last executing test programs:

25m26.808896859s ago: executing program 2 (id=58):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vcsn(&(0x7f0000000300), 0x4000000000d, 0x616046)
connect$caif(r2, &(0x7f0000000240)=@dbg={0x25, 0x9, 0x7}, 0x18)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$SG_GET_COMMAND_Q(r3, 0x2270, &(0x7f00000003c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980)="475a251bdb1e4c", 0x7, 0xfffffffffffffffb)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, &(0x7f0000000000)="8740468e16ee481c9437ab003a514d34", 0x10)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="e4836d513bcab6b90efd3ebcdfc597b9a7e727a3ece8daadf4b04a69b21dfd745934e8870086d4dcd91c1c9a69f5d303d175b4bcc0da016fb4be47336b3557b59b09b0bce1bace8b3eb86e9f3e3b4244a7bd9bad12f2ae80c3f5a6a08634b6f70ef4d694f97312f472beb24c47fbd19e9e7b2b8c851592d64758d2ff1ac341f208c6d28c62c00052de2165ad", 0x8c}], 0x1}, 0x34008880)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000440)="660f388173ab07c76fb0360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f3881770036c5b0de0cd6dd", 0x37}], 0x1, 0x51, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x80000001, @loopback, 0x4}, 0x1c)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fdd000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r8, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x1000, {0x3}}})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
keyctl$update(0x2, r4, &(0x7f0000000000)="11868a0fceae284c0000000100000010", 0x10)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0)
r9 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f0000000280)={0x0, 0x4}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000001100)=ANY=[@ANYBLOB="b7020000c54a4530bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b706000008ffffffcf6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a1a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895c679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2dff0f000000000000bf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d120ea257bba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f2cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2bc30a96767f500b9e26e3b12854da63083320d8bfe49d85e0842803dc59d6375bce2b8a93caf39c0ba767880b9bf9407e6a6c0f9a43d1ab51dabf9423b482e848fbe1653ff0c6161fa43543546ce17a42e6cddadaf0767d84407478ffe2d0b567d81201efc81e800d4c0874235ff5cd7f5f0ee71cc2b0193bfc9290627ceaeb0b02931a817688f3a51fa2861e70cbab50a5d434ed8d8841694dba46f3d5a95ae86e4d471684ccf427b2ba53a157b2a7cf7a4c10051bb77822190a14c2ab1f271a7cf9c240b99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
socket$can_bcm(0x1d, 0x2, 0x2)

25m24.396960621s ago: executing program 2 (id=63):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/18, @ANYRES32=r2, @ANYBLOB="0000000300004a641c0012000c"], 0x3c}}, 0x0)

25m23.986982462s ago: executing program 2 (id=64):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a64000000060a0b0400000000000000000200000038000480340001800900010068617368000000002400028008000440ffffffff0800064000000008080007400000002108000240000000170900010073797a30000000000900020073797a32"], 0x8c}}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f00000002c0)=@svm={0x100, 0x1, 0x1080, {0xdddd1000}, {"0cb5685ff980c5b98087222c786bc3aca061ea99ab3afdf21ceea0b5cf33862aabe96b77dc9a541580aaf9672ac4c19b093f75a66c81475db70cca1bb5b980ca0038dedcd2ccd5841ba801b9e383bfe0addd0e79d7862f8e167010661439bb9ac4151bc4a7e613360913ea14ffe535c59685d6a5ac1fe73f6f8542d444f349a7bbd5fc72bea9d2cf568488b337f2f52881ec196f0f9817f3a30269fac01405b0edf0e05ca6c4f42c0d8d3951577974411a4d68e5332870e34939d98b6de9a2d1244085ab55adc0b52083d8bbe9105930aa20a659b9655c2cb7134903c6c9b85abfa5615d5a9bc584a70af8e4620aa92dd4b838e66012be7bc5ef293b24499c51e1bc3ef23db21a8261873aefac77bac16417bdb2df4b3b02bca4b689eadec6a4ff9ec62ac737a21b577c6d0462db291b28b4ad024d927ce999bec9c80f221e6e9656b9006d955df296475d58f5ed5249959c3865b1347abf452d0e8d09bb17c2a45ec473756f294566b62c437ec0efcef531f73204da3ba746c40ae433d0556b67b8e706463e4e13581dab8b05f417dea2858afb22b6cbf29576e474c6e9561601b22ff21413a93110d44295b40a01e555cac0f0d195a64598fb70fc374890bdbf0be4522aa22956cfcff7e43aa65411fa79d241e7b19b790d972b5d504617fc9f82044843ec7df61de35b81e5f163bf263650da61e1013f276ddb71638363978b6f842704711e5a27dd52753b72c0394f615f9b090fad5af4af187634eff8c0c0d7ad270763712dc967bdebef62cf5493c919173d18ae2bcb5707a848264aa35f88b3e27266615a39463fdb839d612a900a94a66e5327c433a2d5bfb9fb0b5efffdfc31e576edfa46675986f9cd68b8248ef76fad73624634076cfc7704eb9ab861a8d3cd58f0bc513f2c35a9f46c5eaadd5f54888e9b05202339604585be181780615cc7f73be69a972fc7f785ca04f3102b077944a1c0a2213b57ce70a4c6fb718f67d6e5cbaf58831070e16c0e274395b0907212e298db11a33bd8834e10e7f7eb91eab981f2fd964b6350466f98e8b8f114e05ae020f986de1b96eaa250b00793f79f550d0ecd60bf33ead7c47de4f354b74f755468940168c05ede43e579d50cb549cac4cedecd6a01868d1fa2e16630678c63902940136a83b5a8bc8ffaf52674b2039d5636c33b69b3f2531e5c976f14f531e1264a6282642520ee43e7cefdd25989d5884b6d92823673bc6f76bcb0db7d2178aa9efdf14465bf716757ebb9bfa6508eb9c3a10cced8a120144e6663f6654a42897a1b073b58c76303b564ddcdeae581324d7d7c2e4d98ce54b54fe5129141b78114a82439830f486e62b883a176a3890877ce65b918bd3f9af8f2a39341118c11746367444037d776e02a9cf7cfc0263bb5869da82ff062f09571f20e48b6ab1769e20b114ca65c704b18ab06278a8cf0f43b1b932698d0f71b71f7658c459ba60a3d5cf67b7b958489c9467e5a78cb23378be6a266b3ef3e5f4c17f366e543d166092bbb489e8abf24e6ae73530959ad0c9b9450751868e3c54acf8755b442c4c311349fed1789df8de0bf7485138b09039dd7bed6e6593ea4466907e106e3ca3864e4c6712e347d4723e4b73fef4e42125ce8e1a6351405317102f6d7557b5a10ca4a54f522447f9c0248d65cc6a57ccfbaf68bd8b9f2f30d490b4c2012a9b4d5233d352959f7ce52b181ca887f3bfde96e2f1d06ecc86dfd5a273114d8e9be0fe3cbddbe0357f8fba0c671ec32cdde51a0991039ad968253407e24866ac6465eeee7e32eee087971f6ceba05839c46ae98a9039717ab5081761f244ac94b2e123093e903cb5fcc68abd8ce4a57f5f3291bae3e6289a3d8193a59b8913c11a735dac7be26b5c3d7354bdd02ade7d74168b26d7b01b736727816fb8fcd342a5334ebb72b3b176918eb58416edd63c20f2482441f77b2946dd2e2980ee9d97b200a6c5d369c1acbd314b0fbb3d1a5d5c197a2666a5491d116e3778b701bcf188f557de09d8963c40efa58e5b5f974abb11d4b33fe464941a0170b163e073dedefde521e1bacc7fcd9c10a1b64d5f69bf52267a573a9e6c96d8a028cfeec012adafbdbb294dd78531f58b619ce81a391ac5f1bb1a37ede17a65e5f962bbc2ebb48f958dbf1d89cb04be6310d6909079d13c4da1d357bfd42bec9560960fbbd04b1eed2d22d13df850d08041895c7d4d1c2fd77e9aba7436657bf0c3e1adfd6686957905fef753a008303b6312979b777c62ed383f6af89a55948285925b858fe402373c3ba225d28818a241c231a59241f8f507eddc40c0f8589e3bdceb47909cc4d8179c09b0c361d361860f287b5fdb3abf00fc4e98c592a202ca4629815773ccbc25dae08de50f6fd91ebdf7a757c252beacd55b6f2468959cadf3a693b386fc352eb2115d028ce81d6809c519346f18cb611f5010606a1202b11fd6bb9c0d359062d17a2dd6310916fbacbed3a433c36e3bc59c9f17d85905aadf024fdfda176aa70a7c5c35db4a8a736f3f261aa8b02efe4b4abca90be95f17d2d7bb2bc72370110468e73cb946f4b2192df37baed1f1ef0d819db4c836730352c6eb192e1a5c854a7aeff3b61f8857e2b4cadb4b909f0a0989c0cbc53c381dab8943ffed6b515b6b1e5b803165017e25fa9559eadd9cd775ad1cdada9f8a94867ec6588364f223981a923d8773062b10725aa6d32e7fbc0db4a3ee5505890d1f22f985c338e72af3679ad638e76fe2e514a7056dfee383e5e653f50c90df821b913a4c8b110e316096d200a32e29b38bd9e2c4b5df2087262d3a93efab019e56976ccb3515de9edae10cdda1b521cdee2a2407b5875bf7182a873f446881cdfd59b06ca98b9168146bd8d0078dd7610a765d0af1aedaaa8b7f0076375c0bfe53e30df5089dd210b917ca7a352c8b156532416a7dedadc74b92d58e05697fc4a0d930a11b6c8d2b2cd516dfba53a80feb7d0ff5df2fc576bd386c6a599c18eb13a5a07f5ad12e5e179354d57a385d1eae3bf3153c2b1d24b32af2876cc6d5978dd1cad068d80abfa8a3a57dbb5ad113f103bbe2885ae39cde1c50f7a97846f7d91de8e13c4c347ea36154ac2e80689b94aa9a65f8a0711695ebf1f06acb6cf23e7aa49b07a53b2f261bc8ec1dbed291b3b1337c458018ec1da157ca594159f69ed36a7f998df6bc80d6e0ac77513110b6d1e73805f416dadd73a69f8fa47f67e77f7197d461bd36d7a61f969f1d874fb5a4a182bf683876c383804165942bdb17ae29e3f726cd9cbbe8718d5e44b405b36d277d0dd40ef170d978249c37ddaaec10ce5e900e408f31697916871c551c83848d6464899852c7bbfcff28c00e77123b5cda1d49c6dfe3196e47a4e41f882a39b0592f89df79a8c43c50bed9503ff66967ba48ac3c219d9a57abce5188feb5715d79b26ab7084146687da42e6e33dadc2ce9fcd4d03e17ce00071721c029bc93e93481db563df8742d29e866ae0414d8aa77d14a0bec34f16c23656c4982fcc3c49f68a48ca0dc42e6a37ba84369108a19b6e137a3b106afdedf3d6f7c6a78f97a3d9e1939f46134c535a1f05e5033a067ba70ed1f0a327849ef86ef87548c8e74ef96b7f5931d3b9b2c276e9fa2d0eff13c93bd99991d9584336f8f57b7a4fa62efb317bdf3b9f68c61386fe31aad10385c82ec72e9d27db719d9bdf5cbd5102873d5fbf558a9b8a8bd8f18ea427633e126f005f1bcbe909bf47cf02108ed6f364e78f7f4524ee39fa593b0d2636b283ec8e701aa9881634e617d49eeb56237c3e597e66387b473286d054e1629c7e61278d64f95d3ed681612d14c2e49b0eac1fc09b25b9d66743859a3301cd3cf5d133415b0397dd15d49975235754c4017fdd692fe7ebf072778d8fa4b03c764b7a43d676364354471b0920e4cbc447cdc6c9211d4c481cd579788578467457861eab689c287ed55c5e0f3c60a9bf30ade16506ae1f3b4f63468b4bae3e1c5cf21298c94d1d72baee617b8db0a005354146c36bcaca9a73a655fed84b985e68b1f69fc6da9c43ecaaa92f3b27980a9ec94483e5099b7405d891d36be4915ed4b46a7fce58322dd0ec95f37cb0658aff727b6908f388cb5304ed20198a8cb38a717433d754684b03ac070edfa57b685d082954c9cf5f31b61f997eaa95ae4dac6308653e3e865a4e12d89af895a5a99ae455a86f27ea25d9fda573ed2dfb340850db4ef45d0924eb6d4bbed4db2b8371d8fa642cde529d2420dbe0870a2756ba5b7d24672df101c596ed3372a7339c948c23166982e7ba57bbcff54c06c80971099b65976f202dc5fcd6eaeaa27ae13e951966c81d000805172efc95a641eb0dbb555f7aa76ce38a66267de20f476de9993c082311172a36e958983512e6320dd7dcb5d6e605da04719449d4cf1240ee0054d0815a79e35739fd044f410d9c44a444ec92b7fa3f9c89778942645ada26bc0364ea4eb26300899e586a66ab9398fe8544a5e28c19a4ab4724190e050703309f70645233a3ea6b721b95ddd62539618ef18290fdfd59929136198af26b9eaeeb45c4fe9411f5d89db08c863acd0dd8f7c5a9ce42b50fe3bced42f03d8a0afbb5c3dd73a22d132467a4f9e1026236f4c489d44688dbb35807f3b425f57e7a3799d7a2ce656d48f71cbd87540acf1bf6b3b07b63e02591d81cfc090fea63171d285b01bd28f6950882701dec70b7d60fc95ac2ccb4dd1ddab1a320edfb06ed8c98bf8e61935d5601f3b621924bbeb864dc127f59546c7251f3787d00d62dffd3a1fdd2232e21b07ee919c11a4469c60cabbc6ca9d84f40b5493a64f9003e49260a4b9bb1f24aa2e315c2388081b7cd3854ccb108c16d5262052b080b6ce1d4dfc1f00f6f7c00bffaa92070b26d6eb8f9d0654a0196204d949bad422ee775ee7ee573fb1e0502d6eb65fd1babe8c620092dba9ef62b64fd8bcc1a61f110393f884200b8319a96bafd03d677cfa3c7fb7e2e8d1845bfa6da1a33464a75495f6a5f498e5834783efa4cd7b1886372a1e2829cd7152928b47f209214532dfea4b4709e23d86588b922364b09290543f3b4f26c1db90ae11464e0c6564c496fe190d073f6381469d8fef9ba38ae4744b5616ab100ec806258f34335665e542edf4adc7a46946614ac274247407e450947369a39386cf351f31e8669d4bc3cfc83ffe07374d96db1dd666eb2dfe0a6e50ef99e8684f207957db0c960f7d17fed6a50094178dec933f757aafb3a3eee3d79b8b09598d61449817254447ef082f25c6e0cca51c0c4e5ee5a4b98ebee50ca2c1a336a772af65ea28c4d74a76176850f82236d1809505a2cee9be337810c84a938c4cde7e2444a3f4102211ce57dd6a7f89aef93df4be9a9124c36c924209b83c1f951cb1f5632d2d18c83f03b7ace1150cdc861d6aa3a1e8d1dd11e9b8dfa0b7dab3547f21a1b979cdf238ef9678f4dee69b549915c38f438cb85c0384faba6d6545a483dc1ef1d3105ec6f5ea3c6beedfa4153cf52edab501000bdbb68234ad5fe8cf5a9758ba584443e514f69a820655ff63bf595eae6fca1f787c12cf4d292c93a35408e4bcfb81812d3ccdbacd29b915e15e68565eb7fa47f818a1d3ea6cf2d1cc0d13335a5494b23783b141c3c4d59ae68bb0536f9ff5b6d059934ecb96919c936fb981325a3a385fde5ef8e1453247e06291d400185a110ac28e22d5248d7f01f21cabdad8ff3c7eb42eded5889f9b5dc565e450a39eb2291ce52ec8ea1c9003995766c363eaefa79f70b"}})
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pipe2(&(0x7f0000000440)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80000)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
sendfile(r0, r2, 0x0, 0x10ffff)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, 0x0)
r5 = socket$inet_sctp(0x2, 0x800000000000001, 0x84)
sendto$inet(r5, &(0x7f0000a34fff)='H', 0x1, 0x4000000000000000, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10)

