408f0cbe83f467ea3ac56b2a28d871930b552df13fd0d089f14700791044c2a8af74c5afb284b800d6beca1c79176842e8d4d9f32e76f95d8181026635c2edfbbd3dc22851d30fc3b4e3c82ed269c7c9d77b226a986f63f7ff00dd695362852d7b2a635e4d459598321e67e9383ab1ae21f23fb223fdd0ea2e93466455825c61bea21e54be749c4adfbbd8c52406e1cfad734be4ea84f2791c8b4b28465f93c09c36b8473eebe6dab7af2e854d73ea33bd1c010e88238b6fd8939eb1a8ca6e2baef29161c94902b2429bfc64aa07eb7d6c3bc94f3a0458b7bb3f0e5c25ec73d95f0a35b8535d1a9bf5c2f9c2c24dac3e9d2f04fde21506918ae01788ef8a104fdfe26babcedb3e9f490cb1a016b8658b1ab4708582400d8c34dd29093d6c6c7c40dfe2cb9bf11efa487d502ea33ac0511d47eb60198c26353ed2bd70867d220fe79efb641dfb8775c07ba16b2054b617820416db4ac7cf9668903edc038c7f6910607a9bba0d837f94a19ef01aaba75e7142bb1b7ed39b5f94fccc2e43b423a38c39c295c2c6b7764d2c7c0ec11be21c9b32855261a80eb03cc9740c01786277f6990d9328ddf7227b0bb8a50bffd2b52823bd62409cdb808261e2dce95b440144854aec84962ee5b19b602171ffdbdbb594e164a58486be572ce46450945f92f3433245e693189c036b666c1c4e5683f37241cbd7513f9d4753b60880ce723c6e0202823ebb657d387f9aa216e8eb64847496d26419827a59e57d255ec928bc3d21d26d4858f122dcee3d3718f64e9243b5544481503af0d807437543102985afaed428b800f23c8afb7a02eba2a14aab68128e3ddbbd8c04350e7bb98831f6a68eb2aadfb2b1fa5bd3ba67a4752f7abe4e51aa7c9a8784b6a51aaf34ed4456c346f27da036d4720e6f093545abf71c88662ce10cbc2438f74f82b1d1bf079f5a6d6ae735616bb3a404f84675c93249e318f3a5f28cc5f63358751c17811d5ddf8b71fab7d6251d9eea4b2b179af9660384377eda55705d7907ffc5a3ce618a7dc3e9afd941cf567a3fe2087b42640d163f381cdae91c35175e83bcbbb01ef2cabbb980b7be3bf74c75d9038c7b022f487f109ab5ba2b4e10c721337c85148a6725e6501b76cbd506465a172d4a4684f806610c619100ac61eb3a63139cdfad9c896db7a1abec20c3d1ca15c2ef5ec6a4a4acb63dce928d2c9274598d0bf2713d1713d1696c6af698c5d525341f134cab271444fadd4ef6d784dcf7c410f1605aa119edab8b84d00206d3bdda053e619ebea71c09d66c1344cbdf8fb267abeeab73ca3aec9431e4a498bab30687c689937148a5aef4f7d443e2e0fbd2e53252aa5db4bda3860c6a97d2489fb7ceef9e909aa6f0ce5335ba0a6b088edf3b4e859fd61a0a3581cbbd79e506c0e185db0ccd03264b57e8020c2fee3bf380edba5aa623d250ead20b9730cff39fac9e654716781dfa1d834ebe593f52c26ec07c56b4935b9520d49fecd980e893334850ca1f588a9be4a2251301fabaaabb8cdd39d82a5c57af8a2d1417d84756a17a10c31fee554508d149338489da5ae4352bbcc8b736db71a34bcb0cb7349b42687076f5c3e977eafbe6c4dc05eb33ee6ccb407e8d845cadec002bd514bbf5ee12a34515aee59b3de68c6cd7458c16de038ade0072e76f1cfc02f70ebecebb2253a25756ce01f8069a204629a314644b387e7d18562c186860ff53a80e4a9560f26fe090fc0821483b1ab31fb2818d7cfc15b2d593185727a2c5441903a05e3ad647c6ebccb716c659cac30d0c96d87fe915356a27ea5bbcc39ba6111834a1ccc3279d73a9c9c4edb0d84eefb5dc0b20c9ec44d29872d5d032a0eda8a45a6a6d68368fdafc0225eaa12208e4d9569c6194c2ce9e090863dda3f8af42e3f335fd2f99f37900372730cbbf44629b950316c06ceb7ed96f0cf334d885b96d8d56c5e664642bd941ec85ace16c922dfaa11066e2d7acdc23f4feb6d0ed1b362d087e24e1c356df99f5fdbe9872071f77cf82cdb03fce835687372a17404ea15b4f062cca3f82ad29153daf792f8983184bc714d4ef6e6a9f6b547190b90c0ec848735e8529943cab16f5a757c6d884f61ea66252ba81aae9a3bcdd0b1cc9e3606b82bb5db4718caf222d93b61a0fe88362b5e6b4f33ab5f793baf84e6f5bc7bfad504672b8a6b2cd9950b497ef88f2140796ff15d1fb28577d5aea1b6011384593ca00588cef8999412915fcab48b13339a5abedc655e4f647b7b66eabfdfb9a38224ca19fd1b454504bdfb0289d8ed78413a77a30174b6122094c62f004562b31918c0783539cc37c9041f321c50c3fec27423d1907777e72c11589baed8ac12de9713102302778089713d9d2d7c5d0e8955b6ec9fda33749701ac2a04a5e761949a390d02e23c86f68806d9bca18fc3f8421d982e6c978aab8797a75e6ce1e6ab4379bcab347e28a673b367ccee732b6a54eaef3a718894902f5c33cdb848ae43149a778697746178a3949d25255fa4e6f0d996e2758ebbc2e308ac4d8cea3b5c6683e0bb13cae0e3ddb3e6812602c0ad5deb39b1ec2cb360a40084fedd38774f9f6efb6ddf349afa865ad2b1292b5c29fefc32e1007d0c0e3fe5a15aef90f7e0fed62d9830d0bcca172897ba884c41a1147720bb7bc100123e785c140c22094474b34fde9e1105ed2d19b42a5e0614bfb8dd0da2bc672a3bf312f9bd62f769d545dc2180519ad6923f31e7e94341732c2bc4fcf0b389b55bc9fc31cb6dafbce082f5ed7ca34da78052f6f354bef518ce9b68f0fa98d30cba431061709577fc225e896056c38b5fe47a9d60ca3d17f3ed1a71f38a6e73cd131382851a2fbffb0db9711f5d3311e8707ab77ca5c53540db1f18965fbc00e8d4191798883bda4f06b294d1c0b507e196ba7601447f11a7aca9b479c7650a8028fde943a66dab8af695af847c7b9e9b0dd5216d0d4e3e22dd75ca16151b7a6f68ca372771e82fe487dfda444aabf29fe54aa085a0e325bb554c4e0ad8f8aa0b6b4efe1e5335822245093f028ce855560b5bbc70ec354c9b7935d2d2016315e6b48fe41ac8afb843b5c540ab053b5079bb9bbdc784d19591c39422427fd0b51651f829f1c6a3e6c497f644c11835f98e7257cb850ab9e5f1f75826f76232b56d3b4782f638b7720f308e139e2ac7d09c10da762db133943a70462f19d8cdabb8713d164c387750f68b002a94f601eefd3f50b0b001783d4851c3a510fa90a7a8ea1ca5bb218c26c9db142c1a799c42f670daf3d43a17ffd292244ac23e5840b3692d62d46d2666bcea25655fad468db1f4dc64b5321a9815dfe085e9f605102fcb6909ef2555fd823778ec51ae8a7df213fd685d4cd08c15d56075bdbad967b482eef6ee118b1e8121d82d0a1ea3d88ee91f347f4456f6307f3042f1eeb89bb5fb0be0bb4e24ad9c3be7313fb236fe0f6d0e629544f30be141b2f722ac83475fb8a03d18b615c876909ac1bb734f8c7f2e7a90e37a12e488d80e17003dd9360bccebb3df912dc32a65aba704957337a39a54fcac553fcb32c80d9cb55b91f20b9022d3348fa99c69804d67b06a73a33df7a324ff907aeb7c214ffd1b487fb64ac73b827c1eb1351dcb46b122b3473728fbe00ff97a17a5f565430527b24ca8fd39813b6469b21421311b85a086c9b8242d078e2d12841a53d65c19efcd2113a1c477617ee4f115a6ce5000e21d07ed80a982e6aeb45b96d8a14f0e4c0dae72510c2a95f098262093c869323672c1bbfe6ef9ef3a6d2332cb2ad552f56f2923008bd262dbecf0e0ecc62eb5bf6c8d54a88b1c78ed098c478a1106fe465b2ca667daa536d37e74d893c01cf642ce9e222da95926ddfbdcd01dc3dfa59ab31d5bf7cd2c98e319fd3429921810a3e892304167885b9f14ddc93c60377ea868ab5aeb327e6fc45c0e8281f708b9a2f1ac0baea74dea5805253a60fda28fe7801f89f5362194eaa2763e827366101651420d29a192c08c3604a32c75f23d145469b4736f7dd748b0ec27d58478e22fee82e8b8d7b0aeed97feec856760345d6e318129624453c6a4627aa55401f10ff0bc1f52f1752762f7223a666a7461fa72c5b0d79d4f3e083bdb2571eccd6988e950a4e32c00ffd00897f9b2b7122c718eb275242bd0cd5d61d4df1df19035ff3bfdda18dcf08894f58505c0cd4b18acc47dbc2012940c9e42070e7e03fe57acd1d91fb964420282a40b8aadf435d9b01c3553a51ba04838691a5ef2f6f1e9c33e8cac441602abdd390f2db45ad509ff5c83472b4d4743aac4c1790423917730df67bac8fa9514b4b868efc433ef2b6525380bc44fe466a06dce9ccbfbbf5e02360c9fb86fc6050efd87ff16908b664df0874dd914557251baf92e08d71cf7d3878c0c4fc86b2a2c877c1eefe3202e3dc1e08e78dbabe43e9634676cd2cf119ed0116e79cd8643e3418fdf9cf4521d398ea707e68e74f246142c3f05ad1b961542aaedabb7ad48b820e0d08ab4f1f41cd4914ede64676469821cb92acd3cb3b23b47d7a32bbafde0e27b27b6790a7f03214e9e9f8f3d6f6d860a2bd411ce2d35b3b1fd66a2f843c0f9d8dfafcd124a645a432b2be4fa339ba9c49e5216276b4c72d733c19e0bdbb65b9be589c748e659ec618d381779dd98cd1afcf3e20f94768db12cd248c6344d370b4c8b0a21d8d35c85ce956d3068932890fbafe02a32f9044866b51d75c2627d3eec5faaa05a122091046de407aa1e0b32b0922fa12e4fe020c9b56270f5872f83368e4055c55f7ee2783fcd3730863a0afe15f89dc320e9cc8f35c6c504ea64d194650f62b691be5a06a49a6171e65a7f12530305686e7c9cd0a8794e01284ab759b4f8ea30eb7ff61d5d298ef6f9a447b654039621e39fbd4a258e1354fb676ea2218b019a21e3bc7139e77f81a2435d207cb86a1970bf41a19014b6a0668fc071964973c9a0fb63899bb5e1017f9b1e49cc7d379a33b5ff26572be3ca3c32a37656654398faffe7fc5f926c693c8a3bb9d619fd482156c67a6a289f0ed21ed3dac93efbbb58f349d13f67546477554589508961cea9ac7b3e33d86fb30c9eb23df0e4badb4e2e57ed815666ad2b7ddc30e2519363989fcdd61b6f90e4e32e39e60a6738a18bd2284b16fca61ab949a987591fb886a5c739aa72d4e1ebe8ef2ace32052303e958f590de192d6671b8009c90246d64ed9e5d12766b9f706f6d5a96a3de6a5258f6ca75e5feeba0bb2278c031d1efbdb7778b45e6c953bb7e76c3369a7532d4e2c42d3525d17352eb30cfda74f19ca06b3352363ec02a63c23222f914ce"}, &(0x7f0000002dc0)=0x1008)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000002e00)={r8, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x36}}}}, 0x84)
mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000002ec0)={r0, 0x7, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x100000001, 0x0, 0x9, 0x13, 0x1, "222d0b0a5dd13d05541850064d2662198b8d311c09c76265f82b37ed50fa2c05ed944d29b2fe2a2cc91afbae2e3cfffa93dc31f351c59634927bf78ce32a96ce", "751478ebd9af5c371c0731bfabae53db8fe3b0a56046307f7f857fa2cbf77e15be7ca21eecc5440db93378bf7fd855f373d03f58070187974f3b9aefcb131df9", "75d92e373952bdaf5363fcead55eb6bcc534ead7a72e5ec53af7d1a03211be42", [0xa, 0x8]}})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000003000)={<r9=>0xffffffffffffffff})
r10 = syz_open_dev$dri(&(0x7f0000003040), 0x2, 0x4200)
ioctl$DRM_IOCTL_ADD_MAP(r10, 0xc0186415, &(0x7f0000003080)={&(0x7f0000ffb000/0x2000)=nil, 0x4, 0x4, 0x4})
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000030c0)={r8, 0x800, 0x8}, 0x8)
syz_open_dev$media(&(0x7f0000003100), 0x3, 0x202b02)
setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000003140)=0xffff, 0x4)
recvmmsg(r9, &(0x7f00000059c0)=[{{&(0x7f0000003180)=@nfc, 0x80, &(0x7f0000004500)=[{&(0x7f0000003200)=""/1, 0x1}, {&(0x7f0000003240)=""/192, 0xc0}, {&(0x7f0000003300)=""/177, 0xb1}, {&(0x7f00000033c0)=""/4096, 0x1000}, {&(0x7f00000043c0)=""/85, 0x55}, {&(0x7f0000004440)=""/135, 0x87}], 0x6}, 0x7}, {{0x0, 0x0, &(0x7f0000005700)=[{&(0x7f0000004540)=""/140, 0x8c}, {&(0x7f0000004600)=""/4096, 0x1000}, {&(0x7f0000005600)=""/112, 0x70}, {&(0x7f0000005680)=""/121, 0x79}], 0x4}, 0x2}, {{&(0x7f0000005740)=@can, 0x80, &(0x7f0000005980)=[{&(0x7f00000057c0)=""/9, 0x9}, {&(0x7f0000005800)=""/32, 0x20}, {&(0x7f0000005840)=""/222, 0xde}, {&(0x7f0000005940)=""/34, 0x22}], 0x4}, 0x7f}], 0x3, 0x40000001, &(0x7f0000005a40))
sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000005b80)={&(0x7f0000005ac0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000005b40)={&(0x7f0000005b00)={0x10, 0x3fb, 0x1, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x24008041}, 0x0)

2.24782921s ago: executing program 6 (id=7033):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0x30d, 0x8000000, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x30}}, 0x4000080)

2.046719703s ago: executing program 3 (id=7034):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x10000}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xb, 0x9}, {}, {0xfff7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @loopback}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8848}, 0x0) (async)
socket(0x400000000010, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
setresuid(0xee01, 0x0, 0xffffffffffffffff) (async)
write$tun(r6, &(0x7f0000000300)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x8, 0x4, 0x0, 0x3e, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local, {[@timestamp={0x44, 0xc, 0x67, 0x0, 0x0, [0x4, 0x3]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @eol, @generic={0x0, 0x5, "d58838"}]}}}}}}, 0x4e) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000380)={{0x3, 0x81}, 'port0\x00', 0x41, 0x20010, 0x2, 0x1ff, 0x8000, 0xfffffffe, 0x8, 0x0, 0x4, 0xf4}) (async)
r8 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x80081, 0x0)
fsopen(&(0x7f0000000080)='nfs\x00', 0x0) (async)
write$uinput_user_dev(r8, &(0x7f0000000840)={'syz0\x00', {0x1, 0x8000, 0x9, 0xac23}, 0x40, [0x10, 0x8000, 0x7, 0x7, 0xffcf, 0x7, 0x8, 0x1ff, 0xe95ab6b, 0x1, 0x4cc59373, 0x0, 0x8001, 0x1, 0x6, 0x8000, 0x4, 0x1, 0x2, 0x6, 0x3, 0x4, 0x10000, 0x0, 0x4e3, 0x1, 0x7fff, 0x9, 0x0, 0x2, 0x1, 0xe, 0x8000, 0x1, 0xa0, 0x80, 0x7, 0x3, 0xbc49, 0x696, 0x8000, 0x1, 0xb, 0x7, 0x7, 0x0, 0x2, 0x3, 0x3, 0xff, 0x1, 0x4, 0x5, 0xffffffff, 0x0, 0x8, 0x7ff, 0x4, 0xfffffffe, 0xffffffff, 0x3, 0x100, 0x5, 0xb], [0x7, 0x9d2, 0x80000001, 0x800, 0x3, 0x9, 0x7, 0x7, 0x5, 0x80000001, 0x8, 0x40, 0x9, 0x8, 0x80000001, 0x4, 0x0, 0xd, 0xfffffff7, 0x3, 0x0, 0x2, 0x2, 0x3, 0xb, 0x66fe, 0x6, 0x5, 0xe03, 0x3ff, 0x4, 0xfffffc00, 0x1, 0x4, 0x3ff, 0x3, 0x7f, 0x3, 0xd08, 0x1, 0x1, 0x22, 0xfc000000, 0x0, 0x1, 0x4, 0xe34, 0x3, 0x0, 0x1, 0xe8, 0xffff8004, 0x2, 0xb, 0xd7a8, 0x6, 0xbdc, 0x3e6, 0x2, 0x9, 0x0, 0x8, 0x7fffffff, 0x6], [0x1, 0x9, 0x7, 0x590, 0x10000000, 0xb0, 0x8, 0x5, 0x2, 0x4, 0x6, 0x7, 0x3, 0x3, 0x4, 0xe, 0x8001, 0x1, 0x0, 0x9, 0x200, 0xbf1c, 0x79fc, 0x1, 0xf9, 0xffffff26, 0x0, 0xfffffff7, 0x9, 0x1, 0x7, 0x2, 0x8000, 0x10, 0x5, 0x3, 0x1, 0x10, 0xb8, 0x6, 0xec5f, 0x8001, 0x7fffffff, 0x1b9, 0x8a7, 0x1, 0x8, 0x3, 0x1, 0x1, 0x4, 0x3, 0x74da, 0xec9, 0x140, 0x6, 0x3, 0x6, 0x1, 0x7fff, 0xa, 0x86c, 0x7, 0x1], [0x0, 0x20f, 0x80000005, 0x200, 0x0, 0x3, 0xb, 0x2, 0xffff, 0x4, 0x9, 0x80000000, 0xffff, 0xb7, 0x3a1, 0xfffffff1, 0xffff, 0xc, 0x8000, 0xfffffffe, 0x9, 0x3ff, 0x1, 0xdf76, 0x63, 0xa, 0x7f, 0x100, 0x40, 0x3, 0x2, 0x8, 0x8, 0x7, 0x4, 0x2170, 0x0, 0x2, 0x6b2, 0x9, 0xcd5e, 0x59, 0x9, 0x6, 0x6, 0x6, 0x5, 0x1, 0x0, 0x4, 0x9, 0x6, 0x1, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x5, 0x3, 0x8, 0x1, 0x5, 0x6]}, 0x45c) (async)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async)
syz_emit_ethernet(0x6a, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500005c0000000000019078ac1e0001ac1414aa05009078e00000e0400000000000000000110000ac14"], 0x0) (async)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x4}, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040010ec8a9d6c270010000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
socket(0x10, 0x3, 0x0)

2.027375505s ago: executing program 0 (id=7035):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_io_uring_setup(0x3b12, &(0x7f0000000300)={0x0, 0xbe54, 0x8000, 0x2, 0x1b3}, &(0x7f00000000c0), &(0x7f0000000200))
ioctl$SNDCTL_SEQ_SYNC(0xffffffffffffffff, 0x5101)
io_uring_enter(r2, 0x3a11, 0x8f62, 0x40, &(0x7f0000000280)={[0x6, 0x10]}, 0x8)
ioctl$XFS_IOC_SCRUBV_METADATA(r0, 0xc0285840, &(0x7f0000000080)={0x3, 0x2000000, 0x7, 0x0, 0x6, 0x2, 0x0, &(0x7f0000000000)=[{0x0, 0xfe, 0xd0}, {0x1c, 0xfe, 0x2d}]})
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x8}]}]}, 0x5c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x6c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x44, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

