last executing test programs:

10m48.867884219s ago: executing program 32 (id=206):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6_vti0\x00', <r0=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='dctcp', 0x5)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000001c0)='bic', 0x3)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="494d495820274d617374657220436170747572652c651fab30303030303030303030303030"], 0x2b)
close(0xffffffffffffffff)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000680), &(0x7f00000006c0)=0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0xb, 0x1}]}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x58}, 0x28)
ioctl$OCFS2_IOC_UNRESVSP(0xffffffffffffffff, 0x40305829, &(0x7f0000000000)={0x1, 0x0, 0xd1, 0x42, 0xb8})

10m42.242952059s ago: executing program 33 (id=298):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0\x00', <r3=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x240458d1, &(0x7f0000000200)={0x11, 0x88a8, r3, 0x1, 0x85, 0x6, @multicast}, 0x14)

10m40.645860268s ago: executing program 34 (id=308):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80800)
readv(r0, &(0x7f0000000000)=[{0x0}, {&(0x7f00000002c0)=""/92, 0x5c}], 0x2)

10m38.737413744s ago: executing program 35 (id=322):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r0, &(0x7f0000000640)={@void, @void, @ipv6=@icmpv6={0x3, 0x6, "31fddf", 0x3f3, 0x3a, 0x0, @mcast2, @remote, {[@srh={0x32, 0x0, 0x4, 0x0, 0x1, 0x8, 0x3}, @hopopts={0x0, 0x1d, '\x00', [@enc_lim={0x4, 0x1, 0x1}, @pad1, @generic={0xa, 0xab, "1924619e74ad3bff2a7092cf5fb0dfbaaf4aed1527b01e8626dcaab4bfb3407937e0383e76d30edd480ce4cb4bcb8778f0c9b46c5efe0624486d871aeb28a8b7dcb5666f5c7d61dcc5a09f4b1726668727b8b36b0dae67b0e81f90f71162af20d5006863abfe2415f05e3261783b9de50d85daf5b199a97511295752d047b23b17d0735522e3b9381028da0e237f877c84c60824b72f1155300b14eb2794dc20a66761e4242a3c92232eeb"}, @calipso={0x7, 0x20, {0x0, 0x6, 0x0, 0x4e69, [0x9, 0x0, 0xfffffffffffffffb]}}, @padn, @hao={0xc9, 0x10, @mcast2}]}, @srh={0x84, 0x8, 0x4, 0x4, 0x9, 0x20, 0x6, [@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local]}, @dstopts={0x3c, 0xc, '\x00', [@generic={0x8d, 0x5f, "cf51446c151f016c6828d7c3917969e455916a8e4c6346e2abf2c164015db69dd23457b075f2ef86af64ab46b50bbf1855493d81d244b5f6522a82699090d82cef4fb2dad877416de9774df0f154f3d62a1b36d5a5e28838c81f675af3b9c6"}]}], @ndisc_na={0x88, 0x0, 0x0, 0x1, '\x00', @private2={0xfc, 0x2, '\x00', 0x1}, [{0x1f, 0x14, "bf5ea30b00891141873fed67d4e20ea5efb1deb62dc7af4a38ebf65ce947cab0485cc7a324046d7c535ee9b804ae1e7bff1e6b48b5f0829273251caeeb3a16ba00b4558baff16dfe2cf181be08ed8797ee8bb0387326d69867b612c84e6a37560f762647897d5ce639e6af5805202291eb08c63c65612ef3c44da5f9fd60cd0615ac715ca3d7d9ac30ced34dc37191c66f50f263790508e779f5baa23d81c0"}, {0x3, 0x13, "1d990de4ac37bd2f3367bfd19041eac8f02a9335b619cfafe4c691d40cb798342fad0ac48c003d2a853f9d7a370aaf73c096c783d3a2e1647296e219ea7b64f13a72a78bc2961fce255aed8f5d7bc579c93b050b2a28912687b83d1fddb1d69db21384563d538b51d33ea2f451c9315763d0f3ed790152693298ac7823088f2c1fb736f99d963d12f406e306919a487669b964ce7ee1"}, {0x3, 0xd, "4ed046212c32f07cea720ca0402eece51beb2a30927aa6c74b59dcb2c2b390bec803117860e160b2fffeba47e78b2d958be27649f722531f08cbcd7f6fbd91dc5ebd4e5b4cd52efa82daacae3f25e47693d788d5f06a21b8dead68838b186a3a91f2a4e4ef8a05c2311b4a"}, {0x1, 0xe, "670ca644f4998a9265678e4034988b3aa60b858e9d05536eb22091305b9c27d5e6c0727eb41d968fe78d4052c3df09ccac307833841181879d956ace39911c9083966e5bc54593203f7faa4696b88e317d3c103a9771f2fb34f072468e4d7ceb03fea4759f2d8486ffdd62cba3f6"}, {0x19, 0x1, "aed534863a167184a24086"}]}}}}, 0x41b)

10m20.420974881s ago: executing program 1 (id=506):
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)='\t', 0x1, 0x100400c1, &(0x7f0000000140)={0x11, 0x1, 0x0, 0x1, 0x84, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1], 0x44}}, 0x0)

10m20.175818006s ago: executing program 1 (id=509):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd2c, 0x8, {0x0, 0x0, 0x0, r5, {0x9, 0xffe0}, {0x2, 0xfff1}, {0x1, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x4041880)

10m18.522305099s ago: executing program 1 (id=519):
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)='\t', 0x1, 0x100400c1, &(0x7f0000000140)={0x11, 0x1, 0x0, 0x1, 0x84, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB], 0x44}}, 0x0)

10m18.315631619s ago: executing program 1 (id=523):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
unshare(0x22020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x80000, @loopback, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x18}, 0xc044)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x4048080)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
r6 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f0000000040)=0x80b, 0x4)

10m17.600035987s ago: executing program 6 (id=534):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)

10m17.394869279s ago: executing program 6 (id=536):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r2 = dup(r1)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x48, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r4, 0x0, 0x0)
splice(r3, 0x0, r0, 0x0, 0x80042000000fffe, 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)

10m17.154145315s ago: executing program 1 (id=537):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="210228bd7000fcdbdf250c00000008000300", @ANYRES32=r3, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x24080020}, 0x4000000)

10m15.980471088s ago: executing program 6 (id=539):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x100, 0x65, 0x300, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xd8}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}, @filter_kind_options=@f_basic={{0xa}, {0xb4, 0x2, [@TCA_BASIC_ACT={0xb0, 0x3, [@m_sample={0x38, 0x17, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x5}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_connmark={0x74, 0x5, 0x0, 0x0, {{0xd}, {0x4}, {0x43, 0x6, "6f3e464680b8dcb925d3c8416db18e2e0eecd7ba0f6003aaa71a565f40fa822f6bd63a4ca0ba27c7d18cbbdfbdb568fa69b75a5bdb35bbe794d9fbd87c7c44"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x100}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff, 0x16, 0x0, @val=@tcx}, 0x1c)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

10m13.931849455s ago: executing program 1 (id=544):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x5, 0x4)
bind$inet6(r0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

10m13.757083174s ago: executing program 36 (id=544):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x5, 0x4)
bind$inet6(r0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

10m13.711577563s ago: executing program 6 (id=547):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
unshare(0x22020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x80000, @loopback, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x18}, 0xc044)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x4048080)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
r6 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f0000000040)=0x80b, 0x4)

10m12.726821565s ago: executing program 6 (id=552):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000210000082abd7000fbdbdf2502001008020000020000010008000100ac1e000108001000050100000c"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x1, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400003366"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000180), 0x0}, 0x1c)
sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r4 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
close(r5)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
execveat$binfmt(0xffffffffffffff9c, r4, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x8, 0x0, 0xfffffe0000000002, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007a1ff00", @ANYRES32=r7, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet_smc(0x2b, 0x1, 0x0)
r9 = openat$full(0xffffff9c, &(0x7f0000000000), 0x84100, 0x0)
open_tree(r9, &(0x7f0000000040)='./file0\x00', 0x80000)

10m12.577721155s ago: executing program 2 (id=553):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40000061, 0x0)

10m12.4750675s ago: executing program 6 (id=554):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

10m12.468073359s ago: executing program 2 (id=555):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000002c0)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet6(r0, &(0x7f0000000080)='\x00', 0x1, 0x8081, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x7, 0x84, 0x7, 0x5, 0x5, 0xfd, 0x0, 0x0, 0xfd, 0x5, 0x3, 0x0, 0xff}, 0xe)
recvmmsg(r0, &(0x7f0000002280)=[{{0x0, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000300)}}], 0x1, 0x61, 0x0)

10m11.999215841s ago: executing program 37 (id=554):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

10m11.974718942s ago: executing program 2 (id=558):
socket$inet_sctp(0x2, 0x5, 0x84)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0)
syz_emit_ethernet(0x348, &(0x7f0000000780)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x312, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x3a}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x5a, 0x1, 0x0, 0x0, [{0x3, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000000"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f0"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d260600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)

10m11.865942058s ago: executing program 2 (id=561):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
unshare(0x22020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x80000, @loopback, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x18}, 0xc044)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x5000002}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040804}, 0x4048080)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
r6 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f0000000040)=0x80b, 0x4)

10m10.561803248s ago: executing program 2 (id=567):
syz_open_dev$sg(0x0, 0x0, 0x8401)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000600)={'sit0\x00', 0x0})
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5, r2})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
readv(r3, &(0x7f0000000040)=[{0x0}], 0x1)

10m10.20315515s ago: executing program 2 (id=568):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4)
recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001e40)=""/174, 0xae}], 0x1, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002120, 0x0)
sendmsg$tipc(r0, 0x0, 0x20048851)

10m9.115292419s ago: executing program 38 (id=568):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4)
recvmmsg(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001e40)=""/174, 0xae}], 0x1, &(0x7f0000001fc0)=""/65, 0x41}, 0x1}], 0x1, 0x40002120, 0x0)
sendmsg$tipc(r0, 0x0, 0x20048851)

10m9.032866926s ago: executing program 9 (id=571):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x220c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x3)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x7)
listen(0xffffffffffffffff, 0x7f)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
recvmsg(r6, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x2)

10m8.582160593s ago: executing program 9 (id=573):
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)='\t', 0x1, 0x100400c1, &(0x7f0000000140)={0x11, 0x1, 0x0, 0x1, 0x84, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673"], 0x44}}, 0x0)

10m8.389386105s ago: executing program 9 (id=575):
r0 = socket$inet6(0xa, 0x2, 0x0)
syz_emit_ethernet(0x80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x4d, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40000061, 0x0)

10m7.998640479s ago: executing program 9 (id=576):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
unshare(0x22020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x80000, @loopback, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x18}, 0xc044)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
r7 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r7, 0x119, 0x1, &(0x7f0000000040)=0x80b, 0x4)

10m6.916936656s ago: executing program 9 (id=578):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x541})
syz_emit_ethernet(0x1379, &(0x7f0000000c80)=ANY=[@ANYBLOB="15420408cee3ffffffffffff86dd6099cea613432c03cb697a653e336f000000500000000000ff0200000000"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x3, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

10m6.555835601s ago: executing program 9 (id=579):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)

10m6.007426321s ago: executing program 39 (id=579):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)

10m4.118053861s ago: executing program 8 (id=585):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x8, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0cc5640, &(0x7f00000000c0)={0x2, @sdr={0x32314d54, 0x4010002}})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x30481)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$vcsa(0xffffff9c, &(0x7f00000005c0), 0x101000, 0x0)
accept4$alg(r6, 0x0, 0x0, 0x800)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x0, 0x32, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x1, 0xffff, 0xa, 0x1ff, 0x1})
syz_open_dev$loop(&(0x7f0000000000), 0x8, 0x2082)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x34004014}, 0x44080)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c00000010004b0429bd7000faffffff7a000000", @ANYRES32=0x0, @ANYBLOB="08b0010006820000400012800b0001006272696467650000300002800c002200000000040000000005002400010000000600080088a80000080005000100000005002b00050000000a000100aa"], 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0xfffffffffffffdce)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008e88052086800095d89301020301090212000100000000090401"], 0x0)
r8 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r8, 0x707, &(0x7f0000000400)={&(0x7f00000003c0)=[{0x9, 0x10, 0x0, 0x0}], 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000001c00128009000100626f6e64000000000c00027805000100020000007782a7e0eddace6c5b094fb11a14e6150e4fb55f97a1e487417a469a01e498439d41c6181461eae922c50d3ef210a0c8c684787d80864a99a2a9961d30f0c0611ccc955f8b814435c993daef2e5af0de0bed24aa405d34ddd13f6f4d8cee2fde6c3a174a525e01e52ec1"], 0x3c}}, 0x0)

10m0.879422642s ago: executing program 8 (id=589):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x101301)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r2], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

9m58.039548642s ago: executing program 8 (id=591):
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)='\t', 0x1, 0x100400c1, &(0x7f0000000140)={0x11, 0x1, 0x0, 0x1, 0x84, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673"], 0x44}}, 0x0)

9m57.862819972s ago: executing program 8 (id=592):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
unshare(0x22020400)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r3 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f00000002c0)={0xa, 0x4e20, 0x80000, @loopback, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000100)=[@dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x18}, 0xc044)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x300, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
r7 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r7, 0x119, 0x1, &(0x7f0000000040)=0x80b, 0x4)

9m56.768365882s ago: executing program 8 (id=594):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000811}, 0x8000)

9m56.394983935s ago: executing program 8 (id=596):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x8, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0cc5640, &(0x7f00000000c0)={0x2, @sdr={0x32314d54, 0x4010002}})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x30481)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$vcsa(0xffffff9c, &(0x7f00000005c0), 0x101000, 0x0)
accept4$alg(r6, 0x0, 0x0, 0x800)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x0, 0x32, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x1, 0xffff, 0xa, 0x1ff, 0x1})
syz_open_dev$loop(&(0x7f0000000000), 0x8, 0x2082)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x34004014}, 0x44080)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c00000010004b0429bd7000faffffff7a000000", @ANYRES32=0x0, @ANYBLOB="08b0010006820000400012800b0001006272696467650000300002800c002200000000040000000005002400010000000600080088a80000080005000100000005002b00050000000a000100aa"], 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0xfffffffffffffdce)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008e88052086800095d89301020301090212000100000000090401"], 0x0)
r8 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r8, 0x707, &(0x7f0000000400)={&(0x7f00000003c0)=[{0x9, 0x10, 0x0, 0x0}], 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000001c00128009000100626f6e64000000000c00027805000100020000007782a7e0eddace6c5b094fb11a14e6150e4fb55f97a1e487417a469a01e498439d41c6181461eae922c50d3ef210a0c8c684787d80864a99a2a9961d30f0c0611ccc955f8b814435c993daef2e5af0de0bed24aa405d34ddd13f6f4d8cee2fde6c3a174a525e01e52ec1"], 0x3c}}, 0x0)

9m55.454854328s ago: executing program 40 (id=596):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x8, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0cc5640, &(0x7f00000000c0)={0x2, @sdr={0x32314d54, 0x4010002}})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x30481)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$vcsa(0xffffff9c, &(0x7f00000005c0), 0x101000, 0x0)
accept4$alg(r6, 0x0, 0x0, 0x800)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000000240)=[0x0, 0x0], 0x0, 0x0, 0x32, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x1, 0xffff, 0xa, 0x1ff, 0x1})
syz_open_dev$loop(&(0x7f0000000000), 0x8, 0x2082)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x34004014}, 0x44080)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c00000010004b0429bd7000faffffff7a000000", @ANYRES32=0x0, @ANYBLOB="08b0010006820000400012800b0001006272696467650000300002800c002200000000040000000005002400010000000600080088a80000080005000100000005002b00050000000a000100aa"], 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0xfffffffffffffdce)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008e88052086800095d89301020301090212000100000000090401"], 0x0)
r8 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r8, 0x707, &(0x7f0000000400)={&(0x7f00000003c0)=[{0x9, 0x10, 0x0, 0x0}], 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000001c00128009000100626f6e64000000000c00027805000100020000007782a7e0eddace6c5b094fb11a14e6150e4fb55f97a1e487417a469a01e498439d41c6181461eae922c50d3ef210a0c8c684787d80864a99a2a9961d30f0c0611ccc955f8b814435c993daef2e5af0de0bed24aa405d34ddd13f6f4d8cee2fde6c3a174a525e01e52ec1"], 0x3c}}, 0x0)

7.22289781s ago: executing program 3 (id=3511):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="7000000010000100"/20, @ANYRES32=r1, @ANYBLOB="0000000000000000500012800e0001006970366772657461700000003c0002801400070020010000000000000000000000000000140006", @ANYRES32=r1], 0x70}}, 0x0)

6.888399993s ago: executing program 3 (id=3513):
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3ec0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000280)={0x11, @empty, 0x4c23, 0x0, 'wrr\x00', 0x7, 0x40000008, 0x4002b}, 0x2c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x20050800)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$PROG_LOAD(0x25, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SG_GET_COMMAND_Q(r3, 0x2270, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
socket$caif_seqpacket(0x25, 0x5, 0x5)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x18)
dup(0xffffffffffffffff)
getsockopt(0xffffffffffffffff, 0xcd, 0x6, &(0x7f0000000000)=""/241, &(0x7f0000000100)=0xf1)
socket$kcm(0x2, 0xa, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)

5.074356751s ago: executing program 3 (id=3529):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x1c)
r1 = syz_open_dev$vcsa(&(0x7f0000000180), 0x5, 0x0) (async)
r2 = eventfd(0xb58)
io_submit(0x0, 0x2, &(0x7f0000000300)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x8, 0xfff, r0, &(0x7f00000000c0)="f5e2447e521727ca15ba937b5665ba9b0a5023a02b18975455e4fdce1c94d4badee32ce9a40c37e887d83439714c678affcb60c00e7fce92eb89b633d96293ee04506ce3b9ba75216073ac602104d1afa8cb16d98cc5399154a24fdbfb871233c97e1e513a5582d3d08a4c1ecbb71d09d7220408c5e20bbafdb32898c97d3bc75b5b5ad38e269ec2d473ea517bee8dad372bb0172d1288e51fd205e342b37dd3afa20a0e05d891511a635a2f95993a9d71aac15de3c74b16b91c", 0xba, 0xfffffffffffffffa, 0x0, 0x1, r1}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2, 0x4, 0xffffffffffffffff, &(0x7f0000000200)="050021f75862d351cc1d55ddbd59be01ff05e48cbc4222ac4d11013cf53f349f6e1eb91337323758d00a0ef8b49261e597767dccc6cbf244666b550a1d0de55d82f2633af0e3748dbd877a5a70bddc9ca23ffd43d1f0fecef74e98d260ba89a1ddd075ad1cfc263290954f8bf985f0a7bf0401d7c2d87323bedabd505e9b3faf7c4ca5995310193b4bc470592eadd5441ebb909a61b89e09456fed8bd8e6efdb69dde4823503fbf1c0f5c40dc8af72e9b96d1969892360", 0xb7, 0x8000, 0x0, 0x1, r2}])
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r2, 0x40047211, &(0x7f0000000340)=0x4) (async)
r3 = openat$kvm(0xffffff9c, &(0x7f0000000380), 0x3dca428151c66e45, 0x0) (async, rerun: 32)
fstat(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 32)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x12, &(0x7f0000000440), &(0x7f0000000480)=0x4) (async)
r5 = dup3(r3, r3, 0x0)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f00000004c0)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x5}) (async)
getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000500), &(0x7f0000000540)=0x4)
ioctl$MON_IOCX_MFETCH(r1, 0xc00c9207, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}) (async)
io_uring_enter(r5, 0x56e1, 0x7c5, 0x1b, &(0x7f0000000600)={[0x6, 0x5c]}, 0x8)
fanotify_mark(r5, 0x80, 0x10, r5, &(0x7f0000000640)='./file0\x00') (async, rerun: 64)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r5, 0xc1205531, &(0x7f0000000680)={0x10, 0x7ff, 0x4e3, 0xffffffff, '\x00', '\x00', '\x00', 0x2, 0x6, 0x80000001, 0x7f, "34828f748fcb5e11e3ee3f4b7f65e49a"}) (rerun: 64)
ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f00000007c0)={0xfffffff7, 0x6, 0x100, 0x10001, 0x8, 0x7})
bind$vsock_stream(r5, &(0x7f0000000800)={0x28, 0x0, 0x0, @local}, 0x10) (async)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r6=>r3, {0x2}}, './file0\x00'})
ioctl$UI_DEV_CREATE(r6, 0x5501) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000940)={r1, 0x0, 0x25, 0x9, @val=@uprobe_multi={&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)=[0xfffffffffffffffe, 0x1ff], &(0x7f0000000900)=[0x2, 0x1, 0x1, 0x4], 0x50, 0x2, 0x1, 0xffffffffffffffff}}, 0x3c)
pwrite64(r5, &(0x7f0000000980)="43dba6693c8bce3439e2b189a642ca6d6541e91705238b35a90840327fcdd933f46f80a152a6c5a9a8eaf55ae465f29268a6a6ef9a7dda2fa407c51df02d2ed5a381d07a18326e404e78c1533b788c12a5fed51e26fe6e23e668e089cde35bcb90151fb0d18c50c33f23628cbfb26bea2091f1b2c687447c6742d6ea6d3d11de788a52997ff1399c7ab639db2571cbed13ad", 0x92, 0x8) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, &(0x7f0000000a40)) (async)
preadv(r1, &(0x7f0000000b00)=[{&(0x7f0000000a80)=""/60, 0x3c}, {&(0x7f0000000ac0)=""/54, 0x36}], 0x2, 0x1, 0x20c) (async)
fcntl$notify(r7, 0x402, 0x1b) (async)
r8 = openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000b40), 0x2, 0x0)
quotactl_fd$Q_SETINFO(r8, 0xffffffff80000600, r4, &(0x7f0000000b80)={0x2, 0x10000, 0x0, 0x2}) (async, rerun: 64)
openat$ttyS3(0xffffff9c, &(0x7f0000000bc0), 0x0, 0x0) (async, rerun: 64)
ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000c00)={0x0, 0x46, "a28c28f98da945fbd9cd1640d0324d0a1026d77a083596762796bd79ede0fc6bd46685dd95cd80cbd85847fa415f4c798991b479bbe33a5da2beab8e807b2a0207f7764e38ac"})
lseek(r2, 0x2, 0x2)

4.970712776s ago: executing program 4 (id=3530):
unshare(0xc000600)
memfd_create(&(0x7f0000001000)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00uKs\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x141<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r<Y\xa1\xdeP\b\xf1kM\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\x06]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x05\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\xb7>j0S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ\x00'/1136, 0x0)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x74, 0x0, &(0x7f0000000480)=[@exit_looper, @free_buffer, @increfs_done, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000400)={@ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/158, 0x9e, 0x0, 0x2c}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/14, 0xe, 0x0, 0x39}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}}, @increfs, @exit_looper], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000540)={0x2, @win={{0x2, 0x1, 0x80000000, 0xcb81}, 0x1, 0x9, &(0x7f00000007c0)={{0x4, 0xf, 0xbaf, 0x8000}}, 0x7f, 0x0, 0x6}})