25m20.872944641s ago: executing program 2 (id=72):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x8, 0x40, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f00000000c0)={0x0, 0xf})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000800)={'syzkaller0\x00'})
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x6686, 0x800, 0x2, 0x12e}, &(0x7f0000000400)=<r8=>0x0, &(0x7f00000000c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r10 = syz_io_uring_setup(0x890, &(0x7f0000000500)={0x0, 0xaee3, 0x800, 0xffffffff, 0xbfe00000, 0x0, r7}, &(0x7f0000000000)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r10, 0x47f6, 0x0, 0x2, 0x0, 0x300)
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)

25m20.240743181s ago: executing program 2 (id=76):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000aac0f"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

25m19.875941178s ago: executing program 2 (id=77):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xb, 0x8000000000000000, 0x6, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
ptrace(0x10, 0x0)
unshare(0xa000400)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

25m18.764561576s ago: executing program 32 (id=77):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xb, 0x8000000000000000, 0x6, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
ptrace(0x10, 0x0)
unshare(0xa000400)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x7, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

16m6.642571539s ago: executing program 3 (id=1931):
r0 = socket$kcm(0x29, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="ada4", 0x2}], 0x1}, 0x4000000)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1})
setsockopt$sock_attach_bpf(r2, 0x1, 0x7, &(0x7f0000000000), 0x4)

16m5.6468959s ago: executing program 3 (id=1935):
socket(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth1_to_team\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x10}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x7b}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x2c}]}}]}, 0x48}}, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x0, 0x272}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r8 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r8, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r9 = semget$private(0x0, 0x4000000009, 0x0)
semctl$IPC_RMID(r9, 0x0, 0x0)
syz_emit_ethernet(0x55, &(0x7f0000000440)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x47, 0x5c, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0xa, 0x4, 0x1, 0x5, 0xd, 0x68, 0x81, 0x1, 0x73, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x23}, {[@lsrr={0x83, 0xf, 0x9b, [@loopback, @multicast2, @broadcast]}, @ra={0x94, 0x4, 0x1}, @end]}}, "db29d4"}}}}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = creat(&(0x7f0000000240)='./file0\x00', 0x40)
close(r10)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r10, 0x0)
r11 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r11, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
read$char_usb(r10, &(0x7f0000000380)=""/190, 0xbe)
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x2, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000100)=<r12=>0x0)
timer_settime(r12, 0x0, &(0x7f0000000140)={{0x77359400}, {0x0, 0x3938700}}, 0x0)

16m3.637664905s ago: executing program 3 (id=1938):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0xd6800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = msgget$private(0x0, 0x186)
msgsnd(r3, &(0x7f0000000100)={0x0, "8bd872385a7d57f7a8808a9c4d98fd2c5fe4ec03e6701cff6aab864df60d06c4ef137075d5611ac01af90e547d5600881fb0d6005df028173ef0342050e776a93f4ea4e6c5972cd693a1bb9cf25682c22e9a3e4dddfcb6ba89b42e4a0a7cc2316413c74f04bbd25e8b8b3035ad2fd1f8d5b2575e6d3bc8c4eb2613d43b90319fae3b3a432f531a0353eddf17d6825bbd0b1b18673ca5046f9d8093601e7adb0f09189f198d25a7a8377d8d3279122dc9576f58d0ecdf10a06534dccb827e78b4c6e271d1ac796c794d955589c848aa17ec38430ddc55be149742d2e328330962c63fe42cdb9537340ebb6c0266a3693b0e9056cf071a"}, 0xfe, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="2ef36644f7e62e3e672e450f078f29d095abaa960000b890a4f084ef66bafc0c6d8f297812cf66ba410066ef48b800100000000000000f23d00f21f835100000080f23f866baf80cb88ef01480ef66bafc0c66b80c0066efc7442402d8650000c7442406000000000f011c2466ba4200ec2e64f30f5a8e6c000000", 0x7b}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1)
syz_emit_ethernet(0x82, &(0x7f0000000380)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr=0x4, {[@rr={0x7, 0x3, 0x5b}, @lsrr={0x83, 0x3, 0x6a}, @timestamp_prespec={0x44, 0x3c, 0xfe, 0x3, 0x8, [{@private=0xa010184}, {@private}, {@empty}, {@remote}, {@private}, {@local}, {@rand_addr=0x64010100}]}]}}}}}}}, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[0x6, 0xef, 0xf, 0x3, 0x400000000000b, 0x4, 0x8000000000000001, 0x80000001, 0xb3, 0x200, 0x4, 0xef8, 0x9, 0x100000000036, 0x9, 0x4000000009], 0x0, 0x2a80})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000068000000000c0008800500080020d37a57"], 0x30}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)

16m3.49244993s ago: executing program 3 (id=1939):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x8, 0x40, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'syzkaller0\x00'})
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x6686, 0x800, 0x2, 0x12e}, &(0x7f0000000400)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x890, &(0x7f0000000500)={0x0, 0xaee3, 0x800, 0xffffffff, 0xbfe00000, 0x0, r2}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x300)
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)

16m2.931464708s ago: executing program 3 (id=1941):
syz_usb_connect(0x1, 0x36, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="02033d742b9cae0518e59350a707931864d6c1edcfabf84e72777f657de5d570add19a0851583df42603fb660bb4c69446f4260de9b49e943fddfc46b30b1e7e796e0b4aaa187b0400e9edfd0921727f349b5a5128ff4ef66024ee8320e442034e9d540f1f18ff4b4c8fb22efabd7ba7e6b91a2a2218a720bbeada0f4c2b5a67b1744cfeba9b2543a4b7c04d271e648efb135872b201a5c1d6be66186e07424b2acfe991b9bf5d084b0f4036031b83dd68ae"]}]}) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0) (async)
ftruncate(r2, 0xc17a) (async)
clock_gettime(0x0, &(0x7f0000000280)={<r3=>0x0, <r4=>0x0})
utimensat(r2, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)={{}, {r3, r4/1000+60000}}, 0x100) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f00000003c0))
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="c000000040000701feffffff0000000003000000040042800c00018006000600894f00", @ANYRESHEX], 0xc0}, 0x1, 0x0, 0x0, 0x4020815}, 0xc000)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x5f, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r6, &(0x7f00006b0000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000400)="b8000c8ed0f4b868028ec8baa10066ed66b9800000c00f326635000800000f3064360f01c2660f7d1abaf80c66b864702d8166efbafc0cb01dee0f3066b8364699af0f23d00f21f86635300000020f23f8", 0x51}], 0x1, 0x40, 0x0, 0x0) (async)
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000040)=0x1000) (async)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]}) (async)
r7 = userfaultfd(0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) (async)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) (async)
ioctl$UFFDIO_COPY(r7, 0xc028aa05, &(0x7f0000000180)={&(0x7f0000b4d000/0x2000)=nil, &(0x7f0000000000/0x4000)=nil, 0x2000, 0x3, 0x2}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000680)={0x0, 0xe, 0x1, "02"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$hid(r8, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r8, 0x0, 0x0)

16m0.374653958s ago: executing program 3 (id=1950):
unshare(0x62040200)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x80)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="200000002e00090027bd700000000000040000000c0098000aac0f", @ANYRESHEX], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x8, 0x26, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000002000000000000000300000018110000", @ANYRESHEX=r1, @ANYRESOCT=r1, @ANYRESDEC=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000fc510600216c000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000040008500000006000000852000000400000018650000090000000000000024f5000010620000080004000000000005000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0xee2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x7, 0x7f, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000c40)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000140)=[{0x1, 0x5, 0xb, 0x3}, {0x5, 0x2, 0xa}, {0x3, 0x100001, 0xc, 0xb}], 0x10, 0x3}, 0x94)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
clock_gettime(0x0, &(0x7f0000000180))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x103c02, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x49, 0x0, 0x0)
ioctl$KVM_SET_CLOCK(r6, 0x4030ae7b, 0x0)
setsockopt$inet_int(r4, 0x0, 0xc, 0x0, 0x0)
sendto$inet(r4, &(0x7f0000000000)="f461", 0x2, 0x20040000, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000f40)=ANY=[@ANYRESHEX=r0], 0x138}, 0x1, 0x0, 0x0, 0x90}, 0x40)

15m59.190275275s ago: executing program 33 (id=1950):
unshare(0x62040200)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x80)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="200000002e00090027bd700000000000040000000c0098000aac0f", @ANYRESHEX], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x8, 0x26, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000002000000000000000300000018110000", @ANYRESHEX=r1, @ANYRESOCT=r1, @ANYRESDEC=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000fc510600216c000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000040008500000006000000852000000400000018650000090000000000000024f5000010620000080004000000000005000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f00000001c0)='syzkaller\x00', 0xee2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x1, 0x7, 0x7f, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000c40)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000140)=[{0x1, 0x5, 0xb, 0x3}, {0x5, 0x2, 0xa}, {0x3, 0x100001, 0xc, 0xb}], 0x10, 0x3}, 0x94)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
clock_gettime(0x0, &(0x7f0000000180))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x103c02, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x49, 0x0, 0x0)
ioctl$KVM_SET_CLOCK(r6, 0x4030ae7b, 0x0)
setsockopt$inet_int(r4, 0x0, 0xc, 0x0, 0x0)
sendto$inet(r4, &(0x7f0000000000)="f461", 0x2, 0x20040000, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000f40)=ANY=[@ANYRESHEX=r0], 0x138}, 0x1, 0x0, 0x0, 0x90}, 0x40)

14m33.411340262s ago: executing program 1 (id=2217):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10)
ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000000)=0x4)
timer_create(0x3, 0x0, &(0x7f0000044000)=<r2=>0x0)
keyctl$dh_compute(0x17, &(0x7f0000000100), &(0x7f0000000540)=""/43, 0xff61, &(0x7f0000000500)={&(0x7f0000000280)={'sha384\x00'}, 0x0, 0xfe06})
timer_create(0x2, 0x0, &(0x7f0000044000)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
timer_delete(r2)

14m33.115341107s ago: executing program 1 (id=2218):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x1f, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x2, r0, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r1, 0x3516, 0x35cb, 0x0, 0x0, 0x0) (fail_nth: 10)

14m32.630701815s ago: executing program 1 (id=2221):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x161842, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
write$ppp(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x5, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000001240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3", 0x10)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
close(0x3)
r5 = socket(0x2, 0x80805, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r5, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000340)={r4, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x0, 0x0, 0x81, 0x34, 0xffffffff}, 0x9c)
r8 = accept4$alg(r2, 0x0, 0x0, 0x800)
sendmmsg(r8, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20004010)
io_submit(0x0, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000000)="1704c696ad0e359389b23ea991df6c48fabdb8f04cae7c8e5312aa3808d843c8fed39728e9941c80b9ed4bc9458fc7c0d7d6fd1480694f94c84ac1c760c763c04553a97e2c7c7ebdea97dd71f3211da77d30afc8c677fac2c095a313521b8d4d6544d6323ff920432d5899323e11954bbf708c4df1253819477527b89e7f17b3110f4306caf873523074fcc1569d317f082a986fb17b690f4074af995c98a1506fc2214d80ec00e87d0e", 0xaa}])
setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x1}], 0x1c)

14m32.028384399s ago: executing program 1 (id=2224):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000000)={0x24, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0))
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080))
syz_open_dev$char_usb(0xc, 0xb4, 0x7)
close_range(r5, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r7=>0x0})
syncfs(0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES64=r3, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r7, @ANYRES64=r4], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

14m28.499671571s ago: executing program 1 (id=2235):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="98000000100001002abd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a009000000000050140003006e657464657673696d3000000000000008002800babc00005c0016805800018054000c"], 0x98}, 0x1, 0x0, 0x0, 0x24040854}, 0x40000)