2.013944568s ago: executing program 6 (id=7036):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg(r4, &(0x7f000000e040)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000480)="e43652f2d49fabfb5117d2bf57aae31397cbcbb61e28c41d05ce1a081b028b7d66a67422797789f8474ec09eeaeba269876b14e2735c433029f7756dee94e332041b650f00912aafbe0581424e0e25aa2c0cb5d8186291acb225a1553744d4d3adea0827bc6c627774b4e779e6de8c616f33a4f9af0d386ce5787681d6e9dfed1306d07edea5c1c4e4d8513abd739c64b7a256d5cb6413246ce92048ab1a835ba7a8e6125507dc0f06dd118189787fd532f35ab938433ff34648280d19dda66336e7f3f16202622d1db8344bb49b500d017e25438763a1cac420a4", 0xdb}, {&(0x7f0000000580)="c8067fd829110cf90855c8d9ebfbf6502cffe243a7ad3898722bd1f3794a84765c632b31acb073d94d2a84cc7abf0c06f67f634ef135019b6915beed15618cff4926160a6d1971eea8904717d5eb9231cbeeab51af0c4f3efb21fee535599f1e331f1b2ed9b70aa81e5362c24d2462e41024337b488ce4dc75cbf66edaa9bed8a5861d0c364b0234d3dd8e62cf510767f623", 0x92}, {&(0x7f00000008c0)="46106608c094f60cda67ab7836bdc9ab01d64034b576c8f84bbb54d4319b7d514254f670cc26dc413f0c8b7152ac9dd6190d3cf59883fa19328e172b418baaf65e2baf2e492e6056648043f9c7b33653da22af23cdfb643bdb180ed7e8301b1d321ac18a2394a1b666802535a700bcc1a4f199ea2379c0bb4a0a48e6eed571f276e47f7de1a9a592ea298c233c05908f69694728c2bb85bca31d28d1558e0d3e8c00514bf8255eb8903c3dc11ae46e5c6c1584f97d53cb431692242894e1afe1bfc77866e8b43c85042fe2d57e6f64e254bbaebfed5817044234a796ec68351fdf98686c6e89336a710520c0f45b866d1c2b8fd7c6e2c92e3253a2ec3c51e8c35573c751d8aba86beb5393e55dc9ab5407bd995f500e5495f7c6091400a2d1ab1e5d1a715daceb36e7e09f87d84c018c51d47ea62fd1a81e904e31369e5e6176ee7c9ee9a7bd2450507662ebd82b94d2b2ca8e27", 0x154}], 0x3}}, {{0x0, 0x0, &(0x7f0000003b40)=[{&(0x7f0000000640)="6fe90134084a94f6335613bf63a46e190ba599bfebf00501abeb0e37006e57188f3d51dfe47da99639896f476879617f8ed7c3bf7e4ecdd085ddad75a821d450f538e0268132edcce0d557e64ac758e288974bf3004af1f1e3b114ecd4a32cca75d8c068f755f9ed5e40791e77a911107825549994946bc3be2951daf3da9c9af2dea2e87e7a", 0x86}, {&(0x7f0000000300)="2f5132b6ea1b83f577cbd6dedd265751e83602534947895c4b62", 0x1a}, {&(0x7f0000000700)="fcb274029272d65feddba14819bc286602680f66113521d875f82a78ae9d056b106879fb1ee032802d21aeb5b892645022adea4fe4862a5b62a7b49c508bc87d56b08d7f858f43694a74bf037b1fb6f65c54da6fe2095f97530e0a4fdc4813161f996331be96a526066705183639c8b5babb79bfee2e1a7db1b6e7d3da4da452d5", 0x81}, {&(0x7f0000000380)="78eabce43d4d4f9b9b83e38abe9560196192378f1713ce2b", 0x18}, {&(0x7f00000003c0)="f322ea26eaab6c66af9142fa05f182c091f19d79b9", 0x15}, {&(0x7f00000007c0)="cbca5037f4e8537ce221454f495d4c58a099f31591ae33457eaca1466a636278e1233ac3bf4def26de44994ed7bf27f6d4fa1fe6be9bc0ebf689b4c2a781a64ad941f78128d5ba20e53ffb5399774150e3eddce528bdb0b25b0635f9489f0a98fff9754275a04d0c18ccf378fb74cc1584869d60862f6b037d4219d6cd7710597c2fe6079e7f618bf7b26b34d18a98ef3db25b7a2317aa38", 0x98}, {&(0x7f0000002b40)="eafe9ef721876e8092e244f3bc67b701a2729397d1ea06c60798e49158e603ed7317adb0f84268483687ec0eb04aa450cf4e9668933b1acf6d689370d52b1760204dad9e2fb000ffd0fffa681199640fba1e654b80e7d04591eee5cddf37edef1040e70836002bfc3afacc558725f38d79abb209e5d5f6d0b3d34382e4cd315d805ebbb0b82931667192b0ee15e52ab6b1cbdbd960b212877ecc3df4afca77fb4d6849cb24ef57c7e51cf3d8c26989198ecb6ea3bcca8fcc1bd50412d622ad68864ce57dad63b4a691b405ac486575736616b4aa10729b960e34e178db8a1ccad568a7b11e797c036faee5df2d5d4828002dfb7400245ed2755d3fb14e04536bd3dde136c60fa7dc3b8e2c34b837cf66d2c15d8bd3c2d0883dba49465ccbcdc937c34a0890fc62b4640d03f4f9d1e121cda698dbd2a6f820da9bd70fbb9b9988d6faa9f90f47d86b5a35e5e92062aa9df063b7f812efb37b1e87f657bcec0847181ab6b85a8a37ac8ea50504674268ab86b666ed6f3b19623503af871000e5e2bb932964bfcca9d11d582618cdb3e6a9483d43f9fe08c5ccea551c6f8375ff8c48e85bf2ed2fdef5d994bf60ded6b42367b418da0d1ff54849a6ade5763b23d127289738f3f3be771f98b82657256c0ab5dfec7e70c3f462d9d633b14e8fcfd8d5dff8d8e5d431e886351326122a62dcf1cc3ca2d0053717c45aa46e93ef04cace4b073d6c814d338d95427eada29dcbad24c0cf12ac37648dedea3269b17f6f716bc15701153771d54ad31639d4c642964c47d1a6f183911f678a450ecf9f58322723c7c1d94577826593897af06c2320c5385c54896bf016933ba8b6f4c2959c8f5ad87f8070465e627ab3bf74eeaab9acb188a260513e4472365eea6b2fdcc334675f30d78350e922115fd1b450b53052fbbc9fda9c163ab0c8fc44e41406f7f5db72a9fe0795cce5bd2d08e885baabad34dbdabd7470e4be629e97cbc5c5634ebc4eda381b2f4216fb350b69c99c7dda327c0deac3724b631a9cf48983ec697090a5a8a12966f48ac54897794680a4b0b9588bf75bb0b5c329c3f08a25b0453a97609128cc1d33b73366d81d0992953deec307fb4e690991a818a15a0a241792a16e32c752c918929a3397df24e5862615d1c99cac46a6b7c3afa0569f9caa3dfe654a22f4f23f0547b7a356f8a0862d9b23ec1facbbd4c117e28dcd5b400102fcfe6bfb66a67e42c7f4e0865b9556f91a2d9b5008ad01a7a9d77e8d3e256d03b441840415b54c48673030cc8cfd825b0f390628f85eebc031cdfa6b3d26b0da4b0b047845f74b1f99e95eee81046aaeeded615d7a251cc23c7a1a102f9ed462668e6612690215eac2c9e000774c7cca3c2b8af49a5032f29e0c35f14b8530a73ef249b7bbe1ca717ce750da32cb2aac698ead6d6e14bb10f948be97068e68ffa3a68869ed354474240799a5ad8d645d15a580877116c4e19da9a1fbef31bb2c75e2b7c6736e02c1b8003e0d65bf040410123127292b9f4b44e8c267b8fac47efefaa6fb85327bb9ddd6d903339068e6dfce6b8239b84de373dba7a820c7ec8d6a08a53a5339511740c4842b990864c2d10faaa35ff394687531a65ff6cc0018511b43d3c1def7d4bde3ab45cfd471b5d55a330896351dd68e7500d025bf24a623d1134ba07ac47e4aacbd678f5eece8369f946f685b8a87c850dd21831d93c4876d6ed2a4d8889775fcee08bae84a86ea08efb851ae754c48", 0x4db}], 0x7}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f000000cc40)=[{0xc, 0x116, 0x8}, {0x10, 0x1, 0x1, "17"}], 0x1c}}], 0x3, 0x40840)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000a40)=ANY=[@ANYRESOCT, @ANYRES8=r0, @ANYRES8=r5, @ANYRESDEC=r4, @ANYBLOB="9c6e149d8acc53b197cb9b4741682277792b28832d6857678fd3622060f040e53e06fb3800b23a20587e8414024203f83d", @ANYRESDEC=r2, @ANYBLOB="937f80d769997e44ee71b9238bdef18bc86fc745abce8de3500949d3b764fe4bba911117739f162a56c21ed38d91d37688f8ce83aa5c3223b045d22e308eccec911d3b716d882d3a9a0c536324172003440f6c943a1cda2c87c61f08b68fa948fc04995257fdc1c1f010d8ec8fb7be60a563540bbfe3b44366775d8fa55ff323f8ccd628b64e748289a8b30b5b89af74f4421abad7b2ed2675b43a24602d252e676909f206972117c1cce9", @ANYRESHEX=0x0, @ANYRESHEX=r0, @ANYBLOB="cfaa7af04d7d0c6b5ce26e7fd9dc8437a97deec5c27a58075a542e60"], &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})
socket$kcm(0xa, 0x5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000240), 0x200, 0x0)
r7 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
poll(&(0x7f0000000080)=[{r7, 0x4110}, {r7, 0xa274977181339ebd}], 0x2, 0x7f800)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x1)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6(0xa, 0x1, 0x6)
getsockname$packet(r8, &(0x7f0000000200)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
listen(r2, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f0000000140))
socket$nl_route(0x10, 0x3, 0x0)
futex(0x0, 0xd, 0x1, 0x0, 0x0, 0x2)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)=ANY=[], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001240)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74, r9, {}, {0x0, 0x1}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0xc9, 0x8}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc084)

1.775197241s ago: executing program 3 (id=7037):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="680000001000ffff25bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1414000021200000400012800c0001006d6163766c616e00300002800800030003000000080001001000000010000580c6b031d5336c5af9aabb00000a000400aaaaaaaaaaaa0000080005", @ANYRES32=r2], 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x8000002)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1.756104867s ago: executing program 3 (id=7038):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket(0x22, 0x2, 0x3)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000003b796820d33d9e5702006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x5cf103, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
r7 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000300)='source', &(0x7f0000000180)='%\xde({^\xfa@:', 0x0)
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f00000001c0)={"3c24139ed44aec57f2e2ad238e7b448ed886923c31d4b8affbf514fd00", r4, <r8=>0xffffffffffffffff})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r11, 0x4138ae84, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
close_range(r2, r8, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e22, @multicast1}, 0x10)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000180)={0x2, 'gre0\x00', 0x1}, 0x18)

1.415418953s ago: executing program 0 (id=7039):
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
writev(r0, &(0x7f0000000000), 0x3)

1.323003185s ago: executing program 5 (id=7040):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x6, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x4, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0xd, 0x0, 0x9, 0x3}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20048081}, 0xc0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
r9 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000840)=@xdp={0x2c, 0x7, r10, 0x3e}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\x00@', 0x5dc}], 0x1, 0x0, 0x20}, 0x4)

1.30754187s ago: executing program 0 (id=7041):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x0)
ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000100)={0x2, 0x2, &(0x7f0000000040)="25b6"})
chown(&(0x7f00000040c0)='./file0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c81, 0x0)
r3 = io_uring_setup(0x5f41, &(0x7f00000001c0)={0x0, 0x0, 0x2})
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[<r5=>0x0], &(0x7f0000000180)=[<r6=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r5, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r5, r6], 0x2, 0x0, 0x0, <r7=>0xffffffffffffffff})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, "b1eddb851ba62b00d8730000000000000000000800"}})
close_range(r3, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, 0x0, &(0x7f00000000c0), 0x80, &(0x7f00000001c0)=ANY=[])
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x6, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)

1.23531822s ago: executing program 1 (id=7042):
clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000140)={0x2, 'vlan0\x00', {0x3}, 0x6})
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r1, &(0x7f0000000d40)=ANY=[@ANYBLOB=' \''], 0x33)
r2 = gettid()
syz_pidfd_open(r2, 0x0)
close(r1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = epoll_create(0x6)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000480)={0xe000201c})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, &(0x7f0000000140)={&(0x7f0000000440)=[0x1, 0x1, 0x6, 0x2f, 0x4, 0x40000000, 0x6, 0x3, 0x5, 0x5, 0xe, 0x3ff, 0x6, 0x0, 0x401, 0x401, 0x401, 0x6, 0x8, 0x80, 0xfffffffb, 0x7ff, 0x0, 0x0, 0x5e, 0xfff, 0xc0, 0x0, 0x6, 0x9, 0x3, 0xffff, 0x9, 0xfffffbff, 0x2, 0x40, 0x79521cad, 0x2, 0x7ff, 0x3, 0xfff, 0xfffff6bd, 0xff, 0x727, 0x2, 0xf15, 0x8d, 0x80000001, 0x9, 0x3ff, 0xc, 0x8, 0x7fffffff, 0x7, 0xfffffffd, 0x1, 0x9, 0x8, 0x1000000, 0x1, 0x7, 0xd, 0xff, 0x1, 0x3, 0x8, 0x8, 0x2, 0x6, 0x80000001, 0x2, 0x6, 0x9, 0x4, 0xfffffff4, 0x401, 0x5, 0x5, 0xfffffffc, 0x7, 0xfffff801, 0x1ff, 0x4, 0x7, 0x80000000, 0x9, 0x6, 0x3, 0x7f, 0x5, 0x0, 0xe, 0x9d4, 0x9, 0x80000000, 0xc, 0x5, 0x1, 0x3e44, 0x4, 0xffffffff, 0x6, 0x2, 0x0, 0x8, 0x8, 0x0, 0x8, 0x7, 0x0, 0x5, 0x7, 0x7, 0x0, 0x4, 0x1, 0x526, 0x6, 0x8554, 0x19d9, 0x7fff, 0x5, 0x9, 0x14, 0x81, 0x5, 0xd, 0x9, 0x9, 0x2, 0x10, 0x3eb4, 0x9, 0x6, 0x8, 0x9, 0x3, 0x717, 0x2, 0x9, 0x3, 0x9, 0x0, 0x7f, 0x10001, 0x4, 0x3, 0xc, 0x4a, 0x0, 0x949, 0x5, 0x3ff, 0x3, 0x9, 0x3, 0x74be5b67, 0x70, 0x791, 0xf0, 0x6, 0xa4, 0x800, 0x0, 0xc59, 0xd, 0xad, 0x0, 0x7fff, 0x5, 0x3, 0x80000000, 0x2, 0x0, 0x4, 0xfffff000, 0x400, 0xc3, 0x200, 0xfffffffd, 0x2, 0x9, 0x40, 0xf70a, 0x6, 0x4, 0x80000001, 0x6, 0x3, 0xef61, 0x10, 0x4, 0x1ff, 0x2, 0x1, 0x9, 0x1000, 0x9, 0x3, 0x5, 0x7, 0xfffffffe, 0x8, 0x6, 0x2, 0x80000001, 0x5, 0x8, 0x0, 0x1, 0x7, 0x80000000, 0x6, 0x5, 0x9, 0x6, 0x9, 0x80, 0xe068, 0x4, 0x12000, 0x200, 0x0, 0x1, 0x6, 0x8, 0x7, 0x3, 0x2, 0xfffffffa, 0x7, 0x5, 0xffffffff, 0x1000, 0x6, 0x93, 0x4680, 0x3, 0xfffffff7, 0xf4, 0x7, 0x5, 0x8, 0xc01, 0x7, 0x3, 0x7, 0x4ed, 0x7ff, 0xa1, 0x1, 0xffff, 0x7, 0x6, 0xc7, 0xfed, 0x401, 0x46, 0x7ff, 0x3, 0x4, 0x5, 0x5678e40f, 0x1, 0xe7f1, 0x4, 0xff, 0x7, 0x2, 0xb, 0x0, 0x7f, 0x4, 0x7, 0x9, 0x7, 0x7, 0x800, 0x6, 0x3, 0x24, 0x20, 0x4, 0x1b71, 0x1, 0x40, 0x8, 0xb, 0x3, 0xb, 0x6, 0x0, 0x757e, 0x8001, 0x84b9, 0x40, 0x5, 0x2, 0x7, 0x40, 0x5, 0x5, 0xd295, 0x5, 0x9, 0x1, 0x7, 0xfffffff8, 0x6, 0x4, 0x1, 0x9, 0x74, 0x1, 0x3, 0x10000, 0x0, 0x6, 0x6, 0x89, 0xa7, 0xfffffff7, 0x8, 0x80000000, 0x6, 0x2, 0xac6, 0x5, 0x8, 0x475, 0x7fff, 0x5, 0x5, 0x2, 0x4, 0xa47, 0x3, 0x5, 0x40, 0xa, 0x2, 0x6, 0x5b, 0x2, 0xfffffffc, 0x2, 0x5, 0xfffff005, 0x6, 0x9, 0x76, 0x8, 0x6, 0xd54, 0xffff, 0x5, 0x8c000, 0x9, 0x2, 0x3, 0x0, 0x0, 0xa7, 0x100, 0xfffffffd, 0x401, 0x5, 0x0, 0x8f95, 0x2, 0x9, 0x4, 0x3, 0x80000000, 0x0, 0x2, 0x10, 0x1ccb6586, 0x6572b0b3, 0x5, 0x41d8, 0x2, 0xad4, 0x6, 0x3, 0x0, 0x81, 0x6, 0x81, 0x7fffffff, 0x4, 0x1000000, 0x5, 0x9, 0x20080000, 0x3, 0xffff5977, 0x6d, 0x7fff, 0x0, 0x80000001, 0x2, 0x2246, 0x5, 0x4, 0x3ff, 0x10000, 0x7f, 0x6, 0x2, 0xfffffff8, 0x8, 0x6, 0x4, 0xffffffff, 0x6, 0x101, 0x9, 0x2, 0x1, 0x67, 0x8000000, 0x0, 0x80, 0xfffffeff, 0x7, 0xa, 0x8001, 0x0, 0x401, 0x2, 0x9, 0x8, 0x8, 0x3, 0x84, 0x8, 0x5, 0x4, 0xfff, 0x2, 0x80000001, 0x3, 0x4c46, 0x1, 0xd, 0x9, 0xffffb589, 0xf9, 0x6, 0x400, 0x88, 0x9, 0x5, 0x8001, 0x3, 0x80000000, 0x5, 0x80, 0x7f50, 0x90ae, 0x1, 0x1, 0x3, 0x0, 0x788, 0x0, 0x9, 0x8, 0x8, 0xb, 0x25, 0x8, 0x5, 0x0, 0x2, 0x1, 0x8, 0x9, 0x621, 0x2, 0x9, 0x3, 0xeaf8, 0xd, 0x7, 0x8000, 0x3, 0x10, 0x9, 0x3ff, 0x9, 0xfffffff5, 0x629c, 0x0, 0x4, 0xffff, 0x2, 0x10000, 0x58d, 0x8, 0x1, 0x5, 0xed, 0x7ff, 0x8, 0x8, 0x0, 0x7, 0x9, 0x28c6, 0x3ff, 0x7fcefea9, 0x10, 0x1ff, 0x2, 0xfff, 0x0, 0x1ea, 0x1, 0x9, 0xca2, 0xcc9, 0x9ebf, 0x3, 0xc, 0xe, 0xfb8a, 0x1, 0x4, 0x8a3, 0xd094, 0x2, 0xfffffffe, 0x2, 0x8, 0x7d, 0x7, 0x7, 0x1, 0x100, 0x2, 0x7f, 0x8, 0x9, 0xb, 0xd3cc, 0x1, 0x0, 0x0, 0x4, 0x3, 0x38b, 0x1, 0x7ff, 0x544, 0x1, 0x7ff, 0x0, 0xffd, 0xfffffff7, 0x80000001, 0xffffffa6, 0x3, 0xa8000000, 0x81, 0x2, 0x8000, 0xfffffffd, 0xb3ea, 0x7, 0x10000, 0x8, 0x4, 0x1, 0x0, 0x9, 0x7, 0xff5c, 0x4, 0x40, 0x5, 0x1000, 0x2, 0x7ff, 0x5, 0x9, 0x6, 0x1c8eb122, 0x3, 0x401, 0x10001, 0x5, 0x400, 0x80000001, 0x4, 0x9, 0x1, 0x1ff, 0x0, 0x8, 0x7, 0x10d2, 0x5, 0x6, 0x80000001, 0x5, 0x0, 0xfff, 0x5, 0x3, 0xaf0, 0x4, 0x0, 0x9, 0x0, 0x9, 0x0, 0x1, 0x9, 0x1, 0x0, 0x0, 0x9, 0xfff, 0x5, 0x0, 0x4e, 0x8, 0x500000, 0x3, 0xdd4, 0x2, 0x753, 0x2, 0x8, 0x7a9f2f07, 0x400, 0x9, 0x9, 0x1ff, 0x5, 0x1589, 0x6, 0x1, 0x80, 0x8, 0x8, 0xa660, 0x9bd, 0x2, 0x7, 0x26b7, 0x1, 0x0, 0x0, 0xfffffffc, 0x8, 0x8, 0x8, 0x9, 0x7, 0xfffffffc, 0x5, 0x3, 0x10, 0xfffffff9, 0xafe, 0x893b, 0x9, 0x7ff, 0x1, 0x401, 0x2, 0x1, 0x80, 0x5, 0x7, 0x0, 0x6e44, 0x577, 0xa, 0x3, 0xe, 0x2, 0x5, 0x3, 0x8, 0xd, 0x2, 0xb, 0x5, 0x7, 0x7, 0x8, 0x9, 0x401, 0x30000, 0x4, 0x0, 0x4, 0x1000, 0xd492, 0x37c, 0x6, 0x5, 0x65ce8d, 0x9, 0x6, 0x1, 0x0, 0x5, 0xfffffff8, 0x1000, 0x1, 0x70d, 0x7, 0x6c23dc95, 0x6, 0x2, 0xfff, 0xc41, 0x6, 0x0, 0x0, 0x81, 0x5d46, 0x6231968a, 0x2f, 0x1, 0x5, 0x9, 0xffffff81, 0x7fffffff, 0x1, 0x7, 0x7, 0xff, 0x33d7, 0xf, 0x8547, 0x0, 0x9, 0x101, 0x3, 0xa3, 0x9, 0x193, 0x9, 0x2, 0x101, 0x4, 0x4, 0x0, 0x1, 0x3, 0x1, 0x4, 0xc24, 0x10000, 0x8, 0x9, 0x5, 0x80000000, 0x9, 0x12aa, 0x3, 0x400, 0x6, 0xe2f2, 0x4, 0xd, 0x315, 0xe, 0x7fffffff, 0x35, 0x7, 0x1, 0x6a, 0xd, 0xffffffff, 0x2, 0x49, 0x3ff, 0xc5, 0x80, 0x1, 0x100, 0x1, 0x1, 0x800, 0x4dd, 0x477, 0x5, 0x3ff, 0xff, 0xc295, 0x1, 0xfffffff8, 0x3, 0x0, 0x4, 0x83, 0x3, 0x7fffffff, 0x101, 0x0, 0x2, 0x8001, 0x800, 0xf, 0x0, 0x3056121b, 0x9, 0xfffffffb, 0x7fffffff, 0xe, 0x2, 0x800001, 0x2, 0x20000000, 0x48c11b0b, 0x1, 0x9, 0x80000000, 0x8, 0x6, 0x3ff, 0x8, 0x3, 0x9ee, 0x10001, 0x9, 0x80, 0x83, 0x40, 0x5, 0xffffff00, 0x6, 0x9, 0x0, 0x0, 0x5, 0xffffffff, 0xf, 0x0, 0x2, 0x9, 0x418d, 0x9, 0x401, 0x6, 0x10c, 0x6, 0x0, 0x8, 0x7, 0x8000, 0x3, 0x2, 0x3, 0x3ff, 0x3ff, 0x4, 0x9, 0x5, 0x2, 0x8, 0xfffffffc, 0x81d, 0x80000000, 0xada, 0x8, 0x195, 0x7, 0x71905d29, 0x101, 0x1, 0x21330607, 0x6, 0x9, 0x9, 0x6, 0x8, 0xc, 0x5, 0x8, 0x38, 0xffff, 0x7, 0xfffffc01, 0x6, 0x9d, 0x5, 0x5, 0x8, 0x3, 0x4, 0x8, 0xb, 0x3ff, 0x8001, 0x800, 0x7ff, 0x6, 0xb03, 0x3, 0x10, 0x200, 0xfffffff4, 0x8, 0xfffffffb, 0x40, 0x8, 0x80000001, 0x800, 0x0, 0x4, 0x7, 0xec8, 0x7, 0x3ff, 0x69, 0x0, 0xfffffc00, 0xffffff6b, 0x5, 0x0, 0x7, 0xffff, 0x1, 0x9, 0x80000000, 0xffff8000, 0x9, 0x496, 0x2, 0xa, 0x10, 0x6, 0x3, 0x9, 0x80000001, 0x3ff, 0x4, 0x9, 0x3, 0x2, 0xe6f0, 0x2, 0x2, 0x0, 0x4, 0x3, 0x2, 0xfffffff7, 0x3, 0x4, 0x9, 0x4, 0x10, 0x101, 0x5c, 0xffffbd1f, 0x7fff, 0x2, 0x8, 0xfffffff7, 0x1, 0x7, 0x3c, 0x5, 0xfc1, 0x3, 0x6, 0x1, 0x5, 0xfffffffc, 0x6, 0xfffffff3, 0x9, 0xc7f1, 0xc948, 0x57, 0x4, 0xf, 0xffffffff, 0x3, 0x3, 0x5, 0xffffff2c, 0x7, 0x7, 0x3, 0x6, 0x8, 0x52a7c310, 0x3c9c8e8b, 0x0, 0x1ff, 0x3d4, 0x81, 0x0, 0x7, 0x9, 0x8, 0x81, 0xb, 0x3, 0x101, 0x8001, 0x0, 0x81, 0x7f, 0xffff62d1, 0x40, 0x5, 0xc918, 0x6, 0x8, 0x0, 0xf, 0x0, 0x100], 0x6, 0x400})
r5 = openat$vicodec0(0xffffff9c, &(0x7f0000000440), 0x2, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0185648, &(0x7f0000000080)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f911, 0x80008002, '\x00', @p_u16=&(0x7f00000010c0)=0xa5b}})
socket$netlink(0x10, 0x3, 0x4)
epoll_wait(r4, &(0x7f00000002c0)=[{}], 0x1, 0x9450)