4.909087754s ago: executing program 0 (id=3532):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f0000000300)="00f0e105e23d6dd5", 0x8, 0x2002c144, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @local, 0xd}, 0x1c)

4.76699421s ago: executing program 3 (id=3534):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}]}, 0x8)
socket$inet6(0xa, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r3, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
sendmmsg$inet(r1, &(0x7f0000000080)=[{{&(0x7f0000000040)={0x2, 0x4e25, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r3, @empty, @empty}}}], 0x18, 0x3f}}], 0x1, 0x1040)

4.750292351s ago: executing program 0 (id=3535):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="016f080001002700000027000000460000290000001292da7c6fa7356d5aaee221ac0a000086", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0000009078002809c400050200000000000007000002d58838000391000000"], 0xfd6c)
syz_emit_ethernet(0xa7, &(0x7f0000000300)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @val={@val={0x88a8, 0x7, 0x1, 0x2}, {0x8100, 0x5, 0x1, 0x1}}, {@ipv4={0x800, @tipc={{0x18, 0x4, 0x3, 0x28, 0x91, 0x67, 0x0, 0xc, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, {[@timestamp_prespec={0x44, 0x4c, 0x42, 0x3, 0x7, [{@empty, 0x7}, {@empty}, {@private=0xa010101, 0x6}, {@loopback, 0x40}, {@dev={0xac, 0x14, 0x14, 0x26}, 0xf}, {@rand_addr=0x64010100, 0x80000000}, {@multicast2, 0x5}, {@empty, 0x10}, {@private=0xa010102}]}]}}, @payload_mcast={{{{{{0x31, 0x0, 0x0, 0x0, 0x1, 0xb, 0x1, 0x2, 0x5, 0x0, 0x0, 0x1, 0x3, 0x1, 0x8, 0x6, 0x4, 0x4e21, 0x4e20}, 0x0, 0x4}}}}, [0x0, 0x0, 0x0, 0x0, 0x0]}}}}}, 0x0)

4.458397505s ago: executing program 3 (id=3537):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x40, 0x1, 0x5}, 0x18, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10d4, &(0x7f0000000080)={0x0, 0x1b8e, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r7 = dup(r6)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0)
r9 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r8, 0x4004af07, &(0x7f0000000240)=r9)
ioctl$VHOST_SET_VRING_KICK(r8, 0x4008af20, &(0x7f0000000040)={0x1, r9})
ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r8, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f}, 0x94)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x20, 0x6000})
io_uring_enter(r3, 0x47bc, 0x273c, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$FS_IOC_GETFLAGS(r0, 0x80046601, &(0x7f0000000080))
unshare(0x62040200)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0)

4.33430275s ago: executing program 0 (id=3539):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'pim6reg\x00', <r2=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000002940)={'ip6_vti0\x00', &(0x7f00000028c0)={'syztnl1\x00', r2, 0x29, 0x80, 0x7, 0xca, 0xa0, @empty, @empty, 0x8000, 0x20, 0x6}})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009210000000122020009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00140d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
r4 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x100)
ioctl$FE_READ_BER(r4, 0x80046f46, &(0x7f0000000040))
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x4048800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

4.178999113s ago: executing program 7 (id=3540):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040), 0x18200, 0x0)
ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
r2 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000100)="61a42be557f52947d732c3a95f2dc2438f203f17be50d4006e04e2cef0bad59d091a96d373e094dbc3654b29fe97a39461c69834395de5e795bb7a2c941cf199f89ac52e22e7d3af9fd147583364c3a7d8186e850d2ece955f56373d708c02d5cde22752b2dc1b12fdf1cf", 0x6b)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f00000004c0)=@ieee802154={0x24, @short={0x2, 0x0, 0x1555d}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000000180)="27031c00160014000200", 0xa}, {&(0x7f0000000280)="7d3ed2ea1f2f23edbb324820e73b5f4b1100201a03df64a4853ed1b3", 0x1c}], 0x2}, 0x24000008)

4.081784155s ago: executing program 7 (id=3541):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f00000002c0)={0x6, "ffffffffffff"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

3.864362132s ago: executing program 5 (id=3543):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000280)={0x1, 0x0, [{0x584, 0x0, 0x1}]})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000003000010000000000000000000300000a28000000000a030000000000000000000300000308000240000000040900010073797a300000000028000000000a010400000000000000000300000a0900010073797a30000000000800024000000006140000001000010000000000000000000100000aec3d3426aabe2f00446c97bec914e6cd105133d50bc25028ffc359b0098ff2f5f0a9ef0baf736151ee587c6bf99f7962b417a26f"], 0x78}, 0x1, 0x0, 0x0, 0x24040010}, 0x20000080)

3.532225006s ago: executing program 5 (id=3544):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x2311}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000001040)={'tunl0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x700, 0x10, 0x1000000, 0x7ffffffb, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x2, 0x4, 0x0, @empty, @multicast2}}}})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
readv(r6, &(0x7f0000000180)=[{&(0x7f0000000540)=""/4114, 0x1012}], 0x1)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6)
r8 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x82044d0d, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
read$dsp(r8, &(0x7f0000001580)=""/4091, 0xffb)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x0, 0x0, 0x31435641, 0x0, 0x1, [{}, {}, {0x0, 0xfffffff8}, {}, {}, {0x0, 0x10000000}, {0x1000, 0x4}, {0xfffffffe, 0xfffffffc}], 0xfd}})

3.390947059s ago: executing program 4 (id=3545):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0)
ppoll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x2311}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000001040)={'tunl0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x700, 0x10, 0x1000000, 0x7ffffffb, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x2, 0x4, 0x0, @empty, @multicast2}}}})
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
readv(r6, &(0x7f0000000180)=[{&(0x7f0000000540)=""/4114, 0x1012}], 0x1)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6)
r8 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x82044d0d, &(0x7f0000000040))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
read$dsp(r8, &(0x7f0000001580)=""/4091, 0xffb)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x0, 0x0, 0x31435641, 0x0, 0x1, [{}, {}, {0x0, 0xfffffff8}, {}, {}, {0x0, 0x10000000}, {0x1000, 0x4}, {0xfffffffe, 0xfffffffc}], 0xfd}})

2.154615618s ago: executing program 7 (id=3546):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000180))
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x60140, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
getsockname$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, &(0x7f0000000280)=0x1c)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000080)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x9, 0x7}]})
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000000c0)=0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20009085}, 0x40040c0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
listen(r0, 0x10040)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0xfff}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x2}]}, &(0x7f00000005c0)='GPL\x00', 0x8, 0xd1, &(0x7f0000000600)=""/209, 0x40f00}, 0x94)
syz_emit_ethernet(0x42, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x1}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010001, @loopback}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)

2.114030879s ago: executing program 7 (id=3547):
r0 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x64, 0x0, 0x0, 0x20066}]})
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000001c0)=0x8000000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0x72, &(0x7f00000002c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x8e4, 0x17f, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x60, 0x3, 0x1, 0x1, 0x40, 0x0, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x1, 0x4, 0xc, {0x7, 0x25, 0x1, 0x0, 0x0, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x2, 0x0, 0x7, {0x7, 0x25, 0x1, 0x8, 0x40, 0x7}}}}}}}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
r4 = getpid()
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010900000000000000000000000a4c00bcbfbdd9fd22b50000060a0b04000000000000000002000000200004801c0001800900016b3b66726d000000000c00028008000240000000010900010073797a30000000000900020073797a3200000000ff7f00000000000000000000000000000000000a"], 0x74}}, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r6=>0x0)
io_submit(r6, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x1f, 0x0, 0x0, r5, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
r7 = shmget$private(0x0, 0x800000, 0x54003f00, &(0x7f0000800000/0x800000)=nil)
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xbbdccba4532b703b)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
ptrace$PTRACE_GETSIGMASK(0x420a, r4, 0x8, &(0x7f0000000040))
landlock_create_ruleset(&(0x7f0000000000)={0x4100, 0x1, 0x1}, 0xfffffffffffffea5, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r8, 0x4020aeb2, &(0x7f0000000540)={0x0, 0x12c, @ioapic={0x54000, 0x3, 0x7, 0x1, 0x0, [{0x9, 0x4, 0xe, '\x00', 0x3}, {0x1a, 0xf, 0x31, '\x00', 0xbc}, {0x40, 0x5, 0x8, '\x00', 0xc}, {0x4, 0x5, 0x1f, '\x00', 0x9}, {0x0, 0x4, 0x7, '\x00', 0x3}, {0x0, 0x0, 0x9, '\x00', 0xf}, {0x8d, 0x7, 0x1, '\x00', 0x7}, {0x10, 0x4}, {0x9, 0x3, 0x7f, '\x00', 0x40}, {0x9, 0x8, 0x7f, '\x00', 0x7}, {0x3, 0x4, 0x0, '\x00', 0xba}, {0x7, 0xe, 0x5, '\x00', 0x80}, {0x8, 0x2, 0x43, '\x00', 0x3}, {0x0, 0x9, 0x8, '\x00', 0x3}, {0x7, 0x55, 0x1, '\x00', 0x8}, {0x7, 0xfe, 0xd, '\x00', 0x6}, {0x0, 0x4, 0x6, '\x00', 0x9}, {0x8, 0xff, 0x4, '\x00', 0x3}, {0xff, 0x6, 0x2, '\x00', 0x5}, {0x8, 0x9, 0x9, '\x00', 0x8}, {0x2, 0x8, 0x8, '\x00', 0x95}, {0x4, 0x8, 0xff, '\x00', 0x2}, {0x7, 0xc, 0x7, '\x00', 0x3}, {0x0, 0x6, 0x0, '\x00', 0x5}]}})
ptrace$PTRACE_GETSIGMASK(0x420a, r4, 0x8, &(0x7f0000000100))

1.98343314s ago: executing program 0 (id=3548):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x6, 0x0, 0x0, 0x7}]}, 0x8)
socket$inet6(0xa, 0x3, 0x6)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r3, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
sendmmsg$inet(r1, &(0x7f0000000080)=[{{&(0x7f0000000040)={0x2, 0x4e25, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r3, @empty, @empty}}}], 0x18, 0x3f}}], 0x1, 0x1040)

1.940465075s ago: executing program 0 (id=3549):
r0 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000300)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@ipv6_newnexthop={0x20, 0x68, 0x1, 0xa00, 0x25dfdbfd, {0x2}, [@NHA_OIF={0x8, 0x5, r1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4402}, 0x8880)

1.903911805s ago: executing program 0 (id=3550):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000880)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x26}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44}, 0x80) (async)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x20, 0x2, 0x3, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFQA_CFG_PARAMS={0x9, 0x2, {0x6, 0x1}}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x40084)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2842, 0x0) (async)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000340)={0x40, 0x16, 0x2, "28cb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r6, 0x0, &(0x7f0000000780)={0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="110117"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r7 = syz_io_uring_setup(0x233, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000080)=<r8=>0x0, &(0x7f0000000140)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x2}) (async)
io_uring_enter(r7, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
close_range(r0, 0xffffffffffffffff, 0x0)

1.806691237s ago: executing program 4 (id=3551):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="016f080001002700000027000000460000290000001292da7c6fa7356d5aaee221ac0a000086", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0000009078002809c400050200000000000007000002d58838000391000000"], 0xfd6c)