14m27.618283503s ago: executing program 1 (id=2237):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(0xffffffffffffffff, 0x641c)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x7, 0x0, 0x3, 0x18, "28f5c9ea1f0197000011ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba76634793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d54100", "07a9088b78042fbafe1406584ae7f342f14e1df800000000000000000200", [0x7d, 0xffffffffffffffff]})
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3)
sendmmsg$inet6(r0, &(0x7f0000000d40)=[{{&(0x7f0000000280)={0xa, 0x4e21, 0x1df6b78c, @mcast2, 0x44}, 0x1c, 0x0}}], 0x1, 0xff00)
sched_setattr(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0xc40, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x1, 0x83}, &(0x7f0000000dc0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x114, &(0x7f0000000100)=0xffffdffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x1, &(0x7f0000000000)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x0, 0x1})
io_uring_enter(r4, 0xc86, 0x0, 0xe, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x4007)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000b40), 0x2, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000580)={0x0, 0x1, 0xe000, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_fuse_handle_req(r7, &(0x7f00000060c0)="970b180393e57da0084004606e0f7eb55b4379b678ec58dd5832867fc4741e325499108ee901f5ade42a10a2a5ca59b706328aca067422dcda816a63687f6b445fdf7c8c4c158921aab593be18f8f3e3a72a3c634c089c468f2afa55a47fcb36c8ec931a3b8e995ca8f9da378136eee8d00878a33e262e3718e8829586fb5a3bdd2143ea5a880a6322892369f494dd40593794a88b4f0e69dfc3d573117dc27d511cb0b7e7d1c13dac381d4472cb9eba0637c9611565d496c7a6936582144f524085bf34af3a90ac0a0db2f79a423fa8b797909b65b72ee23068ebf92a9ae53fdeca4a47ec6838e363039c63988cf6f4f393f907cff08e13520751cfa3bfeb452f120d8a5f462b040f8537f7add203eb2b2f5784376b4e0d85c027c4e0d5817ce1db986581a147a5c7e820212907992afff07f13a43b2a2c23e6f61d7bdafdea1d396e0fa1e79afd07195dfdab53cbe75d4b96971caef941b69525b87d59fcb99bfb348a12236968f9dacbfbdc4d9b0b01df755ba3b6c320a29e5bc23bd6b20f3b27dc3d63d2d2ef11865347c5ca1504ded5d549e17e1194d717c79bc330ebfc3929d079152f51f3ab9701a3241c7df4130027ca1a6d0e6b5f2f2c3b659cbea4cef19728b45f1325e04151af66111cabddafa17b90f193c52d1c4fb646f99fd42d77a3f16c05a491a775962a2a4ee9f9f6c1a5eaa68305a88add9d6f35815f37cadae92293a0db1613662f145991ba5fd632c4a170588f8265e11b3e1a4ff2b17f3664b98d9c6f54a356f19a9b72175e7eb46ff4330812993886cd7b42ffdc3767a4ac16dd21d76417b70cfe97ad6ad0ddea7284d0e3ecf0c6c6b57833f65963f3764e297c994e0181bbf693c8fc0e57fc15b2ad776a00c19a805a906ffa80efa4116d5f5c9863a74bb340008d958db841c5f1e3b286afac717ceabcc7310e75e45b61215f6ba0bb496bd5e094b6139326758c1d81b176e11da5eda522f05346e1a71a6358b4c9b7653a66ae7153858fac4695d64fe2962b0d62d6d8aac14cf9cd2199fb039b54b64f5085434b2339f90bc11f2e407a6e84557de9a7a7edcc3b15a7798cbc68c1b1e1a822103bd43b656e933bfe886736a2bda6ccb228a8e4fae5956673db0105999017d8b68159f7a9480fd2ca70bb7e9fbc8f4f1c3581b1f528c8fb5b5d6beb769dd5e9650739f3cfcb61ab7b066c342a6c6886b0bd83f399e3eb74d2cafce7fc76febe624a37e185924afa8695caa7d3c1a97fd6684979ef33957a334fbf10c7a9bba18397082580df2425129a87c4868d41d1bcda8a7faaf1afd492cb4c83b7c5ce7a950f92186cc07bf27dcf58ac56506f2453399070ae8e5b009e40eb1970bbe8a1c9f3befb54255602bd191bd46c56c0fda2842462c0b68884f9a922d2a8b161aa9ca2c0c52bcfa26b7b7a152f2ccd16ec4974361f7322dc3b345e926e1a1b56200dc425e2e03c3d7194f9cbd321e10de387adf9790a5706bcf05d9b8c16e40e5633c44553c2aa8611f7656fc732b5dfce1eaf212d2521eb013fcf154d251553ba7a6a1f7ba8b7ceb3a1df621376543a451fe76671beaab4833f1be28247919c7cdf4177e2c9cca78ce52b5a7e4dde913dd8b13ce861bbf7048822041f4b29b3441b4880a8f7a4a289ad3c6258494e7736e48373408d248c3b033372ebdb3d9a406869445b5d956434a576b83d4a7e7b47ae8c69f50be20ea56f171e592e114602ed4f47e86dc34008770940adb4f0167811c474ada06693b55f567cc3201f97c08a3711dca486a86c367f59ce44259c1d71cdb135aa8630c4cae61ad07998a2f781ff87c946e8aef9bde6d4738bc009fc43fd176bc38756a0ca48c382395b48bc55da32892551ecdd0bd3f4c69a79bbe600f4103f21e443821492b92516833b231942e91a39e7401a42ba3e99a3a2fefa6167365b9050305b6f09a013f41e764a80f422cce051e5b30ba6528540ee5d4ea5872572c85f321b68e730f40f64b648be31a9e530718ec17443a1a4dcdb79cf799cfa75d0bfa0fde71828d8f51e38dc3d1d77430ceed007426f689d5843c34afdec5dde3e480a36ffa25db4b3483cde91e56eee8756dd953a3abff11bd7901d6b37c8371b023d7457361908576f92990f19e9f48dc58ca550e61a035161f1539b14b7bcce535b3a3783021094129f312c03e51df62579ae9423927021e8bcf530116f3658a1e94d39a800452f7461d2f001f86b911a8a14b9e61c2fd8f959ea40793df240aed5e5862ea59d78fb235788c1ba3c0ec44fbefc29c2e6f22d70849750625c3c15227579d42858b5fac30bbe86491697cec1c4543addc1f50202fdf77a6d2d23e70ed611a63368694e459012ebdbe71c4f702980d7ae63aaee33d5f8df5fce071c73cd918991c6ba2f95f33a9917a22c9e7342dd492c9e2c2f6457c3a48f35edc1720f2224f2af2ef4c0a38b75ce27aae5d5ef615920ab9245851590cdcdcfaa7e5a66b73f5a0a1bcf1bab66ecdfc0dcbd8cebb1b98f6256cea6761c835a761819018fd9c3d2f541eba25abde06f1551328800b1efc04d8e10594dbe95f9f10005cae8c5b27cc18268ebaa4578f9dcfa99aa61567a55b43545ec729764af99d224cfea6a36a93d4f70bae3225256e179e81a0c64dffce9c2141994253af664c33f881aa417fa3b7e9424f1841f1aa845ea0fe05c4e47b318bef60709d6f20c9eee6e8c0c18bd161d3dbe57d82903937e10c41aa9066dcee124354584232afdcb60d185bc39fcc5e7e5124d17e2f998b64836b587cf233469b92af65a70f4a8f35df9e24c7d5d21bda27ae44ce6706f86d3747db675aa329e8b43652bb1e89687dd003dd7924d300f498d444639b3fd413840cfa958e436e5959e95486161af807cbb7304d99284818eabe39493c66664e92143ff41602a3805369f461abeae5e5b6987a20fa47495cbeeeb322c848147dd9a052384a49898138557e10eb015df370d01977083ad24c7defc8c80583d5f5eca20d0853afb9f41c356f8da0e2435d423528f67f091fc614645980a57ed893ded1c3d37881b243b8a5503f45672492f3849895c9377277a91e7090241832629032872294896107628ffd1151c444153f54b484fa3e5ca057cbe073e6039c11b1eceaf7e20eef2576aa99e7a3f36aed9beb089af28d82e2dc5e97da4878b76b5224e1d293f5223c09f715fba13945695a98624eade1381e31c5651069805e6f707811586f5f81e431e8624a608ba1ab405d2593b1f9f667b89d82e60048e4ef3be98bd3078beb4e5e66e8823c8b427d6f84468f1f18f1ff8a8c11515426993334bcbe0c3ba37b91be07eb800fb2e00a24351457d8fc067b4bfec43c0ce8cd26b23bfbb27d3da7bca3efb7fe6f7715760eda4e3a27a7be7419b803667ef6057bdd5d44250b47fa156af04db91fc57f25425b3cfbaf90a840fe5cfcefcd1500cf4908ec4df10c8bc14ec284bb99b13a8f6136e5e1c669806cb5a4a5227f7952c5b605a2b443866fae399a1f8fea323784935c3e5a9ba9e831749efc9b8228421bdb91afed16341962535cebf6fb02679e5412f67db405c90e218789b634d92a41aaf528c92b8bf38b629a1797c036465b77dc3bb124bdddd309136681d3fbe0251698da27c6f89589171e4492209f7eb48d50a161a5135602fca3355f8934f879c54afb91224901b635ed372fdacc9469471225d2ef3c980466027b86cfe3d664071edaa29b47455064a074da56f4e098ddf27984dac546826aed38e464d5c5a79a3ece544cdb3801de0e29bf5164dbcc14578e3e6c44a4a9041e2315f1243358c5949377352911e0a67c6de7e11b0881af528fe478c34909a1178a8a4f7fb727317e4f3981706d9c9215224604c2d6a4faeefc21bd635c8412931ac4feb2c60666672fb6dc5deda0d6c4ce31f2b6cb45907427691488abb280c3fd001f3d7507c0db358af7151d3b8e2e98eb8a78ee69966f7a1307882c5b57530e0dab5c57f84852c42db013e3448da2fb0a754ed97c001f33cca549eb71d7aef88d1ae7fac0d96f334556d75f600a029ed698ce9e4302279999726a57337b9afda0b0292c14d1687a85326120d9fcd84cdc02718f26c12ca28cac81af0dede79685233be41c7269c57100c603a4f9536f757fa753353bd0cded7d4edab29dff6f7dd5faa81078c263c9d1d7e662a0ffae22d8d12e679de9ec6c634ba46ddf6aa86ac0be41cabd9b14fd12107ffce96915fa0154f5b6017fa866d14ff47754a58ba14c1a3eb3f23f040779a788b774604c3a8a7dd818619352cf47849eebfdd3b49b56f376044e7cb218759059fa85057f96c159ccd63ea6cd0bf47781c2d023411854dd3ea46f4913cda9672655e566d2e83fe2e0eb5476bd6fd7a84557e37a4e8d32c75ab51dbffc59f0cebc3edeb395f38f82765ed3cfdce75b2fd570e783c8c3afb31049383af0b51575e5c9dd9332bde6f684a3e11d199f43004439ed535a20c7f2a695cf9b547985421ac62c2289c71491f0617d23cb7a9466c8f0482eb2e8aa782118702761e0267ef500afc52f4a3a7a53ef22aea542f679dc5c751c766e06af453576689c87b3b89c091e5444ff6fb1472fbd271fffb268a2eada125d7acfc70c8ff4cfd3f5421941c2857e54ed0617d6430b806d605c2e508cd5a7764d6ecdc69dbd050a97f8696535585bbb95b66f751566ce612aebce9a0b021f9fbf067870fe447dd05e8c521413e7f27955db3b8239836b6ad120f5fb48e9003bd19b05f94752743d89bdc5492c2ca1bc3133fe0ceb29451900e2ac713cf2cbc3a531048a473a195ad40c685b539f806f434c9e2cb6a8a25df84d41c13d1ceb90de1a3efecd06a53ac9a32654d1ece86dcf6fa17ea6a4f367f9b360b3e26514bf94af1f52d9c0b0691241e3c6c302e7054bb738cb234019c0e45a7db270ab9d75df73568f25579d33e7b42743c924b1f888df85c6166228f5391962b689f0a4d9683b43ddc98982a820b5c60d9c4e3997cd2212fc3850b2bd41342ccbefc1e4ec2ad7ae285f156f4a4f383281018c73ca4f2e9d255487a9717dd39cd744a000c68c53f82a22a08bcb734b5bbb8364180991140c2e727dfce4b19e70c968c97393b56019ef84688772d488b9bd6fa9354ab64f731e6adab543851e5ca1470fd13d0334ba025b57db5d9ea13c970642726284fefddab8fdf7155f5b8e3b3b86d098c4207b428bffcc7ff76f6397b6a3efc3c0b0fb2a4343b4051271f87e384c2b659086ba668c66a15d68b87faf82a60b184f27256e36a9ada7c4422754be56dbbab50ed781f36e40ded65a30378003de5b5cd5f80a6042613c76e80851312c7ed2c07b762b85a1b6928a7b2428d2bc7a6bfdfa2ba55aed54fd3c878ec655caf1223245433b7c6fc2a2d3b0393d7ba4e12f26a53b9d5afdbab230b9148f061df2e1c0fe73c2abcd142125367fa5e598e500263d9b27e759c08b7debee4695a5b192d968108c134241f236cae0434ed71e5099cd466cfb04d5f7cef2e94683172f82a9841610cb6fe55d4bfe73920992bb76f362b9cf7919c906495d4b37a915d23168fd7ffc2f36de55a1b17fa2232df03663ffa2a4c5e76aad90fd5abc80b6dfc16ec6aa328cc7714dc2d7bb14aae9f86c999e93a59fd18fb2300539bca25e69b04943a16c985ff481a42c9d8af43eb61ef7432b8e3aa5bc391c181b7d546b94ac659bc4b501157d3adf9d4cda4e298a4e4271fa2cd08919b055eb3f168df76c1f0b0d5cf5760b56774f105e51c93cc03ce97b00768b9620a6fd5162b9d9191ac0928d2460e4e821a276680cedb3b8167bc156b48a34d4c24d4a87fd09968a725d4b6a1b54b169f1e14143e97a84cf3d8eb4ec5458dcd5ff93365396c00533c3493847f595725a4f15300183eac306d16ea136b97a9864d16330d8c5b8321a6947caeb9cdc7ff4e53c419518ce9bc11f7355651be27a2c2b9ff4127ad86b96c1b5967def371d5d6a3f365abaca55c5f19600d1d5051d320b065c2f78f2147c170b9153a0eefd7b3f1e637cac3fff14b0eeaf472e6a6a9f7553ed3267c911d4d77a4f7285b77df725b3a88fbfd221343f656d60b61808b52a8facc81b8516698f2ac50cd8769371e67278c59ab1cc890fab36206b939f23b31ab976651ca8a4e7754bb10d03d4cc6506f13d98f2bda76477a69a8794a34614a88a7ec94e1a229ad6f747724a3bfb674cc87ea0dfb610f66057671f664206672e78c00a3f4585f17fc40827d0c8af88d3437f811274f662e9ee73d550833d0c8fde449089f8b5e8a25d25096537ac960699a07ebb51271a8f8556037436307063282febae745d53f8db65f13f24cc2e525ae465c9bf79f76b82dceada3bf34529321f913dd18548ab2a26f2a065028f46f4dfb18294dff30a7e5b131a08c671787baea45545d15629ec2f435d9138e517055cd48af7120b3b79f2275baed8a4b6a0f33c30890105ae2c07a332df79f2fd6767ecc66f1ed628c968a2685813342677a2823d10263958eee79d03e393a557475701694b5ec3dec8773f37b980f5812f1cbaed6e5253da037b5f88ba2070f445d74907679460dd48e16442d345abbd37f7853ec7123ff16db46c8571987db63ed711d36c05c2dafac47ea366f9467624b6296a2b9fb7056702d4ba38b4df72e7db3244421f31aa0911af3e3a09f9e08e96aa1545c37465f990bab4ee2821b1a701aa707db1dc18d52fcede15245f54a5f1a47b0d82c33fa378625d247b08753ac5fa5444b2e3f9d1d3918b154665b02fba87e39d0e27bdf60b27930eee02c31d847d40166544ab9ef801bd79bcc8d93980354021b8c7a1b9592934a90917db115bcd92068a970680011cb074da705f1cd06a0142862a777c6a47afd38721979323e27151c114e8901d41f79358e78289af10134e22d903415e2ebd2edf34ae10eefeec219db7b13ac983583dd4b02dcc615c6f70e6cf35ea216807c4b9c81482c2b941c7d6cd6621d9480ba924a3372ca3e3ca78438b0e9bf7c8436fcc0047b3bdb8d70190076d9feea778005d5d69f1b1194c76dce628e17b6beb299146b25f3f6660263c23dbcd08f70ccb45569a81a140eff66f2190110cf0977d9df7a2c437042961606ca1a378c8f59a310ad6c9cb4ff30a2d55411eeb38d927bb4d0f60ae75d90ab78dad14097f6dd38f512af2f932e1ad6a5e201180373689981f23bd9f59e4ca29244a8ea4236527fe2249eaa299af174f25b13d72b181c2f421652ece630ee1358098c29f84506654ffad3647792852a7faf107e36ae330886ffcef6e3a1725495e430568a9cd85d385e5a15d2f77ed274be3c8edfc52c230d21785b927bb8e470f989e8c89b01af8d04fc7050fc978013fbc5dcedd2baf5e8bfa8e2e1d3f193c224375db2f71d4655d2f647e9b1739657a0ad8ef6751a88151a3413ab870e0d7ba3f0a55ce3f30d55e8eb9e47e3d82563d9180399e7895490b8561a374acf5c94a1c648fa06780c4141c58ed913fb92865d3b4883301ba69b3f2b20c1f82024bd75e62ce2972d3219bdb961ab3bbac8f1d873ddece6d85f540f82c9d79b0937973335fe05e5c6ad8fcc525620a57678d58c7c2f0f157e030736d0fe4f6de520b390794cefdc6c828b4512fb6b2000d08e38693fa22834e69180d31b3978f9da75389f919a0d49ff961997d14ae6bdffcfb179c2ead52c69dae97416eef2602843dcbe4e5ae613d429feef7ffba6a31a8be8bf2e62c6d374c807363a986519a8cf9dfc99fc6607486e10599ae415b51e23f639194885e5119036e0e535accb4f126b4c45c47a53658af1e049daa2967b01d9450625d92f8f8e9d151633646044fcc5f6ad835479d48702839456decf070c7e6143cd31033810bd7da01c4a2cfb08605b25c00336f17d3b5a3db48866ef864b8d9cea9530429d3fb1afc7ae9e7d06aea9034db89b2ec8fc2a96d8d701fc51994305077dbea527bc0fc398b6bb7d42f0c408be69b98eb173d285fd8010ba75c57f2dd982582153814ff959fccc78aa5f7901357f6129f840af6649534f9ebc7750a20502a7cbf2d2f28c6f97884f43779bbbf93c550f8e79949db0e066538456b4e966761656eb7bebd5afe9b9fc241711b874682b226e9c6baecc1e909858e01b32472f6f8d483c073d3b576a4b03534dc4b620e21e6feb4bb2ddb37e3f0d4ff92c0af19e6087034c72c5928707748bc10ea22788bd938a0e6512cae4733fc1a2e47f3d4961932fe564684872922b44db143bea77580b0704675290e0839cb5ee529ada8b4c0bb14f05c5c396e29376f1ea80dea2852a88ddf8929fd402571fb242ead60d2be61f1662e1a833969e18e23e0b808900e7ed4be9d6944942da7d384739da1055cddc94937e1ea4cd305bf161c407b471df0ce3fb3413c5bd511d3c65e70edeb5397b0a8701538be7d2f1765688cbb0379744281231e60f5edcbfa6abd177405c455f77e30b95011ae4fda2a3c6d3f9a29bfe7656f6afba48358d57b4e1a84ebca241b7a427c6f806d1f771b540912f05a6df0d5223f85639fd7c163799e28abd08e4013aa43ddbc11ccc9d53131ec5c75f7682481968ad13ef34ba23d4759b51c4cac5a7ca2c73b3103c5b9e4b8686b872edcaca791d669589655e239920fc088eeced3a131ddff2eee9fab3cced40163eebfb29a85b3e97bbd97d17c3b06d3123409f115cf3e3d1c74dcc359664ab942e6ab36c41b1af4015ff5baf700eb99abd658e6833039051a235a2f84b70cb8d90271a481ce40e2a18bef8dcf7f54952b090bbaaaad391cb6cfa218a1e823ca7b16311e35e0350dd8016f67ed34771d7f3a607c1c9ed63524ea0c865148b05f1d017e475641b5076df632b7c261ef54c23eaf7cf52c22864a8ae8f8c3442d147fd52a801f87665b47e229a77b8e85c21d7996c7de9ac4899b098380f74eff119369c81b21b0b916017d0b604ca2a74b1424a4c3132d265d12a01ec2e8cff9809ed2f7891c55bc5cb932c6ea3cdba14cef47a2a0521e36869e9d62914447c3e6cf3da9ecaed915dec41e81605a46a4ec71a8b5ec0bc2f62b3237de7203e4b6d01bc32a5b2dc416623936a324b73e0c63ec414ce1bb4b344db85f014979ae866c4a2c2cce0f814862c0691883dd2d7bcd63fdf2ddf0cb2c6a1a10aa878ba997b74db8e894e4a7ed5e8ea1e3c0b602bae23c6c8c5f38b919aeef5625501fe5d4759c43e90de56122f3ecf87e8023f25e0d3ce64ab629409e881d2d1c5f083da90d45907e62ce3177f7982e514779a13f70bc207d9aa55835e37a5f4782242681ff46600ac9e63f90a245957440987b54b3678ae808c481d25755dba747cd7c3cc0fafb9a142e1ec1a9a5f81b5cdd6dbbc3a4ba5d49f58be6196c305e2af35fdbfbbae02cc4efe771d65e6000ec3f6cf394650f5144308c95279b9df3b29236a32ad3e9cd377296a4252e7dda1bb95d99c32cb81d970de4ff47760ee087dd2fa98392c8ede48391b49cd40e314adb896f0f5b08ffcdffdd70775160144552b13edfac23a09d53a4a4a827a1f216b2827cb9fb47a9fe6412d509d35b754d3700cc0dc8d7a3406a53bd1b0ee5112c50fb8f805be52a6c4e1e664d174727f33720bb371fbe9adc747a234013fcaadbce5cd2d416414b1900074e3ec73a36f32f9d7baa96ed4ea37aea560df4d9c724c69b440139a6dc1758bc74b59c521bc59958da71c4e5c23e4a8999305d989369a9bcd10f0faa789f4040950c349ef0ee910a822ba8df4a6cc16bd72dfb85d7c9a97911e96541a7fb6fb4711cdfe1e1083b2e8e870e2d2a7304f99296a496fe30553971b75f78ace054a8e3c6d54d40b2dbb2ee38a6244139fcba31b88a3ce91d637e7c88db35794002ca28533a46af85929f603e4cf4f5aea715ac4495d2c07e8bf79da078521fac5059dfe6dff61405fb6962987d15a2c7b27a851e3076803c7b4374a85f05b96e9bae91656a003e9acad767c9ac88b339fd868136b63fcb0520a2ee2f25128c8b97a0d43d60be7436756614108cfee63fb0fd65cce0bb0afcf5ea7fa817134c876c949945642a29d71aab10d05522b4b1788bb051ae1ad23fc7e75607580f9bfb7ed901a66d69e79ba742ba169f7e0d36d0c8482d3a85d66a9fc08b3e4c1669ffb4f74f418d4317fbf03b785859601b9e3af056b6a2543289738fe1e601e635ff04d750f8724bdebbbc920a7ca2f99cdaff265299bef09a2e20878682f2f37e46b5d2d3ade8d857ec6d3f7a2779080a5927749086b33b22def28633d53dae49362b4c4d47d2899562a52f22618a45998233048f0e54ba01dd53953c9f508abcb0acb1c1fb1d110e5d6c14d707713cea4cf0403b7573ab5b0a1439e6b2d29c46a3077e0dd296ca751db66f829a42c5afe0304c48fbef52c526c8f2100f6826fd4a5295f7492855f841fdb1f8487fba63b6db19af983a75468ad29a2b6cc58f9ef2dfeec8d798d60e1950731e65c5e2ec1065a22915a30845a5f87a26c067ea870d4e1ef71f67617906080b7b122b8ac9e4da1b05442b5477ee97343cb20f2587744abfa5f318ce29cbd24df1a6dbd42470789e17ae8115a588788d910a171b88dd1b94228728bfef3b28b2b32f523d603fa28d00cf23b0a201658f28ef7920f36a0da8917068a4435e0d710d320258114e2fcde2e1dec0c9faac26d671ea3735ee2b26cb644ba56ced9031cdd2b391c4b96aee7a4c38063e61dbd8ada24cea7ced0728a365bc2320eda9746823b7d83afdc8b3b293b56739011554000aec6272004a002328f20368c0902b8a8d251afebfb4d7b427cfa8927385626a474e3918ff557c8f19a8691011523a63c7e578b98c8951157f0763db3ebc4ea24388527e83b149ef89d4173ebb1c0c9aa3cf4e1a47faa3ebe7ca625e7ef077b38235781236797360696e552b9289a80491d4c3e70ff00b01540deb0de1b3385549b667cfa3598a34751868a14ccb22a420781452699563b16d0d0f1a7f0ba3f0ff45cc2d2536f1de9e024bbc923cede7725f84bf3e6a645f43c4ab3db6ddff671f283857262570b6652dbd8c869ca6a3896b870235047db08a54e5c39d7516c4b0d621d87a9c3e8c53249ff2ab9145f026ba4743a46197af56a0df022363ed59a5c2011e664a05fb952d5ad9ee2037c59a4075e4b504d91e87d303e0bc55cccaeb17e1cbab6176d2d148ce05fe986c79eb843886194f80e202c4f373244b38fd46643c1bc0fa8723ac498c71919e4ed8e5092832aec00a35ceeca94df7bd2c0c02dabc886cedf1fd044db2b45c30f8c0334c992eed40290baaeeb4d00e2cb504ca1173b6b6eec8d2aa3a1bf46e64c1ae1b3ca2882545729fe78d5e1e99c6f1f31c0b0f2190889c7318ce7605128a86c62c8a1fa107304c4609e28a2a43c6799ff6a7d70909ee10676801ee670004cf9632e34cb8cfb43d2f477ad335f5142da0baa4f4542dc93704e93a3420ec50284626fe36618b079d0db013d691583aba257947bdb1514d0318180ae43d0f94712f5c0de35f3e342ce7da65f755761506b9bfd186641fdbd03d5a2d4fe170fe23af8", 0x2000, &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