979.152655ms ago: executing program 5 (id=7043):
syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
r1 = dup2(r0, r0)
read$FUSE(r1, &(0x7f0000000540)={0x2020}, 0x2020)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000})
read$FUSE(0xffffffffffffffff, &(0x7f0000004600)={0x2020}, 0x2020)
ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e05411, &(0x7f0000000140))
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000002580)={<r4=>0x0, 0xfff, 0x0, [0xb21, 0x2, 0xfff, 0x6, 0x1000], [0x8000000000000000, 0xfe5, 0x7f00000000000000, 0x1, 0x7f0000000, 0x2, 0xfffffffffffffff6, 0x9, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe, 0xb, 0x80000001, 0x9, 0x6, 0x2, 0x1, 0x2, 0x0, 0x94e, 0x44, 0x3, 0xfffffffffffffff8, 0x5a3, 0x7, 0x1, 0xffffffffffffffff, 0xca8, 0x4, 0x9, 0xbb, 0x3, 0x7, 0x9, 0x7, 0x2, 0x9, 0xe000000, 0xfffffffffffff78e, 0xfffffffffffffff1, 0x3, 0x2, 0x1, 0x10001, 0x3, 0x4, 0xffffffffffffff74, 0x6, 0x100, 0x10000, 0xfffffffffffffff0, 0x3d46, 0x8cc0, 0x5, 0xfffffffffffffff9, 0x8, 0x0, 0x1, 0x7, 0xffff, 0xba44, 0x3, 0x200, 0x6, 0x3, 0x9, 0x7fff, 0x4dbe, 0x80, 0x4, 0x4, 0x6, 0x6, 0x48cb, 0x20000, 0x0, 0xd, 0x1, 0xfc74, 0x2, 0x8, 0x80, 0x9, 0xfffffffffffff628, 0x3ff, 0x8, 0x5, 0x8a7a, 0x2, 0x100000001, 0x8, 0x1, 0xffffffffffffffff, 0x8, 0x3, 0x7c80, 0x4, 0xd77, 0x1c, 0x8, 0x5, 0x2, 0x8, 0x6, 0x7, 0x2968, 0x9, 0x8, 0x0, 0xf4, 0x275d, 0x8, 0x1000, 0x80, 0x6, 0x5, 0xeae, 0x9, 0x1, 0x9, 0x3b]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f00000029c0)={r4, 0x69fa, 0x4e9})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0xaab5c000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x4, 0x2)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000000a0020400000000700000000"], 0x1c}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x22)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x2, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

949.887681ms ago: executing program 5 (id=7044):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b15, &(0x7f0000000000)={'wlan0\x00'}) (fail_nth: 4)

668.013483ms ago: executing program 3 (id=7045):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) (async)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x810, r1, 0xec776000) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8002, 0x0)
io_setup(0x4, &(0x7f00000003c0)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f00000005c0)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x9, r3, 0x0, 0x0, 0x3b0}]) (async)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
socket$pppl2tp(0x18, 0x1, 0x1) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x10000000, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x8000003d)
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000001740)='.\x00', 0x515001, 0x488)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r6, &(0x7f0000000a00)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0xc4f, @empty, 0xffffff22}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000000)="001036ffbd0a077c617f9c475f9526f9f1ce846e737358f5", 0x18}, {&(0x7f0000001780)="5a8af61a73b7b31ae01b105eb071c8553868c56af284fd53d993fb661413dc60e36de0a8c1bd77fbb20f2fed9ee4df7e229df17a623bdbb8a136d79488e9c41051bd3b0aebc70015a88a34fe3b2732a6e16d0580eca6403823668254e99b157d38d01174ef50b13cee9164bae1a923fea3551b559570c98608317058dbc40c6718926ca65243bb2d3f0c84521a2da82e5a7ce51b6ff025b6dc8bc2388ce3ac5af3b89b4a515c9b46736866ff123d987d5d0dbc509067daec1b9909ae6b25ce15eae62e34aca1913566a4622caefe8e90f1b8a417a6a5f309036048b0cba055f3fc04f4e50fabc4d84227ea90864f8aed34d11032a683d4298917c8b4a1151489b3e21cf38dce54fd98d4b917b0f47074ff29a31e57d16942deab17654c13c0034c0e3b0fc52048d0c80c53cc9cfdb4323c5f2b6201fc0d1ebc0aa239f51d2be001b99195a0b1452595901098f2e79af8ed2ac6d0bb002d0c38cd2fb3c9ecb813211a8334fdfc1100fc122e49f0edf0b15765e879195cd7370d3c034020b6df72d144d14032544c24f47fe909e3f77f98bb46721fa30f87a378f8acdef60f7c933b871c880bdac78669a0a61d516d8b726434157be68eec950bb8014a4f098fd9f86b8f54350e167d10e06ef075ddf4debc88a127114106e6a30721824d1d2cae706cf271e2bd1f0d5d09c7beba6a97b3a118bde184e2ac686a62b1f5efb7cfd141a83aa20d00ac9cbe7218da41338f6fcfa2333e2d66274cf54721a97999a2f8c66c85d95340bafd613d7389fcb1318cf1e1fd5f542a7806f653a5d37231dbdab162401b42346a0354727f6af3804482a2904419bd429dee9b6f242c3cfa1ff583e3443a876f1a0d27482bdf259242f07ce78576b9fa4fea93f779425dcc4ed41f370da936905889463c2aa125ff35010fc3be337c0e0ced5acb1371f2a708d055f6515de7a325302eadf7e80628b65e014008082e4b12ebececf48fb866eac44276a804cc98cadb277073e3f37308332f13c024c5fe941eae813949b582450c71292ef46acd6f46f228593caff64c872a558762620873fc991f4153a266c58a6c3d620e3d202920d1d161c33387342ddefef8ca09e8ecc735c72083000f487a55fed7dfdfbe9c8ef15873cfa8072994b06a842b7f4649bd5daaed3f2952a42e90e6c60c0b1802bb2ee1e32b22fd1e0facc295e69f175ef31b1c262080070af765bf83d1e7124035c35487d520ac6e1f1e27019b0bf1b1f9b83fad78f2e5968fffb8f64a9602cb17f6e7c4153f11ff8a344b9a0ea543af1493e9761fbf50e036bba1585fe5c133a27e6b6306598da0f5fa1bc70c5e14af5efd5d61c1d4be3cd87884750504404b0ffe1b35e47da91842292aefc161a3d0d8182ab19499d2e5d9780154f2781123899d988a1c41341a0053e348d104f270e73f9f06504c2b89870f47dd923d2a8edc9c3f3d93c12dd82abe81b8499d2ab534d9d31bb1cdc3612c996e532ed92065fda7a4b89561f4ee0402f725e821e6a53f9512dac1edd4b59900a3dc67e89e53a6c62569a8a9c10546464dc84befb8816d1edfd7d2e2f2cf60b7e765a3e64bb31c6633f768540f76d99a98fdb0370f5f357ce4fe006ec3a5358ca40154dcc6ee13362cc8aa2924718770fc174a750f08c26b9bbb37471aecb0ed7467dc431047038713536a9f03d383c7ffba16a182b0cf12a397a000788323d93e564f7c7922d7a6293c865317aeb8bffdfa2e00542adf07775d92b1cb7e387a36d32552ba2c161542ccd693ced4f59c3734d00185ff7d54b0097dc449056ff7a54130742a229e9436870c78028a8ac8174f0cde4f167bc891cff6faacf11aa0678684e26706dda44db60e24d5f691405993182c6e3e147ee1ed6d17a6015f2d30eb90b5902d9867ef4f8ab73a5ce0ef88053f6f5c9becc608790b0e6f4b7183a95c066b18d8533e7fa20a5a1720ae5eb0b16f8bd312e9e486b6f8779d8accd77178dd6fd39d508defb4a6079858559f10cf809b25834bbd246bf2fcce53026e3709236377cb37a34ec7dd3465299973825a06f4a1036220ae34d371a9fb38424ad0a228e1b873239978b84c6e97a24bdada62402e72db1654a22f6ce9a6ae70b6489131cb6c20c7cb8c9ca4b055b2831445796901cfbf008b618c2674058f96f5961a9235277de9b8b7630b643fff8bbfb2a04524881ffbf5f75bcab4da020e3d1d544c2a5e1496fe764c9f13ef1a459028e727b23f1e0856e150e10aae6e92944c0c2a4ff7dcac09fd2fa232a755437601ef8226786c376e3f9bb640c16b27cc1a4269fe38372c039c3a38e7990af33cf3f930214db226593070cdbc44b91cb1de8b8ff0d0ba8d9c1c17ed66a18cc3fd599ac41513336268b1a17bbd3159f87c77b81fefcb4a7027cc14b3011499503682f9dbe5e5e9167b20a9d003c5e180d8254151a7be6995181688e3e88395d040fb08b2871735572299e67cf2a423464c2fb6282e41a907dffecb53de7117ab8801bda03a8dd7bc8202d3b790614326eaf18889b00556d253f50190f9f7cd8e510b389d420439218158b7db8e88183ee10e2e1968fc2f49387c4a72796d9900096c1da9760a658bf39027181d4b695119b67ba254c85461d52c751fb6ff4ba5c7644d912acd4b8db686c278a7a19efa84a77619a5c50ca2be7ab79d40ca898377d9f892807a01c8fbf996e72a013a7179c0d56137fff2ffdd685545c44d8412afca0bf9cd054f9b7b0a34bdefc5cfbdaf8d0f2af1ad7a22b2f268dbd79d21e1febbe714badc9153e932db84ff739843ad3cee12b4382369b9867bc1f0b224923247b1156491a3f04b108e256db45a06481d6bdc50d8a4240bc8a17ed447433416cccbdcac7affce72d1fa9aa6e0df4eb5ab65356c71312683603639e12ad4c681f0e52a8d132604062767ab8b3239175ff4341a55b527d3993aa5257330d3f319434e5c8c431383eb67e8341927dd50499a9de91697d131189034d76dd0ce7e9692207d7213c9e0c36153e9254596413ce1f682b8a7b703441a9226b8a72c5dac25ed9ba2c5c1029a19456c7743d9c7a0cc2523f19411ff3e4899a9d64546cb9a61e887a1560748e02e4a5ff433df195fbbf55bf0a9b25899aaac6665440846bf9e1036a35ee4e9614da8a99d43c5eefb4124e64df10895ef246bc31d0a66d437a76d0f5f665f7d9929543705a9ced671bdd6a1e61f1f3f0d63fdf4c7fa785760e3e280ef833b0cd6ad445eb02e40bfacceebbaa8f6eb269b8784fcae403116d1ae864a1a5587ad462d313affc2aaacecc2418de9f6a83e1b8f0b502e20027a1368a6bc318a0d4a6c80b797c997771f23d06b7d9e364bf282b7bac6a530d36651073ad777ee535433ec47c539b1f7b9701f1bd182c9e61dd6c5f14de1f2d4e74c747e3987f2c9395cfbf621afd1e60e6cdb3f5697d10ef97ee58cbfd91143e233be759c2d572004906660b7f54096608116033c50f6b7dc75564e005e3fd9a67eac4d1f293b3669df5c235308033f8dee36b8b5fbb000a36319ebe87327c63cc7f4d4a4604fba048e860b95c4587cdf940c08a50e52653ce6ef6e19848abc7ea07cb6a4a735ba9a4a4221ecb997b827e56f0ed42e6aa6edff3e891cfcd10f3f7a94e3a697394ad559760b84704684de53bfc03a833ebf4133c2ee21ec2355ddf39dd8a61e8ce7f44ea9b4790589274b987f44f694d6af19130efe8cdf0dcb8deceeac17f79d04bec47d5161a7847e8811b73ca748a814d6b5692528ef0d7778a95549a8e4a8ceed443d717d7f1b0a34db818ed4efafc662730121695282c5ff51ba37cb99aa55fa616719a5e6b7618d7cd0a78c33ff883895c53ece87c4be2df2a293755019d67b3ec8407346f4811687752f06c7e03f7b837282dcfa3561ebb2dcd15b7bbcb29bbda986622b4dee6709ed17c539714ef94d2730e2da0b2316407d94aafb169a466b304e624c64a31b3a95d8a74e598e5445f6a98631c2de77c6f5a6b1321353083aa7e7265fc1bf0a809f7a3198a0cf3af9c539298ed71abb85c1ce20a1e2bc586a88faf4cbbbf9c69bca3fbec53dccf5584c9d7c737de0872e7aff347acfe385c7576cafba1fcd775bd8a9540ee3c49f45487a00a1d99b4f37980157fcd0565b04e6a424eb9ab9633bebe3329f8ce6e97c508e9f9e82951d9c823dbf5ffcf932e22b98eb00c9a2e8cfbd37d602e59dd7b11c2ebfd6ba1db394b7a81f7a8754bb25dd8a777f7e7d2e4c0e73153f3636ad40301521661bdccd8a06aeb7f9901a9b76799332ade043cdc7f132682c89b53181496860746f2f21257f89451d5976df5fadde2522716ba52c44b9e5a0b3f20f9cb931ada2260a21c887b401e385c36db0694ab18a7050ccad7faba16133b6b72225905b4d26fe87ff5444db8052a55dc0055afe810ab6afc88e66dd72071fa248d9a17e7e88399a43516ee6f380d81637793957132ca4c5f73c4f2e9f20bce2c450736981c95e480c3f7e408e58b81e1651cdea4626b7ee0ef7d38595bc118a1df20890484178ad00139101be8781359231c99328c5cd2d9de179d2960f160c41e1b777f8cc568fd77cd52f7406a36155037dd54454422f6ad15ef0c78e5e09254a067a84f6f6268496b758be0d237bebb1ad953d704fb84f19da9d66bff28e9c97e3e5b473e09588febdcc13818416989aef4f17d6fdabf2cd0bbd44a6920ca49d7c66e9e19e5e47c0ba09fe772e31d7dd2d77a1233c9296f88d7ce2220046e0334544e6ec5c03a97eda265d14cf7361a888bca83c8d0874161a7d4dcf4cf285f1e8350aa521f72d5c3861f30c4e8ad3963ceee222a374301bf8bc4082d41d0ce0006a1af1a36bbb9dee8141f328f789ac76d32a41d3dfe7867017e15d93b2e3507b5bc161e13dafdd17756752157b1217e6d34b420713773fd1563f8a7cd98230ad3d10094dfca89c15f3a17995dd63ad917197c644b26781d0e31239a6e9aacf031faedfa479c86c285bc11ee962f0c96ff2153e5a321167c857e4a5f6a0cb79514b17d28eeb3a8dd93a9a5ff2d5b93582e4ae575bb053c0d5c0b1b1593532c659c509358a92639aec86459861b7ea2f14fbe4660feb6cbbd5f94035246f61edfe93937ef1c79845af870cfcbe76bf7365f3252aba23f5dbe706b0134550bcc908fc2bd75db387fe5c37d7c4aeaba064170aa7764a4d3ce641d915e61ceb440443de15ed446cfbe51cdc4103ef858657918adb6abe51ea663f4fb5f7ab4a1d1a07c4fa29c8d3332c62f16a86ba54b83e4ffd657811a9cc15ba8a7c87f45d55b396655b85dd4a65e625c5d618a1b352bb87c069b5ce4539f7cab5145e5b592dd716123af60e50f1e6c15f3ccb57bd3b77b94a4566cdb3719cf1be17d2a80754f85ab8338dec5a45a26987de66db89d1940c7a11e5002bcdb45f6f49b16b33b770ad7bb004e6332c28f049c75512ae38b09c9e1a4b64f563c18bb414a3a28702f0aa99f2db8d94812313940663b00f210f823b04e23641e073e31546ff8a5b0da3581a6606c04222b3a8fb88342addebac1820d32983508093bba0dd6ad053491cca00eb46d5920ef6f040504417f4c8717ce502517fdb658961fffe4149d0b9cc9c7876386e68d0c48d9c63846a0cf3a5d6b00088313cea4eaaafc0b6784045a0745aa2866f3e060577ad97ca12c7f391a27987fff90d665ea26647ab36ad945226a1b20c2189e327790ca83d56e506a4ab41530ed5f5d762fda2bccf7d3b0db6d27aab26a47d91891159102c4eba1e3bcca6fa3aa0", 0x1000}], 0x2}}], 0x1, 0x4000841)
openat(r5, 0x0, 0x301180, 0x1f0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)

603.806158ms ago: executing program 5 (id=7046):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000004c000000090a01040000000000000000070000000900020056797a31000000000900010073797a3000000000080005400000001c08000a4000000000080003400000004008000f"], 0xdc}}, 0x4000000)
syz_emit_ethernet(0x7e, &(0x7f0000000340)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000000000800450000700000000000019078ac1e0001ac1414aa030f90780042010145140a3ba52100640066004905320005e0000001ffffff441ce5110a01010000000005e000000200000004e00000010000000889120b9dc68eff8ea402b97a5f1bead243e5070f0f7f000001000000000a01010000000000"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x18c, r2, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}, @TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6d70}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1bef}]}, @TIPC_NLA_BEARER={0x48, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xb067}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb5c}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x20040001}, 0x0)

375.950227ms ago: executing program 3 (id=7047):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x800, 0x48088)
connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0xd}, 0x1c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000050900010073797a310000000008000540000000020900020073796b320000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001", @ANYRESDEC=r3], 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x40)
sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x8, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r7, 0xa0, 0x44, 0x6}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000094}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010025bd70000000000002000000050018012700000008002600b4090000"], 0x24}, 0x1, 0x0, 0x0, 0x4c854}, 0x880)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_OCB(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010025bd7000ffdbdf256c00000008000300", @ANYRES32=r8], 0x2c}, 0x1, 0x0, 0x0, 0x4000004}, 0x448d0)

58.293311ms ago: executing program 5 (id=7048):
io_uring_setup(0xa24, &(0x7f0000000300)={0x0, 0x81670, 0x20, 0x0, 0x286})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, 0xffffffffffffffff, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0x61, 0xffffffff}, 0x0)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000, 0xef2750dad311ae7e, &(0x7f0000804000/0x1000)=nil)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000540), 0x2008c0, 0x0) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0xa8}}, 0x8000) (async)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0xc2303, 0x10) (async)
io_setup(0xffffffff, &(0x7f0000000640)=<r4=>0x0)
io_submit(r4, 0x0, &(0x7f0000000140))
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) (async)
r5 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) (async)
r6 = fsmount(r5, 0x0, 0x1)
fchdir(r6)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x900, 0x12) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, 0x3, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}]}, 0x2c}}, 0x0)

0s ago: executing program 1 (id=7049):
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) (fail_nth: 23)

kernel console output (not intermixed with test programs):