1.484791585s ago: executing program 4 (id=3553):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x38, 0x3, 0x8, 0x301, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_SENT2={0x8}, @CTA_TIMEOUT_TCP_CLOSE={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x38}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000002c0)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca946e64009400ff0325010ebc000000000000008004f0fffeffe809005300fff5dd0000000c0001000d0c10000000000000000000", 0x58}], 0x1)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001580)=ANY=[@ANYBLOB="600000000206030000000000b8791fa80000000014000780080012400000000005001500010000000500010006000000050005000200000005000400000000000900020073797a310000000012000300686173683a6e65742c706f7274"], 0x60}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ac1414aa0500070084000000060004404e2000000c0002800800014040ff"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r5, 0x0, 0x40000000, 0xffffffffffffffff)
r6 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x401)
ioctl$SG_IO(r6, 0x2285, &(0x7f00000004c0)={0x53, 0xffffffffffffffff, 0x6, 0x2, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000300)="159caeddb816", 0x0, 0x5, 0x10, 0x2, 0x0})
r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r8 = dup(r7)
sendmmsg$alg(r8, &(0x7f0000003300)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="08e2b58986cd3cb2ffc97bfd84aeb6dbd0e7915ec42c11dd53eefa40e777c0a1da3988a17d232c52d7285c91baabdc9e867b0f722f013126005ff02f7941d47ea0091c1edc408ffd0a648782c6b2954f6940d8cff0ffdbd89e3629b7d3299515cf2f2854ede795f29ee7cf6db1580eb4f58c5fa33db5b64dca5719490718bc00b4874ca5bd6922ad934a70af4daaeff30003da169a84912ed64a72131c65e6fcc7e38734377e1c4cd3560fd8b87bad4f02ad8b66fdc1cfc697ae5f135e4e46d41542f5f005722e54", 0xc8}, {&(0x7f0000002080)="9a29e8ed827edb295db772d1887cc4eed458c9e52c6a0c9bf68b2f9abc75542c360f2f36e7b75c97c2dc8a691e49ad60a4de5325be6473c49159cba5e6e274b7a2b598fb8f0f9def9d8b338fc9e1fdbfba9eac8ba7b94e17666bc975e4d0e3d0949813153ca308281a849ede9b234700ee5bf8a9a3bacd396b57095959a35ad51ed18e3eaf86b0979f22a4028586e0dd574c0f8100954f994ec289d7526c827a1aefa46d1988ec17573ed069c8a42254c9b0272efcfc437b571366cc86bbebe53e03952e7aca4aaec8fbdfb66ac4e25729304270243f88bff339b7bbcb050669616fae3a2b27eedd0a71cabb2ad7f1f86af00f058d84562e708c36bfa947fe1d1c1005a2d258b0c1dc008a957d17f6d6174c100df10794cbe1b9da5519e9913efd76b5bcb5d9b5c723ce285c952ddc9a3ae883abc6b1cefa24e4a97ca5a36d6d29f636ad26d4bc78d167630933599908a2605e13cf88efbabfb459d6bef02cdbe81dc22472a88cd0a73397d4241e28c9b1bd7655ac1054e069ef5748fc21572c3ecc44546c48917373f37d34fce4779b2a7ff55746913b3a1e6d5e56024f01de620602eb51e727ae5e7ad3662b4167c36192b0464753108e957a6b2240f100b40e748cc6b4780bb5aa59458dcce6ac1b5f80d714cf83e7688a088bddc1cf4c641edcc691da651858b0f2159059012ebe3c8b04c4095b5042caf206bc5911a75fa9c2ffc3fa19e4fa6c2642848a0161472435cc065659a4567f45233829c788a623c13c040df5e1aa65664b092b635ca45b625db2849861eaffa2eb742fec3db452b595d2ad743d34f7e6b36f13540281cb773c0bc369caad7e4396b8c56e4734328a4ee192abb24c713286e25382df0034b203ee8f7f44825bd6ce544a784b5fd8e1f45d0d09a817bdf4587591a981fc0a91f102b9df0d23cc3e986316709b1950c27b8566e481d9c552fd2838000ebc7c0f91aaa4a0fe8d1a27f0b7370e12fb5b75a7ece94f7b2b133359064688f1ee0f071e308182b2770db4b39f3027bbcaedeebe869a801b868b2f0b1063a1ada4b12d5dc62729fe661a3aca67fcdc7c49ade0f81d4cf573a7809b5ccf607c66710fd1f0fcc03d943c0dd2f2c93f76e7a04aba6447d1a0086c515ffc8dfd0b1fb1d76632614396b4d5e31d22160e32ccbd140a9c89da72766c5bc95e154c21e4a7a562ba225704a3adc02ea55cb711711f91d11a0e63732ba7ad08d914d0bc455f80429840e8267694064c879fcbe4c1dc77ea6fb8c84546675184336381261285485b8dbb0fdb03ccfb6770fe19ff16abf2403e18d77658de8b3048ccbdb0793e7aaed64b0e559e408e1f28bc1865dcf7d93f3304523070a5c1b1fc14d660d7c4b9d1cb54fd3e30e51a6a7b55289eb530ba535b8a7812f5256b8ae8af83a7c2e649e3460418d6ba39f3ea850d5f648010aab318afae4ed85de0eea0f5a9639fdddc5e263f705d840822ebbe9dc0613175e59c98a574ccf33f96525fbfafeb91472021cf34cbb8099375dc3cbd5d49703d8e9df80cc65cee65c8f8ae7b183df0084919cea6e42ab5405f6285b827f3818e69a426b53b3cfe0fd303b22f5e195896555ed7706808c9aaedd04103dc58626920bd46a535cad1dcfa5255b30327891c3fd49cf4512a2f450a3df8634fbedb653add2e3a304c10fbb2aed783521c81e2232e4c0281a223d62221e90e3b04e4abc9c88f68f6c0a20f7315017c3ef76510aadd2ec28397b3cb7c8f05468d21bfb0a5ae2fd85da555edd973e00dffa99bbfc1ac56156a8635c26404edff201fc112a9c468ace899b0808bf112be0d6e20fd1f3c5dbc4facdcf285d0a6d804bb5ffb53834a0f8fec88973c7bf20426b250407c04cc1a28264401f349f290e66bb67f35dea86ab4e63e94c281ed9f5f0aed216beb631f36c5c2099f9260aa5894879ee941371a9b57d236dcbb31e6348d6490605aa1e6f3d0780ce2c6ccf2a545b9a251b9a6a81170741a0ae95e3e0efb0a39cf531e8a3cea9fb5fa1c6964e5d0e59e27dc5e7767c7978a0f68534584346680c7f500863fd3fad029570b8e94c43b12b33d3daf75ad49d1dffb35b9ca806465ee6108788f6d55a85cfab5cd6100d4ddfb1a96f708cafe054faff3876da0a7070c32693eb3617150554a72f90d16548d0000c52e8bc364c0f2acd0abaf9a5e3bc1800f760287da3e9fb4ad2a23e966fa3d5240b0edbf529da381e57c38dc8019cd1ed8484ebfd2a301b7d11aa3dbe20b94d88e452d1d4caf8bdbf97538a952ff627be3c0406f20327e478e4c04df1a97d5839b116e0e22a3f840870a0ef87263fc0f81a8781f60f4229a59f24765024a2df90015b3e60f0f5f41857bde378cd9c420ed71601a03eaf746a6bc877f3998d7c760e4e62b4f67ada89881a1d5d82eb7f58242a11c08f6ec94207a3806c3d025edaa3cc23de2ced3dc866aa8ed5b90708baea5b73e5837a220fe12112de9842235073d42604a4ffbb1adb8f4ea1d13b2970ee72137100942481243454805e2e53a6d9a8bc35c24ff2ccdc4158ef877bc4c0247d0af9987e2dbba0bb09446270351e80636a5974d53a031ec2289fa11d86b15c447a18bce2da9c8729ef88c25c8fcf636eea3adac16e2c5d0c43e9aa4b7ebedf9cb62e0b0b379db1a95f9bcfbc4ca28cb5af1efac2391069cbb25dc39d33240eabe4b00a7749e188cc56ef3c5e7471f109500b79c70159f7fa597a67f4ef913283cf7e8035851d16ce794b6c2b86d8aa2589fafc56be4e505c775a0a4843ae796a9a935eef90e53f0152874c26fef101e9a7452e4b11e7a55089d96242ac6d49d0c3b49c494a0ce2caf6190ac491633bf152c596220015e0d0d1b67b8d840bf4328e215446c64159388d98844f0100f75aeb8c21f72968e9777acc9ccd7e5c0ac6d8694867b0bbb628951a0acb4f9fc78f41a8179821895858c14f934880cc978738b4ef348096e92ecf666f62b6e621d8e46a7db7e2030361245009858313baa975ff402f688dcd2e618cc9ba57c1979bc3023d35c84248ab4f3357d7cd4402b52352f8e61d0bc2986211f198c14e32eaa10e8a429591b50684588c1e3bf906dcf68a4b954422f425b88a23a57dd3e404688a773df52c70a153994183e9b2ecb1179d12e0dfa31e9e5e10d75281f4c55a5cb4c2d2e811862e9888b71d2f197883efa69757f0b11c1bb0ae7c31d2bdc87841c4aa9061a1bac633c3b55cd378894da181651a8c7bde68d47b33e803825a66f7749c3ed05e5b7696107403a7353b192b6afafb49310c69d3b7cefb9822183ea5054686202756350e4e11137639eb4b64c512399812aa6b275981b69904a0bd8bedb49a5f6c1627c0a0a198e3a5584559f50ea249163767f1827e5d3c5ccc66ef483f32ec44df260df9088e7a8c4ea2956b706af1790d41efa1a39ce64db77d0e982832f93bcdeb28133f885a2d82bcf36df164df1ccba49f46b50bddaf57e117d14ba9b1912f481f62d5a2545d70aa327385bedba6c5c03d13559e3666789bc0026f5bf1396ed0fc11be0a8680a0aa0a673c0cc470eded0dc4d73b8f2012d89f597da8a1e8bb659628a36bd3053197f6c1fa3fad886024119fff3c257d9e0338ade82368ecc845b2dec387967cfcf4fa46643d241f6fbe0dd2477304a92ed25e59b61cd2ee91863345fa7b68e202ebe3415e908302e25c5e0902b286a22b4e010ae7224f78f38c2192e715c29d472edee0348adbb894a3c054ffb299db0043d17bec280b228db2249e4ffcb9372394c037afffeea27d643018b4581e420b805aacf3a1f449c1ce8182fa34598dc4f031eddcb8c9d25a9d519775e66e8bf677177125e377e28dfff498dc382f8848dde057f0b4277ecf90c4d91d2d73fbf933ac7fa95e012442150384fb12e2392b9beec8e87c57b3c1d0f2edba8f58c97b51b894a9c1ae7987624599d31324860d1952dafeb1cba61e63ffb9de113fc719aa227e0fef5c2e29c3cd5313d8ef123ea5a05b8eb7c6778b16668a31457c5bd749b9bd295c5eaa3df836c4ef668c7d2d0e88e5a1a6cdef0a4234bf87cd29316a44b08dd1b0424dc916200355d63b1fffdccf7615739e1de1c7f7657aea982d043ea37b1f04d9372f2ac4446896e7c4e42bbecc672559079c6169f389e81ed175c89a16cdc01744d77bb2513c3a82098d70557cd68bb49ea4e92813499338fa3b50ddf6782c14e00a2b4df320599bc6c1506c16137ef9af4a7f7272e60894ebff38261f9aecf90694dd99dd5797a9b29e8e9f2cda9ad70e6631c6a721e16099b63a34070be1a825aef9e4226604acdb767ecfba0988ee6a1e16b8fa95b0b28c7714ea9e74a052faee2dc6c56c326ea0614c1da83cdb8621ee66e712e14a4f57ae0eb80fa78ff1254877382494c7d62d05d1a0e5c9edcd3c974bbd0df07e86af45cc68069e438f7954a07ad81b6ac26ac96116aabd8f48b271dab61f3f8b53c923287ab7a97e5066639496caed01579511fe8517a8331438e52d0d0bc76d3006a7327564d94a13ea9ddfb7546ef2ca21bd5919e8b750d2f9912574b503c2ecbd479e7b4c9f2604a82ac68c0f391c2070291a31027153d4a993da803da5ca249c0aa2dc584e1e9187617f0db27faf4fb870cf6fc61f898f766ad4e65e2575d9a532e92b92ceced498ccf7c4c0eb7b6f3599f81800bfd5b402c2f0915a08d480a3529defe59d716b6c5a12af8532c5490b6a577ceb42ac2f128bb306e3e2d02e57e41dbbb7063dffd846f1ebd225d3837af38cc7908c0f43c3063b64e2a3ed81418ece765ab7685744aedcd59011150483b8a89756c859f9aded446a48f95b21dc14ebdf269a09ad62764f3dc9f82e9d927ec374096f6ff5db8cca2ed810596d3edecbbbae6406ed52212be1ec6253ea6d153028270ba7392e3cd28f3f21882424767dd6eba9099eac1fb138da9b4ed2dc8a171490b03d33e670222c06f9c13924bedc8550175a8b03d4581ee8c49d9f08b7b97f337d97263de8db6297aa9e70b5811ad62d9626ce56e21d262288a77f57159866022e836d8981e51b0e541475aa8667fe903cd4c5be2e00f3c1b3a49b51f3beb3f3649720b5ebcc95959dc7a13833807707c84bb2c3e025806e7b9c82cce6833a9641dd3c661a1da90dc3866d49a53793d3823434e2bcea6dcaf740c8f7c04e887fd395c2756b57d77b50d3a17ba8a3371c071b44d7dba409c67b680b932822940bf2203b9bc96d522f1447763b9126c32b8950954e42c4fec39fe68673008fa1859c3133749dee29d25af8f330298d36b67a9b208dcea7baaa99f3f2fd958d18847ae1bc1086c5d06855ff07f5f504cebe1f00a3a78b16ed191851664b2333e43d832b837030d153e65604a4464b3d1e588d9171b40da03fc19a74b03e0e9b039d8e69206f8c66d239f56564c6f590d4f528232b88500df4442a7494aeb4c77a7ff4017e5998ae3ea98bd830a604c006f202061e8224f98f0544ed8021f7a356868147b22d98d673a5d45531c5a6121609552676096ddede848922bbf741bd4853a93636f7e35e4476af87e41b85a03425e14f022c881aed0a3099df0bc3158e89c8263dd09ad297ec9699cfefa0d3e9aa39f208728db54f87f2a7b279b868c74f2add139b89a7b792a11138053186ea58edf375d251738e4af76f8cbbd8c0e3ff0064390dc228e0b3f5cbc007d964a3b29e1854325fb49fd896e38186c9790e3e1e04dc2071a9eefd7275804516eee24834708db49c12cdc63a3061c976635429ffb6cfbe969cdf5159b", 0x1000}, {&(0x7f0000000240)="be586bc971d053010b5317d78d831eede0a2185326c199baa8c04ee1553a9537b4a1781ca7f1552b1a79703372ae0f86f740384892834076d879129a3b593014cddd0ecad5fae944acf08fc5d53ac575e0c14348cc2aff7fe88ed22a90ecd426f305d75286ef454f8d71", 0x6a}], 0x3, &(0x7f00000002c0)=[@iv={0x90, 0x117, 0x2, 0x7d, "a399398bd11f4fde91db07ad1e1d2128c3a2d46c57aea1df61b3103892956a672eb7a3b777668228026c3031e6ff167a14c3c49735fbfd075e772aee37a18f843ba06bdfeb068e13a28eedf2e98db256f1fdceb1a554c14b1dbff6c1bf15ef83a7d70a5e2d9a41d9fb1d3b4101d2f22bd8c94978eb3432ee5606d8ed3f"}, @op={0x10}], 0xa0, 0x4000000}, {0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)="d709b46ad29ceb510448e56513779454cbc3eb3c479f1ae433d8c05f12d977c80ce36f39cb83085d60394a287951d3f7baedc875f77aabd5def4624159ded07eb612c257ddc81260aec31a79d592b9e53f3a1ac407b5f45ddbf2b0b1cf8fe61b21aa1f823014c67b84af005e2dd07a74dad8209d9a04186a6c88d033770abc04be0eea7e13ba59edb9419e77822f5685203c9c5d2c0be9e87a882f479b11558baef0cb898f4cf61fd7fd5f15eab4c35da573314f99fe58faa47a33eca5e1226d7959e9887efe80d00dce0fc17332f78fda4ae4aed99a5014825d6e749c885f5dbe10fdc2417baa7eb4c21d2df39d66bd286d78", 0xf3}, {&(0x7f0000000480)="f64a24edcd69d031e901c0e2a17af115261ff5a468f2100fc884bf9495c2aac3a32fe2e16b747052d45155495a357871809f2859d4095c9b47b0e0787a001cad6456206854e91750792bfb0b5bb79a7ac1b3b028b58f1dbd81d79a4e79f79a7dc47e5b982de86eea2ea378a9f87230d027c5b1ddfe03c9a71c6a3a0f8ac19b833a87153e58c1ad0e26b409128cc216b6ac09bf97a349a3ab7c6a1344062ab65c4ddd2d2f1a18891c6bafb6350a796cf7e0e3d2be341fd761e69051", 0xbb}], 0x2, &(0x7f0000000580)=[@assoc={0x10, 0x117, 0x4, 0xffffb401}, @iv={0x44, 0x117, 0x2, 0x31, "cc673726ec844740f408a4eb2795d00bf6fd83c109d09f1fec60eac9215014b1020e868346f2ffb562be2285d41af5c725"}], 0x54, 0x800}, {0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000600)="3c7ce5f1f2482c4b4494be698a91441e41e6d0002dae0847f7df02f85537158593915b69f7f02dfe2a6a3112e940d9f03140d69e1be10154f1449e9c1aa20c514449959899890fbe5bc1059008b40857e2ff821240046a5415e1aab058e14fb94b9486cfc8c741fd4060023ffa6663e640124ab55a9d713d10dd406f294da9485645", 0x82}, {&(0x7f00000033c0)="c16067d1138006e0a1d288833cc28b8bfd22d8fc27742a337dd69ce3f3c9bcfba148a8efab4302aaead1f9112f6154bcd5826f03afbd7c083a70a702a193539dd020b512bf62891f88526a013c3e56f1d010277faea72b54def674103d1bf689e1be63e2191fa671514d603a926c2e6c87e5a95a34da60c9e693aece015b18ca0e60f3af3e218129d805f21c3ad5e0956c7b18f126b72ce2e47bcd", 0x9b}], 0x2, &(0x7f00000007c0)=[@assoc={0x10, 0x117, 0x4, 0x2}, @op={0x10}, @assoc={0x10, 0x117, 0x4, 0x9}, @op={0x10, 0x117, 0x3, 0x1}], 0x40, 0x4}, {0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000800)="eb5553defe2f488eab5cc5871bc39e0040e0bd8656788e8dab0750ea558348f826a207e56d5c6524a92f6fed7711630f37b6b1a932b56d9334539543c0995eb193e9ddb4717a9aac25f050a2c8a96504aafb010316497f218cab02ebfd8922fefd753cb3b3b1f6baa94cc481f6ce3660b8471893ce3017dadae67a54e3442ae15626059ad48639abcc27b617c5324286dc1b68dc28e16221e5169231141481b8e94815887459ca2b2b123f98e5", 0xad}, {&(0x7f00000008c0)="8bf824b9fcd6edff84cf5da65bc6cd31734f012abc0480bb1b6bb1eeb8207ba61a7c3821f44fdbc583d1b3f5403d1908bf1c208a74200318bc8738d8e2fe8fa61007c0fa5ca893dc7aeb43d5aea347a620e1254e1382266fcec056f638f2002ba0fc5631a3878d6c12102f680a", 0x6d}, {&(0x7f0000000940)="f13229e9d29b0d4df636989509976a19f953500f2d643c671dff6784730ba2bf782ea7dea85d209ea51d946e33f2da354faecbdf0863bf38483f935cf40cf3fb9c438410c2710b85b294600b42e089a5103e7aa608c892a06a022d133a4262bd2f800e5a900e901919d44dde3a23567497b1c476d7e4637a1bf57560601b78e76777dd", 0x83}, {&(0x7f0000000a00)="f4e328c5b864b9985143447545376170813f555f8f1635c815f42a869a6c62eb8230012fb92ea06cf62e852f25839ac0b33e3823a62296bac10ef9b84d58d7070e3e4ea25906604179585eb1ed31b1f4cfab4410662e4df33caa9d9ae87e5e3fc2b283eb3c9136e835b3d48c690af86eb601cf98a7e9a406f35c446a0bb62453c6aeee3be9355b27921564879fa502c3c1c47ad81b1362a5d7d1ba074f0dd9e88e13faf09f8348d239852f6483067f4311ea2c7517d109659fc58aa28dc90e50f26a950dc7af20930c33dc5ac9da8951ffb78c027fb68e8bd8af471824e8026ded3bcfdaefa4259e529a73e02a4110fda1c56daf170e7799d4e9", 0xfa}, {&(0x7f0000000b00)="35f17190886b6b983e09c61f22e2697bf313c31b818f2ab1b6eedc964eb88028f8e9572b2a8b1ae086e46b29cd3b421a689c7ac65c167b839c72ca4e4c548ac9f90ad36b7f66ef3b6b55d8419d2a629475393a29f355e0d46d", 0x59}, {&(0x7f0000000b80)="4b4f7860c7a3c154e4554b3e4782e19198580319a803d6b7250f792ad16c81865f0920ad0dd97c8cff060018497fa230297274305232841114c606dc7e4cb2b1fd12f14ce8d87a02abb66cc508ff3ec64d278f78596654b29689a5b2dfab836c50c30a9040c1e0d330519bbd047bc576d2076017fe6506449c76969ff5ed2597884df9a4d1039827514c3fd50b3b365e62b0c85dcac81abed29e309c46e2011d4a0051ce239729536e", 0xa9}, {&(0x7f0000000c40)="d9c7fec88c4afcc1bc6666793e651e49ce15ef36f4967781a78d332731c17bf7952cb92e1bc94629584d4a9dab762d93df306359bec0c93fe6fe1801a1de6d4d8675db4f9c87cebfa915072bd86f2e1d51b90d448d056c243ed8e5ac9ad20cbc765a4e9ade14646c8a4e3d2db7d0d87b3f763b1032054e329fd8285951e5c2b762f513a41c1acb2fa6c526d56407143e66ecd8a9906aeccc8f031fb6c30995b1218eb3e0fef14e9ce982", 0xaa}, {&(0x7f0000000d00)="ea781f48f43bcffc355c434de6d05fab0440a78278526c1057b767d4aacc97f884174aac3f64fad1f99a767b8505ab465f375b19ce0839f92e25cb5fd952a6013adb52cffbdabaa735e94d8c2f4c213e15b01bc9bcfad326b0a01759c624f362bf", 0x61}, {&(0x7f0000000d80)="e78faee91f572f9e162f41038f64d6d6d095a6c57f6f27c9bfb11b2a9eafb7c76f1c5e54ba1be09c39788bada918f2008f4772d15894b29e5a634ef2136ff6", 0x3f}], 0x9, &(0x7f0000000e40)=ANY=[@ANYBLOB="100000001701000003000000000000001000000017010000040000000500000010000000170100000400000037090000100000001701000003000000000000001000000017010000030000000100000010000000170100000400000001000000640000001701000002000000540000009a862aa222632551421d51317efaf55b6859095a9c0f9e30089347c146c47265506c033d81413f29906fa538fe3076511640abd6a64fac28bfa12986d428004f67eb483ff66e242e121404feb1763104c4405137"], 0xc4, 0x4000001}, {0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000f40)="ff9719714c3cb5a7cb7f064beb7a0da3dadbfe5c6dffe3520ec127e137ae43b4e1e2e2abe4c890c64c284a973140e0d83a995544fd7d9096045d61b54a365595a45bccb79a2f5ac3fb671df3be24402a61e703676973baf2fece7f0e1c17e6a9b7f84a2ade455fd502ac92722326b84ac7aed2e8a3bd48beb7ba9a6455246356088cce605de559c59db2605aaaec44480fe732a010e9936200bf579dc573967ff26a141df8c47664", 0xa8}, {&(0x7f0000003080)="994c3c3a989f2b4300d173d7b8f9a0cd05c8b5047d6134330c3dbc82c2a18c4f4c3096a32852afd7534dfca0ebbd3f161395e3db657ed88d7627286835dd3ab8d97632eede6f7defdc31db910727a81bcc4160aa8a66269bd4b237044ea2f801f85a12b9f0c8b55a2207fe5d445aac7df79a88648f65d43ce8d48c48d78edebe5c3e7bfc2985408de7eb8b4a0818b839a14e98158ba5d192da5c472acffbff2f5a4fc0b2db9a4fa12ceff54828cc35614c188984197c08e8", 0xb8}, {&(0x7f0000003140)="43b5ccb976b4f76aa415f5d93660daf90e1cd0d5d342133a807e6eba109174bffd2f4d65a3babc85c27a864a8f5ec533bb2a5a4378e0c9d1b504fa2a11d04fc8b1037f5f1311b9a610d0f87d18be35ebc505ac68e6102dfeda95fcee1e5670c82cc9c613f930acb857170e5c73cf98ed6aff2d65bfb9e8eb73632a3045c9518343302792be6151c78ba9ce24a3bf0d5bba232fb6bdb52d11b9188092e1152d74f9e239a5a21127a9bab4e403353a05bacb4b0fe8bc735eaa7fbd2e49", 0xbc}, {&(0x7f0000003200)="976e027c59ddf349b1c80f660b23e911942e725d6206bfab43c21fc77bafb116fd9f4e07ca2e6aa512d867c2726f8a77be117940896c75843d69b272b4c1ee68a59d14a7d3804cc7252d5ef5", 0x4c}, {&(0x7f0000003280)="3d260e5177f49aae633a1f86f7d8841b296abf5a451a6c0483f313ba18c4ff0e0e0456018cae1bedf1111a67d55202298d1ff7b791783636040afb17ebfe927b4409bbb0d2fe6d30299f50c8c842a7f60394c1c7b23f", 0x56}], 0x5, 0x0, 0x0, 0x20000000}], 0x5, 0x20004800)
write$UHID_INPUT(r8, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000100)={0x1c, 0x0, &(0x7f0000000000)=[@dead_binder_done, @clear_death={0x400c630f, 0x2}], 0x8d, 0x0, &(0x7f0000000040)="5e6b6b71d5fb61da6a0d096b230e88ae1490ab6806ea5780b4c7d19a3207c1b8a13378947a3f1cfe89ec301f817cadf584eb488904645c3c3be93956ea717ab47b91859671fcb3f5e2a13524a76c41f80b6891082c5680681be1a967cdae9c5603b7fc816cd2f9567b978aecb9486add619302e40dd4efd126fef1b092aab5d998c4f0ad4a9970fe20a16863d5"})

1.344650931s ago: executing program 5 (id=3554):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r0, &(0x7f0000000640)={@void, @void, @ipv6=@icmpv6={0x3, 0x6, "31fddf", 0x41d, 0x3a, 0x0, @mcast2, @remote, {[@srh={0x32, 0x0, 0x4, 0x0, 0x1, 0x8, 0x3}, @hopopts={0x0, 0x1d, '\x00', [@enc_lim={0x4, 0x1, 0x1}, @pad1, @generic={0xa, 0xab, "1924619e74ad3bff2a7092cf5fb0dfbaaf4aed1527b01e8626dcaab4bfb3407937e0383e76d30edd480ce4cb4bcb8778f0c9b46c5efe0624486d871aeb28a8b7dcb5666f5c7d61dcc5a09f4b1726668727b8b36b0dae67b0e81f90f71162af20d5006863abfe2415f05e3261783b9de50d85daf5b199a97511295752d047b23b17d0735522e3b9381028da0e237f877c84c60824b72f1155300b14eb2794dc20a66761e4242a3c92232eeb"}, @calipso={0x7, 0x20, {0x0, 0x6, 0x0, 0x4e69, [0x9, 0x0, 0xfffffffffffffffb]}}, @padn, @hao={0xc9, 0x10, @mcast2}]}, @srh={0x84, 0x8, 0x4, 0x4, 0x9, 0x20, 0x6, [@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local]}, @dstopts={0x3c, 0x9, '\x00', [@generic={0x8d, 0x47, "cf51446c151f016c6828d7c3917969e455916a8e4c6346e2abf2c164015db69dd23457b075f2ef86af64ab46b50bbf1855493d81d244b5f6522a82699090d82cef4fb2dad87741"}]}], @ndisc_na={0x88, 0x0, 0x0, 0x1, '\x00', @private2={0xfc, 0x2, '\x00', 0x1}, [{0x2, 0x9, "6b42f6d09495b7b0cad87fa7672114dcb0485de91102719e7861ec64ee0f5c6c02ee8e9e4d7b1214679cc2af8f1bd9856a6ff80ff9886ee86c6615d8515f14444f8b6d69879212"}, {0x1f, 0x14, "bf5ea30b00891141873fed67d4e20ea5efb1deb62dc7af4a38ebf65ce947cab0485cc7a324046d7c535ee9b804ae1e7bff1e6b48b5f0829273251caeeb3a16ba00b4558baff16dfe2cf181be08ed8797ee8bb0387326d69867b612c84e6a37560f762647897d5ce639e6af5805202291eb08c63c65612ef3c44da5f9fd60cd0615ac715ca3d7d9ac30ced34dc37191c66f50f263790508e779f5baa23d81c0"}, {0x3, 0x13, "1d990de4ac37bd2f3367bfd19041eac8f02a9335b619cfafe4c691d40cb798342fad0ac48c003d2a853f9d7a370aaf73c096c783d3a2e1647296e219ea7b64f13a72a78bc2961fce255aed8f5d7bc579c93b050b2a28912687b83d1fddb1d69db21384563d538b51d33ea2f451c9315763d0f3ed790152693298ac7823088f2c1fb736f99d963d12f406e306919a487669b964ce7ee1"}, {0x3, 0xd, "4ed046212c32f07cea720ca0402eece51beb2a30927aa6c74b59dcb2c2b390bec803117860e160b2fffeba47e78b2d958be27649f722531f08cbcd7f6fbd91dc5ebd4e5b4cd52efa82daacae3f25e47693d788d5f06a21b8dead68838b186a3a91f2a4e4ef8a05c2311b4a"}, {0x1, 0xd, "670ca644f4998a9265678e4034988b3aa60b858e9d05536eb22091305b9c27d5e6c0727eb41d968fe78d4052c3df09ccac307833841181879d956ace39911c9083966e5bc54593203f7faa4696b88e317d3c103a9771f2fb34f072468e4d7ceb03fea4759f2d8486ffdd"}, {0x19, 0x1, "aed534863a167184"}]}}}}, 0x445)

1.238349122s ago: executing program 3 (id=3555):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
socket$tipc(0x1e, 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x800, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000100)={0xe, 0x2, 0x0, "4a5ae5f6f99826beb380dca56a62b5b97b35207cc27d00006200", 0x43353039})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x10a, 0x0, 0xfffffffffffffffc}]})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x28a, 0x0, 0x4}]})
syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYRESHEX=0x0], 0x0)

785.625762ms ago: executing program 5 (id=3556):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_TUN_ID={0xc, 0x14}, @FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4044040}, 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x8000, 0x104)
ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f00000000c0)={{r1}, {@val, @actul_num={@val, 0xf, 0x13}}})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
fcntl$setstatus(r2, 0x4, 0x42000)
setsockopt$inet_mtu(r2, 0x0, 0xa, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r3, 0x2)
sendfile(r2, r3, 0x0, 0x7ffff004)

393.933128ms ago: executing program 4 (id=3557):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x770, 0x0, 0xbabd}, 0x1c)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="016f080001002700000027000000460000290000001292da7c6fa7356d5aaee221ac0a000086", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0000009078002809c400050200000000000007000002d58838000391000000"], 0xfd6c)
syz_emit_ethernet(0xa7, &(0x7f0000000300)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @val={@val={0x88a8, 0x7, 0x1, 0x2}, {0x8100, 0x5, 0x1, 0x1}}, {@ipv4={0x800, @tipc={{0x18, 0x4, 0x3, 0x28, 0x91, 0x67, 0x0, 0xc, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, {[@timestamp_prespec={0x44, 0x4c, 0x42, 0x3, 0x7, [{@empty, 0x7}, {@empty}, {@private=0xa010101, 0x6}, {@loopback, 0x40}, {@dev={0xac, 0x14, 0x14, 0x26}, 0xf}, {@rand_addr=0x64010100, 0x80000000}, {@multicast2, 0x5}, {@empty, 0x10}, {@private=0xa010102}]}]}}, @payload_mcast={{{{{{0x31, 0x0, 0x0, 0x0, 0x1, 0xb, 0x1, 0x2, 0x5, 0x0, 0x0, 0x1, 0x3, 0x1, 0x8, 0x6, 0x4, 0x4e21, 0x4e20}, 0x0, 0x4}}}}, [0x0, 0x0, 0x0, 0x0, 0x0]}}}}}, 0x0)

190.551008ms ago: executing program 5 (id=3558):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x3c, r1, 0x1, 0x1fff, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x3c}}, 0x0)

164.881445ms ago: executing program 7 (id=3559):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="7000000010000100"/20, @ANYRES32=r1, @ANYBLOB="0000000000000000500012800e0001006970366772657461700000003c000280140007002001000000000000000000000000000014000600", @ANYRES32=r1], 0x70}}, 0x0)

53.883164ms ago: executing program 4 (id=3560):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000fedbdf253b00000008000300", @ANYRES32=0x0, @ANYBLOB="2a619e70517c909feac5fe"], 0x1c}}, 0x10)
r0 = socket$inet6(0xa, 0x3, 0x3)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0x0, 0x4e22, 0x6, 0xa, 0x20, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x6, 0x8, 0x800000000001}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3500, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffe}}, 0xe4)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffe0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000040)="a72d11a15c068c0a7d2eaebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1e9b2fff83ee5ed3212ebd9fa429f0140f633556", 0x1f8}], 0x1}, 0x240009bd)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$packet(0x11, 0x3, 0x300)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0xffffff4a, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x4000004, 0x4)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x2001)
ioctl$EVIOCGMASK(r3, 0x80104592, &(0x7f00000000c0)={0x17, 0x6, &(0x7f0000000040)="9237b912e268"})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000180)="0b036c00e0ff64000200475400f6a13bb10000000800894f4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0xfd1d)