14m26.752368727s ago: executing program 34 (id=2237):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(0xffffffffffffffff, 0x641c)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x7, 0x0, 0x3, 0x18, "28f5c9ea1f0197000011ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba76634793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d54100", "07a9088b78042fbafe1406584ae7f342f14e1df800000000000000000200", [0x7d, 0xffffffffffffffff]})
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r3)
sendmmsg$inet6(r0, &(0x7f0000000d40)=[{{&(0x7f0000000280)={0xa, 0x4e21, 0x1df6b78c, @mcast2, 0x44}, 0x1c, 0x0}}], 0x1, 0xff00)
sched_setattr(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0xc40, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x1, 0x83}, &(0x7f0000000dc0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x114, &(0x7f0000000100)=0xffffdffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x1, &(0x7f0000000000)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0x0, 0x1})
io_uring_enter(r4, 0xc86, 0x0, 0xe, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x4007)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000b40), 0x2, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000580)={0x0, 0x1, 0xe000, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
syz_fuse_handle_req(r7, &(0x7f00000060c0)="970b180393e57da0084004606e0f7eb55b4379b678ec58dd5832867fc4741e325499108ee901f5ade42a10a2a5ca59b706328aca067422dcda816a63687f6b445fdf7c8c4c158921aab593be18f8f3e3a72a3c634c089c468f2afa55a47fcb36c8ec931a3b8e995ca8f9da378136eee8d00878a33e262e3718e8829586fb5a3bdd2143ea5a880a6322892369f494dd40593794a88b4f0e69dfc3d573117dc27d511cb0b7e7d1c13dac381d4472cb9eba0637c9611565d496c7a6936582144f524085bf34af3a90ac0a0db2f79a423fa8b797909b65b72ee23068ebf92a9ae53fdeca4a47ec6838e363039c63988cf6f4f393f907cff08e13520751cfa3bfeb452f120d8a5f462b040f8537f7add203eb2b2f5784376b4e0d85c027c4e0d5817ce1db986581a147a5c7e820212907992afff07f13a43b2a2c23e6f61d7bdafdea1d396e0fa1e79afd07195dfdab53cbe75d4b96971caef941b69525b87d59fcb99bfb348a12236968f9dacbfbdc4d9b0b01df755ba3b6c320a29e5bc23bd6b20f3b27dc3d63d2d2ef11865347c5ca1504ded5d549e17e1194d717c79bc330ebfc3929d079152f51f3ab9701a3241c7df4130027ca1a6d0e6b5f2f2c3b659cbea4cef19728b45f1325e04151af66111cabddafa17b90f193c52d1c4fb646f99fd42d77a3f16c05a491a775962a2a4ee9f9f6c1a5eaa68305a88add9d6f35815f37cadae92293a0db1613662f145991ba5fd632c4a170588f8265e11b3e1a4ff2b17f3664b98d9c6f54a356f19a9b72175e7eb46ff4330812993886cd7b42ffdc3767a4ac16dd21d76417b70cfe97ad6ad0ddea7284d0e3ecf0c6c6b57833f65963f3764e297c994e0181bbf693c8fc0e57fc15b2ad776a00c19a805a906ffa80efa4116d5f5c9863a74bb340008d958db841c5f1e3b286afac717ceabcc7310e75e45b61215f6ba0bb496bd5e094b6139326758c1d81b176e11da5eda522f05346e1a71a6358b4c9b7653a66ae7153858fac4695d64fe2962b0d62d6d8aac14cf9cd2199fb039b54b64f5085434b2339f90bc11f2e407a6e84557de9a7a7edcc3b15a7798cbc68c1b1e1a822103bd43b656e933bfe886736a2bda6ccb228a8e4fae5956673db0105999017d8b68159f7a9480fd2ca70bb7e9fbc8f4f1c3581b1f528c8fb5b5d6beb769dd5e9650739f3cfcb61ab7b066c342a6c6886b0bd83f399e3eb74d2cafce7fc76febe624a37e185924afa8695caa7d3c1a97fd6684979ef33957a334fbf10c7a9bba18397082580df2425129a87c4868d41d1bcda8a7faaf1afd492cb4c83b7c5ce7a950f92186cc07bf27dcf58ac56506f2453399070ae8e5b009e40eb1970bbe8a1c9f3befb54255602bd191bd46c56c0fda2842462c0b68884f9a922d2a8b161aa9ca2c0c52bcfa26b7b7a152f2ccd16ec4974361f7322dc3b345e926e1a1b56200dc425e2e03c3d7194f9cbd321e10de387adf9790a5706bcf05d9b8c16e40e5633c44553c2aa8611f7656fc732b5dfce1eaf212d2521eb013fcf154d251553ba7a6a1f7ba8b7ceb3a1df621376543a451fe76671beaab4833f1be28247919c7cdf4177e2c9cca78ce52b5a7e4dde913dd8b13ce861bbf7048822041f4b29b3441b4880a8f7a4a289ad3c6258494e7736e48373408d248c3b033372ebdb3d9a406869445b5d956434a576b83d4a7e7b47ae8c69f50be20ea56f171e592e114602ed4f47e86dc34008770940adb4f0167811c474ada06693b55f567cc3201f97c08a3711dca486a86c367f59ce44259c1d71cdb135aa8630c4cae61ad07998a2f781ff87c946e8aef9bde6d4738bc009fc43fd176bc38756a0ca48c382395b48bc55da32892551ecdd0bd3f4c69a79bbe600f4103f21e443821492b92516833b231942e91a39e7401a42ba3e99a3a2fefa6167365b9050305b6f09a013f41e764a80f422cce051e5b30ba6528540ee5d4ea5872572c85f321b68e730f40f64b648be31a9e530718ec17443a1a4dcdb79cf799cfa75d0bfa0fde71828d8f51e38dc3d1d77430ceed007426f689d5843c34afdec5dde3e480a36ffa25db4b3483cde91e56eee8756dd953a3abff11bd7901d6b37c8371b023d7457361908576f92990f19e9f48dc58ca550e61a035161f1539b14b7bcce535b3a3783021094129f312c03e51df62579ae9423927021e8bcf530116f3658a1e94d39a800452f7461d2f001f86b911a8a14b9e61c2fd8f959ea40793df240aed5e5862ea59d78fb235788c1ba3c0ec44fbefc29c2e6f22d70849750625c3c15227579d42858b5fac30bbe86491697cec1c4543addc1f50202fdf77a6d2d23e70ed611a63368694e459012ebdbe71c4f702980d7ae63aaee33d5f8df5fce071c73cd918991c6ba2f95f33a9917a22c9e7342dd492c9e2c2f6457c3a48f35edc1720f2224f2af2ef4c0a38b75ce27aae5d5ef615920ab9245851590cdcdcfaa7e5a66b73f5a0a1bcf1bab66ecdfc0dcbd8cebb1b98f6256cea6761c835a761819018fd9c3d2f541eba25abde06f1551328800b1efc04d8e10594dbe95f9f10005cae8c5b27cc18268ebaa4578f9dcfa99aa61567a55b43545ec729764af99d224cfea6a36a93d4f70bae3225256e179e81a0c64dffce9c2141994253af664c33f881aa417fa3b7e9424f1841f1aa845ea0fe05c4e47b318bef60709d6f20c9eee6e8c0c18bd161d3dbe57d82903937e10c41aa9066dcee124354584232afdcb60d185bc39fcc5e7e5124d17e2f998b64836b587cf233469b92af65a70f4a8f35df9e24c7d5d21bda27ae44ce6706f86d3747db675aa329e8b43652bb1e89687dd003dd7924d300f498d444639b3fd413840cfa958e436e5959e95486161af807cbb7304d99284818eabe39493c66664e92143ff41602a3805369f461abeae5e5b6987a20fa47495cbeeeb322c848147dd9a052384a49898138557e10eb015df370d01977083ad24c7defc8c80583d5f5eca20d0853afb9f41c356f8da0e2435d423528f67f091fc614645980a57ed893ded1c3d37881b243b8a5503f45672492f3849895c9377277a91e7090241832629032872294896107628ffd1151c444153f54b484fa3e5ca057cbe073e6039c11b1eceaf7e20eef2576aa99e7a3f36aed9beb089af28d82e2dc5e97da4878b76b5224e1d293f5223c09f715fba13945695a98624eade1381e31c5651069805e6f707811586f5f81e431e8624a608ba1ab405d2593b1f9f667b89d82e60048e4ef3be98bd3078beb4e5e66e8823c8b427d6f84468f1f18f1ff8a8c11515426993334bcbe0c3ba37b91be07eb800fb2e00a24351457d8fc067b4bfec43c0ce8cd26b23bfbb27d3da7bca3efb7fe6f7715760eda4e3a27a7be7419b803667ef6057bdd5d44250b47fa156af04db91fc57f25425b3cfbaf90a840fe5cfcefcd1500cf4908ec4df10c8bc14ec284bb99b13a8f6136e5e1c669806cb5a4a5227f7952c5b605a2b443866fae399a1f8fea323784935c3e5a9ba9e831749efc9b8228421bdb91afed16341962535cebf6fb02679e5412f67db405c90e218789b634d92a41aaf528c92b8bf38b629a1797c036465b77dc3bb124bdddd309136681d3fbe0251698da27c6f89589171e4492209f7eb48d50a161a5135602fca3355f8934f879c54afb91224901b635ed372fdacc9469471225d2ef3c980466027b86cfe3d664071edaa29b47455064a074da56f4e098ddf27984dac546826aed38e464d5c5a79a3ece544cdb3801de0e29bf5164dbcc14578e3e6c44a4a9041e2315f1243358c5949377352911e0a67c6de7e11b0881af528fe478c34909a1178a8a4f7fb727317e4f3981706d9c9215224604c2d6a4faeefc21bd635c8412931ac4feb2c60666672fb6dc5deda0d6c4ce31f2b6cb45907427691488abb280c3fd001f3d7507c0db358af7151d3b8e2e98eb8a78ee69966f7a1307882c5b57530e0dab5c57f84852c42db013e3448da2fb0a754ed97c001f33cca549eb71d7aef88d1ae7fac0d96f334556d75f600a029ed698ce9e4302279999726a57337b9afda0b0292c14d1687a85326120d9fcd84cdc02718f26c12ca28cac81af0dede79685233be41c7269c57100c603a4f9536f757fa753353bd0cded7d4edab29dff6f7dd5faa81078c263c9d1d7e662a0ffae22d8d12e679de9ec6c634ba46ddf6aa86ac0be41cabd9b14fd12107ffce96915fa0154f5b6017fa866d14ff47754a58ba14c1a3eb3f23f040779a788b774604c3a8a7dd818619352cf47849eebfdd3b49b56f376044e7cb218759059fa85057f96c159ccd63ea6cd0bf47781c2d023411854dd3ea46f4913cda9672655e566d2e83fe2e0eb5476bd6fd7a84557e37a4e8d32c75ab51dbffc59f0cebc3edeb395f38f82765ed3cfdce75b2fd570e783c8c3afb31049383af0b51575e5c9dd9332bde6f684a3e11d199f43004439ed535a20c7f2a695cf9b547985421ac62c2289c71491f0617d23cb7a9466c8f0482eb2e8aa782118702761e0267ef500afc52f4a3a7a53ef22aea542f679dc5c751c766e06af453576689c87b3b89c091e5444ff6fb1472fbd271fffb268a2eada125d7acfc70c8ff4cfd3f5421941c2857e54ed0617d6430b806d605c2e508cd5a7764d6ecdc69dbd050a97f8696535585bbb95b66f751566ce612aebce9a0b021f9fbf067870fe447dd05e8c521413e7f27955db3b8239836b6ad120f5fb48e9003bd19b05f94752743d89bdc5492c2ca1bc3133fe0ceb29451900e2ac713cf2cbc3a531048a473a195ad40c685b539f806f434c9e2cb6a8a25df84d41c13d1ceb90de1a3efecd06a53ac9a32654d1ece86dcf6fa17ea6a4f367f9b360b3e26514bf94af1f52d9c0b0691241e3c6c302e7054bb738cb234019c0e45a7db270ab9d75df73568f25579d33e7b42743c924b1f888df85c6166228f5391962b689f0a4d9683b43ddc98982a820b5c60d9c4e3997cd2212fc3850b2bd41342ccbefc1e4ec2ad7ae285f156f4a4f383281018c73ca4f2e9d255487a9717dd39cd744a000c68c53f82a22a08bcb734b5bbb8364180991140c2e727dfce4b19e70c968c97393b56019ef84688772d488b9bd6fa9354ab64f731e6adab543851e5ca1470fd13d0334ba025b57db5d9ea13c970642726284fefddab8fdf7155f5b8e3b3b86d098c4207b428bffcc7ff76f6397b6a3efc3c0b0fb2a4343b4051271f87e384c2b659086ba668c66a15d68b87faf82a60b184f27256e36a9ada7c4422754be56dbbab50ed781f36e40ded65a30378003de5b5cd5f80a6042613c76e80851312c7ed2c07b762b85a1b6928a7b2428d2bc7a6bfdfa2ba55aed54fd3c878ec655caf1223245433b7c6fc2a2d3b0393d7ba4e12f26a53b9d5afdbab230b9148f061df2e1c0fe73c2abcd142125367fa5e598e500263d9b27e759c08b7debee4695a5b192d968108c134241f236cae0434ed71e5099cd466cfb04d5f7cef2e94683172f82a9841610cb6fe55d4bfe73920992bb76f362b9cf7919c906495d4b37a915d23168fd7ffc2f36de55a1b17fa2232df03663ffa2a4c5e76aad90fd5abc80b6dfc16ec6aa328cc7714dc2d7bb14aae9f86c999e93a59fd18fb2300539bca25e69b04943a16c985ff481a42c9d8af43eb61ef7432b8e3aa5bc391c