s value: 21
[ 2033.720721][T24990] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2033.940597][T24990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2034.000643][T24990] usb 1-1: config 0 descriptor??
[ 2034.256485][T31552] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6590'.
[ 2034.402539][T31556] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6590'.
[ 2034.412390][T31552] gtp0: entered promiscuous mode
[ 2034.417383][T31552] gtp0: entered allmulticast mode
[ 2035.908731][T31579] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6595'.
[ 2036.013557][   T30] audit: type=1326 audit(1771927447.345:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2036.102044][   T30] audit: type=1326 audit(1771927447.345:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2036.197776][   T30] audit: type=1326 audit(1771927447.345:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2036.303497][   T30] audit: type=1326 audit(1771927447.355:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2036.398290][   T30] audit: type=1326 audit(1771927447.355:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2036.463224][   T30] audit: type=1326 audit(1771927447.385:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2036.501631][   T30] audit: type=1326 audit(1771927447.395:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31585 comm="syz.6.6597" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705ef6c code=0x7ffc0000
[ 2037.506685][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.513534][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 2037.771000][T24990] usbhid 1-1:0.0: can't add hid device: -71
[ 2037.779236][T24990] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2037.789697][T24990] usb 1-1: USB disconnect, device number 113
[ 2038.740113][T31613] netlink: 'syz.0.6603': attribute type 5 has an invalid length.
[ 2039.027803][ T5877] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 2039.056756][   T30] audit: type=1326 audit(1771927450.325:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31619 comm="syz.5.6605" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2039.107695][   T30] audit: type=1326 audit(1771927450.335:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31619 comm="syz.5.6605" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2039.138462][   T30] audit: type=1326 audit(1771927450.335:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31619 comm="syz.5.6605" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2039.267762][ T5877] usb 7-1: Using ep0 maxpacket: 32
[ 2039.315966][ T5877] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[ 2039.386198][ T5877] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 2039.400922][ T5877] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 2039.420442][ T5877] usb 7-1: config 1 has no interface number 0
[ 2039.426625][ T5877] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2039.451380][T31635] netlink: 'syz.5.6605': attribute type 1 has an invalid length.
[ 2039.793299][T31635] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 2039.819170][ T5877] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 2039.860830][ T5877] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 2039.870945][ T5877] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2039.912368][ T5877] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[ 2040.134422][ T5877] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[ 2040.533609][T31618] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6606'.
[ 2040.553634][ T5877] usb 7-1: USB disconnect, device number 44
[ 2040.564252][ T5877] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[ 2040.573386][T31618] gtp0: entered promiscuous mode
[ 2040.578493][T31618] gtp0: entered allmulticast mode
[ 2040.605549][T31621] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6606'.
[ 2040.912006][T31648] FAULT_INJECTION: forcing a failure.
[ 2040.912006][T31648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2040.935265][T31648] CPU: 1 UID: 0 PID: 31648 Comm: syz.5.6611 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2040.935300][T31648] Tainted: [L]=SOFTLOCKUP
[ 2040.935309][T31648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2040.935322][T31648] Call Trace:
[ 2040.935331][T31648]  <TASK>
[ 2040.935341][T31648]  dump_stack_lvl+0xe8/0x150
[ 2040.935376][T31648]  should_fail_ex+0x412/0x560
[ 2040.935406][T31648]  _copy_from_user+0x2d/0xb0
[ 2040.935437][T31648]  get_compat_msghdr+0xb3/0x4c0
[ 2040.935466][T31648]  ? __lock_acquire+0x6b5/0x2cf0
[ 2040.935496][T31648]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 2040.935526][T31648]  ? kstrtoull+0x12f/0x1d0
[ 2040.935556][T31648]  ___sys_sendmsg+0x201/0x360
[ 2040.935592][T31648]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2040.935624][T31648]  ? get_pid_task+0x20/0x1f0
[ 2040.935644][T31648]  ? get_pid_task+0x20/0x1f0
[ 2040.935662][T31648]  ? get_pid_task+0x20/0x1f0
[ 2040.935707][T31648]  ? __fget_files+0x2a/0x420
[ 2040.935736][T31648]  ? __fget_files+0x3a0/0x420
[ 2040.935774][T31648]  __sys_sendmsg+0x183/0x260
[ 2040.935806][T31648]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2040.935857][T31648]  __do_fast_syscall_32+0x20d/0x640
[ 2040.935879][T31648]  ? do_fast_syscall_32+0x33/0x70
[ 2040.935898][T31648]  ? asm_int80_emulation+0x1a/0x20
[ 2040.935919][T31648]  ? do_int80_emulation+0x274/0x4d0
[ 2040.935937][T31648]  ? trace_irq_disable+0x3b/0x150
[ 2040.935971][T31648]  do_fast_syscall_32+0x33/0x70
[ 2040.935992][T31648]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2040.936017][T31648] RIP: 0023:0xf6fdef6c
[ 2040.936037][T31648] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2040.936054][T31648] RSP: 002b:00000000f53cd50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2040.936077][T31648] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000480
[ 2040.936092][T31648] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2040.936105][T31648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2040.936117][T31648] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2040.936130][T31648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2040.936159][T31648]  </TASK>
[ 2042.026846][T24987] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 2042.655206][ T5905] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 2042.848496][T24987] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2042.867461][T24987] usb 6-1: config 4 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2042.878047][T24987] usb 6-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2042.894115][T24987] usb 6-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[ 2042.975926][T24987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2043.004555][T24987] usb 6-1: Product: syz
[ 2043.068699][T31669] netlink: 'syz.3.6616': attribute type 13 has an invalid length.
[ 2043.187454][T24987] usb 6-1: Manufacturer: syz
[ 2043.209464][ T5905] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2043.226385][ T5905] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2043.247803][T24987] usb 6-1: SerialNumber: syz
[ 2043.274632][ T5905] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2043.288335][T24987] usblp0: Disabling reads from problematic bidirectional printer
[ 2043.325084][ T5905] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2043.401344][ T5905] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2043.420645][ T5877] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 2043.501247][ T5905] usb 7-1: config 0 descriptor??
[ 2043.553275][T24987] usblp 6-1:4.0: usblp0: USB Unidirectional printer dev 72 if 0 alt 0 proto 1 vid 0x03F0 pid 0x0004
[ 2043.629206][ T5877] usb 4-1: Using ep0 maxpacket: 32
[ 2043.662277][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2043.707427][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2043.735056][ T5877] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 2043.852720][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2043.864309][ T5877] usb 4-1: config 0 descriptor??
[ 2043.903509][T31677] netlink: 'syz.1.6618': attribute type 11 has an invalid length.
[ 2043.961708][T31677] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6618'.
[ 2044.145084][T31669] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2044.152798][T31669] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2044.259287][T31669] batman_adv: batadv0: Interface deactivated: dummy0
[ 2044.895176][T31669] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2044.911758][T31669] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2045.054920][ T5925] usb 6-1: USB disconnect, device number 72
[ 2045.071484][ T5925] usblp0: removed
[ 2045.185230][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 2045.185245][   T30] audit: type=1326 audit(1771927456.505:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.246800][   T30] audit: type=1326 audit(1771927456.505:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.278378][   T30] audit: type=1326 audit(1771927456.505:2238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=136 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.516307][   T30] audit: type=1326 audit(1771927456.505:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.546040][   T30] audit: type=1326 audit(1771927456.515:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.632497][   T30] audit: type=1326 audit(1771927456.515:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.831145][   T30] audit: type=1326 audit(1771927456.515:2242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.862628][   T30] audit: type=1326 audit(1771927456.515:2243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.911710][   T30] audit: type=1326 audit(1771927456.515:2244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.980967][   T30] audit: type=1326 audit(1771927456.515:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31683 comm="syz.0.6619" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2045.980976][T24984] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 2046.056159][ T5905] usbhid 7-1:0.0: can't add hid device: -71
[ 2046.078506][ T5905] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2046.144538][ T5905] usb 7-1: USB disconnect, device number 45
[ 2046.182448][T19344] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.212776][T19344] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.234465][T24984] usb 6-1: config 1 has an invalid interface number: 7 but max is 0
[ 2046.254924][T24984] usb 6-1: config 1 has no interface number 0
[ 2046.266862][T24984] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 8
[ 2046.279251][T24984] usb 6-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2046.299468][T19344] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.351521][T24984] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 2046.367720][T24984] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2046.386008][T24984] usb 6-1: Product: syz
[ 2046.398903][T24984] usb 6-1: Manufacturer: syz
[ 2046.407910][T24984] usb 6-1: SerialNumber: syz
[ 2046.420010][T19344] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 2046.448204][T31691] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2046.476891][T31691] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2046.533143][T31701] input: syz0 as /devices/virtual/input/input182
[ 2046.563415][T24984] usb 6-1: Expected 3 endpoints, found: 2
[ 2046.806838][ T5908] usb 6-1: USB disconnect, device number 73
[ 2046.813848][T24990] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 2046.872458][T24989] usb 7-1: new full-speed USB device number 46 using dummy_hcd
[ 2047.011936][T24990] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 2047.021658][T24990] usb 2-1: config 1 has no interface number 0
[ 2047.030378][T24990] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2047.043386][T24989] usb 7-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2047.079944][T24989] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2047.091474][T24990] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[ 2047.105516][T24989] usb 7-1: config 0 has no interfaces?
[ 2047.113869][T24990] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 173, changing to 11
[ 2047.126604][T24989] usb 7-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2047.137527][T24990] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 34113, setting to 1024
[ 2047.154909][T24989] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2047.183578][T24990] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2047.198691][T24990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2047.223690][T24989] usb 7-1: config 0 descriptor??
[ 2047.294827][T24990] usb 2-1: Product: syz
[ 2047.322481][T24990] usb 2-1: Manufacturer: syz
[ 2047.337331][T24990] usb 2-1: SerialNumber: syz
[ 2047.369871][ T5877] usbhid 4-1:0.0: can't add hid device: -71
[ 2047.378455][ T5877] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2047.457005][ T5877] usb 4-1: USB disconnect, device number 119
[ 2047.700413][T31700] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 2047.851627][T24990] cdc_ncm 2-1:1.1: bind() failure
[ 2047.890892][T24990] usb 2-1: USB disconnect, device number 100
[ 2048.301277][T31709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6625'.
[ 2048.417002][T31711] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6625'.
[ 2048.465298][T31709] gtp0: entered promiscuous mode
[ 2048.493900][T31709] gtp0: entered allmulticast mode
[ 2048.588490][T31002] Bluetooth: hci5: command 0x0c1a tx timeout
[ 2048.602863][  T795] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 2048.709539][T31719] block device autoloading is deprecated and will be removed.
[ 2048.752178][  T795] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 2049.512285][T24988] usb 7-1: USB disconnect, device number 46
[ 2050.164429][T31735] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6630'.
[ 2050.358805][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 2050.358827][   T30] audit: type=1326 audit(1771927461.645:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2050.897833][  T795] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 2050.923967][  T795] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 2050.932003][   T30] audit: type=1326 audit(1771927461.645:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2050.933973][T31002] Bluetooth: hci2: command 0x0c1a tx timeout
[ 2051.092439][   T30] audit: type=1326 audit(1771927461.645:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2051.114941][T24984] usb 1-1: new full-speed USB device number 114 using dummy_hcd
[ 2051.137756][ T5905] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 2051.193797][   T30] audit: type=1326 audit(1771927461.645:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2051.244548][   T30] audit: type=1326 audit(1771927461.645:2259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2051.311757][   T30] audit: type=1326 audit(1771927461.645:2260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2051.352558][   T30] audit: type=1326 audit(1771927461.645:2261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31733 comm="syz.3.6631" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2051.389953][ T5905] usb 2-1: Using ep0 maxpacket: 32
[ 2051.418619][T24984] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2051.459737][T24984] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2051.478246][T24984] usb 1-1: config 0 has no interfaces?
[ 2051.483867][T24984] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2051.496078][ T5905] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[ 2051.506650][ T5905] usb 2-1: config 0 has no interface number 0
[ 2051.512912][ T5905] usb 2-1: config 0 interface 12 has no altsetting 0
[ 2051.568065][T24984] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2051.591421][T24984] usb 1-1: config 0 descriptor??
[ 2051.598506][ T5905] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 2051.613081][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2051.627825][ T5905] usb 2-1: Product: syz
[ 2051.632049][ T5905] usb 2-1: Manufacturer: syz
[ 2051.636646][ T5905] usb 2-1: SerialNumber: syz
[ 2051.677458][ T5905] usb 2-1: config 0 descriptor??
[ 2051.685462][ T5905] f81534 2-1:0.12: required endpoints missing
[ 2052.179261][T24988] usb 2-1: USB disconnect, device number 101
[ 2052.208596][T24989] IPVS: starting estimator thread 0...
[ 2052.300439][T31756] IPVS: using max 38 ests per chain, 91200 per kthread
[ 2052.358259][ T5905] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 2053.022616][ T5905] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2053.070108][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2053.105909][ T5905] usb 4-1: Product: syz
[ 2053.141244][ T5905] usb 4-1: Manufacturer: syz
[ 2053.155199][T31002] Bluetooth: hci4: command 0x0c1a tx timeout
[ 2053.156068][ T5905] usb 4-1: SerialNumber: syz
[ 2053.169419][  T795] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[ 2053.183061][  T795] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[ 2053.398525][ T5905] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2053.585400][T24984] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2053.853991][T24988] usb 1-1: USB disconnect, device number 114
[ 2054.210931][T31751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2054.220087][T31751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2055.082680][ T5877] usb 4-1: USB disconnect, device number 120
[ 2055.187395][   T30] audit: type=1326 audit(1771927466.515:2262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31772 comm="syz.1.6643" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000
[ 2055.227816][T31002] Bluetooth: hci0: command 0x0419 tx timeout
[ 2055.234340][  T795] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 2055.241757][  T795] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 2055.269575][   T30] audit: type=1326 audit(1771927466.545:2263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31772 comm="syz.1.6643" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704ef6c code=0x7ffc0000
[ 2055.292050][   T30] audit: type=1326 audit(1771927466.545:2264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31772 comm="syz.1.6643" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf704ef6c code=0x7ffc0000
[ 2055.314369][T24984] usb 4-1: Service connection timeout for: 256
[ 2055.320608][T24984] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 2055.329200][T24984] ath9k_htc: Failed to initialize the device
[ 2055.335709][ T5877] usb 4-1: ath9k_htc: USB layer deinitialized
[ 2055.411300][T31780] netlink: 'syz.0.6644': attribute type 13 has an invalid length.
[ 2055.413010][T31776] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2056.447066][T31773] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6642'.
[ 2056.462021][T31773] gtp1: entered promiscuous mode
[ 2056.518524][T31800] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6650'.
[ 2056.544109][T31773] gtp1: entered allmulticast mode
[ 2056.556848][T31771] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6642'.
[ 2056.609112][T31802] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6648'.
[ 2057.877805][  T795] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 2057.883984][  T795] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 2057.892419][T31002] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2058.474996][T31827] block device autoloading is deprecated and will be removed.
[ 2058.707117][T31839] input: syz1 as /devices/virtual/input/input183
[ 2058.735465][T24984] IPVS: starting estimator thread 0...
[ 2058.838324][T31840] IPVS: using max 39 ests per chain, 93600 per kthread
[ 2058.908668][T31835] syz.3.6658 (31835): drop_caches: 2
[ 2058.986723][T31844] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6661'.
[ 2059.144700][T31846] FAULT_INJECTION: forcing a failure.
[ 2059.144700][T31846] name failslab, interval 1, probability 0, space 0, times 0
[ 2059.181711][T31846] CPU: 0 UID: 0 PID: 31846 Comm: syz.3.6663 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2059.181747][T31846] Tainted: [L]=SOFTLOCKUP
[ 2059.181756][T31846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2059.181770][T31846] Call Trace:
[ 2059.181780][T31846]  <TASK>
[ 2059.181790][T31846]  dump_stack_lvl+0xe8/0x150
[ 2059.181827][T31846]  should_fail_ex+0x412/0x560
[ 2059.181858][T31846]  should_failslab+0xa8/0x100
[ 2059.181885][T31846]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[ 2059.181918][T31846]  kmem_cache_alloc_noprof+0x87/0x650
[ 2059.181950][T31846]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[ 2059.181981][T31846]  ? kmem_cache_alloc_noprof+0x15a/0x650
[ 2059.182019][T31846]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[ 2059.182063][T31846]  mmu_topup_memory_caches+0x21/0x170
[ 2059.182097][T31846]  kvm_mmu_load+0x9d/0x22d0
[ 2059.182133][T31846]  ? vmx_vcpu_load+0x1b0/0x260
[ 2059.182159][T31846]  ? kvm_arch_vcpu_load+0x1f6/0xa50
[ 2059.182191][T31846]  ? kvm_arch_vcpu_load+0x78d/0xa50
[ 2059.182244][T31846]  kvm_arch_vcpu_pre_fault_memory+0x642/0x6f0
[ 2059.182285][T31846]  kvm_vcpu_pre_fault_memory+0x228/0x460
[ 2059.182311][T31846]  ? kvm_vcpu_pre_fault_memory+0x15b/0x460
[ 2059.182339][T31846]  kvm_vcpu_ioctl+0x8a7/0xfd0
[ 2059.182366][T31846]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 2059.182384][T31846]  ? do_vfs_ioctl+0x1166/0x1530
[ 2059.182411][T31846]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2059.182477][T31846]  kvm_vcpu_compat_ioctl+0x204/0x390
[ 2059.182502][T31846]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 2059.182525][T31846]  ? __fget_files+0x3a0/0x420
[ 2059.182553][T31846]  ? __fget_files+0x2a/0x420
[ 2059.182584][T31846]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 2059.182614][T31846]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2059.182642][T31846]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 2059.182669][T31846]  ? __fget_files+0x3a0/0x420
[ 2059.182704][T31846]  ? fput+0xa0/0xd0
[ 2059.182732][T31846]  ? ksys_write+0x242/0x270
[ 2059.182765][T31846]  __do_fast_syscall_32+0x20d/0x640
[ 2059.182788][T31846]  ? do_fast_syscall_32+0x33/0x70
[ 2059.182807][T31846]  ? asm_int80_emulation+0x1a/0x20
[ 2059.182828][T31846]  ? do_int80_emulation+0x274/0x4d0
[ 2059.182846][T31846]  ? trace_irq_disable+0x3b/0x150
[ 2059.182881][T31846]  do_fast_syscall_32+0x33/0x70
[ 2059.182902][T31846]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2059.182929][T31846] RIP: 0023:0xf702ef6c
[ 2059.182948][T31846] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2059.182966][T31846] RSP: 002b:00000000f541d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 2059.182988][T31846] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000c040aed5
[ 2059.183002][T31846] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 2059.183015][T31846] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2059.183027][T31846] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2059.183040][T31846] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2059.183071][T31846]  </TASK>
[ 2060.012711][T31856] could not allocate digest TFM handle sha3-224-generic
[ 2060.540051][T31882] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6673'.
[ 2060.714329][T31853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6667'.
[ 2060.746457][T31853] gtp0: entered promiscuous mode
[ 2060.777764][T31853] gtp0: entered allmulticast mode
[ 2060.786200][T31857] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6667'.
[ 2061.065359][T31899] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6677'.
[ 2061.417400][T31905] FAULT_INJECTION: forcing a failure.
[ 2061.417400][T31905] name failslab, interval 1, probability 0, space 0, times 0
[ 2061.444205][T31905] CPU: 0 UID: 0 PID: 31905 Comm: syz.6.6679 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2061.444238][T31905] Tainted: [L]=SOFTLOCKUP
[ 2061.444245][T31905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2061.444258][T31905] Call Trace:
[ 2061.444266][T31905]  <TASK>
[ 2061.444275][T31905]  dump_stack_lvl+0xe8/0x150
[ 2061.444307][T31905]  should_fail_ex+0x412/0x560
[ 2061.444335][T31905]  should_failslab+0xa8/0x100
[ 2061.444361][T31905]  __kmalloc_noprof+0xe8/0x760
[ 2061.444383][T31905]  ? ethnl_default_doit+0x1ac/0xf40
[ 2061.444408][T31905]  ? __kmalloc_noprof+0x1b8/0x760
[ 2061.444450][T31905]  ethnl_default_doit+0x1ac/0xf40
[ 2061.444484][T31905]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[ 2061.444535][T31905]  genl_family_rcv_msg_doit+0x22a/0x330
[ 2061.444565][T31905]  ? __asan_memcpy+0x40/0x70
[ 2061.444597][T31905]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 2061.444638][T31905]  ? __dev_queue_xmit+0x274/0x38a0
[ 2061.444677][T31905]  genl_rcv_msg+0x61c/0x7a0
[ 2061.444712][T31905]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 2061.444740][T31905]  ? __pfx_ethnl_default_doit+0x10/0x10
[ 2061.444766][T31905]  ? __lock_acquire+0x6b5/0x2cf0
[ 2061.444802][T31905]  netlink_rcv_skb+0x232/0x4b0
[ 2061.444827][T31905]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 2061.444857][T31905]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2061.444897][T31905]  ? down_read+0x272/0x2e0
[ 2061.444916][T31905]  ? genl_rcv+0xd/0x40
[ 2061.444944][T31905]  genl_rcv+0x28/0x40
[ 2061.444969][T31905]  netlink_unicast+0x80f/0x9b0
[ 2061.444998][T31905]  ? __pfx_netlink_unicast+0x10/0x10
[ 2061.445020][T31905]  ? netlink_sendmsg+0x650/0xb40
[ 2061.445042][T31905]  ? skb_put+0x11b/0x210
[ 2061.445082][T31905]  netlink_sendmsg+0x813/0xb40
[ 2061.445115][T31905]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2061.445142][T31905]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2061.445166][T31905]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2061.445189][T31905]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2061.445212][T31905]  ____sys_sendmsg+0xa68/0xad0
[ 2061.445249][T31905]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2061.445282][T31905]  ? kstrtoull+0x12f/0x1d0
[ 2061.445310][T31905]  ___sys_sendmsg+0x2a5/0x360
[ 2061.445344][T31905]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2061.445375][T31905]  ? get_pid_task+0x20/0x1f0
[ 2061.445394][T31905]  ? get_pid_task+0x20/0x1f0
[ 2061.445410][T31905]  ? get_pid_task+0x20/0x1f0
[ 2061.445472][T31905]  ? __fget_files+0x2a/0x420
[ 2061.445500][T31905]  ? __fget_files+0x3a0/0x420
[ 2061.445540][T31905]  __sys_sendmsg+0x183/0x260
[ 2061.445573][T31905]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2061.445627][T31905]  __do_fast_syscall_32+0x20d/0x640
[ 2061.445649][T31905]  ? do_fast_syscall_32+0x33/0x70
[ 2061.445668][T31905]  ? asm_int80_emulation+0x1a/0x20
[ 2061.445687][T31905]  ? do_int80_emulation+0x274/0x4d0
[ 2061.445705][T31905]  ? trace_irq_disable+0x3b/0x150
[ 2061.445738][T31905]  do_fast_syscall_32+0x33/0x70
[ 2061.445759][T31905]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2061.445784][T31905] RIP: 0023:0xf705ef6c
[ 2061.445803][T31905] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2061.445822][T31905] RSP: 002b:00000000f544d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2061.445844][T31905] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000980