7.984427ms ago: executing program 5 (id=3561):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000440)=[{0x8, 0x0, [0x1000000, 0x5, 0x4, 0x9, 0x3, 0x8, 0xa, 0x80000000, 0x2, 0x2, 0x7bb, 0x7f, 0x11560, 0x7, 0xffffffff, 0x9]}], r2, 0x1, 0x1, 0x48}}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000300)={'team0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@ipv6_newnexthop={0x20, 0x68, 0x1, 0x0, 0x25dfdbfd, {0x2}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}, 0x1, 0x0, 0x0, 0x4402}, 0x8880)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x800, @local, 0x400}, 0x1c)

0s ago: executing program 7 (id=3562):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="016f080001002700000027000000460000290000001292da7c6fa7356d5aaee221ac0a000086", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba0000009078002809c400050200000000000007000002d58838000391000000"], 0xfd6c)

kernel console output (not intermixed with test programs):

T16199] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  669.406723][   T24] usb usb6-port1: attempt power cycle
[  669.832325][ T5913] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  669.940529][   T24] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[  669.971619][   T24] usb 6-1: device descriptor read/8, error -71
[  670.023791][ T5913] usb 5-1: Using ep0 maxpacket: 16
[  670.176479][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.230113][T16219] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  670.243384][   T24] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[  670.262754][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  670.278708][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  670.278726][   T30] audit: type=1326 audit(1773293605.884:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.311712][   T24] usb 6-1: device descriptor read/8, error -71
[  670.318971][ T5913] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  670.357622][ T5913] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  670.397995][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.419463][   T30] audit: type=1326 audit(1773293605.884:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71f5cab code=0x7ffc0000
[  670.421166][   T24] usb usb6-port1: unable to enumerate USB device
[  670.462885][ T5913] usb 5-1: config 0 descriptor??
[  670.522752][   T30] audit: type=1326 audit(1773293605.884:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.620556][   T30] audit: type=1326 audit(1773293605.884:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.674040][   T30] audit: type=1326 audit(1773293605.884:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.700667][   T30] audit: type=1326 audit(1773293605.884:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.868848][   T30] audit: type=1326 audit(1773293605.884:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.910525][   T30] audit: type=1326 audit(1773293605.884:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.932753][   T30] audit: type=1326 audit(1773293605.884:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  670.955969][   T30] audit: type=1326 audit(1773293605.884:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16214 comm="syz.3.3133" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  671.776157][T16203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.803163][T16203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  672.114480][ T5913] microsoft 0003:045E:07DA.0015: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  672.291099][ T5913] microsoft 0003:045E:07DA.0015: no inputs found
[  672.324127][ T5913] microsoft 0003:045E:07DA.0015: could not initialize ff, continuing anyway
[  672.359366][ T5913] usb 5-1: USB disconnect, device number 70
[  672.423427][T16242] FAULT_INJECTION: forcing a failure.
[  672.423427][T16242] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  672.438313][T16242] CPU: 1 UID: 0 PID: 16242 Comm: syz.3.3139 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  672.438345][T16242] Tainted: [L]=SOFTLOCKUP
[  672.438352][T16242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  672.438362][T16242] Call Trace:
[  672.438369][T16242]  <TASK>
[  672.438377][T16242]  dump_stack_lvl+0xe8/0x150
[  672.438406][T16242]  should_fail_ex+0x412/0x560
[  672.438435][T16242]  _copy_to_user+0x31/0xb0
[  672.438462][T16242]  simple_read_from_buffer+0xe1/0x170
[  672.438492][T16242]  proc_fail_nth_read+0x1bb/0x230
[  672.438520][T16242]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  672.438549][T16242]  ? rw_verify_area+0x2a6/0x4d0
[  672.438566][T16242]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  672.438601][T16242]  vfs_read+0x20c/0xa70
[  672.438619][T16242]  ? fdget_pos+0x246/0x320
[  672.438648][T16242]  ? __pfx___mutex_lock+0x10/0x10
[  672.438668][T16242]  ? __pfx_vfs_read+0x10/0x10
[  672.438688][T16242]  ? __fget_files+0x2a/0x420
[  672.438716][T16242]  ? __fget_files+0x3a0/0x420
[  672.438740][T16242]  ? __fget_files+0x2a/0x420
[  672.438771][T16242]  ksys_read+0x150/0x270
[  672.438793][T16242]  ? __pfx_ksys_read+0x10/0x10
[  672.438816][T16242]  ? asm_int80_emulation+0x1a/0x20
[  672.438839][T16242]  do_int80_emulation+0x173/0x4d0
[  672.438857][T16242]  ? trace_irq_disable+0x3b/0x150
[  672.438882][T16242]  ? asm_int80_emulation+0x1a/0x20
[  672.438899][T16242]  ? clear_bhb_loop+0x40/0x90
[  672.438917][T16242]  ? clear_bhb_loop+0x40/0x90
[  672.438938][T16242]  asm_int80_emulation+0x1a/0x20
[  672.438955][T16242] RIP: 0023:0xf71f5cab
[  672.438972][T16242] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  672.438989][T16242] RSP: 002b:00000000f548c4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  672.439008][T16242] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f548c5d0
[  672.439021][T16242] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  672.439032][T16242] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  672.439041][T16242] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  672.439053][T16242] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  672.439076][T16242]  </TASK>
[  672.439996][T16239] fido_id[16239]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  673.474213][T16253] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùà^!‚lIؘØZ[#wð^’yiü1Ü*ø$Váe
[  673.613388][T16258] FAULT_INJECTION: forcing a failure.
[  673.613388][T16258] name failslab, interval 1, probability 0, space 0, times 0
[  673.626086][T16258] CPU: 1 UID: 0 PID: 16258 Comm: syz.0.3144 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  673.626106][T16258] Tainted: [L]=SOFTLOCKUP
[  673.626110][T16258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  673.626117][T16258] Call Trace:
[  673.626122][T16258]  <TASK>
[  673.626128][T16258]  dump_stack_lvl+0xe8/0x150
[  673.626149][T16258]  should_fail_ex+0x412/0x560
[  673.626166][T16258]  should_failslab+0xa8/0x100
[  673.626180][T16258]  ? dst_alloc+0x105/0x170
[  673.626193][T16258]  kmem_cache_alloc_noprof+0x87/0x650
[  673.626208][T16258]  dst_alloc+0x105/0x170
[  673.626220][T16258]  ip_route_input_rcu+0x23e5/0x3130
[  673.626246][T16258]  ? __pfx_ip_route_input_rcu+0x10/0x10
[  673.626262][T16258]  ? inet_ehashfn+0x8d/0x220
[  673.626278][T16258]  ? ipt_do_table+0x2b2/0x1630
[  673.626383][T16258]  ? lock_acquire+0xf0/0x2e0
[  673.626400][T16258]  ? ip_route_input_noref+0xad/0x270
[  673.626415][T16258]  ip_route_input_noref+0x17c/0x270
[  673.626431][T16258]  ? __pfx_ip_route_input_noref+0x10/0x10
[  673.626448][T16258]  ? tcp_v4_early_demux+0x4b3/0x9a0
[  673.626461][T16258]  ? tcp_v4_early_demux+0x5c1/0x9a0
[  673.626476][T16258]  ip_rcv_finish_core+0x5af/0x1c00
[  673.626494][T16258]  ip_rcv_finish+0x14c/0x2a0
[  673.626507][T16258]  NF_HOOK+0x336/0x3c0
[  673.626519][T16258]  ? __pfx_ip_rcv_finish+0x10/0x10
[  673.626530][T16258]  ? NF_HOOK+0x9e/0x3c0
[  673.626541][T16258]  ? __pfx_NF_HOOK+0x10/0x10
[  673.626553][T16258]  ? __pfx_ip_rcv_finish+0x10/0x10
[  673.626568][T16258]  ? netif_receive_skb+0x102/0xc50
[  673.626580][T16258]  ? __pfx_ip_rcv+0x10/0x10
[  673.626591][T16258]  netif_receive_skb+0x45b/0xc50
[  673.626606][T16258]  ? __pfx_netif_receive_skb+0x10/0x10
[  673.626616][T16258]  ? __lock_acquire+0x6b5/0x2cf0
[  673.626630][T16258]  ? tun_rx_batched+0x185/0x790
[  673.626647][T16258]  tun_rx_batched+0x1de/0x790
[  673.626660][T16258]  ? __build_skb+0x62/0x440
[  673.626676][T16258]  ? __pfx_tun_rx_batched+0x10/0x10
[  673.626695][T16258]  ? tun_get_user+0x2354/0x3dd0
[  673.626709][T16258]  ? __local_bh_enable_ip+0xd0/0x130
[  673.626724][T16258]  ? tun_get_user+0x2669/0x3dd0
[  673.626737][T16258]  tun_get_user+0x2a78/0x3dd0
[  673.626759][T16258]  ? aa_file_perm+0x50e/0x15e0
[  673.626773][T16258]  ? __pfx_tun_get_user+0x10/0x10
[  673.626786][T16258]  ? aa_file_perm+0x192/0x15e0
[  673.626808][T16258]  ? ref_tracker_alloc+0x35c/0x4c0
[  673.626823][T16258]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  673.626838][T16258]  ? tun_get+0x1c/0x2f0
[  673.626854][T16258]  ? tun_get+0x1c/0x2f0
[  673.626867][T16258]  ? tun_get+0x1c/0x2f0
[  673.626882][T16258]  tun_chr_write_iter+0x113/0x200
[  673.626898][T16258]  vfs_write+0x61d/0xb90
[  673.626913][T16258]  ? __pfx_vfs_write+0x10/0x10
[  673.626928][T16258]  ? __fget_files+0x2a/0x420
[  673.626947][T16258]  ksys_write+0x150/0x270
[  673.626959][T16258]  ? __pfx_ksys_write+0x10/0x10
[  673.626971][T16258]  ? asm_int80_emulation+0x1a/0x20
[  673.626985][T16258]  do_int80_emulation+0x173/0x4d0
[  673.626997][T16258]  ? trace_irq_disable+0x3b/0x150
[  673.627017][T16258]  ? asm_int80_emulation+0x1a/0x20
[  673.627027][T16258]  ? clear_bhb_loop+0x40/0x90
[  673.627036][T16258]  ? clear_bhb_loop+0x40/0x90
[  673.627048][T16258]  asm_int80_emulation+0x1a/0x20
[  673.627058][T16258] RIP: 0023:0xf71e5cab
[  673.627069][T16258] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  673.627078][T16258] RSP: 002b:00000000f549d44c EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  673.627090][T16258] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000280
[  673.627098][T16258] RDX: 000000000000003a RSI: 0000000000000000 RDI: 0000000000000000
[  673.627103][T16258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  673.627109][T16258] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  673.627115][T16258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  673.627129][T16258]  </TASK>
[  674.585142][T16276] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3149'.
[  674.597726][T16276] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3149'.
[  674.612404][T16276] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3149'.
[  675.056671][T16293] FAULT_INJECTION: forcing a failure.
[  675.056671][T16293] name failslab, interval 1, probability 0, space 0, times 0
[  675.069870][T16293] CPU: 0 UID: 0 PID: 16293 Comm: syz.4.3156 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  675.069901][T16293] Tainted: [L]=SOFTLOCKUP
[  675.069909][T16293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  675.069920][T16293] Call Trace:
[  675.069928][T16293]  <TASK>
[  675.069937][T16293]  dump_stack_lvl+0xe8/0x150
[  675.069969][T16293]  should_fail_ex+0x412/0x560
[  675.069998][T16293]  should_failslab+0xa8/0x100
[  675.070020][T16293]  ? skb_clone+0x212/0x3a0
[  675.070039][T16293]  kmem_cache_alloc_noprof+0x87/0x650
[  675.070059][T16293]  ? __netlink_lookup+0xc6/0x8b0
[  675.070091][T16293]  skb_clone+0x212/0x3a0
[  675.070113][T16293]  __netlink_deliver_tap+0x404/0x850
[  675.070148][T16293]  ? netlink_deliver_tap+0x2e/0x1b0
[  675.070173][T16293]  netlink_deliver_tap+0x19c/0x1b0
[  675.070197][T16293]  netlink_unicast+0x7e3/0x9b0
[  675.070227][T16293]  ? __pfx_netlink_unicast+0x10/0x10
[  675.070250][T16293]  ? netlink_sendmsg+0x650/0xb40
[  675.070272][T16293]  ? skb_put+0x11b/0x210
[  675.070300][T16293]  netlink_sendmsg+0x813/0xb40
[  675.070331][T16293]  ? __pfx_netlink_sendmsg+0x10/0x10
[  675.070376][T16293]  ? aa_sock_msg_perm+0xf1/0x1b0
[  675.070398][T16293]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  675.070420][T16293]  ____sys_sendmsg+0x972/0x9f0
[  675.070445][T16293]  ? __pfx_____sys_sendmsg+0x10/0x10
[  675.070465][T16293]  ? kstrtoull+0x12f/0x1d0
[  675.070493][T16293]  ___sys_sendmsg+0x2a5/0x360
[  675.070516][T16293]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.070535][T16293]  ? get_pid_task+0x20/0x1f0
[  675.070552][T16293]  ? get_pid_task+0x20/0x1f0
[  675.070567][T16293]  ? get_pid_task+0x20/0x1f0
[  675.070607][T16293]  ? __fget_files+0x2a/0x420
[  675.070632][T16293]  ? __fget_files+0x3a0/0x420
[  675.070664][T16293]  __sys_sendmsg+0x183/0x260
[  675.070684][T16293]  ? __pfx___sys_sendmsg+0x10/0x10
[  675.070719][T16293]  __do_fast_syscall_32+0x20d/0x640
[  675.070741][T16293]  ? do_fast_syscall_32+0x33/0x70
[  675.070758][T16293]  ? asm_int80_emulation+0x1a/0x20
[  675.070776][T16293]  ? do_int80_emulation+0x274/0x4d0
[  675.070794][T16293]  ? trace_irq_disable+0x3b/0x150
[  675.070824][T16293]  do_fast_syscall_32+0x33/0x70
[  675.070843][T16293]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  675.070860][T16293] RIP: 0023:0xf706ef6c
[  675.070874][T16293] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  675.070889][T16293] RSP: 002b:00000000f545d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  675.070909][T16293] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  675.070923][T16293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  675.070934][T16293] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  675.070945][T16293] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  675.070957][T16293] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  675.070984][T16293]  </TASK>
[  675.522407][T16296] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  675.553298][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  675.553315][   T30] audit: type=1326 audit(1773293611.154:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  675.781925][   T30] audit: type=1326 audit(1773293611.154:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71d5cab code=0x7ffc0000
[  675.857846][   T30] audit: type=1326 audit(1773293611.154:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  675.943253][   T30] audit: type=1326 audit(1773293611.154:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.104868][   T30] audit: type=1326 audit(1773293611.164:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.127848][   T30] audit: type=1326 audit(1773293611.164:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.241061][   T30] audit: type=1326 audit(1773293611.164:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.288344][   T30] audit: type=1326 audit(1773293611.164:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.327456][   T30] audit: type=1326 audit(1773293611.164:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.352669][   T30] audit: type=1326 audit(1773293611.164:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16290 comm="syz.7.3155" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  676.515901][T16316] netlink: 'syz.0.3164': attribute type 11 has an invalid length.
[  677.110520][   T29] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  677.433326][T16339] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  677.500965][   T29] usb 4-1: Using ep0 maxpacket: 8
[  677.606074][   T29] usb 4-1: config 6 has an invalid interface number: 2 but max is 0
[  677.667438][   T29] usb 4-1: config 6 has no interface number 0
[  677.690949][   T29] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  677.710053][   T29] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  677.731251][   T29] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  677.743888][   T29] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  678.125324][   T29] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  678.135046][   T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.143185][   T29] usb 4-1: Product: syz
[  678.147803][   T29] usb 4-1: Manufacturer: syz
[  678.152484][   T29] usb 4-1: SerialNumber: syz
[  678.190236][   T29] hso 4-1:6.2: Failed to find BULK IN ep
[  678.574375][T16359] FAULT_INJECTION: forcing a failure.
[  678.574375][T16359] name failslab, interval 1, probability 0, space 0, times 0
[  678.638023][T16359] CPU: 0 UID: 0 PID: 16359 Comm: syz.0.3178 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  678.638054][T16359] Tainted: [L]=SOFTLOCKUP
[  678.638060][T16359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  678.638071][T16359] Call Trace:
[  678.638079][T16359]  <TASK>
[  678.638087][T16359]  dump_stack_lvl+0xe8/0x150
[  678.638119][T16359]  should_fail_ex+0x412/0x560
[  678.638153][T16359]  should_failslab+0xa8/0x100
[  678.638178][T16359]  ? skb_clone+0x212/0x3a0
[  678.638200][T16359]  kmem_cache_alloc_noprof+0x87/0x650
[  678.638219][T16359]  ? __netlink_lookup+0xc6/0x8b0
[  678.638250][T16359]  skb_clone+0x212/0x3a0
[  678.638272][T16359]  __netlink_deliver_tap+0x404/0x850
[  678.638308][T16359]  ? netlink_deliver_tap+0x2e/0x1b0
[  678.638334][T16359]  netlink_deliver_tap+0x19c/0x1b0
[  678.638356][T16359]  netlink_unicast+0x7e3/0x9b0
[  678.638384][T16359]  ? __pfx_netlink_unicast+0x10/0x10
[  678.638405][T16359]  ? netlink_sendmsg+0x650/0xb40
[  678.638427][T16359]  ? skb_put+0x11b/0x210
[  678.638453][T16359]  netlink_sendmsg+0x813/0xb40
[  678.638483][T16359]  ? __pfx_netlink_sendmsg+0x10/0x10
[  678.638510][T16359]  ? aa_sock_msg_perm+0xf1/0x1b0
[  678.638535][T16359]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  678.638560][T16359]  ____sys_sendmsg+0x972/0x9f0
[  678.638586][T16359]  ? __pfx_____sys_sendmsg+0x10/0x10
[  678.638608][T16359]  ? kstrtoull+0x12f/0x1d0
[  678.638638][T16359]  ___sys_sendmsg+0x2a5/0x360
[  678.638662][T16359]  ? __pfx____sys_sendmsg+0x10/0x10
[  678.638682][T16359]  ? get_pid_task+0x20/0x1f0
[  678.638701][T16359]  ? get_pid_task+0x20/0x1f0
[  678.638715][T16359]  ? get_pid_task+0x20/0x1f0
[  678.638752][T16359]  ? __fget_files+0x2a/0x420
[  678.638775][T16359]  ? __fget_files+0x3a0/0x420
[  678.638805][T16359]  __sys_sendmsg+0x183/0x260
[  678.638823][T16359]  ? __pfx___sys_sendmsg+0x10/0x10
[  678.638858][T16359]  __do_fast_syscall_32+0x20d/0x640
[  678.638878][T16359]  ? do_fast_syscall_32+0x33/0x70
[  678.638893][T16359]  ? asm_int80_emulation+0x1a/0x20
[  678.638910][T16359]  ? do_int80_emulation+0x274/0x4d0
[  678.638930][T16359]  do_fast_syscall_32+0x33/0x70
[  678.638948][T16359]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  678.638967][T16359] RIP: 0023:0xf70aef6c
[  678.638983][T16359] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  678.638997][T16359] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  678.639025][T16359] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  678.639037][T16359] RDX: 0000000008000002 RSI: 0000000000000000 RDI: 0000000000000000
[  678.639048][T16359] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  678.639060][T16359] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  678.639071][T16359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  678.639094][T16359]  </TASK>
[  678.979952][T16359] vlan2: entered promiscuous mode
[  678.985101][T16359] macvlan0: entered promiscuous mode
[  679.177325][T16373] vlan2: entered promiscuous mode
[  679.326003][T16381] FAULT_INJECTION: forcing a failure.
[  679.326003][T16381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.382297][T16381] CPU: 1 UID: 0 PID: 16381 Comm: syz.0.3184 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  679.382328][T16381] Tainted: [L]=SOFTLOCKUP
[  679.382335][T16381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  679.382347][T16381] Call Trace:
[  679.382355][T16381]  <TASK>
[  679.382364][T16381]  dump_stack_lvl+0xe8/0x150
[  679.382395][T16381]  should_fail_ex+0x412/0x560
[  679.382422][T16381]  _copy_from_iter+0x1d3/0x1670
[  679.382451][T16381]  ? rcu_is_watching+0x15/0xb0
[  679.382481][T16381]  ? __pfx__copy_from_iter+0x10/0x10
[  679.382511][T16381]  ? netlink_sendmsg+0x650/0xb40
[  679.382533][T16381]  ? skb_put+0x11b/0x210
[  679.382561][T16381]  netlink_sendmsg+0x6c0/0xb40
[  679.382589][T16381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  679.382614][T16381]  ? aa_sock_msg_perm+0xf1/0x1b0
[  679.382638][T16381]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  679.382660][T16381]  ____sys_sendmsg+0x972/0x9f0
[  679.382686][T16381]  ? __pfx_____sys_sendmsg+0x10/0x10
[  679.382708][T16381]  ? kstrtoull+0x12f/0x1d0
[  679.382736][T16381]  ___sys_sendmsg+0x2a5/0x360
[  679.382759][T16381]  ? __pfx____sys_sendmsg+0x10/0x10
[  679.382779][T16381]  ? get_pid_task+0x20/0x1f0
[  679.382796][T16381]  ? get_pid_task+0x20/0x1f0
[  679.382811][T16381]  ? get_pid_task+0x20/0x1f0
[  679.382850][T16381]  ? __fget_files+0x2a/0x420
[  679.382875][T16381]  ? __fget_files+0x3a0/0x420
[  679.382908][T16381]  __sys_sendmsg+0x183/0x260
[  679.382928][T16381]  ? __pfx___sys_sendmsg+0x10/0x10
[  679.382965][T16381]  __do_fast_syscall_32+0x20d/0x640
[  679.382986][T16381]  ? do_fast_syscall_32+0x33/0x70
[  679.383003][T16381]  ? asm_int80_emulation+0x1a/0x20
[  679.383021][T16381]  ? do_int80_emulation+0x274/0x4d0
[  679.383038][T16381]  ? trace_irq_disable+0x3b/0x150
[  679.383068][T16381]  do_fast_syscall_32+0x33/0x70
[  679.383086][T16381]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  679.383116][T16381] RIP: 0023:0xf70aef6c
[  679.383133][T16381] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  679.383149][T16381] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  679.383183][T16381] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800004c0
[  679.383196][T16381] RDX: 0000000004000044 RSI: 0000000000000000 RDI: 0000000000000000
[  679.383204][T16381] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  679.383214][T16381] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  679.383224][T16381] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  679.383248][T16381]  </TASK>
[  679.739183][T16386] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3187'.
[  680.408236][  T797] usb 4-1: USB disconnect, device number 69
[  681.514363][T16436] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3202'.
[  681.726578][T16436] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3202'.
[  681.777612][T16443] netlink: 141 bytes leftover after parsing attributes in process `syz.0.3202'.
[  681.838431][T16436] PKCS8: Unsupported PKCS#8 version
[  682.669626][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3212'.
[  682.945639][T16469] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3213'.
[  683.877641][T16490] FAULT_INJECTION: forcing a failure.
[  683.877641][T16490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.899368][T16490] CPU: 1 UID: 0 PID: 16490 Comm: syz.0.3216 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  683.899397][T16490] Tainted: [L]=SOFTLOCKUP
[  683.899404][T16490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  683.899414][T16490] Call Trace:
[  683.899422][T16490]  <TASK>
[  683.899430][T16490]  dump_stack_lvl+0xe8/0x150
[  683.899458][T16490]  should_fail_ex+0x412/0x560
[  683.899484][T16490]  _copy_from_iter+0x1d3/0x1670
[  683.899509][T16490]  ? rcu_is_watching+0x15/0xb0
[  683.899546][T16490]  ? __pfx__copy_from_iter+0x10/0x10
[  683.899574][T16490]  ? netlink_sendmsg+0x650/0xb40
[  683.899594][T16490]  ? skb_put+0x11b/0x210
[  683.899619][T16490]  netlink_sendmsg+0x6c0/0xb40
[  683.899647][T16490]  ? __pfx_netlink_sendmsg+0x10/0x10
[  683.899670][T16490]  ? aa_sock_msg_perm+0xf1/0x1b0
[  683.899692][T16490]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  683.899712][T16490]  ____sys_sendmsg+0x972/0x9f0
[  683.899736][T16490]  ? __pfx_____sys_sendmsg+0x10/0x10
[  683.899755][T16490]  ? kstrtoull+0x12f/0x1d0
[  683.899781][T16490]  ___sys_sendmsg+0x2a5/0x360
[  683.899801][T16490]  ? __pfx____sys_sendmsg+0x10/0x10
[  683.899818][T16490]  ? get_pid_task+0x20/0x1f0
[  683.899833][T16490]  ? get_pid_task+0x20/0x1f0
[  683.899846][T16490]  ? get_pid_task+0x20/0x1f0
[  683.899882][T16490]  ? __fget_files+0x2a/0x420
[  683.899903][T16490]  ? __fget_files+0x3a0/0x420
[  683.899933][T16490]  __sys_sendmsg+0x183/0x260
[  683.899951][T16490]  ? __pfx___sys_sendmsg+0x10/0x10
[  683.899984][T16490]  __do_fast_syscall_32+0x20d/0x640
[  683.900003][T16490]  ? do_fast_syscall_32+0x33/0x70