181b7d546b94ac659bc4b501157d3adf9d4cda4e298a4e4271fa2cd08919b055eb3f168df76c1f0b0d5cf5760b56774f105e51c93cc03ce97b00768b9620a6fd5162b9d9191ac0928d2460e4e821a276680cedb3b8167bc156b48a34d4c24d4a87fd09968a725d4b6a1b54b169f1e14143e97a84cf3d8eb4ec5458dcd5ff93365396c00533c3493847f595725a4f15300183eac306d16ea136b97a9864d16330d8c5b8321a6947caeb9cdc7ff4e53c419518ce9bc11f7355651be27a2c2b9ff4127ad86b96c1b5967def371d5d6a3f365abaca55c5f19600d1d5051d320b065c2f78f2147c170b9153a0eefd7b3f1e637cac3fff14b0eeaf472e6a6a9f7553ed3267c911d4d77a4f7285b77df725b3a88fbfd221343f656d60b61808b52a8facc81b8516698f2ac50cd8769371e67278c59ab1cc890fab36206b939f23b31ab976651ca8a4e7754bb10d03d4cc6506f13d98f2bda76477a69a8794a34614a88a7ec94e1a229ad6f747724a3bfb674cc87ea0dfb610f66057671f664206672e78c00a3f4585f17fc40827d0c8af88d3437f811274f662e9ee73d550833d0c8fde449089f8b5e8a25d25096537ac960699a07ebb51271a8f8556037436307063282febae745d53f8db65f13f24cc2e525ae465c9bf79f76b82dceada3bf34529321f913dd18548ab2a26f2a065028f46f4dfb18294dff30a7e5b131a08c671787baea45545d15629ec2f435d9138e517055cd48af7120b3b79f2275baed8a4b6a0f33c30890105ae2c07a332df79f2fd6767ecc66f1ed628c968a2685813342677a2823d10263958eee79d03e393a557475701694b5ec3dec8773f37b980f5812f1cbaed6e5253da037b5f88ba2070f445d74907679460dd48e16442d345abbd37f7853ec7123ff16db46c8571987db63ed711d36c05c2dafac47ea366f9467624b6296a2b9fb7056702d4ba38b4df72e7db3244421f31aa0911af3e3a09f9e08e96aa1545c37465f990bab4ee2821b1a701aa707db1dc18d52fcede15245f54a5f1a47b0d82c33fa378625d247b08753ac5fa5444b2e3f9d1d3918b154665b02fba87e39d0e27bdf60b27930eee02c31d847d40166544ab9ef801bd79bcc8d93980354021b8c7a1b9592934a90917db115bcd92068a970680011cb074da705f1cd06a0142862a777c6a47afd38721979323e27151c114e8901d41f79358e78289af10134e22d903415e2ebd2edf34ae10eefeec219db7b13ac983583dd4b02dcc615c6f70e6cf35ea216807c4b9c81482c2b941c7d6cd6621d9480ba924a3372ca3e3ca78438b0e9bf7c8436fcc0047b3bdb8d70190076d9feea778005d5d69f1b1194c76dce628e17b6beb299146b25f3f6660263c23dbcd08f70ccb45569a81a140eff66f2190110cf0977d9df7a2c437042961606ca1a378c8f59a310ad6c9cb4ff30a2d55411eeb38d927bb4d0f60ae75d90ab78dad14097f6dd38f512af2f932e1ad6a5e201180373689981f23bd9f59e4ca29244a8ea4236527fe2249eaa299af174f25b13d72b181c2f421652ece630ee1358098c29f84506654ffad3647792852a7faf107e36ae330886ffcef6e3a1725495e430568a9cd85d385e5a15d2f77ed274be3c8edfc52c230d21785b927bb8e470f989e8c89b01af8d04fc7050fc978013fbc5dcedd2baf5e8bfa8e2e1d3f193c224375db2f71d4655d2f647e9b1739657a0ad8ef6751a88151a3413ab870e0d7ba3f0a55ce3f30d55e8eb9e47e3d82563d9180399e7895490b8561a374acf5c94a1c648fa06780c4141c58ed913fb92865d3b4883301ba69b3f2b20c1f82024bd75e62ce2972d3219bdb961ab3bbac8f1d873ddece6d85f540f82c9d79b0937973335fe05e5c6ad8fcc525620a57678d58c7c2f0f157e030736d0fe4f6de520b390794cefdc6c828b4512fb6b2000d08e38693fa22834e69180d31b3978f9da75389f919a0d49ff961997d14ae6bdffcfb179c2ead52c69dae97416eef2602843dcbe4e5ae613d429feef7ffba6a31a8be8bf2e62c6d374c807363a986519a8cf9dfc99fc6607486e10599ae415b51e23f639194885e5119036e0e535accb4f126b4c45c47a53658af1e049daa2967b01d9450625d92f8f8e9d151633646044fcc5f6ad835479d48702839456decf070c7e6143cd31033810bd7da01c4a2cfb08605b25c00336f17d3b5a3db48866ef864b8d9cea9530429d3fb1afc7ae9e7d06aea9034db89b2ec8fc2a96d8d701fc51994305077dbea527bc0fc398b6bb7d42f0c408be69b98eb173d285fd8010ba75c57f2dd982582153814ff959fccc78aa5f7901357f6129f840af6649534f9ebc7750a20502a7cbf2d2f28c6f97884f43779bbbf93c550f8e79949db0e066538456b4e966761656eb7bebd5afe9b9fc241711b874682b226e9c6baecc1e909858e01b32472f6f8d483c073d3b576a4b03534dc4b620e21e6feb4bb2ddb37e3f0d4ff92c0af19e6087034c72c5928707748bc10ea22788bd938a0e6512cae4733fc1a2e47f3d4961932fe564684872922b44db143bea77580b0704675290e0839cb5ee529ada8b4c0bb14f05c5c396e29376f1ea80dea2852a88ddf8929fd402571fb242ead60d2be61f1662e1a833969e18e23e0b808900e7ed4be9d6944942da7d384739da1055cddc94937e1ea4cd305bf161c407b471df0ce3fb3413c5bd511d3c65e70edeb5397b0a8701538be7d2f1765688cbb0379744281231e60f5edcbfa6abd177405c455f77e30b95011ae4fda2a3c6d3f9a29bfe7656f6afba48358d57b4e1a84ebca241b7a427c6f806d1f771b540912f05a6df0d5223f85639fd7c163799e28abd08e4013aa43ddbc11ccc9d53131ec5c75f7682481968ad13ef34ba23d4759b51c4cac5a7ca2c73b3103c5b9e4b8686b872edcaca791d669589655e239920fc088eeced3a131ddff2eee9fab3cced40163eebfb29a85b3e97bbd97d17c3b06d3123409f115cf3e3d1c74dcc359664ab942e6ab36c41b1af4015ff5baf700eb99abd658e6833039051a235a2f84b70cb8d90271a481ce40e2a18bef8dcf7f54952b090bbaaaad391cb6cfa218a1e823ca7b16311e35e0350dd8016f67ed34771d7f3a607c1c9ed63524ea0c865148b05f1d017e475641b5076df632b7c261ef54c23eaf7cf52c22864a8ae8f8c3442d147fd52a801f87665b47e229a77b8e85c21d7996c7de9ac4899b098380f74eff119369c81b21b0b916017d0b604ca2a74b1424a4c3132d265d12a01ec2e8cff9809ed2f7891c55bc5cb932c6ea3cdba14cef47a2a0521e36869e9d62914447c3e6cf3da9ecaed915dec41e81605a46a4ec71a8b5ec0bc2f62b3237de7203e4b6d01bc32a5b2dc416623936a324b73e0c63ec414ce1bb4b344db85f014979ae866c4a2c2cce0f814862c0691883dd2d7bcd63fdf2ddf0cb2c6a1a10aa878ba997b74db8e894e4a7ed5e8ea1e3c0b602bae23c6c8c5f38b919aeef5625501fe5d4759c43e90de56122f3ecf87e8023f25e0d3ce64ab629409e881d2d1c5f083da90d45907e62ce3177f7982e514779a13f70bc207d9aa55835e37a5f4782242681ff46600ac9e63f90a245957440987b54b3678ae808c481d25755dba747cd7c3cc0fafb9a142e1ec1a9a5f81b5cdd6dbbc3a4ba5d49f58be6196c305e2af35fdbfbbae02cc4efe771d65e6000ec3f6cf394650f5144308c95279b9df3b29236a32ad3e9cd377296a4252e7dda1bb95d99c32cb81d970de4ff47760ee087dd2fa98392c8ede48391b49cd40e314adb896f0f5b08ffcdffdd70775160144552b13edfac23a09d53a4a4a827a1f216b2827cb9fb47a9fe6412d509d35b754d3700cc0dc8d7a3406a53bd1b0ee5112c50fb8f805be52a6c4e1e664d174727f33720bb371fbe9adc747a234013fcaadbce5cd2d416414b1900074e3ec73a36f32f9d7baa96ed4ea37aea560df4d9c724c69b440139a6dc1758bc74b59c521bc59958da71c4e5c23e4a8999305d989369a9bcd10f0faa789f4040950c349ef0ee910a822ba8df4a6cc16bd72dfb85d7c9a97911e96541a7fb6fb4711cdfe1e1083b2e8e870e2d2a7304f99296a496fe30553971b75f78ace054a8e3c6d54d40b2dbb2ee38a6244139fcba31b88a3ce91d637e7c88db35794002ca28533a46af85929f603e4cf4f5aea715ac4495d2c07e8bf79da078521fac5059dfe6dff61405fb6962987d15a2c7b27a851e3076803c7b4374a85f05b96e9bae91656a003e9acad767c9ac88b339fd868136b63fcb0520a2ee2f25128c8b97a0d43d60be7436756614108cfee63fb0fd65cce0bb0afcf5ea7fa817134c876c949945642a29d71aab10d05522b4b1788bb051ae1ad23fc7e75607580f9bfb7ed901a66d69e79ba742ba169f7e0d36d0c8482d3a85d66a9fc08b3e4c1669ffb4f74f418d4317fbf03b785859601b9e3af056b6a2543289738fe1e601e635ff04d750f8724bdebbbc920a7ca2f99cdaff265299bef09a2e20878682f2f37e46b5d2d3ade8d857ec6d3f7a2779080a5927749086b33b22def28633d53dae49362b4c4d47d2899562a52f22618a45998233048f0e54ba01dd53953c9f508abcb0acb1c1fb1d110e5d6c14d707713cea4cf0403b7573ab5b0a1439e6b2d29c46a3077e0dd296ca751db66f829a42c5afe0304c48fbef52c526c8f2100f6826fd4a5295f7492855f841fdb1f8487fba63b6db19af983a75468ad29a2b6cc58f9ef2dfeec8d798d60e1950731e65c5e2ec1065a22915a30845a5f87a26c067ea870d4e1ef71f67617906080b7b122b8ac9e4da1b05442b5477ee97343cb20f2587744abfa5f318ce29cbd24df1a6dbd42470789e17ae8115a588788d910a171b88dd1b94228728bfef3b28b2b32f523d603fa28d00cf23b0a201658f28ef7920f36a0da8917068a4435e0d710d320258114e2fcde2e1dec0c9faac26d671ea3735ee2b26cb644ba56ced9031cdd2b391c4b96aee7a4c38063e61dbd8ada24cea7ced0728a365bc2320eda9746823b7d83afdc8b3b293b56739011554000aec6272004a002328f20368c0902b8a8d251afebfb4d7b427cfa8927385626a474e3918ff557c8f19a8691011523a63c7e578b98c8951157f0763db3ebc4ea24388527e83b149ef89d4173ebb1c0c9aa3cf4e1a47faa3ebe7ca625e7ef077b38235781236797360696e552b9289a80491d4c3e70ff00b01540deb0de1b3385549b667cfa3598a34751868a14ccb22a420781452699563b16d0d0f1a7f0ba3f0ff45cc2d2536f1de9e024bbc923cede7725f84bf3e6a645f43c4ab3db6ddff671f283857262570b6652dbd8c869ca6a3896b870235047db08a54e5c39d7516c4b0d621d87a9c3e8c53249ff2ab9145f026ba4743a46197af56a0df022363ed59a5c2011e664a05fb952d5ad9ee2037c59a4075e4b504d91e87d303e0bc55cccaeb17e1cbab6176d2d148ce05fe986c79eb843886194f80e202c4f373244b38fd46643c1bc0fa8723ac498c71919e4ed8e5092832aec00a35ceeca94df7bd2c0c02dabc886cedf1fd044db2b45c30f8c0334c992eed40290baaeeb4d00e2cb504ca1173b6b6eec8d2aa3a1bf46e64c1ae1b3ca2882545729fe78d5e1e99c6f1f31c0b0f2190889c7318ce7605128a86c62c8a1fa107304c4609e28a2a43c6799ff6a7d70909ee10676801ee670004cf9632e34cb8cfb43d2f477ad335f5142da0baa4f4542dc93704e93a3420ec50284626fe36618b079d0db013d691583aba257947bdb1514d0318180ae43d0f94712f5c0de35f3e342ce7da65f755761506b9bfd186641fdbd03d5a2d4fe170fe23af8", 0x2000, &(0x7f0000001e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1m23.675021951s ago: executing program 4 (id=4794):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x280, 0x1000, 0x0, 0x1, 0x0, {0x32000000, 0x9}, {0x350, 0x20002, 0xfffffffd}, {0xf4ef}, {0x4, 0x0, 0x7fe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
sendmsg(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
fsetxattr$security_capability(r1, &(0x7f00000001c0), 0x0, 0x0, 0x2)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x929281, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$audio(0xffffffffffffff9c, 0x0, 0x4000, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000040))
close_range(r5, 0xffffffffffffffff, 0x2)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netstat\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x1, 0x20000000000000a9, &(0x7f0000000200)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r4], &(0x7f00000000c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r8 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r8, 0x1, 0x3e, &(0x7f00000002c0)=r7, 0x4)