[ 2061.445859][T31905] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[ 2061.445871][T31905] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2061.445883][T31905] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2061.445896][T31905] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2061.445926][T31905]  </TASK>
[ 2062.151109][T31910] xt_NFQUEUE: number of total queues is 0
[ 2062.196787][T31911] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6680'.
[ 2062.264863][T31916] FAULT_INJECTION: forcing a failure.
[ 2062.264863][T31916] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2062.289776][T31911] syzkaller0: entered promiscuous mode
[ 2062.295330][T31911] syzkaller0: entered allmulticast mode
[ 2062.307838][T31916] CPU: 0 UID: 0 PID: 31916 Comm: syz.6.6683 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2062.307869][T31916] Tainted: [L]=SOFTLOCKUP
[ 2062.307876][T31916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2062.307887][T31916] Call Trace:
[ 2062.307895][T31916]  <TASK>
[ 2062.307903][T31916]  dump_stack_lvl+0xe8/0x150
[ 2062.307933][T31916]  should_fail_ex+0x412/0x560
[ 2062.307958][T31916]  _copy_to_user+0x31/0xb0
[ 2062.307985][T31916]  simple_read_from_buffer+0xe1/0x170
[ 2062.308014][T31916]  proc_fail_nth_read+0x1bb/0x230
[ 2062.308043][T31916]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2062.308071][T31916]  ? rw_verify_area+0x2a6/0x4d0
[ 2062.308090][T31916]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2062.308114][T31916]  vfs_read+0x20c/0xa70
[ 2062.308129][T31916]  ? fdget_pos+0x246/0x320
[ 2062.308158][T31916]  ? __pfx___mutex_lock+0x10/0x10
[ 2062.308177][T31916]  ? __pfx_vfs_read+0x10/0x10
[ 2062.308196][T31916]  ? __fget_files+0x2a/0x420
[ 2062.308223][T31916]  ? __fget_files+0x3a0/0x420
[ 2062.308245][T31916]  ? __fget_files+0x2a/0x420
[ 2062.308286][T31916]  ksys_read+0x150/0x270
[ 2062.308306][T31916]  ? __pfx_ksys_read+0x10/0x10
[ 2062.308327][T31916]  ? asm_int80_emulation+0x1a/0x20
[ 2062.308349][T31916]  do_int80_emulation+0x173/0x4d0
[ 2062.308365][T31916]  ? trace_irq_disable+0x3b/0x150
[ 2062.308389][T31916]  ? asm_int80_emulation+0x1a/0x20
[ 2062.308405][T31916]  ? clear_bhb_loop+0x40/0x90
[ 2062.308422][T31916]  ? clear_bhb_loop+0x40/0x90
[ 2062.308456][T31916]  asm_int80_emulation+0x1a/0x20
[ 2062.308471][T31916] RIP: 0023:0xf7195b6b
[ 2062.308487][T31916] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 2062.308504][T31916] RSP: 002b:00000000f544d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 2062.308525][T31916] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f544d5d0
[ 2062.308538][T31916] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[ 2062.308549][T31916] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2062.308560][T31916] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2062.308571][T31916] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2062.308595][T31916]  </TASK>
[ 2063.284660][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 2063.284679][   T30] audit: type=1326 audit(1771927474.615:2267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.338530][   T30] audit: type=1326 audit(1771927474.655:2268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.396792][   T30] audit: type=1326 audit(1771927474.655:2269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.774055][   T30] audit: type=1326 audit(1771927474.655:2270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.888317][   T30] audit: type=1326 audit(1771927474.665:2271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.930448][   T30] audit: type=1326 audit(1771927474.665:2272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.953821][   T30] audit: type=1326 audit(1771927474.665:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2063.980394][   T30] audit: type=1326 audit(1771927474.665:2274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2064.004873][   T30] audit: type=1326 audit(1771927474.665:2275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2064.029100][   T30] audit: type=1326 audit(1771927474.665:2276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31930 comm="syz.0.6688" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2064.437707][T24988] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[ 2064.610858][T24988] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2064.642814][T24988] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2064.685670][T24988] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2064.707248][T24988] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2064.818306][T24988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2064.848542][T31940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6692'.
[ 2064.864831][T31940] gtp0: entered promiscuous mode
[ 2064.873657][T31940] gtp0: entered allmulticast mode
[ 2064.984921][T24988] usb 6-1: config 0 descriptor??
[ 2065.015124][T31940] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6692'.
[ 2065.410992][T31956] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[ 2065.879217][T31959] IPVS: set_ctl: invalid protocol: 26978 107.101.121.0:0
[ 2067.989448][T24988] usbhid 6-1:0.0: can't add hid device: -71
[ 2067.995459][T24988] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 2068.003415][  T795] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[ 2068.100959][T24988] usb 6-1: USB disconnect, device number 74
[ 2069.277757][   T30] kauditd_printk_skb: 17 callbacks suppressed
[ 2069.277792][   T30] audit: type=1326 audit(1771927480.585:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31997 comm="syz.3.6706" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2069.427828][   T30] audit: type=1326 audit(1771927480.585:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31997 comm="syz.3.6706" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2069.450145][   T30] audit: type=1326 audit(1771927480.585:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31997 comm="syz.3.6706" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2069.477646][   T30] audit: type=1326 audit(1771927480.585:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31997 comm="syz.3.6706" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2069.500211][   T30] audit: type=1326 audit(1771927480.585:2298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31997 comm="syz.3.6706" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf702ef6c code=0x7ffc0000
[ 2070.238728][T32016] veth0: entered promiscuous mode
[ 2070.258537][T32016] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6710'.
[ 2070.538183][T32016] veth0 (unregistering): left promiscuous mode
[ 2070.725263][T32005] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6708'.
[ 2070.741596][T32005] gtp0: entered promiscuous mode
[ 2070.872741][T32005] gtp0: entered allmulticast mode
[ 2070.976533][T32005] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6708'.
[ 2072.270881][T32045] fuse: Unknown parameter '0x0000000000000009'
[ 2072.664449][T24988] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[ 2072.984622][T24988] usb 6-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[ 2073.004964][T24988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2073.037869][T24988] usb 6-1: Product: syz
[ 2073.044098][T24988] usb 6-1: Manufacturer: syz
[ 2073.117946][T24988] usb 6-1: SerialNumber: syz
[ 2073.173199][T24988] usb 6-1: config 0 descriptor??
[ 2073.232246][T24988] hub 6-1:0.0: bad descriptor, ignoring hub
[ 2073.242148][T24988] hub 6-1:0.0: probe with driver hub failed with error -5
[ 2073.479380][T32067] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 2074.431382][T32073] 
: renamed from bond_slave_0 (while UP)
[ 2074.880551][T32077] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6727'.
[ 2074.985790][T32080] block device autoloading is deprecated and will be removed.
[ 2075.187720][T24989] usb 1-1: new full-speed USB device number 116 using dummy_hcd
[ 2075.339883][T24989] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 2075.351194][T24989] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 2075.361400][T24989] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2075.379398][T24989] usb 1-1: config 0 descriptor??
[ 2075.385463][T32082] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 2075.513983][T24988] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[ 2075.533385][T24988] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 2075.541977][T24988] dib0700: firmware download failed at 7 with -22
[ 2075.608805][T24988] usb 6-1: USB disconnect, device number 75
[ 2075.895373][T24989] elan 0003:04F3:0755.0094: unknown main item tag 0x0
[ 2075.908420][T24989] elan 0003:04F3:0755.0094: unknown main item tag 0x0
[ 2076.043481][T24989] elan 0003:04F3:0755.0094: unknown main item tag 0x0
[ 2076.056840][T24989] elan 0003:04F3:0755.0094: unknown main item tag 0x0
[ 2076.070703][T24989] elan 0003:04F3:0755.0094: unknown main item tag 0x0
[ 2076.082429][T32082] tunl0: Caught tx_queue_len zero misconfig
[ 2076.106128][T24989] elan 0003:04F3:0755.0094: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[ 2076.169928][ T5925] usb 2-1: new full-speed USB device number 102 using dummy_hcd
[ 2076.179159][T24989] usb 1-1: USB disconnect, device number 116
[ 2076.318331][T32094] fido_id[32094]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[ 2076.342589][ T5925] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 2076.353947][ T5925] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2076.390372][ T5925] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2076.442451][ T5925] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[ 2076.490805][ T5925] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2076.508196][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 2076.599655][ T5925] usb 2-1: SerialNumber: syz
[ 2076.626340][ T5925] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[ 2076.634766][ T5925] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12
[ 2076.842826][T32092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2076.851701][T32092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2076.873641][T32092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2076.959281][T32092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2076.991031][T32092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2077.007509][T32092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2077.257773][T24988] usb 1-1: new low-speed USB device number 117 using dummy_hcd
[ 2077.391425][T24988] usb 1-1: device descriptor read/64, error -71
[ 2077.400339][T32104] tipc: Started in network mode
[ 2077.405264][T32104] tipc: Node identity , cluster identity 4711
[ 2077.415121][T32104] tipc: Failed to obtain node identity
[ 2077.425363][T32104] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 2077.444951][T32104] syzkaller0: entered promiscuous mode
[ 2077.452771][T32104] syzkaller0: entered allmulticast mode
[ 2077.637736][T24988] usb 1-1: new low-speed USB device number 118 using dummy_hcd
[ 2077.778143][T32121] syz.5.6740: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 2077.794133][T24988] usb 1-1: device descriptor read/64, error -71
[ 2077.824366][T32123] FAULT_INJECTION: forcing a failure.
[ 2077.824366][T32123] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2077.839827][T32121] CPU: 1 UID: 0 PID: 32121 Comm: syz.5.6740 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2077.839862][T32121] Tainted: [L]=SOFTLOCKUP
[ 2077.839871][T32121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2077.839886][T32121] Call Trace:
[ 2077.839896][T32121]  <TASK>
[ 2077.839905][T32121]  dump_stack_lvl+0xe8/0x150
[ 2077.839943][T32121]  warn_alloc+0x249/0x340
[ 2077.840007][T32121]  ? stack_trace_save+0xa9/0x100
[ 2077.840035][T32121]  ? __pfx_warn_alloc+0x10/0x10
[ 2077.840068][T32121]  ? kasan_save_track+0x4f/0x80
[ 2077.840090][T32121]  ? kasan_save_track+0x3e/0x80
[ 2077.840108][T32121]  ? __kasan_kmalloc+0x93/0xb0
[ 2077.840142][T32121]  ? __kmalloc_cache_noprof+0x31c/0x660
[ 2077.840162][T32121]  ? xskq_create+0x56/0x170
[ 2077.840192][T32121]  ? xsk_setsockopt+0x54c/0x990
[ 2077.840218][T32121]  ? do_sock_setsockopt+0x17c/0x1b0
[ 2077.840246][T32121]  ? __ia32_sys_setsockopt+0x13d/0x1b0
[ 2077.840275][T32121]  ? __do_fast_syscall_32+0x20d/0x640
[ 2077.840302][T32121]  __vmalloc_node_range_noprof+0x132/0x1730
[ 2077.840357][T32121]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 2077.840387][T32121]  ? __kasan_kmalloc+0x93/0xb0
[ 2077.840414][T32121]  vmalloc_user_noprof+0xad/0xe0
[ 2077.840436][T32121]  ? xskq_create+0xbf/0x170
[ 2077.840472][T32121]  xskq_create+0xbf/0x170
[ 2077.840497][T32121]  xsk_init_queue+0x8a/0xe0
[ 2077.840520][T32121]  xsk_setsockopt+0x54c/0x990
[ 2077.840543][T32121]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 2077.840565][T32121]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2077.840585][T32121]  ? aa_sock_opt_perm+0xff/0x1a0
[ 2077.840606][T32121]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 2077.840623][T32121]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 2077.840645][T32121]  do_sock_setsockopt+0x17c/0x1b0
[ 2077.840670][T32121]  __ia32_sys_setsockopt+0x13d/0x1b0
[ 2077.840697][T32121]  __do_fast_syscall_32+0x20d/0x640
[ 2077.840713][T32121]  ? lockdep_hardirqs_on+0x7a/0x110
[ 2077.840736][T32121]  ? do_fast_syscall_32+0x33/0x70
[ 2077.840750][T32121]  ? irqentry_exit+0x10e/0x620
[ 2077.840772][T32121]  ? rcu_is_watching+0x15/0xb0
[ 2077.840797][T32121]  do_fast_syscall_32+0x33/0x70
[ 2077.840812][T32121]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2077.840832][T32121] RIP: 0023:0xf6fdef6c
[ 2077.840846][T32121] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2077.840860][T32121] RSP: 002b:00000000f538b50c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 2077.840877][T32121] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000000011b
[ 2077.840888][T32121] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004
[ 2077.840897][T32121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2077.840907][T32121] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2077.840916][T32121] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2077.840938][T32121]  </TASK>
[ 2077.841095][T32121] Mem-Info:
[ 2078.154568][T32123] CPU: 1 UID: 0 PID: 32123 Comm: syz.6.6742 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2078.154600][T32123] Tainted: [L]=SOFTLOCKUP
[ 2078.154609][T32123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2078.154620][T32123] Call Trace:
[ 2078.154629][T32123]  <TASK>
[ 2078.154638][T32123]  dump_stack_lvl+0xe8/0x150
[ 2078.154672][T32123]  should_fail_ex+0x412/0x560
[ 2078.154700][T32123]  _copy_to_user+0x31/0xb0
[ 2078.154733][T32123]  put_compat_request_table+0x38/0x1d0
[ 2078.154762][T32123]  sg_ioctl+0x18c6/0x2220
[ 2078.154789][T24988] usb usb1-port1: attempt power cycle
[ 2078.154790][T32123]  ? __pfx_sg_ioctl+0x10/0x10
[ 2078.154814][T32123]  ? __fget_files+0x2a/0x420
[ 2078.154898][T32123]  ? __fget_files+0x3a0/0x420
[ 2078.154983][T32123]  ? __fget_files+0x2a/0x420
[ 2078.155082][T32123]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 2078.155168][T32123]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2078.155245][T32123]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 2078.155318][T32123]  ? __fget_files+0x3a0/0x420
[ 2078.155421][T32123]  ? fput+0xa0/0xd0
[ 2078.155496][T32123]  ? ksys_write+0x242/0x270
[ 2078.155587][T32123]  __do_fast_syscall_32+0x20d/0x640
[ 2078.155664][T32123]  ? do_fast_syscall_32+0x33/0x70
[ 2078.155716][T32123]  ? asm_int80_emulation+0x1a/0x20
[ 2078.155769][T32123]  ? do_int80_emulation+0x274/0x4d0
[ 2078.155836][T32123]  ? trace_irq_disable+0x3b/0x150
[ 2078.155929][T32123]  do_fast_syscall_32+0x33/0x70
[ 2078.155989][T32123]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2078.156063][T32123] RIP: 0023:0xf705ef6c
[ 2078.156129][T32123] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2078.156175][T32123] RSP: 002b:00000000f544d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 2078.156240][T32123] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000002286
[ 2078.156275][T32123] RDX: 0000000080000840 RSI: 0000000000000000 RDI: 0000000000000000
[ 2078.156318][T32123] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2078.156363][T32123] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2078.156411][T32123] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2078.156497][T32123]  </TASK>
[ 2078.178660][T32121] active_anon:9123 inactive_anon:0 isolated_anon:0
[ 2078.178660][T32121]  active_file:25643 inactive_file:4852 isolated_file:0
[ 2078.178660][T32121]  unevictable:768 dirty:246 writeback:0
[ 2078.178660][T32121]  slab_reclaimable:7167 slab_unreclaimable:136264
[ 2078.178660][T32121]  mapped:34576 shmem:3453 pagetables:1808
[ 2078.178660][T32121]  sec_pagetables:0 bounce:0
[ 2078.178660][T32121]  kernel_misc_reclaimable:0
[ 2078.178660][T32121]  free:1279738 free_pcp:21290 free_cma:0
[ 2078.463551][T32121] Node 0 active_anon:36692kB inactive_anon:0kB active_file:102392kB inactive_file:19272kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:72792kB dirty:980kB writeback:0kB shmem:12476kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13024kB pagetables:7044kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2078.505946][T32121] Node 1 active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:65712kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:188kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 2078.594532][T32121] Node 0 DMA free:11096kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:164kB local_pcp:60kB free_cma:0kB
[ 2078.725921][T32128] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6743'.
[ 2078.735408][T32128] mac80211_hwsim hwsim128 wlan0: entered promiscuous mode
[ 2078.743107][T32121] lowmem_reserve[]: 0 2493 2493 2493 2493
[ 2078.775181][T32121] Node 0 DMA32 free:1496160kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:42792kB inactive_anon:0kB active_file:102392kB inactive_file:19272kB unevictable:1536kB writepending:980kB zspages:0kB present:3129332kB managed:2552844kB mlocked:0kB bounce:0kB free_pcp:25428kB local_pcp:8048kB free_cma:0kB
[ 2078.867744][T32121] lowmem_reserve[]: 0 0 0 0 0
[ 2078.872710][T32121] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:884kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[ 2078.908046][T24988] usb 1-1: new low-speed USB device number 119 using dummy_hcd
[ 2078.939605][T32121] lowmem_reserve[]: 0 0 0 0 0
[ 2078.946209][ T5877] usb 2-1: USB disconnect, device number 102
[ 2078.958472][T24988] usb 1-1: device descriptor read/8, error -71
[ 2078.983942][T32121] Node 1 Normal free:3611896kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:52964kB local_pcp:30808kB free_cma:0kB
[ 2079.017056][T32121] lowmem_reserve[]: 0 0 0 0 0
[ 2079.031999][T32118] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6741'.
[ 2079.044938][T32118] gtp0: entered promiscuous mode
[ 2079.057856][T32121] Node 0 DMA: 2*4kB (U) 2*8kB (U) 2*16kB (U) 1*32kB (U) 2*64kB (U) 3*128kB (U) 3*256kB (U) 3*512kB (U) 2*1024kB (U) 3*2048kB (UM) 0*4096kB = 11096kB
[ 2079.082563][T32121] Node 0 
[ 2079.084305][T32122] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6741'.
[ 2079.102788][T32121] DMA32: 7247*4kB (UME) 7284*8kB (UME) 5222*16kB (UME) 909*32kB (UME) 1050*64kB (UME) 967*128kB (UME) 905*256kB (UME) 611*512kB (UME) 360*1024kB (UME) 92*2048kB (UM) 0*4096kB = 1492444kB
[ 2079.143002][T32118] gtp0: entered allmulticast mode
[ 2079.173891][T32121] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 2079.195669][T32121] Node 1 Normal: 9*4kB (U) 7*8kB (UM) 9*16kB (UE) 12*32kB (UE) 25*64kB (UE) 17*128kB (UME) 16*256kB (U) 14*512kB (U) 14*1024kB (UE) 15*2048kB (UME) 867*4096kB (UM) = 3611948kB
[ 2079.217780][T24988] usb 1-1: new low-speed USB device number 120 using dummy_hcd
[ 2079.226713][T32135] tipc: Started in network mode
[ 2079.231966][T32135] tipc: Node identity 9a3af331f53d, cluster identity 4711
[ 2079.239444][T32135] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2079.250137][T32135] syzkaller0: entered promiscuous mode
[ 2079.255627][T32135] syzkaller0: entered allmulticast mode
[ 2079.266785][T32121] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2079.279299][T32135] tipc: Resetting bearer <eth:syzkaller0>
[ 2079.318072][T32121] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 2079.336660][T32121] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2079.348359][T24988] usb 1-1: device descriptor read/8, error -71
[ 2079.396324][T32121] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 2079.458097][T24988] usb usb1-port1: unable to enumerate USB device
[ 2079.547726][T24989] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 2079.720183][T24989] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2079.733229][T24989] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2079.753682][T24989] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 2079.773413][T24989] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2079.787468][T24989] usb 7-1: config 0 descriptor??
[ 2079.882728][T32121] 36234 total pagecache pages
[ 2079.952051][T32121] 0 pages in swap cache
[ 2079.956291][T32121] Free swap  = 124996kB
[ 2079.988159][T32121] Total swap = 124996kB
[ 2080.110390][T32143] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6747'.
[ 2080.267778][T24984] tipc: Node number set to 1862791985
[ 2080.319315][T24989] usbhid 7-1:0.0: can't add hid device: -71
[ 2080.385802][T32134] tipc: Resetting bearer <eth:syzkaller0>
[ 2080.402159][T32121] 2097051 pages RAM
[ 2080.406042][T32121] 0 pages HighMem/MovableOnly
[ 2080.410847][T32121] 427004 pages reserved
[ 2080.416811][T24989] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2080.427702][   T30] audit: type=1326 audit(1771927491.725:2299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32146 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2080.458431][T24989] usb 7-1: USB disconnect, device number 47
[ 2080.486450][T32121] 0 pages cma reserved
[ 2080.545068][   T30] audit: type=1326 audit(1771927491.725:2300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32146 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2080.605765][   T30] audit: type=1326 audit(1771927491.725:2301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32146 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=435 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2080.629557][T32134] tipc: Disabling bearer <eth:syzkaller0>
[ 2080.741807][   T30] audit: type=1326 audit(1771927492.065:2302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32146 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2080.787669][   T30] audit: type=1326 audit(1771927492.065:2303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32146 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2080.829798][   T30] audit: type=1326 audit(1771927492.085:2304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32151 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71e5b6b code=0x7ffc0000
[ 2080.986677][   T30] audit: type=1326 audit(1771927492.305:2305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32151 comm="syz.0.6749" exe="/root/syz-executor" sig=0 arch=40000003 syscall=1 compat=1 ip=0xf70aef6c code=0x7ffc0000
[ 2082.777787][ T5877] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[ 2083.007690][ T5877] usb 6-1: device descriptor read/64, error -71
[ 2083.478353][ T5877] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[ 2083.697655][ T5877] usb 6-1: device descriptor read/64, error -71
[ 2083.818141][ T5877] usb usb6-port1: attempt power cycle
[ 2084.013392][T32199] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6763'.
[ 2084.177682][ T5877] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[ 2084.192040][T32208] tap0: tun_chr_ioctl cmd 2148553947
[ 2084.218583][ T5877] usb 6-1: device descriptor read/8, error -71
[ 2084.477801][T24989] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 2084.506623][T32214] netlink: 'syz.1.6766': attribute type 1 has an invalid length.
[ 2084.514731][T32214] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6766'.
[ 2084.525830][T32214] netlink: 'syz.1.6766': attribute type 5 has an invalid length.
[ 2084.583935][  T795] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 2084.591802][ T5877] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[ 2084.608360][ T5877] usb 6-1: device descriptor read/8, error -71
[ 2084.697678][T24989] usb 7-1: Using ep0 maxpacket: 32
[ 2084.705206][T24989] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[ 2084.713910][T24989] usb 7-1: config 0 has no interface number 0
[ 2084.719492][ T5877] usb usb6-port1: unable to enumerate USB device
[ 2084.721190][T24989] usb 7-1: config 0 interface 184 has no altsetting 0
[ 2084.752971][T24989] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2084.763459][T24989] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2084.771737][T24989] usb 7-1: Product: syz
[ 2084.778113][  T795] usb 4-1: Using ep0 maxpacket: 8
[ 2084.784842][T24989] usb 7-1: Manufacturer: syz
[ 2084.790535][T24989] usb 7-1: SerialNumber: syz
[ 2084.795356][  T795] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 2084.806122][  T795] usb 4-1: config 9 has an invalid interface number: 5 but max is 0
[ 2084.816229][  T795] usb 4-1: config 9 has no interface number 0
[ 2084.822744][  T795] usb 4-1: config 9 interface 5 altsetting 9 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 2084.842823][T24989] usb 7-1: config 0 descriptor??
[ 2084.858408][  T795] usb 4-1: config 9 interface 5 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[ 2084.877818][ T5877] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[ 2084.910194][  T795] usb 4-1: config 9 interface 5 has no altsetting 0
[ 2084.927444][  T795] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8
[ 2085.025937][  T795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2085.036985][  T795] usb 4-1: Product: syz
[ 2085.042719][  T795] usb 4-1: Manufacturer: syz
[ 2085.049151][  T795] usb 4-1: SerialNumber: syz
[ 2085.057695][ T5877] usb 6-1: device descriptor read/64, error -71
[ 2085.297694][ T5877] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[ 2085.525411][T32219] openvswitch: netlink: Tunnel attr 193 out of range max 16
[ 2085.593054][T24989] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 2085.593114][T24989] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 2085.797840][T32226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2085.808050][T32226] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2085.839336][T32219] netlink: 'syz.5.6768': attribute type 1 has an invalid length.
[ 2085.967429][T32219] bond1: entered promiscuous mode
[ 2085.992731][T32219] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2086.086910][T32226] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2086.098363][T32226] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[ 2086.204256][ T5877] usb 6-1: device descriptor read/64, error -71
[ 2086.244171][T32226] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[ 2086.557116][ T5877] usb usb6-port1: attempt power cycle
[ 2086.562958][T24989] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 2086.591885][T24989] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[ 2086.694927][T32226] bond1: (slave vcan1): making interface the new active one