[  683.900017][T16490]  ? asm_int80_emulation+0x1a/0x20
[  683.900032][T16490]  ? do_int80_emulation+0x274/0x4d0
[  683.900048][T16490]  ? trace_irq_disable+0x3b/0x150
[  683.900073][T16490]  do_fast_syscall_32+0x33/0x70
[  683.900089][T16490]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  683.900108][T16490] RIP: 0023:0xf70aef6c
[  683.900124][T16490] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  683.900139][T16490] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  683.900157][T16490] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  683.900168][T16490] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  683.900178][T16490] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  683.900187][T16490] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  683.900196][T16490] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  683.900220][T16490]  </TASK>
[  685.058391][T16513] lo: Caught tx_queue_len zero misconfig
[  685.522222][T16522] FAULT_INJECTION: forcing a failure.
[  685.522222][T16522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  685.556226][T16522] CPU: 0 UID: 0 PID: 16522 Comm: syz.4.3230 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  685.556258][T16522] Tainted: [L]=SOFTLOCKUP
[  685.556265][T16522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  685.556277][T16522] Call Trace:
[  685.556285][T16522]  <TASK>
[  685.556293][T16522]  dump_stack_lvl+0xe8/0x150
[  685.556325][T16522]  should_fail_ex+0x412/0x560
[  685.556353][T16522]  _copy_from_user+0x2d/0xb0
[  685.556381][T16522]  memdup_user+0x5e/0xd0
[  685.556406][T16522]  kvm_arch_vm_ioctl+0x86b/0x1a10
[  685.556435][T16522]  ? __lock_acquire+0x6b5/0x2cf0
[  685.556458][T16522]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[  685.556484][T16522]  ? kernel_text_address+0xa5/0xe0
[  685.556506][T16522]  ? __kernel_text_address+0xd/0x30
[  685.556525][T16522]  ? unwind_get_return_address+0x4d/0x90
[  685.556552][T16522]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  685.556576][T16522]  ? __lock_acquire+0x6b5/0x2cf0
[  685.556612][T16522]  ? __lock_acquire+0x6b5/0x2cf0
[  685.556637][T16522]  ? __lock_acquire+0x6b5/0x2cf0
[  685.556665][T16522]  ? __lock_acquire+0x6b5/0x2cf0
[  685.556686][T16522]  ? __lock_acquire+0x6b5/0x2cf0
[  685.556714][T16522]  ? unwind_next_frame+0xa5/0x23c0
[  685.556754][T16522]  ? is_bpf_text_address+0x26/0x2b0
[  685.556778][T16522]  ? is_bpf_text_address+0x292/0x2b0
[  685.556797][T16522]  ? is_bpf_text_address+0x26/0x2b0
[  685.556818][T16522]  ? kernel_text_address+0xa5/0xe0
[  685.556846][T16522]  ? __kernel_text_address+0xd/0x30
[  685.556865][T16522]  ? unwind_get_return_address+0x4d/0x90
[  685.556890][T16522]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  685.556909][T16522]  ? arch_stack_walk+0xfb/0x150
[  685.556942][T16522]  ? stack_trace_save+0xa9/0x100
[  685.556959][T16522]  ? __pfx_stack_trace_save+0x10/0x10
[  685.556973][T16522]  ? kasan_save_free_info+0x46/0x50
[  685.557002][T16522]  kvm_vm_ioctl+0x905/0xd50
[  685.557028][T16522]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  685.557048][T16522]  ? kasan_save_free_info+0x46/0x50
[  685.557070][T16522]  ? __kasan_slab_free+0x5c/0x80
[  685.557088][T16522]  ? kfree+0x1c1/0x630
[  685.557101][T16522]  ? tomoyo_path_number_perm+0x501/0x630
[  685.557121][T16522]  ? security_file_ioctl_compat+0xc3/0x2a0
[  685.557137][T16522]  ? __ia32_compat_sys_ioctl+0x139/0x950
[  685.557158][T16522]  ? __do_fast_syscall_32+0x20d/0x640
[  685.557175][T16522]  ? do_fast_syscall_32+0x33/0x70
[  685.557191][T16522]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.557224][T16522]  ? kvm_arch_vm_compat_ioctl+0x169/0x2b0
[  685.557249][T16522]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[  685.557293][T16522]  ? kasan_quarantine_put+0xbb/0x1f0
[  685.557320][T16522]  ? tomoyo_path_number_perm+0x219/0x630
[  685.557341][T16522]  ? tomoyo_path_number_perm+0x219/0x630
[  685.557364][T16522]  ? do_vfs_ioctl+0x1166/0x1530
[  685.557386][T16522]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  685.557431][T16522]  kvm_vm_compat_ioctl+0x2b4/0x3a0
[  685.557461][T16522]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  685.557488][T16522]  ? __fget_files+0x3a0/0x420
[  685.557512][T16522]  ? __fget_files+0x2a/0x420
[  685.557539][T16522]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  685.557567][T16522]  __ia32_compat_sys_ioctl+0x5ea/0x950
[  685.557591][T16522]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  685.557616][T16522]  ? __fget_files+0x3a0/0x420
[  685.557646][T16522]  ? fput+0xa0/0xd0
[  685.557670][T16522]  ? ksys_write+0x242/0x270
[  685.557698][T16522]  __do_fast_syscall_32+0x20d/0x640
[  685.557717][T16522]  ? do_fast_syscall_32+0x33/0x70
[  685.557732][T16522]  ? asm_int80_emulation+0x1a/0x20
[  685.557747][T16522]  ? do_int80_emulation+0x274/0x4d0
[  685.557763][T16522]  ? trace_irq_disable+0x3b/0x150
[  685.557789][T16522]  do_fast_syscall_32+0x33/0x70
[  685.557807][T16522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.557828][T16522] RIP: 0023:0xf706ef6c
[  685.557912][T16522] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  685.557927][T16522] RSP: 002b:00000000f545d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  685.557946][T16522] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000008208ae63
[  685.557958][T16522] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[  685.557969][T16522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  685.557980][T16522] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  685.557991][T16522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  685.558014][T16522]  </TASK>
[  685.737231][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  686.030589][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  686.312561][ T5902] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  686.394437][T16530] FAULT_INJECTION: forcing a failure.
[  686.394437][T16530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.415568][T16530] CPU: 1 UID: 0 PID: 16530 Comm: syz.7.3235 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  686.415599][T16530] Tainted: [L]=SOFTLOCKUP
[  686.415607][T16530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  686.415618][T16530] Call Trace:
[  686.415626][T16530]  <TASK>
[  686.415634][T16530]  dump_stack_lvl+0xe8/0x150
[  686.415666][T16530]  should_fail_ex+0x412/0x560
[  686.415694][T16530]  fpu__restore_sig+0x233/0x1250
[  686.415727][T16530]  ? __pfx_fpu__restore_sig+0x10/0x10
[  686.415773][T16530]  ia32_restore_sigcontext+0x42b/0x580
[  686.415799][T16530]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  686.415818][T16530]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  686.415853][T16530]  ? _raw_spin_unlock_irq+0x23/0x50
[  686.415883][T16530]  __ia32_compat_sys_sigreturn+0x23e/0x2a0
[  686.415906][T16530]  ? rcu_is_watching+0x15/0xb0
[  686.415939][T16530]  ? __pfx___ia32_compat_sys_sigreturn+0x10/0x10
[  686.415966][T16530]  ? asm_int80_emulation+0x1a/0x20
[  686.415989][T16530]  do_int80_emulation+0x173/0x4d0
[  686.416006][T16530]  ? trace_irq_disable+0x3b/0x150
[  686.416030][T16530]  ? asm_int80_emulation+0x1a/0x20
[  686.416046][T16530]  ? clear_bhb_loop+0x40/0x90
[  686.416063][T16530]  ? clear_bhb_loop+0x40/0x90
[  686.416085][T16530]  asm_int80_emulation+0x1a/0x20
[  686.416102][T16530] RIP: 0023:0xf709ef6c
[  686.416118][T16530] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  686.416132][T16530] RSP: 002b:00000000f548d50c EFLAGS: 00000206
[  686.416148][T16530] RAX: 00000000fffffffc RBX: 0000000000000040 RCX: 0000000080000100
[  686.416159][T16530] RDX: 0000000000000000 RSI: 0000000080000240 RDI: 0000000000000000
[  686.416170][T16530] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  686.416179][T16530] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  686.416189][T16530] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  686.416213][T16530]  </TASK>
[  686.674767][ T5902] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  686.684120][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.700685][ T5902] usb 1-1: Product: syz
[  686.704896][ T5902] usb 1-1: Manufacturer: syz
[  686.709502][ T5902] usb 1-1: SerialNumber: syz
[  686.745678][T16549] FAULT_INJECTION: forcing a failure.
[  686.745678][T16549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.770513][T16549] CPU: 1 UID: 0 PID: 16549 Comm: syz.4.3241 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  686.770541][T16549] Tainted: [L]=SOFTLOCKUP
[  686.770547][T16549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  686.770556][T16549] Call Trace:
[  686.770563][T16549]  <TASK>
[  686.770570][T16549]  dump_stack_lvl+0xe8/0x150
[  686.770600][T16549]  should_fail_ex+0x412/0x560
[  686.770626][T16549]  _copy_from_user+0x2d/0xb0
[  686.770653][T16549]  memdup_user+0x5e/0xd0
[  686.770678][T16549]  ucma_set_option+0x2cc/0xcc0
[  686.770709][T16549]  ? __pfx_ucma_set_option+0x10/0x10
[  686.770734][T16549]  ? __lock_acquire+0x6b5/0x2cf0
[  686.770758][T16549]  ? aa_file_perm+0x50e/0x15e0
[  686.770783][T16549]  ? aa_file_perm+0x192/0x15e0
[  686.770815][T16549]  ? kstrtoull+0x12f/0x1d0
[  686.770858][T16549]  ucma_write+0x24e/0x2f0
[  686.770881][T16549]  ? __pfx_ucma_write+0x10/0x10
[  686.770900][T16549]  ? security_file_permission+0x75/0x260
[  686.770920][T16549]  ? rw_verify_area+0x255/0x4d0
[  686.770938][T16549]  ? __pfx_ucma_write+0x10/0x10
[  686.770960][T16549]  vfs_write+0x29a/0xb90
[  686.770986][T16549]  ? __pfx_vfs_write+0x10/0x10
[  686.771006][T16549]  ? __fget_files+0x2a/0x420
[  686.771034][T16549]  ? __fget_files+0x2a/0x420
[  686.771058][T16549]  ? __fget_files+0x3a0/0x420
[  686.771081][T16549]  ? __fget_files+0x2a/0x420
[  686.771110][T16549]  ksys_write+0x150/0x270
[  686.771131][T16549]  ? __pfx_ksys_write+0x10/0x10
[  686.771156][T16549]  __do_fast_syscall_32+0x20d/0x640
[  686.771174][T16549]  ? do_fast_syscall_32+0x33/0x70
[  686.771191][T16549]  ? asm_int80_emulation+0x1a/0x20
[  686.771208][T16549]  ? do_int80_emulation+0x274/0x4d0
[  686.771225][T16549]  ? trace_irq_disable+0x3b/0x150
[  686.771262][T16549]  do_fast_syscall_32+0x33/0x70
[  686.771281][T16549]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  686.771302][T16549] RIP: 0023:0xf706ef6c
[  686.771319][T16549] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  686.771334][T16549] RSP: 002b:00000000f545d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  686.771353][T16549] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  686.771366][T16549] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  686.771377][T16549] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  686.771388][T16549] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  686.771399][T16549] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  686.771425][T16549]  </TASK>
[  686.777308][ T5902] usb 1-1: config 0 descriptor??
[  687.116321][T16559] FAULT_INJECTION: forcing a failure.
[  687.116321][T16559] name failslab, interval 1, probability 0, space 0, times 0
[  687.190540][T16559] CPU: 0 UID: 0 PID: 16559 Comm: syz.3.3244 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  687.190571][T16559] Tainted: [L]=SOFTLOCKUP
[  687.190578][T16559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  687.190588][T16559] Call Trace:
[  687.190596][T16559]  <TASK>
[  687.190606][T16559]  dump_stack_lvl+0xe8/0x150
[  687.190637][T16559]  should_fail_ex+0x412/0x560
[  687.190666][T16559]  should_failslab+0xa8/0x100
[  687.190691][T16559]  __kmalloc_noprof+0xe8/0x760
[  687.190713][T16559]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  687.190753][T16559]  tomoyo_realpath_from_path+0xe3/0x5d0
[  687.190788][T16559]  ? tomoyo_path_number_perm+0x219/0x630
[  687.190810][T16559]  tomoyo_path_number_perm+0x246/0x630
[  687.190835][T16559]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  687.190860][T16559]  ? __lock_acquire+0x6b5/0x2cf0
[  687.190914][T16559]  ? __fget_files+0x2a/0x420
[  687.190945][T16559]  ? __fget_files+0x3a0/0x420
[  687.190969][T16559]  ? __fget_files+0x2a/0x420
[  687.190998][T16559]  security_file_ioctl_compat+0xc3/0x2a0
[  687.191022][T16559]  __ia32_compat_sys_ioctl+0x139/0x950
[  687.191048][T16559]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  687.191074][T16559]  ? __fget_files+0x3a0/0x420
[  687.191105][T16559]  ? fput+0xa0/0xd0
[  687.191131][T16559]  ? ksys_write+0x242/0x270
[  687.191161][T16559]  __do_fast_syscall_32+0x20d/0x640
[  687.191184][T16559]  ? do_fast_syscall_32+0x33/0x70
[  687.191201][T16559]  ? asm_int80_emulation+0x1a/0x20
[  687.191218][T16559]  ? do_int80_emulation+0x274/0x4d0
[  687.191235][T16559]  ? trace_irq_disable+0x3b/0x150
[  687.191264][T16559]  do_fast_syscall_32+0x33/0x70
[  687.191282][T16559]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  687.191304][T16559] RIP: 0023:0xf70bef6c
[  687.191321][T16559] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  687.191336][T16559] RSP: 002b:00000000f54ad50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  687.191357][T16559] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  687.191369][T16559] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  687.191381][T16559] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  687.191392][T16559] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  687.191403][T16559] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  687.191431][T16559]  </TASK>
[  687.191478][T16559] ERROR: Out of memory at tomoyo_realpath_from_path.
[  687.465996][T16571] fuse: Unknown parameter 'euid>00000000000000000000'
[  687.500624][ T5881] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  687.680607][ T5881] usb 5-1: Using ep0 maxpacket: 8
[  687.704263][ T5881] usb 5-1: unable to get BOS descriptor or descriptor too short
[  687.740843][ T5881] usb 5-1: config 52 has an invalid interface number: 171 but max is 0
[  687.768045][ T5881] usb 5-1: config 52 has no interface number 0
[  687.769598][T16574] openvswitch: netlink: IP tunnel dst address not specified
[  687.794758][ T5881] usb 5-1: config 52 interface 171 altsetting 7 has an endpoint descriptor with address 0xF7, changing to 0x87
[  687.830492][ T5881] usb 5-1: config 52 interface 171 altsetting 7 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  687.907889][ T5881] usb 5-1: No eUSB2 isoc ep 135 companion for config 52 interface 171 altsetting 7
[  687.960475][ T5881] usb 5-1: config 52 interface 171 has no altsetting 0
[  687.981912][ T5881] usb 5-1: New USB device found, idVendor=12d1, idProduct=a481, bcdDevice=cc.a3
[  688.032275][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.053837][ T5881] usb 5-1: Product: syz
[  688.074123][ T5881] usb 5-1: Manufacturer: syz
[  688.089174][ T5881] usb 5-1: SerialNumber: syz
[  688.117101][T16579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  688.139701][T16579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  688.153630][ T5902] usb 1-1: Firmware version (0.0) predates our first public release.
[  688.175626][ T5902] usb 1-1: Please update to version 0.2 or newer
[  688.191663][T16583] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3249'.
[  688.236566][T16581] 8021q: adding VLAN 0 to HW filter on device bond0
[  688.341942][ T5881] option 5-1:52.171: GSM modem (1-port) converter detected
[  688.370332][ T5881] usb 5-1: USB disconnect, device number 71
[  688.380001][ T5881] option 5-1:52.171: device disconnected
[  688.565931][ T5917] usb 1-1: USB disconnect, device number 65
[  690.045499][T16635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3263'.
[  690.141825][T16635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3263'.
[  690.147469][T16639] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3265'.
[  690.420491][ T5881] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  690.502261][T16650] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3266'.
[  690.655535][T16651] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3267'.
[  690.666171][T16651] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3267'.
[  690.814520][ T5881] usb 8-1: too many configurations: 65, using maximum allowed: 8
[  690.847555][ T5881] usb 8-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  690.858734][ T5881] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.897820][ T5881] uvcvideo 8-1:250.0: Found UVC 0.00 device <unnamed> (046d:08c1)
[  690.923505][ T5881] uvcvideo 8-1:250.0: No valid video chain found.
[  691.137929][ T5902] usb 8-1: USB disconnect, device number 59
[  691.174146][ T5881] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  691.538135][ T5881] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  691.556848][ T5881] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  691.571563][ T5881] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  691.590874][ T5881] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  691.617564][ T5881] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  691.641527][ T5881] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  691.682798][ T5881] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  691.692231][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  691.720487][ T5881] usb 1-1: Product: syz
[  691.729671][ T5881] usb 1-1: Manufacturer: syz
[  691.774102][T16653] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  691.793037][ T5881] cdc_wdm 1-1:1.0: skipping garbage
[  691.802706][ T5881] cdc_wdm 1-1:1.0: skipping garbage
[  691.833137][ T5881] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  691.856876][ T5881] cdc_wdm 1-1:1.0: Unknown control protocol
[  691.941827][T16665] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3274'.
[  691.952368][T16665] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3274'.
[  692.184101][T16673] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  692.214778][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  692.214796][   T30] audit: type=1326 audit(1773293627.814:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  692.257854][ T5902] usb 1-1: USB disconnect, device number 66
[  692.276584][   T30] audit: type=1326 audit(1773293627.814:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71f5cab code=0x7ffc0000
[  692.350177][   T30] audit: type=1326 audit(1773293627.814:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  692.461950][   T30] audit: type=1326 audit(1773293627.824:1865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  692.530473][   T30] audit: type=1326 audit(1773293627.824:1866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  692.624252][   T30] audit: type=1326 audit(1773293627.824:1867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  692.688102][T16653] nvme_fabrics: missing parameter 'transport=%s'
[  692.694651][T16653] nvme_fabrics: missing parameter 'nqn=%s'
[  692.851165][ T5902] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  693.018743][   T30] audit: type=1326 audit(1773293627.824:1868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  693.135884][   T30] audit: type=1326 audit(1773293627.824:1869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  693.156514][ T5902] usb 1-1: device descriptor read/64, error -71
[  693.215328][   T30] audit: type=1326 audit(1773293627.824:1870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  693.313342][   T30] audit: type=1326 audit(1773293627.824:1871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16662 comm="syz.3.3275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70bef6c code=0x7ffc0000
[  693.410753][ T5902] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  693.570924][ T5902] usb 1-1: device descriptor read/64, error -71
[  693.680897][ T5902] usb usb1-port1: attempt power cycle
[  694.170503][ T5913] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  694.330502][ T5913] usb 6-1: Using ep0 maxpacket: 16
[  694.571042][ T5913] usb 6-1: unable to get BOS descriptor or descriptor too short
[  694.584320][ T5913] usb 6-1: config 9 has an invalid interface number: 57 but max is 0
[  694.592712][T16709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3286'.
[  694.621452][T16709] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3286'.
[  694.649487][ T5913] usb 6-1: config 9 has no interface number 0
[  694.673975][ T5913] usb 6-1: config 9 interface 57 has no altsetting 0
[  695.025186][ T5913] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=61.f7
[  695.057701][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.323603][ T5913] usb 6-1: Product: syz
[  695.327820][ T5913] usb 6-1: Manufacturer: syz
[  695.337871][ T5913] usb 6-1: SerialNumber: syz
[  697.094006][T16742] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3298'.
[  697.132492][T16742] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3298'.
[  697.189729][T16747] ip6gre2: entered allmulticast mode
[  697.318886][ T5913] usbhid 6-1:9.57: couldn't find an input interrupt endpoint
[  697.400797][ T5913] usb 6-1: USB disconnect, device number 70
[  697.575130][T16762] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3305'.
[  697.595215][T16762] ip6gre2: entered promiscuous mode
[  697.613535][T16762] ip6gre2: entered allmulticast mode
[  697.901797][T16767] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  697.970502][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  697.970522][   T30] audit: type=1326 audit(1773293633.574:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.003630][   T30] audit: type=1326 audit(1773293633.574:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.056010][T16769] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3306'.
[  698.072007][   T30] audit: type=1326 audit(1773293633.574:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71d5cab code=0x7ffc0000
[  698.106452][   T30] audit: type=1326 audit(1773293633.574:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.135137][   T30] audit: type=1326 audit(1773293633.574:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.406179][   T30] audit: type=1326 audit(1773293633.574:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.534097][   T30] audit: type=1326 audit(1773293633.574:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.558993][T16778] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3311'.
[  698.579363][T16778] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3311'.
[  698.598251][   T30] audit: type=1326 audit(1773293633.574:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.653869][   T30] audit: type=1326 audit(1773293633.584:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.720480][   T30] audit: type=1326 audit(1773293633.584:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16759 comm="syz.7.3304" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  698.834514][T16787] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3309'.
[  698.878633][T16787] picdev_read: 1 callbacks suppressed
[  698.878647][T16787] kvm: pic: non byte read
[  698.889067][T16787] kvm: pic: level sensitive irq not supported
[  698.889119][T16787] kvm: pic: non byte read
[  698.912595][T16787] kvm: pic: level sensitive irq not supported
[  698.912649][T16787] kvm: pic: non byte read
[  699.567967][T16813] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3323'.
[  699.581016][  T797] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  699.740596][  T797] usb 5-1: Using ep0 maxpacket: 8
[  699.752608][  T797] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  699.779558][  T797] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  699.801751][  T797] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  699.827145][  T797] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  699.848728][  T797] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  699.867980][  T797] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  699.894707][  T797] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  699.910254][  T797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.029416][  T797] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[  700.490902][T16828] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  700.722178][T16833] FAULT_INJECTION: forcing a failure.