1m21.495492391s ago: executing program 4 (id=4799):
syz_emit_ethernet(0x36, &(0x7f0000000300)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2c, 0x0, @remote, @local}, {{0x0, 0x300, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x1}}}}}}, 0x0)

1m21.023929191s ago: executing program 4 (id=4803):
socket(0x1d, 0x2, 0x6)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x4, @remote, 0x528}, {0xa, 0x4e20, 0x4068d6a0, @mcast2, 0x9da}, 0xffffffffffffffff, 0x3}}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x2, 0x3, 0xf8)
sendto$unix(r2, 0x0, 0xffffffffffffff84, 0x48850, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x6, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e21, @private=0xa010102}}}, 0xa0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000018c0)=@newtfilter={0x548, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r6, {0xc, 0x5}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x518, 0x2, [@TCA_CGROUP_ACT={0x514, 0x1, [@m_vlan={0xb8, 0x2, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x81, 0x3, 0x2, 0x8, 0x4}, 0x10003}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xbd9}]}, {0x5e, 0x6, "a9d8464c5ab884a68dc47d1b7d8db6aba25e4a91e46025e86423614c3a18d4fcfb5bbd4e232ecda4479e1440815dc84c3963de18b110baef937ad63f8e30e10cd6b6dbac127777074ae19c0e01da73b900eeb103140e4ad1a3bc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0xf8, 0x17, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_TYPE={0x6, 0x5, 0x200}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}]}]}, {0xab, 0x6, "6187abd7c37c75300b7b9a3f6ee33a5045a6fc5d2986cf429c6f57c115263296944f2bf08b2f98648c11180f54cb6ad529d14624956216158d2d0c58b4965a62716e3ae85afd5fe98c3b66dd05d367e5b4af8d8ddc05f5f69ddfea87ed474cc0612add347ea26ea50e04532c521f8919854ae495683dc5fbb6e34d6002c80d8546437b3e9cb755be917480ab81687905c9abae5bc63d8c60105aa14bb4332ebecd7da9b2a7a0a9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x14c, 0x3, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x4}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7fffffff, 0x6, 0x1, 0x2, 0x1}, 0x2}}, @TCA_MPLS_TTL={0x5, 0x7, 0xfa}]}, {0xf2, 0x6, "c7e30abff9c6788ab454e08bc89bbff6d36b7979a71385ee3fcea252fa87587ff8738c3dc5476d61886dd65e78f9377a716f5a6417c0de62c791ea7165a6145205e91027e82e41f662f14289174adeecff902a9cdde068b09ecd9b8a0155969205e7bab9338dc1e5164f032cf6047c52af42d37473aea1dcff94ddd4cff2cf136b20a2ba6b70bfe49bd674aee775873952e2752b26e0c32b58e079ae72784ca2c74f730d18fd63951738ff2b1682ba69abfed92f08daf44194c345af6258c356895601e13d5a0230f241c0522069eb3689cfbf6457dbe42682e358fe1cfc60df183f574b9a55c8e87b70f47255ea"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mirred={0xf0, 0x18, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0xc2a, 0x3, 0x695, 0x4}, 0x4}}]}, {0xa1, 0x6, "1839bc91a16025c4689085e85dbab06b207cd70860e3c1bd98e9e6bdf572e952981ad3fe26a3ce96cc2e4d98d4d8368a893ccee85848732e32633e4e537aa01a54fdfa4b78db4816cd2936c6dfbf7b201c7ea216e0cec1fb33d9777ffccd157cbe0c67e9448a1eb52f08044e416617f50391d88ff4c60ebde79f07d1c8f2b936fbeb77b09ec229cb263396e5e595fcf0b7eb3ec7ce978c2ddbc9de89ca"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbedit={0x124, 0x2, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff1, 0xa}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0x97, 0x10000000, 0x9, 0x3a4}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x101}]}, {0xce, 0x6, "ae19438468275f7b62ce5c4b5fec8d01f393f4ba29c7f07b9c5b88cd1c70b26ad01791c5de5e39b600a33ea323b7ec7081233282b74722b5dac696df906c6cc995008cfb0a2773825d2af5e0864d244daa9e525f85795b10bbddb4e3441f407c0a047a7d912dfcd8fff558270a573fece0972612c4024ba1d50dd6b00a0f6bd5a2de95db1d20f366c9cf9aa755dda60ba7f8f4e7d444a848b302cd8c1b745aa66801bad633719ca16c92e13cca80abff9296171190a60160b6c142afb95522892871e66fe1a037de0497"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x548}}, 0x20040050)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r7, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000b72000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)

1m18.947039866s ago: executing program 5 (id=4810):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100000a0900010073797a30000000000900030073797a300000000060000000060a010400000000000000000100000008000b4000000000300004802c00018008000100636d7000200002800c00038005000100fa000000080002b7d151f60008000140000000100900010073797a30"], 0xd4}}, 0x0) (fail_nth: 10)

1m18.459151313s ago: executing program 4 (id=4811):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x8000, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wg2\x00', <r2=>0x0})
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0x1d0, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in=@rand_addr=0x64010101, 0x100, 0x0, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, r2}, 0x2}, [@migrate={0x180, 0x11, [{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@rand_addr=' \x01\x00', @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2b, 0x2, 0xa801, 0x3501, 0x2, 0x2}, {@in=@multicast2, @in=@local, @in6=@private2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x33, 0x4, 0x0, 0x34ff, 0x2, 0x2}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x35}, @in=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3c, 0x0, 0x0, 0x0, 0x2, 0x8}, {@in6=@private0, @in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0x17}, @in6=@loopback, 0x3c, 0x0, 0x0, 0x3505, 0x2, 0xa}, {@in=@rand_addr=0x64010101, @in6=@remote, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x33, 0x4, 0x0, 0x3503, 0xa, 0x2}]}]}, 0x1d0}}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmsg$xdp(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000400)="43cb1c", 0x3}, {&(0x7f00000002c0)="7694", 0x2}], 0x2, 0x0, 0x0, 0x20004000}, 0x5880)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff)
r5 = syz_open_procfs(0x0, &(0x7f0000000040))
setresuid(0x0, 0xee01, 0x0)
unlinkat(r5, &(0x7f00000000c0)='./cgroup\x00', 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, r6, &(0x7f000039e000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r8, 0x4048ae9b, &(0x7f0000000080)={0x1d0003, 0x0, {[0xffffffffffffffff, 0x0, 0x8, 0xfffffffdefffff16, 0x3, 0x10, 0x4, 0x4]}})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1m18.242188778s ago: executing program 6 (id=4812):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4400000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800e000100697036677265746170000000080002800400120008000a00", @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r1 = add_key$user(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000440)="94fdc78859e0562b5b60de8ad55807f573d4dbb46d6899e271283c5491a14e67e613302e88e945ab8499f5e97c27f8f37df33256d3ba9d98f2df88aa450b36ab0059be4217ddff070000d74caf78d1e02a1919a5425ab8c68154ae2f122d4e801042ad147a967dc9edc2d59477d605ede0400c1af32760995d1d60a8bd9ef8b39e300d427b0fef8ae2867d388b295a94c7726cb73aae2f2e6747ac77e67c0580c3fad996209cd398cd5e36711e4eb3812e5eecc93c933bb3bc4290e285428214ddbb3962f004101ba1abb04f60a564338131159b73df0cb667d6165c319a9626f4e496aa41355ab541", 0xe9, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='net/icmp6\x00')
preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000100)=""/68, 0x44}], 0x1, 0x92, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000001c0)="c744240077dd0000c74424027fbe0000c7442406000000000f011c24b8010000000f01c1450f01ca470f01f8666bf80cb8e4f61882ef66bafc0c66b8795966ef40250000000066b8de000f00d02e0f005ffa0f01c92e640fc71f", 0x5a}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
pidfd_send_signal(r7, 0x0, &(0x7f00000000c0)={0x5, 0x0, 0x7}, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r8 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r9 = add_key(&(0x7f0000000100)='cifs.idmap\x00', &(0x7f0000001380)={'syz', 0x0}, 0x0, 0x0, r2)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@chain={'key_or_keyring:', r9})
r10 = add_key$user(&(0x7f0000000580), &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="4bd2478fca88e6f03e39739d06cbe4a5b6ab3a4e526f80f110b26960cc69936e44bc99628bcae6dde3c1e0677db4b1f1c53081827538760e515da6ea0aaeac5a7336add8c68d595e7d66cbd88637142b16e3d20dd68e91fa0c54bc4e01fff40db8b8b8f4ef17587bca7bab93ae69", 0x6e, 0xfffffffffffffffa)
keyctl$dh_compute(0x17, &(0x7f00000002c0)={r1, r9, r10}, &(0x7f0000000340)=""/106, 0x6a, &(0x7f0000000400)={&(0x7f00000003c0)={'sha512-avx2\x00'}})

1m18.111240487s ago: executing program 5 (id=4813):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x1b, {0x4e22, 0x4e23}}]}, 0x24}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100000a0900010073797a30000000000900030073797a300000000060000000060a010400000000000000000100000008000b4000000000300004802c00018008000100636d7000200002800c00038005000100fa000000080002b7d151f60008000140000000100900010073797a30"], 0xd4}}, 0x0)

1m17.805885748s ago: executing program 7 (id=4814):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_io_uring_setup(0x6b0c, &(0x7f00000000c0)={0x0, 0xf6ad, 0x10000, 0x8000, 0x245}, &(0x7f0000000080), &(0x7f0000000040))
io_uring_enter(r3, 0xd44, 0x44c1, 0x7, 0x0, 0x0)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f00000001c0)={r2}, 0x1)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
socket(0x2b, 0x1, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x7}], 0x1, 0x40800)
recvmmsg$unix(r5, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000008c0)=""/147, 0x93}, {&(0x7f0000000980)=""/225, 0xe1}, {&(0x7f0000000a80)=""/16, 0x10}, {&(0x7f0000004880)=""/141, 0x8d}], 0x4}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000c80)=""/166, 0xa6}, {&(0x7f0000000d40)=""/81, 0x51}], 0x2}}, {{0x0, 0x0, &(0x7f0000003480)=[{&(0x7f0000000300)=""/47, 0x2f}, {&(0x7f0000002f40)=""/115, 0x73}, {&(0x7f0000002fc0)=""/241, 0xf1}, {&(0x7f00000030c0)=""/94, 0x5e}, {&(0x7f0000003140)=""/207, 0xcf}, {&(0x7f0000003240)=""/247, 0xf7}, {&(0x7f0000003340)=""/181, 0xb5}], 0x7}}, {{0x0, 0x0, &(0x7f00000038c0)=[{&(0x7f0000003600)=""/72, 0x48}, {&(0x7f0000003680)=""/235, 0xeb}, {&(0x7f0000003780)=""/28, 0x1c}, {&(0x7f00000037c0)=""/222, 0xde}], 0x4}}], 0x5, 0x41, 0x0)
recvmsg(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'veth1_to_hsr\x00', <r6=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x2000, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe315}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x3c}}, 0x820)

1m17.785719592s ago: executing program 6 (id=4815):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x40000001, 0x10000, 0x4, 0x400002})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x6, 0x1, 0xfa11, 0xffffffff}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000200)="9c30fb4d", 0x4}], 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xf81c2, 0x0)
semop(0x0, &(0x7f0000000100)=[{0x0, 0xec7b, 0x1000}], 0x1)
rt_sigprocmask(0x2, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
r5 = gettid()
r6 = getpid()
rt_tgsigqueueinfo(r6, r5, 0xd, &(0x7f0000000140)={0x22, 0x5, 0x202})
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x8)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9)
copy_file_range(r8, 0x0, r7, &(0x7f0000000100), 0x8, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r9 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001240)=@newtfilter={0x144, 0x2c, 0x2, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r10, {0xa, 0xa}, {0x0, 0xffe0}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x114, 0x2, [@TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0x3, 0xb}}, @TCA_FLOW_EMATCHES={0xd4, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x10}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x68}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0xa8, 0x2, 0x0, 0x1, [@TCF_EM_META={0x54, 0x2, 0x0, 0x0, {{0x38, 0x4, 0xc9b}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x8}, {0xb5, 0x1}}}, @TCA_EM_META_RVALUE={0x7, 0x3, [@TCF_META_TYPE_VAR="97", @TCF_META_TYPE_VAR="dbe0"]}, @TCA_EM_META_LVALUE={0x31, 0x2, [@TCF_META_TYPE_VAR="874e7a256588eaad85", @TCF_META_TYPE_VAR="6e61ea7c", @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR='f', @TCF_META_TYPE_VAR="f9829198", @TCF_META_TYPE_VAR="d165ef", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="a6960705cd31ea1f", @TCF_META_TYPE_INT]}]}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x0, 0x3, 0x5d2}, {0x6, 0x46f1, 0x5, 0xfffffffe}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x13, 0x3, 0x1}, {0x3, 0xfffffffe, 0xffff, 0x10000}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xfff4, 0x1, 0x6}, {0x0, 0x6, 0x850, 0x2, 0x4, 0x0, 0x1}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7ff}}]}]}}]}, 0x144}, 0x1, 0x0, 0x0, 0x800}, 0x2)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00, 0xa00})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0006}]})

1m17.66705166s ago: executing program 5 (id=4816):
syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0)

1m16.682571841s ago: executing program 7 (id=4821):
socket(0x1d, 0x2, 0x6)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x4, @remote, 0x528}, {0xa, 0x4e20, 0x4068d6a0, @mcast2, 0x9da}, 0xffffffffffffffff, 0x3}}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x2, 0x3, 0xf8)
sendto$unix(r2, 0x0, 0xffffffffffffff84, 0x48850, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x6, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e21, @private=0xa010102}}}, 0xa0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000018c0)=@newtfilter={0x548, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r6, {0xc, 0x5}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x518, 0x2, [@TCA_CGROUP_ACT={0x514, 0x1, [@m_vlan={0xb8, 0x2, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x81, 0x3, 0x2, 0x8, 0x4}, 0x10003}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xbd9}]}, {0x5e, 0x6, "a9d8464c5ab884a68dc47d1b7d8db6aba25e4a91e46025e86423614c3a18d4fcfb5bbd4e232ecda4479e1440815dc84c3963de18b110baef937ad63f8e30e10cd6b6dbac127777074ae19c0e01da73b900eeb103140e4ad1a3bc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0xf8, 0x17, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_TYPE={0x6, 0x5, 0x200}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}]}]}, {0xab, 0x6, "6187abd7c37c75300b7b9a3f6ee33a5045a6fc5d2986cf429c6f57c115263296944f2bf08b2f98648c11180f54cb6ad529d14624956216158d2d0c58b4965a62716e3ae85afd5fe98c3b66dd05d367e5b4af8d8ddc05f5f69ddfea87ed474cc0612add347ea26ea50e04532c521f8919854ae495683dc5fbb6e34d6002c80d8546437b3e9cb755be917480ab81687905c9abae5bc63d8c60105aa14bb4332ebecd7da9b2a7a0a9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x14c, 0x3, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x4}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7fffffff, 0x6, 0x1, 0x2, 0x1}, 0x2}}, @TCA_MPLS_TTL={0x5, 0x7, 0xfa}]}, {0xf2, 0x6, "c7e30abff9c6788ab454e08bc89bbff6d36b7979a71385ee3fcea252fa87587ff8738c3dc5476d61886dd65e78f9377a716f5a6417c0de62c791ea7165a6145205e91027e82e41f662f14289174adeecff902a9cdde068b09ecd9b8a0155969205e7bab9338dc1e5164f032cf6047c52af42d37473aea1dcff94ddd4cff2cf136b20a2ba6b70bfe49bd674aee775873952e2752b26e0c32b58e079ae72784ca2c74f730d18fd63951738ff2b1682ba69abfed92f08daf44194c345af6258c356895601e13d5a0230f241c0522069eb3689cfbf6457dbe42682e358fe1cfc60df183f574b9a55c8e87b70f47255ea"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mirred={0xf0, 0x18, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0xc2a, 0x3, 0x695, 0x4}, 0x4}}]}, {0xa1, 0x6, "1839bc91a16025c4689085e85dbab06b207cd70860e3c1bd98e9e6bdf572e952981ad3fe26a3ce96cc2e4d98d4d8368a893ccee85848732e32633e4e537aa01a54fdfa4b78db4816cd2936c6dfbf7b201c7ea216e0cec1fb33d9777ffccd157cbe0c67e9448a1eb52f08044e416617f50391d88ff4c60ebde79f07d1c8f2b936fbeb77b09ec229cb263396e5e595fcf0b7eb3ec7ce978c2ddbc9de89ca"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbedit={0x124, 0x2, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff1, 0xa}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0x97, 0x10000000, 0x9, 0x3a4}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x101}]}, {0xce, 0x6, "ae19438468275f7b62ce5c4b5fec8d01f393f4ba29c7f07b9c5b88cd1c70b26ad01791c5de5e39b600a33ea323b7ec7081233282b74722b5dac696df906c6cc995008cfb0a2773825d2af5e0864d244daa9e525f85795b10bbddb4e3441f407c0a047a7d912dfcd8fff558270a573fece0972612c4024ba1d50dd6b00a0f6bd5a2de95db1d20f366c9cf9aa755dda60ba7f8f4e7d444a848b302cd8c1b745aa66801bad633719ca16c92e13cca80abff9296171190a60160b6c142afb95522892871e66fe1a037de0497"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x548}}, 0x20040050)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r7, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000b72000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)