[ 2086.706936][T24989] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[ 2086.724848][T32226] vcan1: entered promiscuous mode
[ 2086.736624][T24989] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -61
[ 2086.757125][T32226] bond1: (slave vcan1): Enslaving as an active interface with an up link
[ 2087.030526][  T795] usb 4-1: USB disconnect, device number 121
[ 2087.744520][T32240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6773'.
[ 2087.756905][T32240] mac80211_hwsim hwsim122 wlan0: entered promiscuous mode
[ 2087.898641][T24989] usb 2-1: new full-speed USB device number 103 using dummy_hcd
[ 2088.079446][T24989] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 2088.099206][T24989] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2088.132095][T24989] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2088.160570][T24989] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2088.181746][T24989] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2088.209536][T24989] usb 2-1: config 0 descriptor??
[ 2088.523561][T24988] usb 7-1: USB disconnect, device number 48
[ 2088.597875][  T795] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[ 2088.652862][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.682126][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.710078][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.747641][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.758842][  T795] usb 6-1: device descriptor read/64, error -71
[ 2088.765568][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.774243][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.782030][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.794435][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.802272][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.812361][T24989] plantronics 0003:047F:FFFF.0095: unknown main item tag 0x0
[ 2088.819946][T24987] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 2088.881312][T24989] plantronics 0003:047F:FFFF.0095: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 2088.980160][T24989] usb 2-1: USB disconnect, device number 103
[ 2089.022467][T24987] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2089.031949][  T795] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[ 2089.043769][T24987] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2089.064250][T24987] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2089.078134][T24987] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2089.101924][T24987] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2089.111968][T24987] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2089.165871][T24987] usb 4-1: Product: syz
[ 2089.179038][T24987] usb 4-1: Manufacturer: syz
[ 2089.197689][  T795] usb 6-1: device descriptor read/64, error -71
[ 2089.223763][T24987] cdc_wdm 4-1:1.0: skipping garbage
[ 2089.232785][T24987] cdc_wdm 4-1:1.0: skipping garbage
[ 2089.240939][T24987] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[ 2089.258470][T32256] fido_id[32256]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 2089.362838][  T795] usb usb6-port1: attempt power cycle
[ 2089.763483][  T795] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[ 2090.214352][  T795] usb 6-1: device descriptor read/8, error -71
[ 2090.253868][T32251] openvswitch: netlink: Tunnel attr 42 out of range max 16
[ 2090.497880][T24988] usb 4-1: USB disconnect, device number 122
[ 2090.558139][  T795] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[ 2090.590476][  T795] usb 6-1: device descriptor read/8, error -71
[ 2090.718055][  T795] usb usb6-port1: unable to enumerate USB device
[ 2091.019738][T24988] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 2091.180747][T24988] usb 7-1: Using ep0 maxpacket: 32
[ 2091.189925][T24988] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 2091.202344][T24988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 2091.376199][T24988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 2091.406352][T24988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 2091.427470][T24988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 2091.462182][T24988] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 2091.472222][T24988] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2091.509588][T24988] usb 7-1: Product: syz
[ 2091.515484][T24988] usb 7-1: Manufacturer: syz
[ 2091.521077][T24988] usb 7-1: SerialNumber: syz
[ 2091.562147][T24988] usb 7-1: config 0 descriptor??
[ 2091.935419][T32287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6784'.
[ 2091.976445][T24988] iforce 7-1:0.0: usb_submit_urb failed: -32
[ 2091.983016][T24988] input input185: Device does not respond to id packet M
[ 2091.994210][T24988] iforce 7-1:0.0: usb_submit_urb failed: -32
[ 2092.000722][T24988] input input185: Device does not respond to id packet P
[ 2092.011360][T24988] iforce 7-1:0.0: usb_submit_urb failed: -32
[ 2092.041086][T24988] input input185: Device does not respond to id packet B
[ 2092.259096][T24988] iforce 7-1:0.0: usb_submit_urb failed: -71
[ 2092.269393][T24988] iforce 7-1:0.0: usb_submit_urb failed: -71
[ 2092.278287][T32293] FAULT_INJECTION: forcing a failure.
[ 2092.278287][T32293] name failslab, interval 1, probability 0, space 0, times 0
[ 2092.291929][T24988] iforce 7-1:0.0: usb_submit_urb failed: -71
[ 2092.307665][T24988] iforce 7-1:0.0: usb_submit_urb failed: -71
[ 2092.327381][T32293] CPU: 0 UID: 0 PID: 32293 Comm: syz.3.6786 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2092.327437][T32293] Tainted: [L]=SOFTLOCKUP
[ 2092.327445][T32293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2092.327458][T32293] Call Trace:
[ 2092.327467][T32293]  <TASK>
[ 2092.327476][T32293]  dump_stack_lvl+0xe8/0x150
[ 2092.327515][T32293]  should_fail_ex+0x412/0x560
[ 2092.327569][T32293]  should_failslab+0xa8/0x100
[ 2092.327595][T32293]  ? skb_clone+0x212/0x3a0
[ 2092.327626][T32293]  kmem_cache_alloc_noprof+0x87/0x650
[ 2092.327656][T32293]  ? nfnetlink_rcv+0x1c1b/0x27b0
[ 2092.327676][T32293]  ? netlink_unicast+0x80f/0x9b0
[ 2092.327698][T32293]  ? ____sys_sendmsg+0xa68/0xad0
[ 2092.327728][T32293]  ? __sys_sendmsg+0x183/0x260
[ 2092.327762][T32293]  skb_clone+0x212/0x3a0
[ 2092.327804][T32293]  ? netlink_trim+0x166/0x2c0
[ 2092.327828][T32293]  netlink_trim+0x17d/0x2c0
[ 2092.327853][T32293]  netlink_broadcast_filtered+0xd6/0x1020
[ 2092.327891][T32293]  ? nfnl_pernet+0x23/0x240
[ 2092.327916][T32293]  ? __pfx_netlink_broadcast_filtered+0x10/0x10
[ 2092.327940][T32293]  ? nfnl_pernet+0x23/0x240
[ 2092.327960][T32293]  ? nfnl_pernet+0x23/0x240
[ 2092.327984][T32293]  nlmsg_notify+0xf0/0x1a0
[ 2092.328014][T32293]  nf_tables_commit+0x8e95/0xa400
[ 2092.328073][T32293]  ? __pfx_nf_tables_commit+0x10/0x10
[ 2092.328105][T32293]  ? __free_frozen_pages+0x706/0xdb0
[ 2092.328135][T32293]  ? nf_tables_newrule+0x2590/0x28b0
[ 2092.328179][T32293]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 2092.328231][T32293]  nfnetlink_rcv+0x1c1b/0x27b0
[ 2092.328252][T32293]  ? is_bpf_text_address+0x26/0x2b0
[ 2092.328306][T32293]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 2092.328342][T32293]  ? __lock_acquire+0x6b5/0x2cf0
[ 2092.328403][T32293]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2092.328445][T32293]  netlink_unicast+0x80f/0x9b0
[ 2092.328476][T32293]  ? __pfx_netlink_unicast+0x10/0x10
[ 2092.328499][T32293]  ? netlink_sendmsg+0x650/0xb40
[ 2092.328527][T32293]  ? skb_put+0x11b/0x210
[ 2092.328554][T32293]  netlink_sendmsg+0x813/0xb40
[ 2092.328580][T32293]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2092.328600][T32293]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2092.328620][T32293]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2092.328637][T32293]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2092.328655][T32293]  ____sys_sendmsg+0xa68/0xad0
[ 2092.328683][T32293]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2092.328708][T32293]  ? kstrtoull+0x12f/0x1d0
[ 2092.328729][T32293]  ___sys_sendmsg+0x2a5/0x360
[ 2092.328755][T32293]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2092.328778][T32293]  ? get_pid_task+0x20/0x1f0
[ 2092.328792][T32293]  ? get_pid_task+0x20/0x1f0
[ 2092.328804][T32293]  ? get_pid_task+0x20/0x1f0
[ 2092.328836][T32293]  ? __fget_files+0x2a/0x420
[ 2092.328857][T32293]  ? __fget_files+0x3a0/0x420
[ 2092.328884][T32293]  __sys_sendmsg+0x183/0x260
[ 2092.328908][T32293]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2092.328945][T32293]  __do_fast_syscall_32+0x20d/0x640
[ 2092.328961][T32293]  ? do_fast_syscall_32+0x33/0x70
[ 2092.328974][T32293]  ? asm_int80_emulation+0x1a/0x20
[ 2092.328988][T32293]  ? do_int80_emulation+0x274/0x4d0
[ 2092.329002][T32293]  ? trace_irq_disable+0x3b/0x150
[ 2092.329027][T32293]  do_fast_syscall_32+0x33/0x70
[ 2092.329041][T32293]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2092.329060][T32293] RIP: 0023:0xf702ef6c
[ 2092.329074][T32293] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2092.329087][T32293] RSP: 002b:00000000f541d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2092.329104][T32293] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 2092.329114][T32293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2092.329123][T32293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2092.329132][T32293] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2092.329140][T32293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2092.329161][T32293]  </TASK>
[ 2092.718266][T24988] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input185
[ 2092.875618][T24988] usb 7-1: USB disconnect, device number 49
[ 2093.527493][T32303] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6790'.
[ 2093.938345][T29175] usb 2-1: new full-speed USB device number 104 using dummy_hcd
[ 2094.464392][T29175] usb 2-1: config 0 has an invalid interface number: 167 but max is 0
[ 2094.473114][T29175] usb 2-1: config 0 has no interface number 0
[ 2094.480773][T29175] usb 2-1: config 0 interface 167 altsetting 0 endpoint 0x8A has invalid maxpacket 512, setting to 64
[ 2094.502170][T29175] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0104, bcdDevice=f1.04
[ 2094.515087][T29175] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2094.530753][T29175] usb 2-1: Product: syz
[ 2094.544033][T29175] usb 2-1: Manufacturer: syz
[ 2094.555880][T29175] usb 2-1: SerialNumber: syz
[ 2094.868743][T29175] usb 2-1: config 0 descriptor??
[ 2094.904219][T32306] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2094.950046][T29175] kvaser_usb 2-1:0.167: error -ENODEV: Cannot get usb endpoint(s)
[ 2094.979636][T32318] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2095.196020][T32322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6796'.
[ 2095.209755][T32322] mac80211_hwsim hwsim124 wlan0: entered promiscuous mode
[ 2096.500780][T24988] usb 2-1: USB disconnect, device number 104
[ 2097.397172][T24988] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[ 2097.537718][T24988] usb 6-1: device descriptor read/64, error -71
[ 2098.100391][T24988] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[ 2098.255210][T24988] usb 6-1: device descriptor read/64, error -71
[ 2098.387649][T24988] usb usb6-port1: attempt power cycle
[ 2098.487680][  T795] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 2098.613405][T32386] wg0: Caught tx_queue_len zero misconfig
[ 2098.737680][T24988] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[ 2098.760300][  T795] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2098.773277][  T795] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2098.784714][T24988] usb 6-1: device descriptor read/8, error -71
[ 2098.791478][  T795] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2098.831325][  T795] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2098.840656][T24987] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 2098.849394][  T795] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2098.886358][  T795] usb 7-1: config 0 descriptor??
[ 2098.912449][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 2098.922120][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 2099.002754][T24987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2099.028033][T24988] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[ 2099.040374][T24987] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2099.061578][T24988] usb 6-1: device descriptor read/8, error -71
[ 2099.068339][T24987] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2099.087980][T24987] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2099.097680][T24987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2099.178233][T24988] usb usb6-port1: unable to enumerate USB device
[ 2099.231869][T24987] usb 2-1: config 0 descriptor??
[ 2099.858926][T24984] usb 4-1: new full-speed USB device number 123 using dummy_hcd
[ 2100.151745][T24984] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2100.160278][T24984] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2100.359535][T24984] usb 4-1: config 0 has no interfaces?
[ 2100.365101][T24984] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2100.499882][T24984] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2100.515534][T24984] usb 4-1: config 0 descriptor??
[ 2101.175567][   T30] audit: type=1326 audit(1771927512.505:2306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32415 comm="syz.5.6825" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fdef6c code=0x0
[ 2101.969480][  T795] usbhid 7-1:0.0: can't add hid device: -71
[ 2102.056612][  T795] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2102.074577][T24987] usbhid 2-1:0.0: can't add hid device: -71
[ 2102.081121][T24987] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 2102.113509][T24987] usb 2-1: USB disconnect, device number 105
[ 2102.142695][  T795] usb 7-1: USB disconnect, device number 50
[ 2102.380855][T32429] netlink: 'syz.1.6829': attribute type 10 has an invalid length.
[ 2102.403196][T32429] bond0: (slave wlan1): Opening slave failed
[ 2102.716420][T24987] usb 4-1: USB disconnect, device number 123
[ 2103.268835][T32443] netlink: 'syz.3.6834': attribute type 1 has an invalid length.
[ 2103.454534][T32443] bond1: entered promiscuous mode
[ 2103.490447][T32443] bond1: entered allmulticast mode
[ 2103.512905][T32443] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2103.581857][T32446] erspan1: entered allmulticast mode
[ 2104.268637][  T795] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 2104.287714][   T30] audit: type=1326 audit(1771927515.595:2307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32436 comm="syz.5.6833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2104.498339][   T30] audit: type=1326 audit(1771927515.595:2308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32436 comm="syz.5.6833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2104.572549][   T30] audit: type=1326 audit(1771927515.595:2309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32436 comm="syz.5.6833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2104.615596][  T795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 28, changing to 8
[ 2104.636964][  T795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 40968, setting to 1024
[ 2104.665497][  T795] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2104.688424][   T30] audit: type=1326 audit(1771927515.595:2310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32436 comm="syz.5.6833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2104.721751][  T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2104.738686][  T795] usb 4-1: config 0 descriptor??
[ 2104.743866][   T30] audit: type=1326 audit(1771927515.595:2311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32436 comm="syz.5.6833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2104.816628][   T30] audit: type=1326 audit(1771927515.595:2312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32436 comm="syz.5.6833" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf6fdef6c code=0x7ffc0000
[ 2104.997694][  T795] usbhid 4-1:0.0: can't add hid device: -71
[ 2105.005499][  T795] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2105.021874][  T795] usb 4-1: USB disconnect, device number 124
[ 2105.257749][T24988] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[ 2105.331044][T32463] mac80211_hwsim hwsim126 wlan0: entered promiscuous mode
[ 2105.407719][T24988] usb 1-1: Using ep0 maxpacket: 16
[ 2105.423338][T24988] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 2105.441808][T24988] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 2105.461128][T24987] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[ 2105.502243][T24988] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 2105.511717][T24988] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2105.520324][T24988] usb 1-1: Product: syz
[ 2105.524633][T24988] usb 1-1: Manufacturer: syz
[ 2105.529794][T24988] usb 1-1: SerialNumber: syz
[ 2105.545554][T24988] usb 1-1: config 0 descriptor??
[ 2105.551208][  T795] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 2105.574727][T24988] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 2105.586838][T24988] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[ 2105.621387][T24987] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2105.634443][T24987] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2105.647240][T24987] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2105.661107][T24987] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2105.674469][T24987] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2105.712195][T24987] usb 7-1: config 0 descriptor??
[ 2105.743178][  T795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 28, changing to 8
[ 2105.754529][  T795] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 40968, setting to 1024
[ 2105.946606][  T795] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2105.965298][  T795] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2106.039996][  T795] usb 4-1: config 0 descriptor??
[ 2106.052352][T24988] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[ 2106.063074][T24988] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[ 2106.090015][T24988] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[ 2106.104887][T24988] em28xx 1-1:0.0: No AC97 audio processor
[ 2106.690945][ T5925] usb 1-1: USB disconnect, device number 121
[ 2106.705011][ T5925] em28xx 1-1:0.0: Disconnecting em28xx
[ 2106.790471][ T5925] em28xx 1-1:0.0: Freeing device
[ 2106.813108][  T795] keytouch 0003:0926:3333.0096: fixing up Keytouch IEC report descriptor
[ 2106.856459][  T795] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0096/input/input186
[ 2107.192957][  T795] keytouch 0003:0926:3333.0096: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[ 2108.217715][T24990] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 2108.386397][T29175] usb 4-1: USB disconnect, device number 125
[ 2108.398408][T24990] usb 2-1: Using ep0 maxpacket: 16
[ 2108.438237][T24990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2108.482874][T24990] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 2108.586649][T24990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2108.636860][T24990] usb 2-1: config 0 descriptor??
[ 2109.189099][T24987] usbhid 7-1:0.0: can't add hid device: -71
[ 2109.377758][T24987] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 2109.392607][T24990] mcp2221 0003:04D8:00DD.0097: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[ 2109.425783][T24987] usb 7-1: USB disconnect, device number 51
[ 2109.584519][T32508] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6851'.
[ 2109.805229][T29175] usb 2-1: USB disconnect, device number 106
[ 2110.234298][T32519] team_slave_1: Caught tx_queue_len zero misconfig
[ 2110.637679][T24987] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 2110.689028][T24990] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 2110.807864][T24987] usb 4-1: Using ep0 maxpacket: 32
[ 2110.815933][T24987] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2110.841773][T24987] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2111.010656][T24987] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 2111.021367][T24990] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84
[ 2111.068348][T24987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2111.099525][T24990] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024
[ 2111.132360][T24990] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024
[ 2111.174153][T24987] usb 4-1: config 0 descriptor??
[ 2111.231083][T24987] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 2111.332873][T24990] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 2111.488927][T24990] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2111.552020][T24990] usb 7-1: Product: syz
[ 2111.556228][T24990] usb 7-1: Manufacturer: syz
[ 2111.604338][T24990] usb 7-1: SerialNumber: syz
[ 2111.630513][T24990] usb 7-1: config 0 descriptor??
[ 2111.670338][T32523] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 2111.793941][T32541] syzkaller0: entered promiscuous mode
[ 2111.818107][T32541] syzkaller0: entered allmulticast mode
[ 2111.837675][T24987] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[ 2111.994651][T32523] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 2112.083250][T24987] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[ 2112.101611][T24987] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2112.137908][T24987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 2112.186412][T24987] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 2112.307869][T29175] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[ 2112.310373][T24987] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2112.362816][T24987] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2112.381474][T24987] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2112.834826][T29175] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2112.847999][T29175] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2112.860567][T24987] usb 6-1: config 0 descriptor??
[ 2112.865012][T29175] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2112.900626][T29175] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2112.910629][T29175] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2112.937443][T29175] usb 1-1: config 0 descriptor??
[ 2113.155762][T32538] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 2113.306205][T24990] usb 4-1: USB disconnect, device number 126
[ 2113.592615][T24987] hid_parser_main: 5 callbacks suppressed
[ 2113.592638][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.636649][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.681775][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.699567][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.707038][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.743460][T32553] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6864'.
[ 2113.756462][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.773697][  T795] usb 7-1: USB disconnect, device number 52
[ 2113.788370][T32538] netlink: 92 bytes leftover after parsing attributes in process `syz.5.6861'.
[ 2113.813719][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.845619][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.858035][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2113.931344][T24987] plantronics 0003:047F:FFFF.0098: unknown main item tag 0x0
[ 2114.040551][T24987] plantronics 0003:047F:FFFF.0098: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 2114.065382][T32557] veth0_to_hsr: entered promiscuous mode
[ 2114.113298][T24987] usb 6-1: USB disconnect, device number 91
[ 2114.282232][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[ 2114.448138][ T5877] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 2114.506692][T32562] fido_id[32562]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 2114.628175][ T5877] usb 2-1: Using ep0 maxpacket: 32
[ 2114.647670][ T5877] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 219
[ 2114.703219][ T5877] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[ 2114.763706][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2114.795791][ T5877] usb 2-1: Product: syz
[ 2114.812797][ T5877] usb 2-1: Manufacturer: syz
[ 2114.827520][ T5877] usb 2-1: SerialNumber: syz
[ 2114.876900][ T5877] usb 2-1: config 0 descriptor??
[ 2114.907489][T32560] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2115.126175][ T5877] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 2115.157736][T24987] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 2115.237976][T32554] veth0_to_hsr: left promiscuous mode
[ 2115.293265][T29175] usbhid 1-1:0.0: can't add hid device: -71
[ 2115.302813][T29175] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2115.330822][T29175] usb 1-1: USB disconnect, device number 122
[ 2115.347875][T24987] usb 6-1: Using ep0 maxpacket: 16
[ 2115.377137][T24987] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 2115.385498][T24987] usb 6-1: config 0 has no interface number 0
[ 2115.407345][T24987] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 2115.426685][T24987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2115.452190][T24987] usb 6-1: Product: syz
[ 2115.508084][T24987] usb 6-1: Manufacturer: syz
[ 2115.512997][T24987] usb 6-1: SerialNumber: syz
[ 2115.533967][T24987] usb 6-1: config 0 descriptor??
[ 2115.565366][T24987] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 2115.831211][ T5877] usb 2-1: USB disconnect, device number 107
[ 2115.965763][T24987] gspca_spca1528: reg_w err -71
[ 2115.990608][T24987] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[ 2116.048437][T19017] udevd[19017]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2116.225596][T24987] usb 6-1: USB disconnect, device number 92
[ 2117.445864][T24988] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 2117.739322][T24988] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[ 2117.760130][T24988] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 2117.815682][T24988] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 2117.849112][T24988] usb 6-1: config 220 has no interface number 2
[ 2117.859364][T24988] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 2117.881280][T24988] usb 6-1: config 220 interface 0 has no altsetting 0
[ 2117.890667][T24988] usb 6-1: config 220 interface 76 has no altsetting 0
[ 2117.901675][T24988] usb 6-1: config 220 interface 1 has no altsetting 0
[ 2118.092155][T29175] usb 4-1: new full-speed USB device number 127 using dummy_hcd
[ 2118.272524][T29175] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2118.281268][T29175] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2118.293050][T29175] usb 4-1: config 0 has no interfaces?
[ 2118.293642][T24988] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 2118.356682][T24988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2118.385475][T29175] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2118.522358][T24988] usb 6-1: Product: syz
[ 2118.526612][T24988] usb 6-1: Manufacturer: syz
[ 2118.604880][T29175] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2118.641747][T24988] usb 6-1: SerialNumber: syz
[ 2118.666430][T29175] usb 4-1: config 0 descriptor??
[ 2118.914497][T24988] usb 6-1: selecting invalid altsetting 0