[  700.722178][T16833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  700.738434][T16833] CPU: 0 UID: 0 PID: 16833 Comm: syz.3.3330 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  700.738461][T16833] Tainted: [L]=SOFTLOCKUP
[  700.738468][T16833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  700.738478][T16833] Call Trace:
[  700.738485][T16833]  <TASK>
[  700.738494][T16833]  dump_stack_lvl+0xe8/0x150
[  700.738521][T16833]  should_fail_ex+0x412/0x560
[  700.738549][T16833]  _copy_from_iter+0x1d3/0x1670
[  700.738577][T16833]  ? sock_alloc_send_pskb+0x896/0x990
[  700.738602][T16833]  ? __pfx__copy_from_iter+0x10/0x10
[  700.738632][T16833]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  700.738652][T16833]  skb_copy_datagram_from_iter+0xf5/0x710
[  700.738675][T16833]  ? dev_get_by_index+0x22/0x2e0
[  700.738693][T16833]  ? skb_put+0x11b/0x210
[  700.738718][T16833]  packet_sendmsg+0x37e4/0x50f0
[  700.738757][T16833]  ? __lock_acquire+0x6b5/0x2cf0
[  700.738780][T16833]  ? aa_sk_perm+0x6d5/0x900
[  700.738793][T16833]  ? __pfx_packet_sendmsg+0x10/0x10
[  700.738809][T16833]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  700.738827][T16833]  ? aa_sock_msg_perm+0xf1/0x1b0
[  700.738843][T16833]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  700.738856][T16833]  ? __pfx_packet_sendmsg+0x10/0x10
[  700.738870][T16833]  __sys_sendto+0x672/0x710
[  700.738886][T16833]  ? __pfx___sys_sendto+0x10/0x10
[  700.738911][T16833]  ? fput+0xa0/0xd0
[  700.738925][T16833]  ? ksys_write+0x242/0x270
[  700.738939][T16833]  __ia32_sys_sendto+0xdd/0x100
[  700.738955][T16833]  __do_fast_syscall_32+0x20d/0x640
[  700.738967][T16833]  ? do_fast_syscall_32+0x33/0x70
[  700.738976][T16833]  ? asm_int80_emulation+0x1a/0x20
[  700.738986][T16833]  ? do_int80_emulation+0x274/0x4d0
[  700.738998][T16833]  do_fast_syscall_32+0x33/0x70
[  700.739008][T16833]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  700.739020][T16833] RIP: 0023:0xf70bef6c
[  700.739031][T16833] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  700.739041][T16833] RSP: 002b:00000000f54ad50c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  700.739052][T16833] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  700.739059][T16833] RDX: 000000000000002a RSI: 00000000040008c1 RDI: 0000000080000480
[  700.739066][T16833] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[  700.739072][T16833] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  700.739078][T16833] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  700.739092][T16833]  </TASK>
[  701.256317][T16848] __nla_validate_parse: 1 callbacks suppressed
[  701.256366][T16848] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3335'.
[  701.278777][T16848] ip6gre2: entered promiscuous mode
[  701.284388][T16848] ip6gre2: entered allmulticast mode
[  701.786882][T16867] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3342'.
[  701.880663][ T5917] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[  701.974003][T16869] netlink: 'syz.7.3343': attribute type 10 has an invalid length.
[  701.997977][T16869] syzkaller0: left promiscuous mode
[  702.007254][T16869] syzkaller0: left allmulticast mode
[  702.051052][ T5917] usb 6-1: Using ep0 maxpacket: 16
[  702.057789][ T5917] usb 6-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  702.086696][ T5917] usb 6-1: config 0 interface 0 has no altsetting 0
[  702.094001][ T5917] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  702.105206][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.127852][ T5917] usb 6-1: config 0 descriptor??
[  702.276002][  T797] usb 5-1: USB disconnect, device number 72
[  702.430322][T16887] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3349'.
[  702.474367][T16888] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  702.759301][ T5917] usbhid 6-1:0.0: can't add hid device: -71
[  702.768178][ T5917] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  702.811652][ T5917] usb 6-1: USB disconnect, device number 71
[  703.009169][T16895] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3351'.
[  703.766974][T16905] FAULT_INJECTION: forcing a failure.
[  703.766974][T16905] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  703.958054][T16905] CPU: 1 UID: 0 PID: 16905 Comm: syz.4.3355 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  703.958082][T16905] Tainted: [L]=SOFTLOCKUP
[  703.958090][T16905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  703.958100][T16905] Call Trace:
[  703.958107][T16905]  <TASK>
[  703.958115][T16905]  dump_stack_lvl+0xe8/0x150
[  703.958141][T16905]  should_fail_ex+0x412/0x560
[  703.958167][T16905]  _copy_from_user+0x2d/0xb0
[  703.958192][T16905]  ia32_restore_sigcontext+0xf5/0x580
[  703.958218][T16905]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  703.958236][T16905]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  703.958269][T16905]  ? _raw_spin_unlock_irq+0x23/0x50
[  703.958295][T16905]  __ia32_compat_sys_sigreturn+0x23e/0x2a0
[  703.958317][T16905]  ? rcu_is_watching+0x15/0xb0
[  703.958342][T16905]  ? __pfx___ia32_compat_sys_sigreturn+0x10/0x10
[  703.958371][T16905]  ? asm_int80_emulation+0x1a/0x20
[  703.958393][T16905]  do_int80_emulation+0x173/0x4d0
[  703.958410][T16905]  ? trace_irq_disable+0x3b/0x150
[  703.958434][T16905]  ? asm_int80_emulation+0x1a/0x20
[  703.958449][T16905]  ? clear_bhb_loop+0x40/0x90
[  703.958466][T16905]  ? clear_bhb_loop+0x40/0x90
[  703.958487][T16905]  asm_int80_emulation+0x1a/0x20
[  703.958504][T16905] RIP: 0023:0xf706ef88
[  703.958520][T16905] Code: c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 77 00 00 00 cd 80 <0f> 0b 90 90 90 90 90 90 b8 ad 00 00 00 cd 80 0f 0b 0d e8 ff ff 68
[  703.958534][T16905] RSP: 002b:00000000f545ce74 EFLAGS: 00000206 ORIG_RAX: 0000000000000077
[  703.958563][T16905] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  703.958575][T16905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  703.958586][T16905] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  703.958595][T16905] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  703.958604][T16905] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  703.958628][T16905]  </TASK>
[  704.868280][T16917] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3359'.
[  705.655188][T16938] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3366'.
[  705.718567][T16935] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3366'.
[  705.742817][T16935] netlink: 141 bytes leftover after parsing attributes in process `syz.5.3366'.
[  705.806374][T16935] PKCS8: Unsupported PKCS#8 version
[  706.150154][T16949] IPv6: addrconf: prefix option has invalid lifetime
[  706.228202][T16953] FAULT_INJECTION: forcing a failure.
[  706.228202][T16953] name failslab, interval 1, probability 0, space 0, times 0
[  706.289199][T16950] FAULT_INJECTION: forcing a failure.
[  706.289199][T16950] name failslab, interval 1, probability 0, space 0, times 0
[  706.302153][T16953] CPU: 0 UID: 0 PID: 16953 Comm: syz.0.3372 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  706.302182][T16953] Tainted: [L]=SOFTLOCKUP
[  706.302189][T16953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  706.302198][T16953] Call Trace:
[  706.302206][T16953]  <TASK>
[  706.302213][T16953]  dump_stack_lvl+0xe8/0x150
[  706.302244][T16953]  should_fail_ex+0x412/0x560
[  706.302271][T16953]  should_failslab+0xa8/0x100
[  706.302293][T16953]  ? skb_clone+0x212/0x3a0
[  706.302313][T16953]  kmem_cache_alloc_noprof+0x87/0x650
[  706.302340][T16953]  skb_clone+0x212/0x3a0
[  706.302366][T16953]  __netlink_deliver_tap+0x404/0x850
[  706.302397][T16953]  ? netlink_deliver_tap+0x2e/0x1b0
[  706.302421][T16953]  netlink_deliver_tap+0x19c/0x1b0
[  706.302444][T16953]  __netlink_sendskb+0x47/0x90
[  706.302466][T16953]  netlink_dump+0xa6f/0xe80
[  706.302500][T16953]  ? __pfx_netlink_dump+0x10/0x10
[  706.302542][T16953]  netlink_recvmsg+0x690/0xa50
[  706.302573][T16953]  ? __pfx_netlink_recvmsg+0x10/0x10
[  706.302600][T16953]  ? aa_sock_msg_perm+0xf1/0x1b0
[  706.302623][T16953]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  706.302648][T16953]  ? security_socket_recvmsg+0x7e/0x2c0
[  706.302675][T16953]  ? __pfx_netlink_recvmsg+0x10/0x10
[  706.302699][T16953]  sock_recvmsg+0x172/0x1b0
[  706.302723][T16953]  ____sys_recvmsg+0x1e6/0x4a0
[  706.302750][T16953]  ? __pfx_____sys_recvmsg+0x10/0x10
[  706.302766][T16953]  ? get_compat_msghdr+0x34b/0x4c0
[  706.302810][T16953]  ___sys_recvmsg+0x215/0x590
[  706.302827][T16953]  ? get_pid_task+0x20/0x1f0
[  706.302848][T16953]  ? __pfx____sys_recvmsg+0x10/0x10
[  706.302888][T16953]  ? __fget_files+0x3a0/0x420
[  706.302922][T16953]  __sys_recvmsg+0x180/0x250
[  706.302942][T16953]  ? __pfx___sys_recvmsg+0x10/0x10
[  706.302980][T16953]  __do_fast_syscall_32+0x20d/0x640
[  706.303001][T16953]  ? do_fast_syscall_32+0x33/0x70
[  706.303018][T16953]  ? asm_int80_emulation+0x1a/0x20
[  706.303034][T16953]  ? do_int80_emulation+0x274/0x4d0
[  706.303050][T16953]  ? trace_irq_disable+0x3b/0x150
[  706.303078][T16953]  do_fast_syscall_32+0x33/0x70
[  706.303096][T16953]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.303117][T16953] RIP: 0023:0xf70aef6c
[  706.303133][T16953] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  706.303148][T16953] RSP: 002b:00000000f549d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000174
[  706.303167][T16953] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800003c0
[  706.303179][T16953] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  706.303190][T16953] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  706.303200][T16953] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  706.303211][T16953] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  706.303236][T16953]  </TASK>
[  706.593746][T16950] CPU: 1 UID: 0 PID: 16950 Comm: syz.3.3369 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  706.593766][T16950] Tainted: [L]=SOFTLOCKUP
[  706.593770][T16950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  706.593776][T16950] Call Trace:
[  706.593781][T16950]  <TASK>
[  706.593787][T16950]  dump_stack_lvl+0xe8/0x150
[  706.593807][T16950]  should_fail_ex+0x412/0x560
[  706.593823][T16950]  should_failslab+0xa8/0x100
[  706.593837][T16950]  ? security_file_alloc+0x34/0x310
[  706.593849][T16950]  kmem_cache_alloc_noprof+0x87/0x650
[  706.593860][T16950]  ? rcu_is_watching+0x15/0xb0
[  706.593875][T16950]  ? trace_kmem_cache_alloc+0x29/0xf0
[  706.593886][T16950]  security_file_alloc+0x34/0x310
[  706.593898][T16950]  init_file+0x90/0x2b0
[  706.593913][T16950]  alloc_empty_file+0x6e/0x1d0
[  706.593927][T16950]  path_openat+0x10f/0x3860
[  706.593937][T16950]  ? arch_stack_walk+0xfb/0x150
[  706.593956][T16950]  ? do_getname+0x2e/0x250
[  706.593969][T16950]  ? stack_trace_save+0xa9/0x100
[  706.593980][T16950]  ? __pfx_stack_trace_save+0x10/0x10
[  706.593996][T16950]  ? do_getname+0x2e/0x250
[  706.594009][T16950]  ? stack_depot_save_flags+0x33/0x810
[  706.594022][T16950]  ? do_getname+0x2e/0x250
[  706.594035][T16950]  ? kasan_save_track+0x4f/0x80
[  706.594045][T16950]  ? kasan_save_track+0x3e/0x80
[  706.594054][T16950]  ? __kasan_slab_alloc+0x6c/0x80
[  706.594065][T16950]  ? __pfx_path_openat+0x10/0x10
[  706.594074][T16950]  ? __ia32_compat_sys_openat+0x131/0x160
[  706.594089][T16950]  ? __do_fast_syscall_32+0x20d/0x640
[  706.594099][T16950]  ? do_fast_syscall_32+0x33/0x70
[  706.594108][T16950]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.594125][T16950]  ? __lock_acquire+0x6b5/0x2cf0
[  706.594141][T16950]  do_file_open+0x23e/0x4a0
[  706.594154][T16950]  ? __pfx_do_file_open+0x10/0x10
[  706.594174][T16950]  ? _raw_spin_unlock+0x28/0x50
[  706.594186][T16950]  ? alloc_fd+0x64b/0x6c0
[  706.594206][T16950]  do_sys_openat2+0x113/0x200
[  706.594220][T16950]  ? __fget_files+0x3a0/0x420
[  706.594234][T16950]  ? __pfx_do_sys_openat2+0x10/0x10
[  706.594249][T16950]  ? fput+0xa0/0xd0
[  706.594262][T16950]  ? ksys_write+0x242/0x270
[  706.594274][T16950]  __ia32_compat_sys_openat+0x131/0x160
[  706.594291][T16950]  __do_fast_syscall_32+0x20d/0x640
[  706.594302][T16950]  ? do_fast_syscall_32+0x33/0x70
[  706.594311][T16950]  ? asm_int80_emulation+0x1a/0x20
[  706.594321][T16950]  ? do_int80_emulation+0x274/0x4d0
[  706.594330][T16950]  ? trace_irq_disable+0x3b/0x150
[  706.594346][T16950]  do_fast_syscall_32+0x33/0x70
[  706.594356][T16950]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  706.594369][T16950] RIP: 0023:0xf70bef6c
[  706.594379][T16950] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  706.594388][T16950] RSP: 002b:00000000f548c50c EFLAGS: 00000206 ORIG_RAX: 0000000000000127
[  706.594400][T16950] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100
[  706.594407][T16950] RDX: 0000000000880cc2 RSI: 0000000000000020 RDI: 0000000000000000
[  706.594414][T16950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  706.594420][T16950] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  706.594427][T16950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  706.594440][T16950]  </TASK>
[  707.143661][T16961] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3374'.
[  707.162050][T16961] ip6gre3: entered promiscuous mode
[  707.167386][T16961] ip6gre3: entered allmulticast mode
[  707.265154][T16956] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.272599][T16956] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.298250][T16968] FAULT_INJECTION: forcing a failure.
[  707.298250][T16968] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  707.317481][T16968] CPU: 0 UID: 0 PID: 16968 Comm: syz.0.3377 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  707.317512][T16968] Tainted: [L]=SOFTLOCKUP
[  707.317520][T16968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  707.317530][T16968] Call Trace:
[  707.317539][T16968]  <TASK>
[  707.317547][T16968]  dump_stack_lvl+0xe8/0x150
[  707.317578][T16968]  should_fail_ex+0x412/0x560
[  707.317608][T16968]  _copy_from_user+0x2d/0xb0
[  707.317635][T16968]  kstrtouint_from_user+0xd6/0x180
[  707.317662][T16968]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  707.317700][T16968]  proc_fail_nth_write+0x8e/0x210
[  707.317727][T16968]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  707.317757][T16968]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  707.317783][T16968]  vfs_write+0x29a/0xb90
[  707.317811][T16968]  ? __pfx_vfs_write+0x10/0x10
[  707.317832][T16968]  ? __fget_files+0x2a/0x420
[  707.317861][T16968]  ? __fget_files+0x3a0/0x420
[  707.317885][T16968]  ? __fget_files+0x2a/0x420
[  707.317918][T16968]  ksys_write+0x150/0x270
[  707.317940][T16968]  ? __pfx_ksys_write+0x10/0x10
[  707.317964][T16968]  ? asm_int80_emulation+0x1a/0x20
[  707.317988][T16968]  do_int80_emulation+0x173/0x4d0
[  707.318007][T16968]  ? trace_irq_disable+0x3b/0x150
[  707.318032][T16968]  ? asm_int80_emulation+0x1a/0x20
[  707.318048][T16968]  ? clear_bhb_loop+0x40/0x90
[  707.318066][T16968]  ? clear_bhb_loop+0x40/0x90
[  707.318087][T16968]  asm_int80_emulation+0x1a/0x20
[  707.318104][T16968] RIP: 0023:0xf71e5cab
[  707.318121][T16968] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  707.318136][T16968] RSP: 002b:00000000f549d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  707.318156][T16968] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f549d5d0
[  707.318169][T16968] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  707.318180][T16968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  707.318190][T16968] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  707.318201][T16968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  707.318234][T16968]  </TASK>
[  707.871576][ T5913] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  708.060528][ T5913] usb 1-1: Using ep0 maxpacket: 8
[  708.078500][ T5913] usb 1-1: unable to get BOS descriptor or descriptor too short
[  708.093312][T16983] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3382'.
[  708.110261][T16983] tipc: Failed to remove unknown binding: 66,1,1/11578026:111487032/111487034
[  708.157011][ T5913] usb 1-1: config 8 has an invalid interface number: 134 but max is 0
[  708.189745][ T5913] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  708.216389][ T5913] usb 1-1: config 8 has no interface number 0
[  708.232443][ T5913] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0011, bcdDevice=fa.e6
[  708.244635][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.262459][ T5913] usb 1-1: Product: syz
[  708.269964][ T5913] usb 1-1: Manufacturer: syz
[  708.287317][ T5913] usb 1-1: SerialNumber: syz
[  708.430557][ T5902] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  708.513945][T16970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  708.540938][T16970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.564655][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  708.579111][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  708.592627][ T5902] usb 5-1: Using ep0 maxpacket: 16
[  708.601048][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  708.613014][ T5902] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  708.642107][ T5902] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  708.642155][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  708.669798][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  708.689309][ T5835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  708.717880][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  708.728620][ T5835] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  708.737299][ T5835] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  708.757972][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  708.784468][T16970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  708.857235][T16970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.970737][T16970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.033565][T16970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.073578][T16970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.121234][T16970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.137004][T16996] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  709.149508][T16970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.219294][T16998] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3385'.
[  709.231039][T16998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3385'.
[  709.243232][T16998] netlink: 141 bytes leftover after parsing attributes in process `syz.3.3385'.
[  709.258702][T16998] PKCS8: Unsupported PKCS#8 version
[  709.324665][T16970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.456507][T17002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3378'.
[  709.548451][T17002] netlink: 'syz.0.3378': attribute type 15 has an invalid length.
[  709.579543][T17002] netlink: 'syz.0.3378': attribute type 18 has an invalid length.
[  709.692287][T17002] vxlan0: entered promiscuous mode
[  709.737052][   T36] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  709.747731][   T36] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  709.852042][   T36] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  709.871529][   T36] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  709.957256][T16993] chnl_net:caif_netlink_parms(): no params data found
[  710.065431][T17006] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3386'.
[  710.122684][T17006] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3386'.
[  710.398703][T16993] bridge0: port 1(bridge_slave_0) entered blocking state
[  710.406176][T16993] bridge0: port 1(bridge_slave_0) entered disabled state
[  710.413783][T16993] bridge_slave_0: entered allmulticast mode
[  710.426732][T16993] bridge_slave_0: entered promiscuous mode
[  710.501020][T16993] bridge0: port 2(bridge_slave_1) entered blocking state
[  710.515279][T16993] bridge0: port 2(bridge_slave_1) entered disabled state
[  710.554227][T16993] bridge_slave_1: entered allmulticast mode
[  710.568818][T16993] bridge_slave_1: entered promiscuous mode
[  710.659709][T17016] FAULT_INJECTION: forcing a failure.
[  710.659709][T17016] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.675081][T16993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  710.689138][T16993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  710.708174][T17016] CPU: 1 UID: 0 PID: 17016 Comm: syz.3.3389 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  710.708204][T17016] Tainted: [L]=SOFTLOCKUP
[  710.708212][T17016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  710.708223][T17016] Call Trace:
[  710.708231][T17016]  <TASK>
[  710.708239][T17016]  dump_stack_lvl+0xe8/0x150
[  710.708271][T17016]  should_fail_ex+0x412/0x560
[  710.708291][T17016]  _copy_to_user+0x31/0xb0
[  710.708308][T17016]  simple_read_from_buffer+0xe1/0x170
[  710.708326][T17016]  proc_fail_nth_read+0x1bb/0x230
[  710.708353][T17016]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  710.708381][T17016]  ? rw_verify_area+0x2a6/0x4d0
[  710.708400][T17016]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  710.708429][T17016]  vfs_read+0x20c/0xa70
[  710.708446][T17016]  ? __pfx_vfs_read+0x10/0x10
[  710.708456][T17016]  ? do_compat_fcntl64+0x199/0x7e0
[  710.708470][T17016]  ? __pfx_do_compat_fcntl64+0x10/0x10
[  710.708491][T17016]  ksys_read+0x150/0x270
[  710.708513][T17016]  ? __pfx_ksys_read+0x10/0x10
[  710.708537][T17016]  ? asm_int80_emulation+0x1a/0x20
[  710.708560][T17016]  do_int80_emulation+0x173/0x4d0
[  710.708580][T17016]  ? asm_int80_emulation+0x1a/0x20
[  710.708591][T17016]  ? clear_bhb_loop+0x40/0x90
[  710.708601][T17016]  ? clear_bhb_loop+0x40/0x90
[  710.708613][T17016]  asm_int80_emulation+0x1a/0x20
[  710.708623][T17016] RIP: 0023:0xf71f5cab
[  710.708633][T17016] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  710.708649][T17016] RSP: 002b:00000000f54ad4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  710.708669][T17016] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54ad5d0
[  710.708683][T17016] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  710.708694][T17016] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  710.708705][T17016] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  710.708716][T17016] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  710.708738][T17016]  </TASK>
[  710.927823][T16993] team0: Port device team_slave_0 added
[  710.936284][T16993] team0: Port device team_slave_1 added
[  710.960455][T16993] batman_adv: batadv0: Adding interface: batadv_slave_0
[  710.967428][T16993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  710.993419][T16993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  711.006060][T16993] batman_adv: batadv0: Adding interface: batadv_slave_1
[  711.014302][T16993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  711.040421][T16993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  711.088053][T16993] hsr_slave_0: entered promiscuous mode
[  711.094832][T16993] hsr_slave_1: entered promiscuous mode
[  711.101196][T16993] debugfs: 'hsr0' already exists in 'hsr'
[  711.106952][T16993] Cannot create hsr debugfs directory
[  711.152913][ T5829] Bluetooth: hci5: command tx timeout
[  711.196339][ T5913] kvaser_usb 1-1:8.134: error -ENODEV: Cannot get usb endpoint(s)
[  711.215464][ T5913] usb 1-1: USB disconnect, device number 70
[  711.255546][ T5902] usb 5-1: string descriptor 0 read error: -71
[  711.262411][ T5902] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  711.277300][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.289031][ T5902] usb 5-1: can't set config #1, error -71
[  711.313821][ T5902] usb 5-1: USB disconnect, device number 73
[  711.665309][T16993] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.682061][T17038] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  711.720504][T16986] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  711.786157][T16993] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.893478][T16993] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.913656][T16986] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  711.924055][T16986] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  711.952049][T16986] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  711.963802][T16986] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  711.972832][T16986] usb 4-1: SerialNumber: syz