1m16.625487665s ago: executing program 4 (id=4822):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
syz_open_dev$vim2m(0x0, 0x3fe, 0x2)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x2)
unshare(0x20000400)
pselect6(0x32, &(0x7f0000000100)={0x0, 0x0, 0xffff, 0x2, 0x0, 0x0, 0x0, 0x400}, 0x0, &(0x7f0000000240)={0x1f, 0x3, 0x0, 0x10000000000, 0x1000000002, 0x0, 0x0, 0x6}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8101, 0x0, 0x7, 0x0, 0x3ff, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r4 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000000)=0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000300)={'batadv0\x00', <r9=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1618, 0x10fe0f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}, 0x1, 0xba01}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r10 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r10, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r10, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r10, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[], 0x18}}, 0x0)

1.9044792s ago: executing program 6 (id=4826):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="23f943a6592bb3082d03ee5dd20def7fcf9ce25f8829e8cb343b3c322e0b9c9934dc8a3e65760ca5f47b85d9164ecac436439f7ba23e16ced564fb53a1e46ffd71188d90e8f8aab639b71cbac61bc7c94e000000001c2ccec3d7f7875666f43e12f0f7fc3b295dc2bda5c5156e9590ba62f766b294dd9bc8c3c83bdad3bae8d763fd5a6deb9bd9f39e3c2b9fea0b89ce78addd9baf4ddf084892560fb34d3e64a4a05444cf7dc0689c6ba8dcc98ff55b0cc5890b9ae3d102d5b387676917ad4b87615c4d0020187dc7da6513cde1ab92f78e75b531315ad735bf7a968ce7072a9c110e95e34bea81b210a4d6058797d8cf3669ff9fb93f3a"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

1.901285585s ago: executing program 0 (id=4828):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x8, 0x1, 'udp\x00'}, @NFTA_MATCH_INFO={0xe, 0x3, "7acc6338a90000b03bd9"}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14}}, 0x90}, 0x1, 0x2400000000000000, 0x0, 0x20000000}, 0x0)

1.900823923s ago: executing program 0 (id=4829):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000000)=0x7)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x1, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x1, 0x0, &(0x7f0000001a40)})

1.900134143s ago: executing program 0 (id=4830):
io_uring_setup(0x24e7, &(0x7f0000000080)={0x0, 0xa980, 0x40, 0x2, 0x17e})
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_int(r0, 0x1, 0x2, 0x0, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1, 0x2, 0x4}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000200))
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f00000000c0), 0x4)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000b240)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x0)
recvmsg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x17}, 0xba1b474e0b1c775a)
write$binfmt_misc(r2, &(0x7f0000000040), 0xffc1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@remote, 0x8000000, 0x0, 0xff, 0x5, 0x0, 0x1}, 0x20)
syz_io_uring_setup(0x3041, &(0x7f00000002c0)={0x0, 0x3594, 0x0, 0x1003, 0x21e}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000001e00))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)

1.893698226s ago: executing program 5 (id=4831):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020200020d00000000000000000000000200080008000000fd00000000400300020001000000000000000500000000a0030006000000000002000000ac1414ff0000000000000000030005000000000002000000000000000000000000000000010004"], 0x68}, 0x1, 0x7}, 0x0)

1.891943919s ago: executing program 0 (id=4832):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffe, 0x0, 0xb4, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x2, 0x10023, 0xfffffffd, 0x0})
ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f00000000c0)=@ethtool_gfeatures})
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280800001a00000000000000000000001c00000014000000fe"], 0x28}}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x18}, 0x19}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000540)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r3, 0x0, {0x0, 0x0, 0x3}, 0xff}, 0x18)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f0000000480)={{<r4=>0x0, 0x9, 0x6, 0x25, 0x9, 0x7, 0x101, 0x4b2a, 0x8, 0xa, 0x20c80000, 0x7, 0x7fff, 0x8000000000000001}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000010e180)={0x1000, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}], 0x82, "4fc057923b810a"})
r5 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a0, 0xc000, 0x8, 0x23})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(&(0x7f0000000100)='./file0\x00', 0x1)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000240)={0x1d, r3, 0x0, {0x0, 0xf, 0x4}, 0x2}, 0x18)
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x71353bce50ef8558, 0xffffffffffffffff, 0x1})
r7 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
dup(r7)
fanotify_init(0x0, 0x0)
r8 = socket$pppoe(0x18, 0x1, 0x0)
recvfrom(r8, 0x0, 0x0, 0x2000, 0x0, 0x0)

1.891519145s ago: executing program 7 (id=4833):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000060000000000000000000a3c000000120a01021000000000000000020000200900020073797a310000000008000440000000000900010073797a3000000000080003400000000a1400000011000100"], 0x64}}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xac800000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

1.891314858s ago: executing program 5 (id=4834):
r0 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x4e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500182c00fe8000000000000000000000000000bbfe8000"/50], 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

1.886145929s ago: executing program 6 (id=4835):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000007000000324900007f00000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r0}, 0x38) (fail_nth: 2)

1.871859895s ago: executing program 4 (id=4836):
r0 = syz_open_procfs(0x0, &(0x7f0000000400)='ns\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sysinfo(&(0x7f0000000080)=""/98)
inotify_add_watch(r0, 0x0, 0x80000802)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000000904004001030000000921010000012205"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
sysinfo(&(0x7f0000000180)=""/138)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r3, &(0x7f0000001300)="92", 0x2)
ioctl$BTRFS_IOC_WAIT_SYNC(r3, 0x40089416, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_buf(r4, 0x0, 0x12, 0x0, &(0x7f0000000180))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x42, 0x5c})
move_pages(0x0, 0x4, &(0x7f0000000240)=[&(0x7f000095e000/0x2000)=nil, &(0x7f000006c000/0x3000)=nil, &(0x7f0000653000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil], 0x0, &(0x7f0000000040), 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00221200000083"], 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000140)='P')

1.675115602s ago: executing program 6 (id=4837):
connect$inet6(0xffffffffffffffff, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x84}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x5c, &(0x7f0000000600)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x22, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x22, 0x0, @gue={{0x2, 0x0, 0x0, 0x3, 0x0, @val=0x2000000}, "30b00afe4e794d9f636841e9a83a802860f9"}}}}}}}, 0x0)

1.67441572s ago: executing program 0 (id=4838):
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0xf, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000100), 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x9, 0x0, 0x7ffffdbd}]})
r4 = shmget$private(0x0, 0x4000, 0x8, &(0x7f0000755000/0x4000)=nil)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x8, 0x3)
r5 = shmat(r4, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
shmdt(r5)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
syz_emit_ethernet(0x95, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f00000001c0)={0x1, 0x1, [0xf74, 0x4e0, 0xe4b, 0xa20]})
r6 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r7 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000040)={0xf0f041, 0x8e6})
ioctl$VIDIOC_QUERYCTRL(r6, 0xc0445624, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
dup(0xffffffffffffffff)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
syz_open_dev$dvb_dvr(&(0x7f0000000240), 0x7, 0x10842)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x9}]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.59030609s ago: executing program 5 (id=4839):
r0 = socket(0x1d, 0x2, 0x6)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x4, @remote, 0x528}, {0xa, 0x4e20, 0x4068d6a0, @mcast2, 0x9da}, 0xffffffffffffffff, 0x3}}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket(0x2, 0x3, 0xf8)
sendto$unix(r4, 0x0, 0xffffffffffffff84, 0x48850, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r5 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000200)={0x6, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e21, @private=0xa010102}}}, 0xa0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x10, 0x803, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000018c0)=@newtfilter={0x548, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r9, {0xc, 0x5}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x518, 0x2, [@TCA_CGROUP_ACT={0x514, 0x1, [@m_vlan={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x81, 0x3, 0x2, 0x8, 0x4}, 0x10003}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xbd9}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0x13c, 0x17, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0xe4a6}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x9}, @IFE_META_PRIO={0x4, 0x3, @void}]}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_TYPE={0x6, 0x5, 0x200}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x1ed}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x5}]}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0xfffeffff, 0x5, 0x8001, 0x8}}}]}, {0xab, 0x6, "6187abd7c37c75300b7b9a3f6ee33a5045a6fc5d2986cf429c6f57c115263296944f2bf08b2f98648c11180f54cb6ad529d14624956216158d2d0c58b4965a62716e3ae85afd5fe98c3b66dd05d367e5b4af8d8ddc05f5f69ddfea87ed474cc0612add347ea26ea50e04532c521f8919854ae495683dc5fbb6e34d6002c80d8546437b3e9cb755be917480ab81687905c9abae5bc63d8c60105aa14bb4332ebecd7da9b2a7a0a9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x14c, 0x3, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x4}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7fffffff, 0x6, 0x1, 0x2, 0x1}, 0x2}}, @TCA_MPLS_TTL={0x5, 0x7, 0xfa}]}, {0xf2, 0x6, "c7e30abff9c6788ab454e08bc89bbff6d36b7979a71385ee3fcea252fa87587ff8738c3dc5476d61886dd65e78f9377a716f5a6417c0de62c791ea7165a6145205e91027e82e41f662f14289174adeecff902a9cdde068b09ecd9b8a0155969205e7bab9338dc1e5164f032cf6047c52af42d37473aea1dcff94ddd4cff2cf136b20a2ba6b70bfe49bd674aee775873952e2752b26e0c32b58e079ae72784ca2c74f730d18fd63951738ff2b1682ba69abfed92f08daf44194c345af6258c356895601e13d5a0230f241c0522069eb3689cfbf6457dbe42682e358fe1cfc60df183f574b9a55c8e87b70f47255ea"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mirred={0xf0, 0x18, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0xc2a, 0x3, 0x695, 0x4}, 0x4}}]}, {0xa1, 0x6, "1839bc91a16025c4689085e85dbab06b207cd70860e3c1bd98e9e6bdf572e952981ad3fe26a3ce96cc2e4d98d4d8368a893ccee85848732e32633e4e537aa01a54fdfa4b78db4816cd2936c6dfbf7b201c7ea216e0cec1fb33d9777ffccd157cbe0c67e9448a1eb52f08044e416617f50391d88ff4c60ebde79f07d1c8f2b936fbeb77b09ec229cb263396e5e595fcf0b7eb3ec7ce978c2ddbc9de89ca"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbedit={0x13c, 0x2, 0x0, 0x0, {{0xc}, {0x44, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff1, 0xa}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2d27eb32, 0x3, 0x3, 0x1d, 0x4}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0x97, 0x10000000, 0x9, 0x3a4}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x101}]}, {0xce, 0x6, "ae19438468275f7b62ce5c4b5fec8d01f393f4ba29c7f07b9c5b88cd1c70b26ad01791c5de5e39b600a33ea323b7ec7081233282b74722b5dac696df906c6cc995008cfb0a2773825d2af5e0864d244daa9e525f85795b10bbddb4e3441f407c0a047a7d912dfcd8fff558270a573fece0972612c4024ba1d50dd6b00a0f6bd5a2de95db1d20f366c9cf9aa755dda60ba7f8f4e7d444a848b302cd8c1b745aa66801bad633719ca16c92e13cca80abff9296171190a60160b6c142afb95522892871e66fe1a037de0497"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x548}}, 0x20040050)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r10, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000b72000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})

1.539581846s ago: executing program 6 (id=4840):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x141002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f00000000c0)={0xca80000000000000, 0x8080000, 0x2, 0x1f, 0xd})
r3 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r5, 0x0, 0x10000008ebc, 0x0)
splice(r4, 0x0, r7, 0x0, 0x25a5, 0x4)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x800000000000002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x3, &(0x7f0000000300)=ANY=[@ANYRESHEX=r8, @ANYRESDEC=r1, @ANYRES32=r0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x42}, 0x94)
r9 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xc0}, &(0x7f00000002c0)=<r10=>0x0, &(0x7f0000000640)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r9, 0x47bc, 0x20, 0x0, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x1f, 0x6, 0x4f8, 0x0, 0x98, 0x0, 0x258, 0x0, 0x460, 0x460, 0x460, 0x460, 0x460, 0x6, &(0x7f0000000340), {[{{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x2e}}}, {{@uncond, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x5, 0x4, 0x4, 0x1, 0x1], 0x4, 0x3}}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x7}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@DSCP={0x28}}, {{@ip={@rand_addr=0x64010101, @local, 0xff000000, 0xffffffff, 'nicvf0\x00', 'ip6tnl0\x00', {}, {}, 0x1d, 0x2, 0x1}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[0x4e24, 0x4e22], [0x4e20, 0x4e21], 0xd, 0x1, 0x0, 0x10}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0xf7, 0xf2}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0x0, 'bond_slave_0\x00', 'dummy0\x00', {0xff}, {}, 0xf6}, 0x0, 0xb8, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @inet=@rpfilter={{0x28}, {0x9}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x2, 0x3, 0x0, 0x1, 0x2, 0x2], 0x4, 0x6}, {0x3, [0x1, 0x6, 0x2, 0x1, 0x5, 0x6], 0x2, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x558)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x10003, 0x2, 0xc000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
write$P9_RREADLINK(r5, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000003c0)={0x3, 0x0, [{0x9fe, 0x0, 0x8001}, {0x317, 0x0, 0x8}, {0x4aa, 0x0, 0x100000002}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000005c0)={0x1, 0x0, [{0x40000084, 0x0, 0x39}]})
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)

798.104495ms ago: executing program 7 (id=4841):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000007000000324900007f00000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0xca, r0}, 0x38)

711.739832ms ago: executing program 0 (id=4842):
socket(0x1d, 0x2, 0x6)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x4, @remote, 0x528}, {0xa, 0x4e20, 0x4068d6a0, @mcast2, 0x9da}, 0xffffffffffffffff, 0x3}}, 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x2, 0x3, 0xf8)
sendto$unix(r2, 0x0, 0xffffffffffffff84, 0x48850, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x6, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e21, @private=0xa010102}}}, 0xa0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000018c0)=@newtfilter={0x54c, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r6, {0xc, 0x5}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x51c, 0x2, [@TCA_CGROUP_ACT={0x518, 0x1, [@m_vlan={0xb8, 0x2, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x81, 0x3, 0x2, 0x8, 0x4}, 0x10003}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xbd9}]}, {0x5e, 0x6, "a9d8464c5ab884a68dc47d1b7d8db6aba25e4a91e46025e86423614c3a18d4fcfb5bbd4e232ecda4479e1440815dc84c3963de18b110baef937ad63f8e30e10cd6b6dbac127777074ae19c0e01da73b900eeb103140e4ad1a3bc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0xfc, 0x17, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x4}, @TCA_IFE_METALST={0x4}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_TYPE={0x6, 0x5, 0x200}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}]}]}, {0xab, 0x6, "6187abd7c37c75300b7b9a3f6ee33a5045a6fc5d2986cf429c6f57c115263296944f2bf08b2f98648c11180f54cb6ad529d14624956216158d2d0c58b4965a62716e3ae85afd5fe98c3b66dd05d367e5b4af8d8ddc05f5f69ddfea87ed474cc0612add347ea26ea50e04532c521f8919854ae495683dc5fbb6e34d6002c80d8546437b3e9cb755be917480ab81687905c9abae5bc63d8c60105aa14bb4332ebecd7da9b2a7a0a9"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_mpls={0x14c, 0x3, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_TTL={0x5, 0x7, 0x4}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x7fffffff, 0x6, 0x1, 0x2, 0x1}, 0x2}}, @TCA_MPLS_TTL={0x5, 0x7, 0xfa}]}, {0xf2, 0x6, "c7e30abff9c6788ab454e08bc89bbff6d36b7979a71385ee3fcea252fa87587ff8738c3dc5476d61886dd65e78f9377a716f5a6417c0de62c791ea7165a6145205e91027e82e41f662f14289174adeecff902a9cdde068b09ecd9b8a0155969205e7bab9338dc1e5164f032cf6047c52af42d37473aea1dcff94ddd4cff2cf136b20a2ba6b70bfe49bd674aee775873952e2752b26e0c32b58e079ae72784ca2c74f730d18fd63951738ff2b1682ba69abfed92f08daf44194c345af6258c356895601e13d5a0230f241c0522069eb3689cfbf6457dbe42682e358fe1cfc60df183f574b9a55c8e87b70f47255ea"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_mirred={0xf0, 0x18, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0xc2a, 0x3, 0x695, 0x4}, 0x4}}]}, {0xa1, 0x6, "1839bc91a16025c4689085e85dbab06b207cd70860e3c1bd98e9e6bdf572e952981ad3fe26a3ce96cc2e4d98d4d8368a893ccee85848732e32633e4e537aa01a54fdfa4b78db4816cd2936c6dfbf7b201c7ea216e0cec1fb33d9777ffccd157cbe0c67e9448a1eb52f08044e416617f50391d88ff4c60ebde79f07d1c8f2b936fbeb77b09ec229cb263396e5e595fcf0b7eb3ec7ce978c2ddbc9de89ca"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbedit={0x124, 0x2, 0x0, 0x0, {{0xc}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff1, 0xa}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0x97, 0x10000000, 0x9, 0x3a4}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x101}]}, {0xce, 0x6, "ae19438468275f7b62ce5c4b5fec8d01f393f4ba29c7f07b9c5b88cd1c70b26ad01791c5de5e39b600a33ea323b7ec7081233282b74722b5dac696df906c6cc995008cfb0a2773825d2af5e0864d244daa9e525f85795b10bbddb4e3441f407c0a047a7d912dfcd8fff558270a573fece0972612c4024ba1d50dd6b00a0f6bd5a2de95db1d20f366c9cf9aa755dda60ba7f8f4e7d444a848b302cd8c1b745aa66801bad633719ca16c92e13cca80abff9296171190a60160b6c142afb95522892871e66fe1a037de0497"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x54c}}, 0x20040050)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r7, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000b72000/0x400000)=nil, 0x400000}, 0x1})
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)