[ 2118.932361][T24988] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 2118.967469][T24988] uvcvideo 6-1:220.0: No valid video chain found.
[ 2119.004413][T24988] usb 6-1: selecting invalid altsetting 0
[ 2119.435577][T24988] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[ 2119.593811][T24988] usb 6-1: USB disconnect, device number 93
[ 2121.464039][T29175] usb 4-1: USB disconnect, device number 127
[ 2122.657733][T32655] hub 1-0:1.0: USB hub found
[ 2122.665440][T32655] hub 1-0:1.0: 1 port detected
[ 2122.707696][T24988] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 2123.116121][T24988] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2123.175931][T24988] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2123.194054][T24988] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2123.249542][T24988] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2123.279406][T24988] usb 2-1: Manufacturer: syz
[ 2123.292806][T24988] usb 2-1: config 0 descriptor??
[ 2123.567659][T24988] rc_core: IR keymap rc-hauppauge not found
[ 2123.587293][T24988] Registered IR keymap rc-empty
[ 2123.609894][T24988] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 2123.695725][T24988] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input187
[ 2123.765633][    C0] igorplugusb 2-1:0.0: Error: urb status = -32
[ 2123.801409][T32651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2123.818316][T32651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2123.968750][T32666] FAULT_INJECTION: forcing a failure.
[ 2123.968750][T32666] name failslab, interval 1, probability 0, space 0, times 0
[ 2123.981668][T32666] CPU: 0 UID: 0 PID: 32666 Comm: syz.1.6892 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2123.981705][T32666] Tainted: [L]=SOFTLOCKUP
[ 2123.981720][T32666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2123.981733][T32666] Call Trace:
[ 2123.981742][T32666]  <TASK>
[ 2123.981751][T32666]  dump_stack_lvl+0xe8/0x150
[ 2123.981785][T32666]  should_fail_ex+0x412/0x560
[ 2123.981814][T32666]  should_failslab+0xa8/0x100
[ 2123.981843][T32666]  __kmalloc_noprof+0xe8/0x760
[ 2123.981866][T32666]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2123.981900][T32666]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2123.981938][T32666]  ? tomoyo_path_number_perm+0x219/0x630
[ 2123.981960][T32666]  tomoyo_path_number_perm+0x246/0x630
[ 2123.981985][T32666]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2123.982011][T32666]  ? __lock_acquire+0x6b5/0x2cf0
[ 2123.982071][T32666]  ? __fget_files+0x2a/0x420
[ 2123.982105][T32666]  ? __fget_files+0x3a0/0x420
[ 2123.982133][T32666]  ? __fget_files+0x2a/0x420
[ 2123.982166][T32666]  security_file_ioctl_compat+0xc3/0x2a0
[ 2123.982202][T32666]  __ia32_compat_sys_ioctl+0x139/0x950
[ 2123.982229][T32666]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 2123.982258][T32666]  ? __fget_files+0x3a0/0x420
[ 2123.982294][T32666]  ? fput+0xa0/0xd0
[ 2123.982323][T32666]  ? ksys_write+0x242/0x270
[ 2123.982357][T32666]  __do_fast_syscall_32+0x20d/0x640
[ 2123.982380][T32666]  ? do_fast_syscall_32+0x33/0x70
[ 2123.982399][T32666]  ? asm_int80_emulation+0x1a/0x20
[ 2123.982419][T32666]  ? do_int80_emulation+0x274/0x4d0
[ 2123.982439][T32666]  ? trace_irq_disable+0x3b/0x150
[ 2123.982473][T32666]  do_fast_syscall_32+0x33/0x70
[ 2123.982494][T32666]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2123.982520][T32666] RIP: 0023:0xf704ef6c
[ 2123.982539][T32666] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2123.982558][T32666] RSP: 002b:00000000f53e150c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 2123.982580][T32666] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080284504
[ 2123.982594][T32666] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 2123.982607][T32666] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2123.982619][T32666] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2123.982632][T32666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2123.982662][T32666]  </TASK>
[ 2123.982699][T32666] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2124.848069][T24988] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[ 2125.008283][T24988] usb 4-1: Using ep0 maxpacket: 32
[ 2125.186938][T32679] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2125.211430][T24988] usb 4-1: config 0 has an invalid interface number: 167 but max is 0
[ 2125.222520][T24988] usb 4-1: config 0 has no interface number 0
[ 2125.242414][T24988] usb 4-1: config 0 interface 167 has no altsetting 0
[ 2125.265737][T24988] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=20.63
[ 2125.275668][T24988] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2125.301306][T24988] usb 4-1: Product: syz
[ 2125.314755][T24988] usb 4-1: Manufacturer: syz
[ 2125.325183][T24988] usb 4-1: SerialNumber: syz
[ 2125.413977][T24988] usb 4-1: config 0 descriptor??
[ 2125.822910][T24988] usbtest 4-1:0.167: couldn't get endpoints, -22
[ 2125.849936][T24988] usbtest 4-1:0.167: probe with driver usbtest failed with error -22
[ 2126.092916][T24988] usb 4-1: USB disconnect, device number 2
[ 2126.182695][T24984] usb 2-1: USB disconnect, device number 108
[ 2126.864357][T32696] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6902'.
[ 2127.063220][T32700] syzkaller1: entered promiscuous mode
[ 2127.068865][T32700] syzkaller1: entered allmulticast mode
[ 2127.529953][T24984] usb 1-1: new low-speed USB device number 123 using dummy_hcd
[ 2128.315860][T24984] usb 1-1: config 1 has an invalid descriptor of length 153, skipping remainder of the config
[ 2128.315899][T24984] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 2128.315935][T24984] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 is Bulk; changing to Interrupt
[ 2128.618197][T32709] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6906'.
[ 2128.618254][T32709] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6906'.
[ 2128.640465][T24984] usb 1-1: string descriptor 0 read error: -22
[ 2128.640607][T24984] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2128.640642][T24984] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2128.658059][T32702] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 2128.660533][T24984] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found
[ 2128.660583][T24984] cdc_ncm 1-1:1.0: bind() failure
[ 2128.676304][T32710] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6906'.
[ 2128.676338][T32710] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6906'.
[ 2128.875694][T24990] usb 1-1: USB disconnect, device number 123
[ 2129.364324][T32721] syzkaller0: entered promiscuous mode
[ 2129.372199][T32721] syzkaller0: entered allmulticast mode
[ 2129.381649][T32718] tipc: Started in network mode
[ 2129.414932][T32718] tipc: Node identity 4ee4c9e0ef86, cluster identity 4711
[ 2129.430475][T32718] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2129.463486][T32727] syzkaller0: entered promiscuous mode
[ 2129.469329][T32727] syzkaller0: entered allmulticast mode
[ 2129.522924][T32718] tipc: Resetting bearer <eth:syzkaller0>
[ 2129.641285][T32729] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 2129.761978][T32727] tipc: Resetting bearer <eth:syzkaller0>
[ 2129.799532][T32727] tipc: Disabling bearer <eth:syzkaller0>
[ 2130.197860][T24990] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 2130.397715][T24990] usb 4-1: Using ep0 maxpacket: 32
[ 2130.415944][T24990] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2130.454951][T24990] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16
[ 2130.483560][T24990] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[ 2130.517707][T24990] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 26
[ 2130.565756][T24990] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2130.630151][T24990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 2130.666537][T24990] usb 4-1: SerialNumber: syz
[ 2130.694587][T32735] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2130.726273][T32735] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2130.960655][T32735] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6914'.
[ 2131.068150][T24990] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[ 2131.106747][T24990] usb 4-1: USB disconnect, device number 3
[ 2132.041512][T24990] usb 6-1: new full-speed USB device number 94 using dummy_hcd
[ 2132.257843][T24988] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[ 2132.310663][T24990] usb 6-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2132.390777][T24990] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2132.441461][  T304] ALSA: mixer_oss: invalid OSS volume ''
[ 2132.447299][T24990] usb 6-1: config 0 has no interfaces?
[ 2132.470867][T24988] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 2132.483481][T24990] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2132.504979][T24988] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2132.529495][T24990] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2132.544884][T24988] usb 4-1: config 0 has no interfaces?
[ 2132.589500][T24990] usb 6-1: config 0 descriptor??
[ 2132.596177][T24988] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 2132.651541][T24988] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2132.712078][T24988] usb 4-1: config 0 descriptor??
[ 2133.168188][T24984] usb 7-1: new full-speed USB device number 53 using dummy_hcd
[ 2133.307838][T24984] usb 7-1: device descriptor read/64, error -71
[ 2133.547697][T24984] usb 7-1: new full-speed USB device number 54 using dummy_hcd
[ 2133.698181][T24984] usb 7-1: device descriptor read/64, error -71
[ 2133.894418][T24984] usb usb7-port1: attempt power cycle
[ 2134.288575][T24984] usb 7-1: new full-speed USB device number 55 using dummy_hcd
[ 2134.326605][T24984] usb 7-1: device descriptor read/8, error -71
[ 2134.513867][  T317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6929'.
[ 2134.564144][  T318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6929'.
[ 2134.597990][T24984] usb 7-1: new full-speed USB device number 56 using dummy_hcd
[ 2135.098998][T24984] usb 7-1: device descriptor read/8, error -71
[ 2135.139985][T24990] usb 4-1: USB disconnect, device number 4
[ 2135.227259][T24988] usb 6-1: USB disconnect, device number 94
[ 2135.264443][T24984] usb usb7-port1: unable to enumerate USB device
[ 2135.335260][  T323] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6932'.
[ 2135.379542][  T323] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6932'.
[ 2135.411029][  T321] syzkaller1: entered promiscuous mode
[ 2135.416590][  T321] syzkaller1: entered allmulticast mode
[ 2135.454314][  T326] syzkaller0: entered promiscuous mode
[ 2135.480515][  T326] syzkaller0: entered allmulticast mode
[ 2135.692457][  T334] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6935'.
[ 2135.828494][T24987] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 2136.019801][  T337] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6936'.
[ 2136.033262][  T337] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6936'.
[ 2136.132278][T24987] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 2136.144790][T24987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2136.175725][T24987] usb 1-1: Product: syz
[ 2136.234245][T24987] usb 1-1: Manufacturer: syz
[ 2136.533197][T24987] usb 1-1: SerialNumber: syz
[ 2136.552989][T24987] usb 1-1: config 0 descriptor??
[ 2136.587478][T24987] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 124
[ 2137.133876][T24987]  (null): failure reading functionality
[ 2137.146380][T24987] i2c i2c-1: failure reading functionality
[ 2137.158934][T24987] i2c i2c-1: connected i2c-tiny-usb device
[ 2137.204149][  T348] IPVS: set_ctl: invalid protocol: 47 224.0.0.2:0
[ 2137.275351][T24987] usb 1-1: USB disconnect, device number 124
[ 2137.841221][T24984] IPVS: starting estimator thread 0...
[ 2137.943985][  T354] IPVS: using max 39 ests per chain, 93600 per kthread
[ 2138.707654][T24984] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 2138.871962][T24984] usb 6-1: Using ep0 maxpacket: 16
[ 2138.918385][T24984] usb 6-1: config 0 has no interfaces?
[ 2138.948411][T24984] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2138.977914][T24984] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2139.017489][T24984] usb 6-1: Manufacturer: syz
[ 2139.034780][T24984] usb 6-1: config 0 descriptor??
[ 2139.057636][T24987] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 2139.148400][ T5877] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 2139.247675][T24987] usb 4-1: Using ep0 maxpacket: 32
[ 2139.258631][T24987] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2139.279035][T24987] usb 4-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00
[ 2139.303023][T24987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2139.315189][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2139.354910][T24987] usb 4-1: config 0 descriptor??
[ 2139.360123][T24988] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[ 2139.414959][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2139.453853][ T5877] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2139.510675][ T5877] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2139.552289][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2139.562111][T24988] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2139.595655][T24988] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2139.613338][ T5877] usb 1-1: config 0 descriptor??
[ 2139.626474][T24988] usb 7-1: Product: syz
[ 2139.649291][T24988] usb 7-1: Manufacturer: syz
[ 2139.663989][T24988] usb 7-1: SerialNumber: syz
[ 2140.254409][T24987] usbhid 4-1:0.0: can't add hid device: -71
[ 2140.262715][T24987] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2140.326126][T24988] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2140.360620][  T795] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2140.407860][T24987] usb 4-1: USB disconnect, device number 5
[ 2141.047720][T24984] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 2141.227963][T24984] usb 2-1: Using ep0 maxpacket: 32
[ 2141.236442][T24984] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[ 2141.253611][T24984] usb 2-1: config 0 has no interface number 0
[ 2141.274956][T24984] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[ 2141.285086][T24984] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2141.293941][T24984] usb 2-1: Product: syz
[ 2141.298847][T24984] usb 2-1: Manufacturer: syz
[ 2141.309396][T24984] usb 2-1: SerialNumber: syz
[ 2141.340824][T24984] usb 2-1: config 0 descriptor??
[ 2141.370362][T24984] radio-si470x 2-1:0.35: could not find interrupt in endpoint
[ 2141.378376][T24984] radio-si470x 2-1:0.35: probe with driver radio-si470x failed with error -5
[ 2141.549113][  T795] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[ 2141.556624][  T795] ath9k_htc: Failed to initialize the device
[ 2141.571658][T24984] radio-raremono 2-1:0.35: this is not Thanko's Raremono.
[ 2141.594417][T24984] usbhid 2-1:0.35: couldn't find an input interrupt endpoint
[ 2141.620537][  T795] usb 7-1: ath9k_htc: USB layer deinitialized
[ 2142.018943][T29175] usb 6-1: USB disconnect, device number 95
[ 2142.251300][T29175] usb 7-1: USB disconnect, device number 57
[ 2142.513211][ T5877] usbhid 1-1:0.0: can't add hid device: -71
[ 2142.520904][ T5877] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2142.548371][ T5877] usb 1-1: USB disconnect, device number 125
[ 2142.571351][T29175] usb 6-1: new low-speed USB device number 96 using dummy_hcd
[ 2142.766818][  T415] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6959'.
[ 2142.858241][T29175] usb 6-1: Invalid ep0 maxpacket: 16
[ 2143.347798][T29175] usb 6-1: new low-speed USB device number 97 using dummy_hcd
[ 2143.379255][ T5925] usb 2-1: USB disconnect, device number 109
[ 2143.616396][T29175] usb 6-1: Invalid ep0 maxpacket: 16
[ 2143.622845][T29175] usb usb6-port1: attempt power cycle
[ 2144.027669][T29175] usb 6-1: new low-speed USB device number 98 using dummy_hcd
[ 2144.071285][T29175] usb 6-1: Invalid ep0 maxpacket: 16
[ 2144.211637][T29175] usb 6-1: new low-speed USB device number 99 using dummy_hcd
[ 2144.238476][T29175] usb 6-1: Invalid ep0 maxpacket: 16
[ 2144.244600][T29175] usb usb6-port1: unable to enumerate USB device
[ 2145.535313][  T450] netlink: 79 bytes leftover after parsing attributes in process `syz.5.6968'.
[ 2145.947705][T24988] usb 6-1: new high-speed USB device number 100 using dummy_hcd
[ 2146.220368][T24988] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2146.235296][T24988] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2146.245776][T24988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2146.260952][T24988] usb 6-1: Product: syz
[ 2146.567648][T24988] usb 6-1: Manufacturer: syz
[ 2146.577778][T24988] usb 6-1: SerialNumber: syz
[ 2146.744366][  T457] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6970'.
[ 2147.908623][T24988] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 2147.915151][T24988] cdc_ncm 6-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 2147.998917][T24988] cdc_ncm 6-1:1.0: setting rx_max = 2048
[ 2148.311695][T24988] cdc_ncm 6-1:1.0: setting tx_max = 88
[ 2148.364951][  T463] netlink: 'syz.6.6972': attribute type 31 has an invalid length.
[ 2148.419263][T24988] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 2148.496269][T24988] usb 6-1: USB disconnect, device number 100
[ 2148.527514][T24988] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP)
[ 2148.993419][  T486] netlink: 'syz.0.6976': attribute type 2 has an invalid length.
[ 2149.039303][  T480] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 2149.140708][  T489] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6978'.
[ 2149.297657][T24988] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[ 2149.981118][  T471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6973'.
[ 2150.124183][  T471] gtp0: entered promiscuous mode
[ 2150.145082][  T471] gtp0: entered allmulticast mode
[ 2150.247673][T24987] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 2150.417753][T24987] usb 4-1: Using ep0 maxpacket: 8
[ 2150.426818][T24987] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2150.493359][T24987] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2150.564159][T24987] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2150.624049][T24987] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2150.700552][T24987] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2150.727672][T24987] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2151.160496][T24987] usb 4-1: GET_CAPABILITIES returned 0
[ 2151.166083][T24987] usbtmc 4-1:16.0: can't read capabilities
[ 2151.411880][    C0] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[ 2151.421914][  T508] usbtmc 4-1:16.0: Unable to send data, error -71
[ 2151.798602][  T533] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6983'.
[ 2152.782006][  T557] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6989'.
[ 2152.797883][  T555] netlink: 'syz.1.6988': attribute type 21 has an invalid length.
[ 2152.875044][  T559] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6989'.
[ 2153.021380][ T5925] usb 4-1: USB disconnect, device number 6
[ 2153.206552][  T572] openvswitch: netlink: VXLAN extension message has 228 unknown bytes.
[ 2153.523861][T24987] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 2153.784810][T24987] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2153.851383][T24987] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2153.987594][T24987] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2154.067944][T24987] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2154.118009][T24987] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2154.194952][T24987] usb 1-1: config 0 descriptor??
[ 2154.836877][  T581] bond2: (slave bond_slave_1): Device is not our slave
[ 2154.890327][  T581] bond2: option active_slave: invalid value (bond_slave_1)
[ 2154.941087][  T581] bond2 (unregistering): Released all slaves
[ 2156.330557][  T603] syzkaller0: entered promiscuous mode
[ 2156.338794][  T603] syzkaller0: entered allmulticast mode
[ 2156.383348][  T604] netlink: 'syz.1.7003': attribute type 16 has an invalid length.
[ 2156.400613][  T604] netlink: 'syz.1.7003': attribute type 16 has an invalid length.
[ 2157.006343][T24987] usbhid 1-1:0.0: can't add hid device: -71
[ 2157.038445][T24987] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2157.063095][T24987] usb 1-1: USB disconnect, device number 126
[ 2158.412106][  T628] ALSA: mixer_oss: invalid OSS volume ''
[ 2158.952461][  T644] netlink: 'syz.3.7014': attribute type 16 has an invalid length.
[ 2158.972257][  T644] netlink: 'syz.3.7014': attribute type 16 has an invalid length.
[ 2159.085543][  T648] loop9: detected capacity change from 0 to 7
[ 2159.120846][T23458] Dev loop9: unable to read RDB block 7
[ 2159.126797][T23458]  loop9: unable to read partition table
[ 2159.133447][T23458] loop9: partition table beyond EOD, truncated
[ 2159.154182][  T648] Dev loop9: unable to read RDB block 7
[ 2159.165355][  T648]  loop9: unable to read partition table
[ 2159.179100][  T648] loop9: partition table beyond EOD, truncated
[ 2159.204640][  T648] loop_reread_partitions: partition scan of loop9 (�������g�C�j̖�P=��!MX���	���%��`�搘ȵ4FLQk݊5) failed (rc=-5)
[ 2159.345485][  T656] netlink: 'syz.5.7019': attribute type 3 has an invalid length.
[ 2159.392468][  T659] bond2: option downdelay: invalid value (18446744073709551615)
[ 2159.400485][  T659] bond2: option downdelay: allowed values 0 - 2147483647
[ 2159.409483][  T659] bond2 (unregistering): Released all slaves
[ 2160.354471][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.361105][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.948084][  T683] netlink: 'syz.5.7026': attribute type 16 has an invalid length.
[ 2161.067913][  T683] netlink: 'syz.5.7026': attribute type 16 has an invalid length.
[ 2161.537632][T24987] usb 6-1: new full-speed USB device number 101 using dummy_hcd
[ 2161.572012][  T689] ALSA: mixer_oss: invalid OSS volume ''
[ 2161.620787][  T691] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7030'.
[ 2161.638949][  T691] macvtap1: entered promiscuous mode
[ 2161.644476][  T691] dummy0: entered promiscuous mode
[ 2161.650782][  T691] macvtap1: entered allmulticast mode
[ 2161.656425][  T691] dummy0: entered allmulticast mode
[ 2161.664832][  T691] FAULT_INJECTION: forcing a failure.
[ 2161.664832][  T691] name failslab, interval 1, probability 0, space 0, times 0
[ 2161.678126][  T691] CPU: 1 UID: 0 PID: 691 Comm: syz.3.7030 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2161.678160][  T691] Tainted: [L]=SOFTLOCKUP
[ 2161.678168][  T691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2161.678182][  T691] Call Trace:
[ 2161.678191][  T691]  <TASK>
[ 2161.678200][  T691]  dump_stack_lvl+0xe8/0x150
[ 2161.678235][  T691]  should_fail_ex+0x412/0x560
[ 2161.678264][  T691]  should_failslab+0xa8/0x100
[ 2161.678304][  T691]  __kmalloc_cache_noprof+0x88/0x660
[ 2161.678326][  T691]  ? rtnl_newlink+0x136/0x1be0
[ 2161.678357][  T691]  rtnl_newlink+0x136/0x1be0
[ 2161.678386][  T691]  ? unwind_next_frame+0xa5/0x23c0
[ 2161.678423][  T691]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2161.678458][  T691]  ? __lock_acquire+0x6b5/0x2cf0
[ 2161.678491][  T691]  ? __lock_acquire+0x6b5/0x2cf0
[ 2161.678520][  T691]  ? __lock_acquire+0x6b5/0x2cf0
[ 2161.678550][  T691]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2161.678579][  T691]  ? unwind_next_frame+0xa5/0x23c0
[ 2161.678638][  T691]  ? __lock_acquire+0x6b5/0x2cf0
[ 2161.678667][  T691]  ? is_bpf_text_address+0x26/0x2b0
[ 2161.678692][  T691]  ? kernel_text_address+0xa5/0xe0
[ 2161.678740][  T691]  ? __pfx_rtnl_newlink+0x10/0x10
[ 2161.678766][  T691]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 2161.678796][  T691]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 2161.678822][  T691]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2161.678852][  T691]  ? __lock_acquire+0x6b5/0x2cf0
[ 2161.678888][  T691]  netlink_rcv_skb+0x232/0x4b0
[ 2161.678915][  T691]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 2161.678943][  T691]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2161.678980][  T691]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2161.679012][  T691]  netlink_unicast+0x80f/0x9b0
[ 2161.679043][  T691]  ? __pfx_netlink_unicast+0x10/0x10
[ 2161.679067][  T691]  ? netlink_sendmsg+0x650/0xb40
[ 2161.679090][  T691]  ? skb_put+0x11b/0x210
[ 2161.679122][  T691]  netlink_sendmsg+0x813/0xb40
[ 2161.679161][  T691]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2161.679191][  T691]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 2161.679218][  T691]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2161.679242][  T691]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2161.679267][  T691]  ____sys_sendmsg+0xa68/0xad0
[ 2161.679306][  T691]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2161.679341][  T691]  ? kstrtoull+0x12f/0x1d0
[ 2161.679372][  T691]  ___sys_sendmsg+0x2a5/0x360
[ 2161.679407][  T691]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2161.679440][  T691]  ? get_pid_task+0x20/0x1f0
[ 2161.679459][  T691]  ? get_pid_task+0x20/0x1f0
[ 2161.679476][  T691]  ? get_pid_task+0x20/0x1f0
[ 2161.679521][  T691]  ? __fget_files+0x2a/0x420
[ 2161.679550][  T691]  ? __fget_files+0x3a0/0x420
[ 2161.679594][  T691]  __sys_sendmsg+0x183/0x260
[ 2161.679627][  T691]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2161.679678][  T691]  __do_fast_syscall_32+0x20d/0x640
[ 2161.679701][  T691]  ? do_fast_syscall_32+0x33/0x70
[ 2161.679720][  T691]  ? asm_int80_emulation+0x1a/0x20
[ 2161.679739][  T691]  ? do_int80_emulation+0x274/0x4d0
[ 2161.679759][  T691]  ? trace_irq_disable+0x3b/0x150
[ 2161.679792][  T691]  do_fast_syscall_32+0x33/0x70
[ 2161.679813][  T691]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2161.679838][  T691] RIP: 0023:0xf702ef6c
[ 2161.679858][  T691] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2161.679876][  T691] RSP: 002b:00000000f541d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 2161.679916][  T691] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[ 2161.679931][  T691] RDX: 000000000000c084 RSI: 0000000000000000 RDI: 0000000000000000
[ 2161.679944][  T691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2161.679956][  T691] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2161.679968][  T691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2161.679998][  T691]  </TASK>
[ 2162.064619][T24987] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[ 2162.073161][T24987] usb 6-1: config 0 has no interface number 0
[ 2162.082205][T24987] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 2162.091647][T24987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2162.111807][T24987] usb 6-1: Product: syz
[ 2162.116128][T24987] usb 6-1: Manufacturer: syz
[ 2162.132105][T24987] usb 6-1: SerialNumber: syz
[ 2162.150784][T24987] usb 6-1: config 0 descriptor??