[  712.020139][T16993] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  712.228243][T16993] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  712.243963][T16986] usb 4-1: 0:2 : does not exist
[  712.259877][T16993] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  712.284428][T16993] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  712.304964][T16993] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  712.318529][T16986] usb 4-1: USB disconnect, device number 70
[  712.417499][T16991] udevd[16991]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  712.525843][T16993] 8021q: adding VLAN 0 to HW filter on device bond0
[  712.558956][T16993] 8021q: adding VLAN 0 to HW filter on device team0
[  712.607448][ T3572] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.614698][ T3572] bridge0: port 1(bridge_slave_0) entered forwarding state
[  712.629504][ T3572] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.636732][ T3572] bridge0: port 2(bridge_slave_1) entered forwarding state
[  712.667436][T17049] openvswitch: netlink: Duplicate or invalid key (type 0).
[  712.676980][T17049] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  712.877334][T17058] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3399'.
[  712.891099][T17058] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3399'.
[  712.901729][T17058] netlink: 141 bytes leftover after parsing attributes in process `syz.5.3399'.
[  712.957123][T16993] 8021q: adding VLAN 0 to HW filter on device batadv0
[  712.984737][T17059] PKCS8: Unsupported PKCS#8 version
[  713.072729][T16993] veth0_vlan: entered promiscuous mode
[  713.123648][T16993] veth1_vlan: entered promiscuous mode
[  713.191370][ T5829] Bluetooth: hci5: command tx timeout
[  713.208377][T16993] veth0_macvtap: entered promiscuous mode
[  713.233872][T16993] veth1_macvtap: entered promiscuous mode
[  713.335702][T16993] batman_adv: batadv0: Interface activated: batadv_slave_0
[  713.535269][T16993] batman_adv: batadv0: Interface activated: batadv_slave_1
[  713.586877][  T152] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  713.626756][  T152] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  713.656505][  T152] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  713.692953][  T152] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  713.978458][ T3572] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.996970][ T3572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  714.095291][T17084] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  714.233034][ T3572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  714.254960][ T3572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  715.040571][  T797] usb 8-1: new high-speed USB device number 60 using dummy_hcd
[  715.232927][  T797] usb 8-1: Using ep0 maxpacket: 8
[  715.248322][  T797] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  715.257476][ T5829] Bluetooth: hci5: command tx timeout
[  715.305687][  T797] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  715.357707][  T797] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  715.423126][  T797] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  715.480523][  T797] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  715.500303][  T797] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  715.512150][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  715.522760][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  715.533833][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  715.542059][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  715.549695][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  715.560679][  T797] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.848393][  T797] usb 8-1: usb_control_msg returned -32
[  715.867631][  T797] usbtmc 8-1:16.0: can't read capabilities
[  716.407943][T17110] chnl_net:caif_netlink_parms(): no params data found
[  716.460813][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  716.605169][T17110] bridge0: port 1(bridge_slave_0) entered blocking state
[  716.634013][T17110] bridge0: port 1(bridge_slave_0) entered disabled state
[  716.651543][T17110] bridge_slave_0: entered allmulticast mode
[  716.666510][T17110] bridge_slave_0: entered promiscuous mode
[  716.670495][   T24] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  716.721896][T17110] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.737085][T17110] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.758711][T17110] bridge_slave_1: entered allmulticast mode
[  716.768702][T17110] bridge_slave_1: entered promiscuous mode
[  716.811047][T17110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  716.830488][   T24] usb 5-1: Using ep0 maxpacket: 8
[  716.837662][   T24] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  716.850058][   T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  716.874319][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  716.905650][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 235
[  716.935918][   T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  716.936810][   T36] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.980982][T17110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  716.991671][   T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  717.018412][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.133871][   T36] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.255412][   T24] usb 5-1: usb_control_msg returned -32
[  717.261682][   T24] usbtmc 5-1:16.0: can't read capabilities
[  717.307487][   T36] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.331239][ T5829] Bluetooth: hci5: command tx timeout
[  717.333183][T17110] team0: Port device team_slave_0 added
[  717.364988][T17110] team0: Port device team_slave_1 added
[  717.385694][   T36] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.589919][T17110] batman_adv: batadv0: Adding interface: batadv_slave_0
[  717.603551][T17110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  717.634980][T17110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  717.648100][T17110] batman_adv: batadv0: Adding interface: batadv_slave_1
[  717.649668][ T5913] usb 5-1: USB disconnect, device number 74
[  717.660503][ T5829] Bluetooth: hci4: command tx timeout
[  717.700772][T16986] usb 8-1: USB disconnect, device number 60
[  717.770564][T17110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  717.901043][T17110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  718.055954][T17110] hsr_slave_0: entered promiscuous mode
[  718.064291][T17110] hsr_slave_1: entered promiscuous mode
[  718.090755][T17110] debugfs: 'hsr0' already exists in 'hsr'
[  718.104749][T17110] Cannot create hsr debugfs directory
[  718.518249][   T36] bridge_slave_1: left allmulticast mode
[  718.524106][   T36] bridge_slave_1: left promiscuous mode
[  718.529829][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  718.546461][   T36] bridge_slave_0: left allmulticast mode
[  718.559543][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  718.587950][   T36] veth0_to_bond: left allmulticast mode
[  718.608009][   T36] veth0_to_bond: left promiscuous mode
[  718.630178][   T36] bridge1: port 1(veth0_to_bond) entered disabled state
[  719.417806][   T36] bond1 (unregistering): Released all slaves
[  719.470888][   T36] bond2 (unregistering): Released all slaves
[  719.524032][   T36] bond0 (unregistering): Released all slaves
[  719.732950][ T5829] Bluetooth: hci4: command tx timeout
[  719.841208][   T36] tipc: Left network mode
[  720.940692][   T29] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  721.190891][   T29] usb 5-1: device descriptor read/64, error -71
[  721.563519][T17110] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  721.640252][   T29] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  721.697624][T17208] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3430'.
[  721.754549][T17110] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  721.757671][T17208] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3430'.
[  721.797970][T17211] binder_alloc: 17210: binder_alloc_buf, no vma
[  721.814669][T17110] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  721.819512][T17110] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  721.821457][ T5829] Bluetooth: hci4: command tx timeout
[  721.821693][   T29] usb 5-1: device descriptor read/64, error -71
[  721.930938][   T29] usb usb5-port1: attempt power cycle
[  721.992854][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  721.992880][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  721.993697][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  721.993717][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  722.047627][   T36] veth1_to_hsr: left allmulticast mode
[  722.047807][   T36] veth1_to_hsr: left promiscuous mode
[  722.047906][   T36] veth1_macvtap: left promiscuous mode
[  722.047927][   T36] veth0_macvtap: left promiscuous mode
[  722.047996][   T36] veth1_vlan: left promiscuous mode
[  722.048047][   T36] veth0_vlan: left promiscuous mode
[  722.280763][   T29] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  722.315270][   T29] usb 5-1: device descriptor read/8, error -71
[  722.560542][   T29] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  722.581290][   T29] usb 5-1: device descriptor read/8, error -71
[  722.682794][   T36] team0 (unregistering): Port device team_slave_1 removed
[  722.691433][   T29] usb usb5-port1: unable to enumerate USB device
[  722.730566][   T36] team0 (unregistering): Port device team_slave_0 removed
[  723.343080][T17110] 8021q: adding VLAN 0 to HW filter on device bond0
[  723.383728][T17110] 8021q: adding VLAN 0 to HW filter on device team0
[  723.401820][ T1118] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.408979][ T1118] bridge0: port 1(bridge_slave_0) entered forwarding state
[  723.495932][ T1118] bridge0: port 2(bridge_slave_1) entered blocking state
[  723.503125][ T1118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  723.646932][T17246] netlink: 72 bytes leftover after parsing attributes in process `syz.7.3437'.
[  723.658793][T17246] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3437'.
[  723.890632][ T5829] Bluetooth: hci4: command tx timeout
[  723.982618][T17248] netlink: 141 bytes leftover after parsing attributes in process `syz.7.3437'.
[  723.993865][T17246] PKCS8: Unsupported PKCS#8 version
[  724.042814][T17110] 8021q: adding VLAN 0 to HW filter on device batadv0
[  724.219816][T17110] veth0_vlan: entered promiscuous mode
[  724.258303][T17110] veth1_vlan: entered promiscuous mode
[  724.411717][T17110] veth0_macvtap: entered promiscuous mode
[  724.438597][T17110] veth1_macvtap: entered promiscuous mode
[  724.578609][T17110] batman_adv: batadv0: Interface activated: batadv_slave_0
[  724.613338][T17110] batman_adv: batadv0: Interface activated: batadv_slave_1
[  724.694270][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  724.720986][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  724.729750][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  724.871778][T17258] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  724.915481][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  725.223902][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.232493][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  725.324312][T16079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  725.334480][T16079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  725.751181][T17271] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3413'.
[  726.178247][T17291] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  726.280912][  T797] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  726.474956][  T797] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  726.538730][  T797] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  726.582564][  T797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.595263][T17295] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  726.640829][  T797] usb 5-1: config 0 descriptor??
[  726.698546][T17306] macvlan1: entered promiscuous mode
[  726.704919][T17306] macvlan1: entered allmulticast mode
[  726.713612][T17306] veth1_vlan: entered allmulticast mode
[  726.840591][ T5881] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[  726.862459][  T797] usbhid 5-1:0.0: can't add hid device: -71
[  726.873055][  T797] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  726.892608][  T797] usb 5-1: USB disconnect, device number 79
[  727.050610][ T5881] usb 6-1: Using ep0 maxpacket: 16
[  727.055962][   T29] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  727.082979][ T5881] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  727.115799][ T5881] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  727.137498][ T5881] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  727.160746][ T5881] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  727.193935][ T5881] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  727.266405][T17321] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3452'.
[  727.277014][T17321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3452'.
[  727.287577][T17321] netlink: 141 bytes leftover after parsing attributes in process `syz.3.3452'.
[  727.298394][T17321] PKCS8: Unsupported PKCS#8 version
[  727.352304][   T29] usb 1-1: Using ep0 maxpacket: 32
[  727.365821][   T29] usb 1-1: config 0 has an invalid interface number: 167 but max is 0
[  727.376596][   T29] usb 1-1: config 0 has no interface number 0
[  727.383448][ T5881] usb 6-1: SerialNumber: syz
[  727.413469][   T29] usb 1-1: config 0 interface 167 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 8
[  727.440269][   T29] usb 1-1: config 0 interface 167 has no altsetting 0
[  727.463923][   T29] usb 1-1: New USB device found, idVendor=07ca, idProduct=b808, bcdDevice=db.cd
[  727.473453][   T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.481997][T16986] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  727.597270][T17325] syzkaller0: entered promiscuous mode
[  727.603356][T17325] syzkaller0: entered allmulticast mode
[  727.611031][   T29] usb 1-1: Product: syz
[  727.628708][   T29] usb 1-1: Manufacturer: syz
[  727.699727][   T29] usb 1-1: SerialNumber: syz
[  727.713732][T16986] usb 5-1: Using ep0 maxpacket: 32
[  727.724041][   T29] usb 1-1: config 0 descriptor??
[  727.738919][T16986] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  727.754466][T16986] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  727.765947][T17310] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  727.773937][T16986] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.824398][T16986] usb 5-1: config 0 descriptor??
[  727.846694][T16986] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  727.872262][T16986] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  727.991436][T17310] trusted_key: encrypted_key: master key parameter 'defaulØ' is invalid
[  728.000429][   T29] dvb-usb: found a 'AVerMedia AVerTV DVB-T Volar' in cold state, will try to load a firmware
[  728.047207][   T29] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  728.056674][   T29] dib0700: firmware download failed at 7 with -71
[  728.093475][   T29] usb 1-1: USB disconnect, device number 71
[  728.313632][T17282] netlink: 19 bytes leftover after parsing attributes in process `syz.4.3445'.
[  728.368786][T16986] usb 5-1: USB disconnect, device number 80
[  728.377936][T16986] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  728.644273][   T29] usb 6-1: USB disconnect, device number 72
[  729.371450][T17362] FAULT_INJECTION: forcing a failure.
[  729.371450][T17362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  729.385718][T17362] CPU: 1 UID: 0 PID: 17362 Comm: syz.4.3463 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  729.385738][T17362] Tainted: [L]=SOFTLOCKUP
[  729.385742][T17362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  729.385750][T17362] Call Trace:
[  729.385755][T17362]  <TASK>
[  729.385760][T17362]  dump_stack_lvl+0xe8/0x150
[  729.385788][T17362]  should_fail_ex+0x412/0x560
[  729.385814][T17362]  _copy_from_iter+0x1d3/0x1670
[  729.385839][T17362]  ? rep_movs_alternative+0x4a/0x90
[  729.385866][T17362]  ? __pfx__copy_from_iter+0x10/0x10
[  729.385886][T17362]  ? sock_alloc_send_pskb+0x896/0x990
[  729.385911][T17362]  ? __pfx__copy_from_iter+0x10/0x10
[  729.385936][T17362]  ? page_copy_sane+0x16a/0x270
[  729.385962][T17362]  copy_page_from_iter+0xdd/0x170
[  729.385980][T17362]  skb_copy_datagram_from_iter+0x306/0x710
[  729.385998][T17362]  tun_get_user+0xc38/0x3dd0
[  729.386021][T17362]  ? aa_file_perm+0x192/0x15e0
[  729.386040][T17362]  ? aa_file_perm+0x50e/0x15e0
[  729.386054][T17362]  ? __pfx_tun_get_user+0x10/0x10
[  729.386068][T17362]  ? aa_file_perm+0x192/0x15e0
[  729.386084][T17362]  ? __lock_acquire+0x6b5/0x2cf0
[  729.386103][T17362]  ? ref_tracker_alloc+0x35c/0x4c0
[  729.386119][T17362]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  729.386136][T17362]  ? tun_get+0x1c/0x2f0
[  729.386154][T17362]  ? tun_get+0x1c/0x2f0
[  729.386168][T17362]  ? tun_get+0x1c/0x2f0
[  729.386183][T17362]  tun_chr_write_iter+0x113/0x200
[  729.386198][T17362]  vfs_write+0x61d/0xb90
[  729.386213][T17362]  ? __pfx_vfs_write+0x10/0x10
[  729.386228][T17362]  ? __fget_files+0x2a/0x420
[  729.386247][T17362]  ksys_write+0x150/0x270
[  729.386258][T17362]  ? __pfx_ksys_write+0x10/0x10
[  729.386271][T17362]  ? asm_int80_emulation+0x1a/0x20
[  729.386284][T17362]  do_int80_emulation+0x173/0x4d0
[  729.386295][T17362]  ? trace_irq_disable+0x3b/0x150
[  729.386309][T17362]  ? asm_int80_emulation+0x1a/0x20
[  729.386318][T17362]  ? clear_bhb_loop+0x40/0x90
[  729.386328][T17362]  ? clear_bhb_loop+0x40/0x90
[  729.386339][T17362]  asm_int80_emulation+0x1a/0x20
[  729.386349][T17362] RIP: 0023:0xf71a5cab
[  729.386360][T17362] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  729.386369][T17362] RSP: 002b:00000000f545d44c EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  729.386381][T17362] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000200
[  729.386388][T17362] RDX: 000000000000fef3 RSI: 0000000000000000 RDI: 0000000000000000
[  729.386394][T17362] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  729.386400][T17362] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  729.386406][T17362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  729.386419][T17362]  </TASK>
[  730.264726][T17370] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  730.284188][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  730.284206][   T30] audit: type=1326 audit(1773293665.894:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  730.467522][   T30] audit: type=1326 audit(1773293665.894:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7205cab code=0x7ffc0000
[  730.637336][   T30] audit: type=1326 audit(1773293665.894:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  730.661976][   T30] audit: type=1326 audit(1773293665.894:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  730.834709][   T30] audit: type=1326 audit(1773293665.894:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  730.999671][   T30] audit: type=1326 audit(1773293665.894:1951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  731.080425][   T30] audit: type=1326 audit(1773293665.894:1952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  731.125187][T17383] binder: 17381:17383 ioctl c00c620f 800001c0 returned -22
[  731.167904][   T30] audit: type=1326 audit(1773293665.894:1953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  731.288239][   T30] audit: type=1326 audit(1773293665.894:1954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  731.464489][   T30] audit: type=1326 audit(1773293665.894:1955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17364 comm="syz.5.3465" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  731.980908][ T5910] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  732.143188][ T5910] usb 4-1: Using ep0 maxpacket: 32
[  732.181637][   T24] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  732.190146][ T5910] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  732.210088][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.238007][ T5910] usb 4-1: config 0 descriptor??
[  732.270624][ T5910] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  732.343202][   T24] usb 6-1: config 0 has no interfaces?
[  732.350470][   T24] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  732.369874][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.420788][   T24] usb 6-1: config 0 descriptor??
[  732.648450][T17396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  732.666191][T17396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  732.781481][ T5910] gspca_vc032x: reg_r err -110
[  732.785008][   T24] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[  732.786927][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.805744][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.815118][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.830765][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.845169][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.864339][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.896407][T17414] netlink: 'syz.5.3473': attribute type 6 has an invalid length.
[  732.932581][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.940162][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.946079][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.952774][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.959284][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.968202][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.973925][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.976345][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  732.991738][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  732.999621][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  733.005443][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  733.007506][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  733.011009][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  733.028452][ T5910] gspca_vc032x: I2c Bus Busy Wait 00
[  733.037085][ T5910] gspca_vc032x: Unknown sensor...
[  733.044188][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  733.044595][ T5910] vc032x 4-1:0.0: probe with driver vc032x failed with error -22
[  733.094146][   T24] usb 8-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  733.126775][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.172118][   T24] usb 8-1: config 0 descriptor??
[  733.406356][   T24] usb 8-1: USB disconnect, device number 61
[  733.583713][T17422] FAULT_INJECTION: forcing a failure.
[  733.583713][T17422] name failslab, interval 1, probability 0, space 0, times 0
[  733.596849][T17422] CPU: 1 UID: 0 PID: 17422 Comm: syz.4.3481 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  733.596877][T17422] Tainted: [L]=SOFTLOCKUP
[  733.596883][T17422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  733.596894][T17422] Call Trace:
[  733.596901][T17422]  <TASK>
[  733.596909][T17422]  dump_stack_lvl+0xe8/0x150
[  733.596936][T17422]  should_fail_ex+0x412/0x560
[  733.596963][T17422]  should_failslab+0xa8/0x100
[  733.596983][T17422]  ? skb_clone+0x212/0x3a0
[  733.597000][T17422]  kmem_cache_alloc_noprof+0x87/0x650
[  733.597016][T17422]  ? lock_acquire+0xf0/0x2e0
[  733.597041][T17422]  skb_clone+0x212/0x3a0
[  733.597056][T17422]  ? dev_queue_xmit_nit+0x268/0xad0
[  733.597081][T17422]  dev_queue_xmit_nit+0x29a/0xad0
[  733.597106][T17422]  ? dev_queue_xmit_nit+0x2d/0xad0
[  733.597137][T17422]  dev_hard_start_xmit+0x1cf/0x870
[  733.597169][T17422]  __dev_queue_xmit+0x16d1/0x3890
[  733.597187][T17422]  ? do_fast_syscall_32+0x33/0x70
[  733.597212][T17422]  ? __dev_queue_xmit+0x277/0x3890
[  733.597244][T17422]  ? __pfx___dev_queue_xmit+0x10/0x10
[  733.597269][T17422]  ? __copy_skb_header+0xa3/0x4a0
[  733.597287][T17422]  ? __asan_memcpy+0x40/0x70
[  733.597301][T17422]  ? __skb_clone+0x63/0x7a0
[  733.597322][T17422]  ? __skb_clone+0x483/0x7a0
[  733.597350][T17422]  ? skb_clone+0x246/0x3a0
[  733.597369][T17422]  __netlink_deliver_tap+0x5ad/0x850
[  733.597404][T17422]  ? netlink_deliver_tap+0x2e/0x1b0
[  733.597430][T17422]  netlink_deliver_tap+0x19c/0x1b0
[  733.597454][T17422]  netlink_unicast+0x7e3/0x9b0
[  733.597484][T17422]  ? __pfx_netlink_unicast+0x10/0x10
[  733.597508][T17422]  ? netlink_sendmsg+0x650/0xb40
[  733.597529][T17422]  ? skb_put+0x11b/0x210
[  733.597559][T17422]  netlink_sendmsg+0x813/0xb40
[  733.597592][T17422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  733.597620][T17422]  ? aa_sock_msg_perm+0xf1/0x1b0
[  733.597645][T17422]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  733.597678][T17422]  ____sys_sendmsg+0x972/0x9f0
[  733.597705][T17422]  ? __pfx_____sys_sendmsg+0x10/0x10
[  733.597728][T17422]  ? kstrtoull+0x12f/0x1d0
[  733.597758][T17422]  ___sys_sendmsg+0x2a5/0x360
[  733.597782][T17422]  ? __pfx____sys_sendmsg+0x10/0x10
[  733.597803][T17422]  ? get_pid_task+0x20/0x1f0
[  733.597821][T17422]  ? get_pid_task+0x20/0x1f0
[  733.597835][T17422]  ? get_pid_task+0x20/0x1f0
[  733.597876][T17422]  ? __fget_files+0x2a/0x420
[  733.597914][T17422]  ? __fget_files+0x3a0/0x420
[  733.597946][T17422]  __sys_sendmsg+0x183/0x260
[  733.597964][T17422]  ? __pfx___sys_sendmsg+0x10/0x10
[  733.597998][T17422]  __do_fast_syscall_32+0x20d/0x640
[  733.598019][T17422]  ? do_fast_syscall_32+0x33/0x70
[  733.598037][T17422]  ? asm_int80_emulation+0x1a/0x20
[  733.598055][T17422]  ? do_int80_emulation+0x274/0x4d0
[  733.598072][T17422]  ? trace_irq_disable+0x3b/0x150
[  733.598102][T17422]  do_fast_syscall_32+0x33/0x70
[  733.598122][T17422]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  733.598143][T17422] RIP: 0023:0xf706ef6c
[  733.598159][T17422] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  733.598175][T17422] RSP: 002b:00000000f545d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  733.598196][T17422] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  733.598208][T17422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  733.598218][T17422] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  733.598227][T17422] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  733.598235][T17422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  733.598260][T17422]  </TASK>
[  734.009111][T17424] ip6gre4: entered promiscuous mode
[  734.025299][T17424] ip6gre4: entered allmulticast mode
[  734.198383][T17430] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3484'.
[  734.207823][T17430] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3484'.
[  734.244764][T17431] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  734.498763][   T24] usb 4-1: USB disconnect, device number 71
[  734.561943][ T5910] usb 8-1: new high-speed USB device number 62 using dummy_hcd
[  735.060687][ T5910] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  735.071693][ T5910] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  735.089554][ T5910] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  735.098740][ T5910] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  735.124156][  T797] usb 6-1: USB disconnect, device number 73
[  735.133631][ T5910] usb 8-1: Manufacturer: syz
[  735.178971][ T5910] usb 8-1: config 0 descriptor??
[  735.333679][T17449] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3487'.
[  735.344285][T17449] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3487'.
[  735.355313][T17449] netlink: 141 bytes leftover after parsing attributes in process `syz.3.3487'.
[  735.366775][T17449] PKCS8: Unsupported PKCS#8 version
[  735.404689][T17450] loop9: detected capacity change from 0 to 7
[  735.442815][T17450] Dev loop9: unable to read RDB block 7
[  735.463091][T17450]  loop9: unable to read partition table
[  735.486262][T17450] loop9: partition table beyond EOD, truncated
[  735.575546][T17450] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  735.824443][T17459] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3491'.
[  735.847457][ T5910] usbhid 8-1:0.0: can't add hid device: -71
[  735.858619][ T5910] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  735.907977][ T5910] usb 8-1: USB disconnect, device number 62
[  736.102029][T17462] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  736.319679][T17474] IPVS: set_ctl: invalid protocol: 92 100.1.1.2:20001
[  736.367841][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  736.367859][   T30] audit: type=1326 audit(1773293671.954:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  736.445915][   T30] audit: type=1326 audit(1773293671.954:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  736.754549][   T30] audit: type=1326 audit(1773293671.954:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71e5cab code=0x7ffc0000
[  736.851987][   T30] audit: type=1326 audit(1773293671.954:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  737.160688][   T30] audit: type=1326 audit(1773293672.014:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  737.230604][   T30] audit: type=1326 audit(1773293672.014:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=180 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  737.529135][   T30] audit: type=1326 audit(1773293672.014:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  737.836695][   T30] audit: type=1326 audit(1773293672.024:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  737.870969][   T30] audit: type=1326 audit(1773293672.024:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  737.920647][   T24] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  737.942073][   T30] audit: type=1326 audit(1773293672.024:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17464 comm="syz.0.3494" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  738.060496][   T24] usb 4-1: device descriptor read/64, error -71
[  738.067338][T17489] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3499'.
[  738.302874][   T24] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  738.360474][  T797] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  738.463815][   T24] usb 4-1: device descriptor read/64, error -71
[  738.490447][  T797] usb 1-1: device descriptor read/64, error -71
[  738.571048][   T24] usb usb4-port1: attempt power cycle
[  738.739230][  T797] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  738.940614][  T797] usb 1-1: device descriptor read/64, error -71
[  738.980470][   T24] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  739.023509][   T24] usb 4-1: device descriptor read/8, error -71
[  739.069327][  T797] usb usb1-port1: attempt power cycle
[  739.181797][T17509] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3504'.
[  739.191308][T17509] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3504'.
[  739.270591][   T24] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  739.318104][   T24] usb 4-1: device descriptor read/8, error -71
[  739.437423][   T24] usb usb4-port1: unable to enumerate USB device
[  739.451751][  T797] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  739.464577][T17517] netlink: 'syz.4.3508': attribute type 1 has an invalid length.
[  739.481311][  T797] usb 1-1: device descriptor read/8, error -71
[  739.565574][T17517] bond3: entered promiscuous mode
[  739.662856][T17517] bond3: entered allmulticast mode
[  739.676173][T17517] 8021q: adding VLAN 0 to HW filter on device bond3
[  739.757692][T17520] erspan1: entered allmulticast mode
[  739.763143][  T797] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  739.776470][T17520] bond3: (slave erspan1): making interface the new active one
[  739.795617][T17520] erspan1: entered promiscuous mode
[  739.839412][  T797] usb 1-1: device descriptor read/8, error -71
[  739.846680][T17520] bond3: (slave erspan1): Enslaving as an active interface with an up link
[  739.951001][  T797] usb usb1-port1: unable to enumerate USB device
[  740.479709][T17531] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3511'.
[  740.481124][T17520] syz.4.3508 (17520) used greatest stack depth: 18656 bytes left
[  740.584440][T17533] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3512'.
[  740.618810][T17533] ip6gre3: entered promiscuous mode
[  740.630586][T17533] ip6gre3: entered allmulticast mode
[  741.726894][T17566] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3523'.
[  742.088160][T17571] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3524'.
[  742.287534][T17574] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3525'.
[  742.700922][T17589] FAULT_INJECTION: forcing a failure.
[  742.700922][T17589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  742.740503][T17589] CPU: 1 UID: 0 PID: 17589 Comm: syz.7.3533 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  742.740532][T17589] Tainted: [L]=SOFTLOCKUP
[  742.740539][T17589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  742.740549][T17589] Call Trace:
[  742.740557][T17589]  <TASK>
[  742.740565][T17589]  dump_stack_lvl+0xe8/0x150
[  742.740596][T17589]  should_fail_ex+0x412/0x560
[  742.740624][T17589]  _copy_from_user+0x2d/0xb0
[  742.740651][T17589]  mptcp_setsockopt+0x20ce/0x36a0
[  742.740769][T17589]  ? aa_sk_perm+0x6d5/0x900
[  742.740789][T17589]  ? __pfx_mptcp_setsockopt+0x10/0x10
[  742.740822][T17589]  ? kmem_cache_free+0x187/0x630
[  742.740847][T17589]  ? aa_sock_opt_perm+0xff/0x1a0
[  742.740870][T17589]  ? sock_common_setsockopt+0x36/0xc0
[  742.740893][T17589]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  742.740916][T17589]  do_sock_setsockopt+0x17c/0x1b0
[  742.740947][T17589]  __ia32_sys_setsockopt+0x13d/0x1b0
[  742.740978][T17589]  __do_fast_syscall_32+0x20d/0x640
[  742.740998][T17589]  ? do_fast_syscall_32+0x33/0x70
[  742.741014][T17589]  ? asm_int80_emulation+0x1a/0x20
[  742.741032][T17589]  ? do_int80_emulation+0x274/0x4d0
[  742.741049][T17589]  ? trace_irq_disable+0x3b/0x150
[  742.741078][T17589]  do_fast_syscall_32+0x33/0x70
[  742.741095][T17589]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  742.741116][T17589] RIP: 0023:0xf7fe2f6c
[  742.741133][T17589] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[  742.741149][T17589] RSP: 002b:00000000f54a650c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  742.741169][T17589] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[  742.741181][T17589] RDX: 0000000000000025 RSI: 0000000080000040 RDI: 0000000000000004
[  742.741193][T17589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  742.741204][T17589] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  742.741215][T17589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  742.741242][T17589]  </TASK>
[  743.224509][T17608] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3536'.
[  743.340661][T17612] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3538'.
[  743.509182][ T5917] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  743.741905][ T5917] usb 1-1: Using ep0 maxpacket: 32
[  743.771678][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  743.829855][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  743.890214][ T5917] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  743.987895][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.025538][T17597] syz.4.3530 (17597): drop_caches: 2
[  744.034178][ T5917] usb 1-1: config 0 descriptor??
[  744.511075][ T5917] ft260 0003:0403:6030.0016: unknown main item tag 0x0
[  744.601071][ T5917] ft260 0003:0403:6030.0016: unknown main item tag 0x0
[  744.716795][ T5917] ft260 0003:0403:6030.0016: chip code: 0000 0000
[  744.923282][ T5917] ft260 0003:0403:6030.0016: failed to retrieve system status
[  744.938432][ T5917] ft260 0003:0403:6030.0016: probe with driver ft260 failed with error -71
[  745.094553][ T5917] usb 1-1: USB disconnect, device number 76
[  745.840459][ T5917] usb 8-1: new high-speed USB device number 63 using dummy_hcd
[  745.956176][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  745.968996][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  745.982356][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  746.005585][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  746.010527][ T5917] usb 8-1: Using ep0 maxpacket: 32
[  746.022310][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  746.032121][ T5917] usb 8-1: unable to get BOS descriptor or descriptor too short
[  746.115666][ T5917] usb 8-1: New USB device found, idVendor=08e4, idProduct=017f, bcdDevice= 0.40
[  746.131003][ T5917] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.154321][ T5917] usb 8-1: Product: syz
[  746.170855][ T5917] usb 8-1: Manufacturer: syz
[  746.181159][ T5917] usb 8-1: SerialNumber: syz
[  746.651883][ T5917] usb 8-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  746.693050][ T5917] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  746.866242][ T5917] snd-usb-audio 8-1:1.0: probe with driver snd-usb-audio failed with error -71
[  746.984835][ T5917] usb 8-1: USB disconnect, device number 63
[  746.992944][   T24] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  747.021158][T14050] syz_tun (unregistering): left allmulticast mode
[  747.061209][T16991] udevd[16991]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  747.178325][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  747.185522][   T24] usb 4-1: device descriptor read/64, error -71
[  747.192729][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  747.405667][T17686] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3559'.
[  747.450803][   T24] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  747.473807][ T5917] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  747.507153][T16079] ==================================================================
[  747.515265][T16079] BUG: KASAN: slab-use-after-free in nf_hook_entry_head+0x1f1/0x2c0
[  747.519846][T17663] chnl_net:caif_netlink_parms(): no params data found
[  747.523348][T16079] Read of size 8 at addr ffff8880353c8108 by task kworker/u8:4/16079
[  747.523365][T16079] 
[  747.523377][T16079] CPU: 0 UID: 0 PID: 16079 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  747.523399][T16079] Tainted: [L]=SOFTLOCKUP
[  747.523405][T16079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  747.523417][T16079] Workqueue: netns cleanup_net
[  747.523444][T16079] Call Trace:
[  747.523458][T16079]  <TASK>
[  747.523465][T16079]  dump_stack_lvl+0xe8/0x150
[  747.523490][T16079]  print_report+0xba/0x230
[  747.523545][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  747.523570][T16079]  kasan_report+0x117/0x150
[  747.523592][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  747.523619][T16079]  nf_hook_entry_head+0x1f1/0x2c0
[  747.523642][T16079]  __nf_unregister_net_hook+0x74/0x6f0
[  747.523668][T16079]  ? __pfx_nf_flow_table_offload_setup+0x10/0x10
[  747.523774][T16079]  nf_tables_pre_exit_net+0x64a/0x900
[  747.523852][T16079]  ops_undo_list+0x187/0x940
[  747.523877][T16079]  ? __pfx_ops_undo_list+0x10/0x10
[  747.523901][T16079]  ? idr_destroy+0x218/0x290
[  747.523955][T16079]  ? do_raw_spin_unlock+0xf5/0x210
[  747.523971][T16079]  cleanup_net+0x56b/0x800
[  747.523990][T16079]  ? __pfx_cleanup_net+0x10/0x10
[  747.524012][T16079]  ? process_scheduled_works+0xa25/0x1830
[  747.524033][T16079]  ? process_scheduled_works+0xa25/0x1830
[  747.524054][T16079]  process_scheduled_works+0xb02/0x1830
[  747.524086][T16079]  ? __pfx_process_scheduled_works+0x10/0x10
[  747.524109][T16079]  ? assign_work+0x3d5/0x5e0
[  747.524130][T16079]  worker_thread+0xa50/0xfc0
[  747.524160][T16079]  kthread+0x388/0x470
[  747.524177][T16079]  ? __pfx_worker_thread+0x10/0x10
[  747.524197][T16079]  ? __pfx_kthread+0x10/0x10
[  747.524214][T16079]  ret_from_fork+0x51e/0xb90
[  747.524236][T16079]  ? __pfx_ret_from_fork+0x10/0x10
[  747.524256][T16079]  ? __switch_to+0xc7d/0x1450
[  747.524276][T16079]  ? __pfx_kthread+0x10/0x10
[  747.524293][T16079]  ret_from_fork_asm+0x1a/0x30
[  747.524323][T16079]  </TASK>
[  747.524330][T16079] 
[  747.727055][T16079] Allocated by task 5809:
[  747.731484][T16079]  kasan_save_track+0x3e/0x80
[  747.736506][T16079]  __kasan_slab_alloc+0x6c/0x80
[  747.741442][T16079]  kmem_cache_alloc_node_noprof+0x384/0x690
[  747.747327][T16079]  __alloc_skb+0x27d/0x7d0
[  747.751745][T16079]  tcp_stream_alloc_skb+0x3f/0x580
[  747.756849][T16079]  tcp_sendmsg_locked+0x1375/0x5490
[  747.762057][T16079]  tcp_sendmsg+0x2f/0x50
[  747.766287][T16079]  sock_write_iter+0x406/0x4f0
[  747.771133][T16079]  vfs_write+0x61d/0xb90
[  747.775367][T16079]  ksys_write+0x150/0x270
[  747.779683][T16079]  __do_fast_syscall_32+0x20d/0x640
[  747.784873][T16079]  do_fast_syscall_32+0x33/0x70
[  747.789716][T16079]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  747.796039][T16079] 
[  747.798351][T16079] Freed by task 5809:
[  747.802314][T16079]  kasan_save_track+0x3e/0x80
[  747.807017][T16079]  kasan_save_free_info+0x46/0x50
[  747.812037][T16079]  __kasan_slab_free+0x5c/0x80
[  747.816792][T16079]  kmem_cache_free+0x187/0x630
[  747.821550][T16079]  skb_release_data+0x6c3/0x940
[  747.826396][T16079]  __kfree_skb+0x5d/0x210
[  747.830719][T16079]  tcp_ack+0x2826/0x7da0
[  747.834950][T16079]  tcp_rcv_established+0x1478/0x2740
[  747.840233][T16079]  tcp_v4_do_rcv+0xa90/0x1430
[  747.844924][T16079]  __release_sock+0x265/0x3a0
[  747.849598][T16079]  release_sock+0x5f/0x1f0
[  747.854006][T16079]  tcp_sendmsg+0x39/0x50
[  747.858326][T16079]  sock_write_iter+0x406/0x4f0
[  747.863092][T16079]  vfs_write+0x61d/0xb90
[  747.867410][T16079]  ksys_write+0x150/0x270
[  747.871738][T16079]  __do_fast_syscall_32+0x20d/0x640
[  747.876935][T16079]  do_fast_syscall_32+0x33/0x70
[  747.881866][T16079]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  747.888193][T16079] 
[  747.890507][T16079] The buggy address belongs to the object at ffff8880353c8000
[  747.890507][T16079]  which belongs to the cache skbuff_small_head of size 704
[  747.905080][T16079] The buggy address is located 264 bytes inside of
[  747.905080][T16079]  freed 704-byte region [ffff8880353c8000, ffff8880353c82c0)
[  747.919048][T16079] 
[  747.921364][T16079] The buggy address belongs to the physical page:
[  747.927808][T16079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x353c8
[  747.936586][T16079] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  747.945070][T16079] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  747.952607][T16079] page_type: f5(slab)
[  747.956766][T16079] raw: 00fff00000000040 ffff888140ec0b40 dead000000000100 dead000000000122
[  747.965363][T16079] raw: 0000000000000000 0000000800130013 00000000f5000000 0000000000000000
[  747.973959][T16079] head: 00fff00000000040 ffff888140ec0b40 dead000000000100 dead000000000122
[  747.982639][T16079] head: 0000000000000000 0000000800130013 00000000f5000000 0000000000000000
[  747.991341][T16079] head: 00fff00000000002 ffffea0000d4f201 00000000ffffffff 00000000ffffffff
[  748.000022][T16079] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  748.008676][T16079] page dumped because: kasan: bad access detected
[  748.015122][T16079] page_owner tracks the page as allocated
[  748.020833][T16079] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 0, tgid 0 (swapper/1), ts 718290442195, free_ts 687052733153
[  748.042366][T16079]  post_alloc_hook+0x231/0x280
[  748.047133][T16079]  get_page_from_freelist+0x24dc/0x2580
[  748.052674][T16079]  __alloc_frozen_pages_noprof+0x18d/0x380
[  748.058469][T16079]  allocate_slab+0x77/0x660
[  748.062969][T16079]  refill_objects+0x331/0x3c0
[  748.067639][T16079]  __pcs_replace_empty_main+0x2f9/0x5e0
[  748.073176][T16079]  kmem_cache_alloc_node_noprof+0x441/0x690
[  748.079073][T16079]  __alloc_skb+0x27d/0x7d0
[  748.083479][T16079]  ndisc_alloc_skb+0x9f/0x480
[  748.088149][T16079]  ndisc_send_rs+0x2b5/0x630
[  748.092825][T16079]  addrconf_rs_timer+0x395/0x6d0
[  748.097763][T16079]  call_timer_fn+0x192/0x640
[  748.102349][T16079]  __run_timer_base+0x652/0x8b0
[  748.107188][T16079]  run_timer_softirq+0xb7/0x170
[  748.112025][T16079]  handle_softirqs+0x22a/0x870
[  748.116964][T16079]  __irq_exit_rcu+0x5f/0x150
[  748.121549][T16079] page last free pid 16553 tgid 16553 stack trace:
[  748.128033][T16079]  __free_frozen_pages+0xc2b/0xdb0
[  748.133164][T16079]  __slab_free+0x263/0x2b0
[  748.137586][T16079]  qlist_free_all+0x97/0x100
[  748.142164][T16079]  kasan_quarantine_reduce+0x148/0x160
[  748.147613][T16079]  __kasan_slab_alloc+0x22/0x80
[  748.152454][T16079]  kmem_cache_alloc_noprof+0x2bc/0x650
[  748.157900][T16079]  do_getname+0x2e/0x250
[  748.162135][T16079]  __se_sys_chdir+0x8d/0x2a0
[  748.166712][T16079]  __do_fast_syscall_32+0x20d/0x640
[  748.171895][T16079]  do_fast_syscall_32+0x33/0x70
[  748.176729][T16079]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  748.183049][T16079] 
[  748.185358][T16079] Memory state around the buggy address:
[  748.190972][T16079]  ffff8880353c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  748.199030][T16079]  ffff8880353c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  748.207174][T16079] >ffff8880353c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  748.215219][T16079]                       ^
[  748.219532][T16079]  ffff8880353c8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  748.227578][T16079]  ffff8880353c8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  748.235621][T16079] ==================================================================
[  748.250861][   T24] usb 4-1: device descriptor read/64, error -71
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  748.259784][ T5917] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  748.271196][ T5835] Bluetooth: hci1: command tx timeout
[  748.287138][T16079] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  748.294377][T16079] CPU: 1 UID: 0 PID: 16079 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  748.305939][T16079] Tainted: [L]=SOFTLOCKUP
[  748.310278][T16079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[  748.320382][T16079] Workqueue: netns cleanup_net
[  748.325192][T16079] Call Trace:
[  748.328491][T16079]  <TASK>
[  748.331421][T16079]  vpanic+0x56c/0xa60
[  748.335403][T16079]  ? __pfx_vpanic+0x10/0x10
[  748.339907][T16079]  panic+0xc5/0xd0
[  748.343622][T16079]  ? __pfx_panic+0x10/0x10
[  748.348037][T16079]  ? preempt_schedule_thunk+0x16/0x30
[  748.353414][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  748.358608][T16079]  ? preempt_schedule_thunk+0x16/0x30
[  748.364004][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  748.369195][T16079]  check_panic_on_warn+0x89/0xb0
[  748.374132][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  748.379342][T16079]  end_report+0x73/0x180
[  748.383577][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  748.388766][T16079]  kasan_report+0x128/0x150
[  748.393264][T16079]  ? nf_hook_entry_head+0x1f1/0x2c0
[  748.398469][T16079]  nf_hook_entry_head+0x1f1/0x2c0
[  748.403493][T16079]  __nf_unregister_net_hook+0x74/0x6f0
[  748.408959][T16079]  ? __pfx_nf_flow_table_offload_setup+0x10/0x10
[  748.415278][T16079]  nf_tables_pre_exit_net+0x64a/0x900
[  748.420649][T16079]  ops_undo_list+0x187/0x940
[  748.425246][T16079]  ? __pfx_ops_undo_list+0x10/0x10
[  748.430388][T16079]  ? idr_destroy+0x218/0x290
[  748.434994][T16079]  ? do_raw_spin_unlock+0xf5/0x210
[  748.440101][T16079]  cleanup_net+0x56b/0x800
[  748.444516][T16079]  ? __pfx_cleanup_net+0x10/0x10
[  748.449449][T16079]  ? process_scheduled_works+0xa25/0x1830
[  748.455160][T16079]  ? process_scheduled_works+0xa25/0x1830
[  748.460872][T16079]  process_scheduled_works+0xb02/0x1830
[  748.466432][T16079]  ? __pfx_process_scheduled_works+0x10/0x10
[  748.472417][T16079]  ? assign_work+0x3d5/0x5e0
[  748.476998][T16079]  worker_thread+0xa50/0xfc0
[  748.481586][T16079]  kthread+0x388/0x470
[  748.485662][T16079]  ? __pfx_worker_thread+0x10/0x10
[  748.490766][T16079]  ? __pfx_kthread+0x10/0x10
[  748.495355][T16079]  ret_from_fork+0x51e/0xb90
[  748.499944][T16079]  ? __pfx_ret_from_fork+0x10/0x10
[  748.505057][T16079]  ? __switch_to+0xc7d/0x1450
[  748.509730][T16079]  ? __pfx_kthread+0x10/0x10
[  748.514313][T16079]  ret_from_fork_asm+0x1a/0x30
[  748.519076][T16079]  </TASK>
[  748.522373][T16079] Kernel Offset: disabled
[  748.526698][T16079] Rebooting in 86400 seconds..