[ 2162.730465][T24987] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[ 2162.744378][  T702] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[ 2162.757455][T24987] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[ 2162.766405][T24987] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[ 2162.778274][  T702] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 2162.795792][T24987] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[ 2162.817182][T24987] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 2162.993963][T24987] usb 6-1: USB disconnect, device number 101
[ 2163.005982][T24987] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 2163.034062][T24987] keyspan 6-1:0.133: device disconnected
[ 2163.257830][T24988] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[ 2163.346575][  T716] kAFS: unable to lookup cell '�({^�@'
[ 2163.397636][T24988] usb 7-1: device descriptor read/64, error -71
[ 2163.728666][T24988] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[ 2163.801795][  T728] ALSA: mixer_oss: invalid OSS volume ''
[ 2163.908277][T24988] usb 7-1: device descriptor read/64, error -71
[ 2164.031224][T24988] usb usb7-port1: attempt power cycle
[ 2164.397506][T24988] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[ 2164.428572][T24988] usb 7-1: device descriptor read/8, error -71
[ 2164.908277][T24988] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[ 2164.931013][  T747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7047'.
[ 2164.945440][T24988] usb 7-1: device descriptor read/8, error -71
[ 2165.097908][T24988] usb usb7-port1: unable to enumerate USB device
[ 2165.234537][  T753] 
[ 2165.236933][  T753] =====================================================
[ 2165.243964][  T753] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 2165.251450][  T753] syzkaller #0 Tainted: G             L     
[ 2165.257456][  T753] -----------------------------------------------------
[ 2165.264410][  T753] syz.1.7049/753 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 2165.271988][  T753] ffff88807ba3c7f8 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0
[ 2165.280840][  T753] 
[ 2165.280840][  T753] and this task is already holding:
[ 2165.288223][  T753] ffff88808089f028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 2165.298025][  T753] which would create a new lock dependency:
[ 2165.303958][  T753]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 2165.312110][  T753] 
[ 2165.312110][  T753] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 2165.321586][  T753]  (&dev->event_lock#2){..-.}-{3:3}
[ 2165.321631][  T753] 
[ 2165.321631][  T753] ... which became SOFTIRQ-irq-safe at:
[ 2165.334571][  T753]   lock_acquire+0xf0/0x2e0
[ 2165.339121][  T753]   _raw_spin_lock_irqsave+0x40/0x60
[ 2165.344529][  T753]   input_event+0x76/0xe0
[ 2165.348894][  T753]   hidinput_report_event+0xa1/0x100
[ 2165.354217][  T753]   hid_report_raw_event+0x1489/0x1720
[ 2165.359707][  T753]   hid_input_report+0x44b/0x580
[ 2165.364667][  T753]   hid_irq_in+0x47e/0x6d0
[ 2165.369129][  T753]   __usb_hcd_giveback_urb+0x376/0x540
[ 2165.374647][  T753]   dummy_timer+0xbbd/0x45d0
[ 2165.379284][  T753]   __hrtimer_run_queues+0x53a/0xcc0
[ 2165.384615][  T753]   hrtimer_run_softirq+0x182/0x5a0
[ 2165.389845][  T753]   handle_softirqs+0x22a/0x870
[ 2165.394741][  T753]   __irq_exit_rcu+0x5f/0x150
[ 2165.399454][  T753]   irq_exit_rcu+0x9/0x30
[ 2165.403814][  T753]   sysvec_apic_timer_interrupt+0xa6/0xc0
[ 2165.409804][  T753]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2165.415902][  T753]   lock_release+0x2d7/0x3d0
[ 2165.420533][  T753]   unwind_next_frame+0x1aaa/0x23c0
[ 2165.425855][  T753]   arch_stack_walk+0x11b/0x150
[ 2165.430750][  T753]   stack_trace_save+0xa9/0x100
[ 2165.435618][  T753]   kasan_save_track+0x3e/0x80
[ 2165.440401][  T753]   kasan_save_free_info+0x46/0x50
[ 2165.445535][  T753]   __kasan_slab_free+0x5c/0x80
[ 2165.450406][  T753]   kfree+0x1c1/0x630
[ 2165.454409][  T753]   raw_ioctl+0x2536/0x41c0
[ 2165.458928][  T753]   __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2165.464589][  T753]   __do_fast_syscall_32+0x20d/0x640
[ 2165.469898][  T753]   do_fast_syscall_32+0x33/0x70
[ 2165.474888][  T753]   entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2165.481429][  T753] 
[ 2165.481429][  T753] to a SOFTIRQ-irq-unsafe lock:
[ 2165.488457][  T753]  (tasklist_lock){.+.+}-{3:3}
[ 2165.488492][  T753] 
[ 2165.488492][  T753] ... which became SOFTIRQ-irq-unsafe at:
[ 2165.501159][  T753] ...
[ 2165.501170][  T753]   lock_acquire+0xf0/0x2e0
[ 2165.508285][  T753]   _raw_read_lock+0x36/0x50
[ 2165.512891][  T753]   __do_wait+0xde/0x740
[ 2165.517157][  T753]   do_wait+0x1e7/0x540
[ 2165.521334][  T753]   kernel_wait+0xd6/0x1c0
[ 2165.525774][  T753]   call_usermodehelper_exec_work+0xbe/0x230
[ 2165.531774][  T753]   process_scheduled_works+0xb02/0x1830
[ 2165.537419][  T753]   worker_thread+0xa50/0xfc0
[ 2165.542125][  T753]   kthread+0x388/0x470
[ 2165.546295][  T753]   ret_from_fork+0x51e/0xb90
[ 2165.550991][  T753]   ret_from_fork_asm+0x1a/0x30
[ 2165.555869][  T753] 
[ 2165.555869][  T753] other info that might help us debug this:
[ 2165.555869][  T753] 
[ 2165.566206][  T753] Chain exists of:
[ 2165.566206][  T753]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[ 2165.566206][  T753] 
[ 2165.579791][  T753]  Possible interrupt unsafe locking scenario:
[ 2165.579791][  T753] 
[ 2165.588121][  T753]        CPU0                    CPU1
[ 2165.593505][  T753]        ----                    ----
[ 2165.598886][  T753]   lock(tasklist_lock);
[ 2165.603228][  T753]                                local_irq_disable();
[ 2165.610003][  T753]                                lock(&dev->event_lock#2);
[ 2165.617221][  T753]                                lock(&client->buffer_lock);
[ 2165.624639][  T753]   <Interrupt>
[ 2165.628117][  T753]     lock(&dev->event_lock#2);
[ 2165.632984][  T753] 
[ 2165.632984][  T753]  *** DEADLOCK ***
[ 2165.632984][  T753] 
[ 2165.641188][  T753] 7 locks held by syz.1.7049/753:
[ 2165.646217][  T753]  #0: ffff88802bb76118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1ae/0x4c0
[ 2165.655374][  T753]  #1: ffff88801e30f230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[ 2165.665598][  T753]  #2: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[ 2165.675302][  T753]  #3: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[ 2165.684912][  T753]  #4: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340
[ 2165.694150][  T753]  #5: ffff88808089f028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 2165.704356][  T753]  #6: ffffffff8e7602e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[ 2165.713430][  T753] 
[ 2165.713430][  T753] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 2165.723845][  T753]  -> (&dev->event_lock#2){..-.}-{3:3} {
[ 2165.729511][  T753]     IN-SOFTIRQ-W at:
[ 2165.733593][  T753]                       lock_acquire+0xf0/0x2e0
[ 2165.739854][  T753]                       _raw_spin_lock_irqsave+0x40/0x60
[ 2165.746894][  T753]                       input_event+0x76/0xe0
[ 2165.753016][  T753]                       hidinput_report_event+0xa1/0x100
[ 2165.760058][  T753]                       hid_report_raw_event+0x1489/0x1720
[ 2165.767362][  T753]                       hid_input_report+0x44b/0x580
[ 2165.774055][  T753]                       hid_irq_in+0x47e/0x6d0
[ 2165.780230][  T753]                       __usb_hcd_giveback_urb+0x376/0x540
[ 2165.787440][  T753]                       dummy_timer+0xbbd/0x45d0
[ 2165.793869][  T753]                       __hrtimer_run_queues+0x53a/0xcc0
[ 2165.800914][  T753]                       hrtimer_run_softirq+0x182/0x5a0
[ 2165.807872][  T753]                       handle_softirqs+0x22a/0x870
[ 2165.814480][  T753]                       __irq_exit_rcu+0x5f/0x150
[ 2165.820995][  T753]                       irq_exit_rcu+0x9/0x30
[ 2165.827080][  T753]                       sysvec_apic_timer_interrupt+0xa6/0xc0
[ 2165.834568][  T753]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2165.842385][  T753]                       lock_release+0x2d7/0x3d0
[ 2165.848725][  T753]                       unwind_next_frame+0x1aaa/0x23c0
[ 2165.855814][  T753]                       arch_stack_walk+0x11b/0x150
[ 2165.862433][  T753]                       stack_trace_save+0xa9/0x100
[ 2165.869032][  T753]                       kasan_save_track+0x3e/0x80
[ 2165.875634][  T753]                       kasan_save_free_info+0x46/0x50
[ 2165.882586][  T753]                       __kasan_slab_free+0x5c/0x80
[ 2165.889186][  T753]                       kfree+0x1c1/0x630
[ 2165.894936][  T753]                       raw_ioctl+0x2536/0x41c0
[ 2165.901223][  T753]                       __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2165.908522][  T753]                       __do_fast_syscall_32+0x20d/0x640
[ 2165.915553][  T753]                       do_fast_syscall_32+0x33/0x70
[ 2165.922242][  T753]                       entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2165.930410][  T753]     INITIAL USE at:
[ 2165.934404][  T753]                      lock_acquire+0xf0/0x2e0
[ 2165.940577][  T753]                      _raw_spin_lock_irqsave+0x40/0x60
[ 2165.947541][  T753]                      input_inject_event+0xa5/0x340
[ 2165.954238][  T753]                      kbd_led_trigger_activate+0xbc/0x100
[ 2165.961485][  T753]                      led_trigger_set+0x535/0x960
[ 2165.968017][  T753]                      led_trigger_set_default+0x260/0x2a0
[ 2165.975230][  T753]                      led_classdev_register_ext+0x787/0x9c0
[ 2165.982644][  T753]                      input_leds_connect+0x517/0x790
[ 2165.989418][  T753]                      input_register_device+0xd00/0x1160
[ 2165.996547][  T753]                      atkbd_connect+0x731/0xa50
[ 2166.002899][  T753]                      serio_driver_probe+0x82/0xd0
[ 2166.009502][  T753]                      really_probe+0x267/0xaf0
[ 2166.015772][  T753]                      __driver_probe_device+0x18c/0x320
[ 2166.022803][  T753]                      driver_probe_device+0x4f/0x240
[ 2166.029569][  T753]                      __driver_attach+0x3e7/0x710
[ 2166.036079][  T753]                      bus_for_each_dev+0x23b/0x2c0
[ 2166.042683][  T753]                      serio_handle_event+0x20a/0xdd0
[ 2166.049459][  T753]                      process_scheduled_works+0xb02/0x1830
[ 2166.056766][  T753]                      worker_thread+0xa50/0xfc0
[ 2166.063120][  T753]                      kthread+0x388/0x470
[ 2166.068930][  T753]                      ret_from_fork+0x51e/0xb90
[ 2166.075278][  T753]                      ret_from_fork_asm+0x1a/0x30
[ 2166.081844][  T753]   }
[ 2166.084438][  T753]   ... key      at: [<ffffffff9a6043c0>] input_allocate_device.__key.7+0x0/0x20
[ 2166.093596][  T753] -> (&client->buffer_lock){....}-{3:3} {
[ 2166.099361][  T753]    INITIAL USE at:
[ 2166.103269][  T753]                    lock_acquire+0xf0/0x2e0
[ 2166.109269][  T753]                    _raw_spin_lock_irqsave+0x40/0x60
[ 2166.116095][  T753]                    evdev_ioctl_handler+0x1a49/0x1fe0
[ 2166.122978][  T753]                    __ia32_compat_sys_ioctl+0x5ea/0x950
[ 2166.130027][  T753]                    __do_fast_syscall_32+0x20d/0x640
[ 2166.136888][  T753]                    do_fast_syscall_32+0x33/0x70
[ 2166.143335][  T753]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.151255][  T753]  }
[ 2166.153763][  T753]  ... key      at: [<ffffffff9a604660>] evdev_open.__key.27+0x0/0x20
[ 2166.161931][  T753]  ... acquired at:
[ 2166.165827][  T753]    _raw_spin_lock+0x2e/0x40
[ 2166.170517][  T753]    evdev_pass_values+0xb9/0xbd0
[ 2166.175586][  T753]    evdev_events+0x1aa/0x340
[ 2166.180288][  T753]    input_pass_values+0x1c2/0x890
[ 2166.185539][  T753]    input_event_dispose+0x330/0x6b0
[ 2166.190841][  T753]    input_inject_event+0x1dd/0x340
[ 2166.196069][  T753]    evdev_write+0x325/0x4c0
[ 2166.200691][  T753]    vfs_write+0x29a/0xb90
[ 2166.205120][  T753]    ksys_write+0x150/0x270
[ 2166.209632][  T753]    __do_fast_syscall_32+0x20d/0x640
[ 2166.215014][  T753]    do_fast_syscall_32+0x33/0x70
[ 2166.220061][  T753]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.226582][  T753] 
[ 2166.228937][  T753] 
[ 2166.228937][  T753] the dependencies between the lock to be acquired
[ 2166.228947][  T753]  and SOFTIRQ-irq-unsafe lock:
[ 2166.242486][  T753]   -> (tasklist_lock){.+.+}-{3:3} {
[ 2166.247807][  T753]      HARDIRQ-ON-R at:
[ 2166.251978][  T753]                         lock_acquire+0xf0/0x2e0
[ 2166.258424][  T753]                         _raw_read_lock+0x36/0x50
[ 2166.264941][  T753]                         __do_wait+0xde/0x740
[ 2166.271111][  T753]                         do_wait+0x1e7/0x540
[ 2166.277192][  T753]                         kernel_wait+0xd6/0x1c0
[ 2166.283532][  T753]                         call_usermodehelper_exec_work+0xbe/0x230
[ 2166.291457][  T753]                         process_scheduled_works+0xb02/0x1830
[ 2166.299023][  T753]                         worker_thread+0xa50/0xfc0
[ 2166.305636][  T753]                         kthread+0x388/0x470
[ 2166.311714][  T753]                         ret_from_fork+0x51e/0xb90
[ 2166.318403][  T753]                         ret_from_fork_asm+0x1a/0x30
[ 2166.325280][  T753]      SOFTIRQ-ON-R at:
[ 2166.329446][  T753]                         lock_acquire+0xf0/0x2e0
[ 2166.335871][  T753]                         _raw_read_lock+0x36/0x50
[ 2166.342386][  T753]                         __do_wait+0xde/0x740
[ 2166.348555][  T753]                         do_wait+0x1e7/0x540
[ 2166.354641][  T753]                         kernel_wait+0xd6/0x1c0
[ 2166.361078][  T753]                         call_usermodehelper_exec_work+0xbe/0x230
[ 2166.369018][  T753]                         process_scheduled_works+0xb02/0x1830
[ 2166.376693][  T753]                         worker_thread+0xa50/0xfc0
[ 2166.383309][  T753]                         kthread+0x388/0x470
[ 2166.389397][  T753]                         ret_from_fork+0x51e/0xb90
[ 2166.396002][  T753]                         ret_from_fork_asm+0x1a/0x30
[ 2166.402784][  T753]      INITIAL USE at:
[ 2166.406866][  T753]                        lock_acquire+0xf0/0x2e0
[ 2166.413217][  T753]                        _raw_write_lock_irq+0x3d/0x50
[ 2166.420100][  T753]                        copy_process+0x247a/0x3cf0
[ 2166.426797][  T753]                        kernel_clone+0x248/0x8e0
[ 2166.433231][  T753]                        user_mode_thread+0x110/0x180
[ 2166.440054][  T753]                        rest_init+0x23/0x300
[ 2166.446138][  T753]                        start_kernel+0x385/0x3d0
[ 2166.452656][  T753]                        x86_64_start_reservations+0x24/0x30
[ 2166.460049][  T753]                        x86_64_start_kernel+0x143/0x1c0
[ 2166.467090][  T753]                        common_startup_64+0x13e/0x147
[ 2166.473956][  T753]      INITIAL READ USE at:
[ 2166.478494][  T753]                             lock_acquire+0xf0/0x2e0
[ 2166.485276][  T753]                             _raw_read_lock+0x36/0x50
[ 2166.492195][  T753]                             __do_wait+0xde/0x740
[ 2166.498718][  T753]                             do_wait+0x1e7/0x540
[ 2166.505148][  T753]                             kernel_wait+0xd6/0x1c0
[ 2166.511943][  T753]                             call_usermodehelper_exec_work+0xbe/0x230
[ 2166.520205][  T753]                             process_scheduled_works+0xb02/0x1830
[ 2166.528121][  T753]                             worker_thread+0xa50/0xfc0
[ 2166.535084][  T753]                             kthread+0x388/0x470
[ 2166.541511][  T753]                             ret_from_fork+0x51e/0xb90
[ 2166.548477][  T753]                             ret_from_fork_asm+0x1a/0x30
[ 2166.555610][  T753]    }
[ 2166.558293][  T753]    ... key      at: [<ffffffff8e40c058>] tasklist_lock+0x18/0x40
[ 2166.566277][  T753]    ... acquired at:
[ 2166.570265][  T753]    _raw_read_lock+0x36/0x50
[ 2166.574995][  T753]    send_sigio+0x101/0x370
[ 2166.579515][  T753]    dnotify_handle_event+0x169/0x440
[ 2166.584896][  T753]    fsnotify+0x1831/0x1ae0
[ 2166.589416][  T753]    path_openat+0x15c2/0x3860
[ 2166.594188][  T753]    do_file_open+0x23e/0x4a0
[ 2166.598873][  T753]    do_sys_openat2+0x113/0x200
[ 2166.603761][  T753]    __ia32_compat_sys_openat+0x131/0x160
[ 2166.609497][  T753]    __do_fast_syscall_32+0x20d/0x640
[ 2166.614964][  T753]    do_fast_syscall_32+0x33/0x70
[ 2166.620000][  T753]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.626527][  T753] 
[ 2166.628875][  T753]  -> (&f_owner->lock){....}-{3:3} {
[ 2166.634187][  T753]     INITIAL USE at:
[ 2166.638179][  T753]                      lock_acquire+0xf0/0x2e0
[ 2166.644349][  T753]                      _raw_write_lock_irq+0x3d/0x50
[ 2166.651140][  T753]                      __f_setown+0x67/0x370
[ 2166.657134][  T753]                      fcntl_dirnotify+0x3f9/0x6a0
[ 2166.663653][  T753]                      do_fcntl+0x77e/0x1a20
[ 2166.669647][  T753]                      do_compat_fcntl64+0x51e/0x7e0
[ 2166.676360][  T753]                      __do_fast_syscall_32+0x20d/0x640
[ 2166.683347][  T753]                      do_fast_syscall_32+0x33/0x70
[ 2166.689953][  T753]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.698040][  T753]     INITIAL READ USE at:
[ 2166.702462][  T753]                           lock_acquire+0xf0/0x2e0
[ 2166.709058][  T753]                           _raw_read_lock_irqsave+0x48/0x60
[ 2166.716442][  T753]                           send_sigio+0x38/0x370
[ 2166.722911][  T753]                           dnotify_handle_event+0x169/0x440
[ 2166.730292][  T753]                           fsnotify+0x1831/0x1ae0
[ 2166.736810][  T753]                           path_openat+0x15c2/0x3860
[ 2166.743594][  T753]                           do_file_open+0x23e/0x4a0
[ 2166.750292][  T753]                           do_sys_openat2+0x113/0x200
[ 2166.757173][  T753]                           __ia32_compat_sys_openat+0x131/0x160
[ 2166.764910][  T753]                           __do_fast_syscall_32+0x20d/0x640
[ 2166.772290][  T753]                           do_fast_syscall_32+0x33/0x70
[ 2166.779331][  T753]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.787867][  T753]   }
[ 2166.790462][  T753]   ... key      at: [<ffffffff9a2e5160>] file_f_owner_allocate.__key+0x0/0x20
[ 2166.799418][  T753]   ... acquired at:
[ 2166.803314][  T753]    _raw_read_lock_irqsave+0x48/0x60
[ 2166.808702][  T753]    send_sigio+0x38/0x370
[ 2166.813137][  T753]    kill_fasync+0x24d/0x4d0
[ 2166.817740][  T753]    lease_break_callback+0x26/0x30
[ 2166.822960][  T753]    __break_lease+0x81c/0x1e80
[ 2166.827824][  T753]    try_break_deleg+0xfc/0x180
[ 2166.832691][  T753]    notify_change+0xb5a/0xf40
[ 2166.837467][  T753]    chown_common+0x466/0x6b0
[ 2166.842239][  T753]    do_fchownat+0x14c/0x250
[ 2166.846844][  T753]    __ia32_sys_fchownat+0xb5/0xd0
[ 2166.851972][  T753]    __do_fast_syscall_32+0x20d/0x640
[ 2166.857393][  T753]    do_fast_syscall_32+0x33/0x70
[ 2166.862431][  T753]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.868954][  T753] 
[ 2166.871289][  T753] -> (&new->fa_lock){....}-{3:3} {
[ 2166.876432][  T753]    INITIAL USE at:
[ 2166.880434][  T753]                    lock_acquire+0xf0/0x2e0
[ 2166.886443][  T753]                    _raw_write_lock_irq+0x3d/0x50
[ 2166.892960][  T753]                    fasync_remove_entry+0xf1/0x1c0
[ 2166.899590][  T753]                    lease_modify+0x4f7/0x6c0
[ 2166.905766][  T753]                    locks_remove_file+0x5f0/0xf70
[ 2166.912378][  T753]                    __fput+0x3ae/0xa70
[ 2166.917945][  T753]                    task_work_run+0x1d9/0x270
[ 2166.924117][  T753]                    exit_to_user_mode_loop+0xed/0x480
[ 2166.931008][  T753]                    __do_fast_syscall_32+0x415/0x640
[ 2166.937803][  T753]                    do_fast_syscall_32+0x33/0x70
[ 2166.944228][  T753]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2166.952156][  T753]    INITIAL READ USE at:
[ 2166.956933][  T753]                         lock_acquire+0xf0/0x2e0
[ 2166.963371][  T753]                         _raw_read_lock_irqsave+0x48/0x60
[ 2166.970592][  T753]                         kill_fasync+0x199/0x4d0
[ 2166.977116][  T753]                         lease_break_callback+0x26/0x30
[ 2166.984154][  T753]                         __break_lease+0x81c/0x1e80
[ 2166.990862][  T753]                         try_break_deleg+0xfc/0x180
[ 2166.997562][  T753]                         notify_change+0xb5a/0xf40
[ 2167.004254][  T753]                         chown_common+0x466/0x6b0
[ 2167.010775][  T753]                         do_fchownat+0x14c/0x250
[ 2167.017205][  T753]                         __ia32_sys_fchownat+0xb5/0xd0
[ 2167.024153][  T753]                         __do_fast_syscall_32+0x20d/0x640
[ 2167.031357][  T753]                         do_fast_syscall_32+0x33/0x70
[ 2167.038215][  T753]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2167.046655][  T753]  }
[ 2167.049195][  T753]  ... key      at: [<ffffffff9a2e5180>] fasync_insert_entry.__key+0x0/0x20
[ 2167.057893][  T753]  ... acquired at:
[ 2167.061710][  T753]    _raw_read_lock_irqsave+0x48/0x60
[ 2167.067108][  T753]    kill_fasync+0x199/0x4d0
[ 2167.071713][  T753]    evdev_pass_values+0x627/0xbd0
[ 2167.076846][  T753]    evdev_events+0x1e6/0x340
[ 2167.081545][  T753]    input_pass_values+0x288/0x890
[ 2167.086691][  T753]    input_event_dispose+0x330/0x6b0
[ 2167.092000][  T753]    input_inject_event+0x1dd/0x340
[ 2167.097220][  T753]    evdev_write+0x325/0x4c0
[ 2167.101826][  T753]    vfs_write+0x29a/0xb90
[ 2167.106257][  T753]    ksys_write+0x150/0x270
[ 2167.110948][  T753]    __do_fast_syscall_32+0x20d/0x640
[ 2167.116331][  T753]    do_fast_syscall_32+0x33/0x70
[ 2167.121366][  T753]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2167.127883][  T753] 
[ 2167.130216][  T753] 
[ 2167.130216][  T753] stack backtrace:
[ 2167.136131][  T753] CPU: 0 UID: 0 PID: 753 Comm: syz.1.7049 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2167.136155][  T753] Tainted: [L]=SOFTLOCKUP
[ 2167.136161][  T753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2167.136172][  T753] Call Trace:
[ 2167.136181][  T753]  <TASK>
[ 2167.136190][  T753]  dump_stack_lvl+0xe8/0x150
[ 2167.136214][  T753]  __lock_acquire+0x2a94/0x2cf0
[ 2167.136245][  T753]  lock_acquire+0xf0/0x2e0
[ 2167.136265][  T753]  ? kill_fasync+0x199/0x4d0
[ 2167.136286][  T753]  _raw_read_lock_irqsave+0x48/0x60
[ 2167.136309][  T753]  ? kill_fasync+0x199/0x4d0
[ 2167.136325][  T753]  kill_fasync+0x199/0x4d0
[ 2167.136341][  T753]  ? kill_fasync+0x53/0x4d0
[ 2167.136357][  T753]  evdev_pass_values+0x627/0xbd0
[ 2167.136379][  T753]  ? evdev_pass_values+0x5d1/0xbd0
[ 2167.136402][  T753]  evdev_events+0x1e6/0x340
[ 2167.136420][  T753]  ? evdev_events+0x79/0x340
[ 2167.136439][  T753]  ? input_pass_values+0x8d/0x890
[ 2167.136457][  T753]  input_pass_values+0x288/0x890
[ 2167.136478][  T753]  ? input_handle_event+0x70c/0xf30
[ 2167.136504][  T753]  input_event_dispose+0x330/0x6b0
[ 2167.136531][  T753]  input_inject_event+0x1dd/0x340
[ 2167.136561][  T753]  ? input_inject_event+0xb6/0x340
[ 2167.136605][  T753]  evdev_write+0x325/0x4c0
[ 2167.136627][  T753]  ? __pfx_evdev_write+0x10/0x10
[ 2167.136648][  T753]  ? bpf_lsm_file_permission+0x9/0x20
[ 2167.136669][  T753]  ? security_file_permission+0x75/0x260
[ 2167.136696][  T753]  ? rw_verify_area+0x255/0x4d0
[ 2167.136712][  T753]  ? __pfx_evdev_write+0x10/0x10
[ 2167.136732][  T753]  vfs_write+0x29a/0xb90
[ 2167.136752][  T753]  ? __pfx_vfs_write+0x10/0x10
[ 2167.136768][  T753]  ? __fget_files+0x2a/0x420
[ 2167.136794][  T753]  ? __fget_files+0x2a/0x420
[ 2167.136816][  T753]  ? __fget_files+0x3a0/0x420
[ 2167.136839][  T753]  ? __fget_files+0x2a/0x420
[ 2167.136865][  T753]  ksys_write+0x150/0x270
[ 2167.136882][  T753]  ? __pfx_ksys_write+0x10/0x10
[ 2167.136902][  T753]  __do_fast_syscall_32+0x20d/0x640
[ 2167.136920][  T753]  ? do_fast_syscall_32+0x33/0x70
[ 2167.136935][  T753]  ? asm_int80_emulation+0x1a/0x20
[ 2167.136951][  T753]  ? do_int80_emulation+0x274/0x4d0
[ 2167.136966][  T753]  ? trace_irq_disable+0x3b/0x150
[ 2167.136993][  T753]  do_fast_syscall_32+0x33/0x70
[ 2167.137009][  T753]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2167.137036][  T753] RIP: 0023:0xf704ef6c
[ 2167.137053][  T753] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2167.137067][  T753] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 2167.137086][  T753] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[ 2167.137098][  T753] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000
[ 2167.137109][  T753] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2167.137119][  T753] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2167.137130][  T753] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2167.137147][  T753]  </TASK>
[ 2167.507743][  T753] FAULT_INJECTION: forcing a failure.
[ 2167.507743][  T753] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2167.679521][  T753] CPU: 0 UID: 0 PID: 753 Comm: syz.1.7049 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2167.679558][  T753] Tainted: [L]=SOFTLOCKUP
[ 2167.679567][  T753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2167.679580][  T753] Call Trace:
[ 2167.679588][  T753]  <TASK>
[ 2167.679598][  T753]  dump_stack_lvl+0xe8/0x150
[ 2167.679631][  T753]  should_fail_ex+0x412/0x560
[ 2167.679657][  T753]  _copy_from_user+0x2d/0xb0
[ 2167.679686][  T753]  input_event_from_user+0x100/0x290
[ 2167.679715][  T753]  ? __pfx_input_event_from_user+0x10/0x10
[ 2167.679744][  T753]  ? rcu_is_watching+0x15/0xb0
[ 2167.679775][  T753]  evdev_write+0x2c7/0x4c0
[ 2167.679802][  T753]  ? __pfx_evdev_write+0x10/0x10
[ 2167.679828][  T753]  ? bpf_lsm_file_permission+0x9/0x20
[ 2167.679853][  T753]  ? security_file_permission+0x75/0x260
[ 2167.679885][  T753]  ? rw_verify_area+0x255/0x4d0
[ 2167.679905][  T753]  ? __pfx_evdev_write+0x10/0x10
[ 2167.679930][  T753]  vfs_write+0x29a/0xb90
[ 2167.679953][  T753]  ? __pfx_vfs_write+0x10/0x10
[ 2167.679972][  T753]  ? __fget_files+0x2a/0x420
[ 2167.680003][  T753]  ? __fget_files+0x2a/0x420
[ 2167.680030][  T753]  ? __fget_files+0x3a0/0x420
[ 2167.680058][  T753]  ? __fget_files+0x2a/0x420
[ 2167.680092][  T753]  ksys_write+0x150/0x270
[ 2167.680113][  T753]  ? __pfx_ksys_write+0x10/0x10
[ 2167.680137][  T753]  __do_fast_syscall_32+0x20d/0x640
[ 2167.680160][  T753]  ? do_fast_syscall_32+0x33/0x70
[ 2167.680179][  T753]  ? asm_int80_emulation+0x1a/0x20
[ 2167.680199][  T753]  ? do_int80_emulation+0x274/0x4d0
[ 2167.680225][  T753]  ? trace_irq_disable+0x3b/0x150
[ 2167.680256][  T753]  do_fast_syscall_32+0x33/0x70
[ 2167.680276][  T753]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 2167.680302][  T753] RIP: 0023:0xf704ef6c
[ 2167.680319][  T753] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad
[ 2167.680337][  T753] RSP: 002b:00000000f543d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 2167.680359][  T753] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[ 2167.680374][  T753] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000
[ 2167.680386][  T753] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 2167.680398][  T753] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2167.680410][  T753] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 2167.680430][  T753]  </TASK>