293.395468ms ago: executing program 7 (id=4843):
io_uring_setup(0x24e7, &(0x7f0000000080)={0x0, 0xa980, 0x40, 0x2, 0x17e})
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_int(r0, 0x1, 0x2, 0x0, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1, 0x2, 0x4}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r1, 0x80e85411, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000200))
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f00000000c0), 0x4)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000b240)=ANY=[@ANYBLOB="140000002e00f10326"], 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x0)
recvmsg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x17}, 0xba1b474e0b1c775a)
write$binfmt_misc(r2, &(0x7f0000000040), 0xffc1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@remote, 0x8000000, 0x0, 0xff, 0x5, 0x0, 0x1}, 0x20)
syz_io_uring_setup(0x3041, &(0x7f00000002c0)={0x0, 0x3594, 0x0, 0x1003, 0x21e}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000001e00))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)

0s ago: executing program 7 (id=4844):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$isdn(0x22, 0x3, 0x26)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x20, 0xffffffff}, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x15)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r2, &(0x7f0000000800)={'syz0\x00', {0x2, 0x10, 0x2, 0x4}, 0xf, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x20, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x1, 0x0, 0x0, 0x0, 0x2000, 0xfa, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x6, 0x5f1, 0x6], [0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x80, 0x8000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x200, 0x7, 0xfffffffc, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0xfffffffd, 0x4000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x4000000, 0x0, 0x1, 0x4, 0x1000, 0x80, 0x0, 0x200, 0x0, 0xffffffff, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x4, 0x0, 0x6, 0x1, 0x0, 0xbda6, 0xe, 0x0, 0x0, 0xfffffffd, 0xffffffff, 0x0, 0x20, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0xff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5cb9, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="280000001400090a0000000000000000021f4800", @ANYRES32=r5, @ANYBLOB="08000200e4d4c21e080008004c06"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x1000000, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r6, 0x0, 0x0, 0x0)
shutdown(r6, 0x1)
getsockopt$bt_hci(r6, 0x84, 0x80, &(0x7f00000010c0)=""/4111, &(0x7f0000000000)=0x100f)
ioctl$UI_DEV_CREATE(r2, 0x5501)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socket(0x28, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x18}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)

kernel console output (not intermixed with test programs):

[ 1434.629721][T23229] name failslab, interval 1, probability 0, space 0, times 0
[ 1434.696929][T23229] CPU: 0 UID: 0 PID: 23229 Comm: syz.6.4375 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1434.696967][T23229] Tainted: [L]=SOFTLOCKUP
[ 1434.696975][T23229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1434.696988][T23229] Call Trace:
[ 1434.697002][T23229]  <TASK>
[ 1434.697012][T23229]  dump_stack_lvl+0xe8/0x150
[ 1434.697058][T23229]  should_fail_ex+0x412/0x560
[ 1434.697097][T23229]  should_failslab+0xa8/0x100
[ 1434.697129][T23229]  __kmalloc_node_track_caller_noprof+0xeb/0x7b0
[ 1434.697162][T23229]  ? kasprintf+0xe2/0x140
[ 1434.697193][T23229]  kvasprintf+0xeb/0x1a0
[ 1434.697221][T23229]  ? __pfx_kvasprintf+0x10/0x10
[ 1434.697251][T23229]  ? kasan_save_stack+0x4d/0x60
[ 1434.697388][T23229]  kasprintf+0xe2/0x140
[ 1434.697414][T23229]  ? do_syscall_64+0x14d/0xf80
[ 1434.697438][T23229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1434.697467][T23229]  ? __pfx_kasprintf+0x10/0x10
[ 1434.697494][T23229]  ? __lock_acquire+0x6b5/0x2cf0
[ 1434.697526][T23229]  ? __pfx_input_devnode+0x10/0x10
[ 1434.697558][T23229]  device_get_devnode+0x16b/0x2a0
[ 1434.697616][T23229]  devtmpfs_delete_node+0xf8/0x230
[ 1434.697649][T23229]  ? __pfx_devtmpfs_delete_node+0x10/0x10
[ 1434.697704][T23229]  ? __pfx_klist_children_put+0x10/0x10
[ 1434.697745][T23229]  ? _raw_spin_unlock+0x28/0x50
[ 1434.697766][T23229]  ? klist_del+0xc7/0x110
[ 1434.697795][T23229]  device_del+0x2ce/0x8f0
[ 1434.697838][T23229]  ? __pfx_device_del+0x10/0x10
[ 1434.697884][T23229]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1434.697909][T23229]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1434.697940][T23229]  cdev_device_del+0x27/0xf0
[ 1434.697970][T23229]  evdev_disconnect+0x4c/0xb0
[ 1434.698004][T23229]  __input_unregister_device+0x3a3/0x640
[ 1434.698040][T23229]  input_unregister_device+0x9b/0x100
[ 1434.698070][T23229]  uinput_destroy_device+0x6c1/0x8c0
[ 1434.698100][T23229]  uinput_ioctl_handler+0x73c/0x14a0
[ 1434.698131][T23229]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[ 1434.698167][T23229]  ? __fget_files+0x2a/0x420
[ 1434.698202][T23229]  ? __fget_files+0x3a0/0x420
[ 1434.698241][T23229]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1434.698272][T23229]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1434.698297][T23229]  __se_sys_ioctl+0xfc/0x170
[ 1434.698328][T23229]  do_syscall_64+0x14d/0xf80
[ 1434.698352][T23229]  ? trace_irq_disable+0x3b/0x150
[ 1434.698386][T23229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1434.698409][T23229]  ? clear_bhb_loop+0x40/0x90
[ 1434.698437][T23229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1434.698461][T23229] RIP: 0033:0x7f1c4d39c799
[ 1434.698484][T23229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1434.698505][T23229] RSP: 002b:00007f1c4e20f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1434.698531][T23229] RAX: ffffffffffffffda RBX: 00007f1c4d616090 RCX: 00007f1c4d39c799
[ 1434.698549][T23229] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003
[ 1434.698563][T23229] RBP: 00007f1c4e20f090 R08: 0000000000000000 R09: 0000000000000000
[ 1434.698578][T23229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1434.698593][T23229] R13: 00007f1c4d616128 R14: 00007f1c4d616090 R15: 00007f1c4d73fa48
[ 1434.698705][T23229]  </TASK>
[ 1435.180479][T23233] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4378'.
[ 1435.586463][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 1435.737274][    T9] usb 5-1: Using ep0 maxpacket: 8
[ 1435.759399][    T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1435.771462][    T9] usb 5-1: config 179 has no interface number 0
[ 1435.801184][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1435.850730][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1435.890229][    T9] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1435.940127][    T9] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1435.984567][    T9] usb 5-1: config 179 interface 65 has no altsetting 0
[ 1436.029155][    T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1436.060720][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1437.524080][T23275] netlink: 76 bytes leftover after parsing attributes in process `syz.6.4388'.
[ 1437.772580][T23279] FAULT_INJECTION: forcing a failure.
[ 1437.772580][T23279] name failslab, interval 1, probability 0, space 0, times 0
[ 1437.818708][T23279] CPU: 0 UID: 0 PID: 23279 Comm: syz.6.4390 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1437.818736][T23279] Tainted: [L]=SOFTLOCKUP
[ 1437.818742][T23279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1437.818752][T23279] Call Trace:
[ 1437.818759][T23279]  <TASK>
[ 1437.818766][T23279]  dump_stack_lvl+0xe8/0x150
[ 1437.818793][T23279]  should_fail_ex+0x412/0x560
[ 1437.818821][T23279]  should_failslab+0xa8/0x100
[ 1437.818843][T23279]  __kmalloc_cache_noprof+0x88/0x660
[ 1437.818861][T23279]  ? nft_pernet+0x23/0x240
[ 1437.818882][T23279]  ? nf_tables_newtable+0x435/0x1910
[ 1437.818929][T23279]  nf_tables_newtable+0x435/0x1910
[ 1437.818956][T23279]  ? nfnl_pernet+0x12/0x240
[ 1437.819009][T23279]  nfnetlink_rcv+0x1240/0x27b0
[ 1437.819069][T23279]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1437.819103][T23279]  ? ref_tracker_free+0x693/0x840
[ 1437.819146][T23279]  ? __netlink_deliver_tap+0x807/0x850
[ 1437.819171][T23279]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1437.819206][T23279]  netlink_unicast+0x80f/0x9b0
[ 1437.819234][T23279]  ? __pfx_netlink_unicast+0x10/0x10
[ 1437.819257][T23279]  ? netlink_sendmsg+0x650/0xb40
[ 1437.819270][T23279]  ? skb_put+0x11b/0x210
[ 1437.819289][T23279]  netlink_sendmsg+0x813/0xb40
[ 1437.819311][T23279]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1437.819328][T23279]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1437.819353][T23279]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1437.819374][T23279]  ____sys_sendmsg+0x972/0x9f0
[ 1437.819399][T23279]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1437.819424][T23279]  ? import_iovec+0x73/0xa0
[ 1437.819444][T23279]  ___sys_sendmsg+0x2a5/0x360
[ 1437.819465][T23279]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1437.819538][T23279]  ? __fget_files+0x2a/0x420
[ 1437.819573][T23279]  ? __fget_files+0x3a0/0x420
[ 1437.819619][T23279]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1437.819649][T23279]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1437.819674][T23279]  ? __pfx_ksys_write+0x10/0x10
[ 1437.819700][T23279]  do_syscall_64+0x14d/0xf80
[ 1437.819718][T23279]  ? trace_irq_disable+0x3b/0x150
[ 1437.819742][T23279]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.819757][T23279]  ? clear_bhb_loop+0x40/0x90
[ 1437.819776][T23279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.819792][T23279] RIP: 0033:0x7f1c4d39c799
[ 1437.819807][T23279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1437.819820][T23279] RSP: 002b:00007f1c4e230028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1437.819837][T23279] RAX: ffffffffffffffda RBX: 00007f1c4d615fa0 RCX: 00007f1c4d39c799
[ 1437.819849][T23279] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[ 1437.819858][T23279] RBP: 00007f1c4e230090 R08: 0000000000000000 R09: 0000000000000000
[ 1437.819868][T23279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1437.819879][T23279] R13: 00007f1c4d616038 R14: 00007f1c4d615fa0 R15: 00007f1c4d73fa48
[ 1437.819903][T23279]  </TASK>
[ 1438.522088][T11343] usb 5-1: USB disconnect, device number 2
[ 1438.739488][T23288] bond5: option tlb_dynamic_lb: invalid value (16)
[ 1438.759390][T23288] bond5 (unregistering): Released all slaves
[ 1438.844073][T23295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4395'.
[ 1439.138325][T23304] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4397'.
[ 1439.553109][T23315] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4401'.
[ 1439.562411][T23315] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4401'.
[ 1440.267247][T23319] netlink: 76 bytes leftover after parsing attributes in process `syz.6.4401'.
[ 1440.626523][ T5920] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1440.778066][ T5920] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1440.788893][ T5920] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice= 0.03
[ 1440.855365][T23328] netlink: 'syz.7.4404': attribute type 7 has an invalid length.
[ 1440.924290][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1441.027498][ T5920] usb 5-1: config 0 descriptor??
[ 1441.062257][ T5920] pwc: Askey VC010 type 2 USB webcam detected.
[ 1441.240067][ T5920] pwc: send_video_command error -71
[ 1441.245879][ T5920] pwc: Failed to set video mode CIF@30 fps; return code = -71
[ 1441.271360][T23333] netlink: 'syz.6.4407': attribute type 4 has an invalid length.
[ 1441.327783][ T5920] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[ 1441.383808][ T5920] usb 5-1: USB disconnect, device number 3
[ 1441.645338][T23339] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4410'.
[ 1441.718809][   T24] usb 7-1: new high-speed USB device number 79 using dummy_hcd
[ 1441.896175][   T24] usb 7-1: Using ep0 maxpacket: 16
[ 1441.913590][   T24] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1441.923756][   T24] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 1441.936188][   T24] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1441.965928][   T24] usb 7-1: too many endpoints for config 1 interface 1 altsetting 0: 143, using maximum allowed: 30
[ 1442.007506][   T24] usb 7-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 143
[ 1442.044111][   T24] usb 7-1: New USB device found, idVendor=0e41, idProduct=4249, bcdDevice= 0.40
[ 1442.063736][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1442.108620][   T24] usb 7-1: Product: syz
[ 1442.118002][   T24] usb 7-1: Manufacturer: syz
[ 1442.126532][   T24] usb 7-1: SerialNumber: syz
[ 1442.330867][ T5920] usb 6-1: new high-speed USB device number 124 using dummy_hcd
[ 1442.353355][T23337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1442.368603][T23337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1442.434556][   T24] usb 7-1: 2:0: failed to get current value for ch 0 (-71)
[ 1442.473021][   T24] usb 7-1: unit 7 not found!
[ 1442.554267][ T5920] usb 6-1: device descriptor read/64, error -71
[ 1442.670979][   T24] usb 7-1: USB disconnect, device number 79
[ 1443.186208][ T5920] usb 6-1: new high-speed USB device number 125 using dummy_hcd
[ 1443.316222][ T5920] usb 6-1: device descriptor read/64, error -71
[ 1443.428066][ T5920] usb usb6-port1: attempt power cycle
[ 1443.766316][T23361] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4418'.
[ 1443.806375][ T5920] usb 6-1: new high-speed USB device number 126 using dummy_hcd
[ 1443.837090][ T5920] usb 6-1: device descriptor read/8, error -71
[ 1443.879306][T23361] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4418'.
[ 1444.093143][ T5920] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[ 1444.167090][ T5920] usb 6-1: device descriptor read/8, error -71
[ 1444.286078][ T5920] usb usb6-port1: unable to enumerate USB device
[ 1446.273902][T23397] input: syz0 as /devices/virtual/input/input104
[ 1446.307353][T23398] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.4430'.
[ 1446.418042][T23397] use of bytesused == 0 is deprecated and will be removed in the future,
[ 1446.427104][T23397] use the actual size instead.
[ 1446.514183][ T5920] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[ 1446.696278][ T5920] usb 1-1: Using ep0 maxpacket: 32
[ 1446.805154][ T5920] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[ 1446.878386][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1446.897395][T23404] netlink: 'syz.6.4431': attribute type 1 has an invalid length.
[ 1446.948637][ T5920] usb 1-1: config 0 descriptor??
[ 1446.971098][ T5920] as10x_usb: device has been detected
[ 1446.978136][ T5920] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[ 1447.011347][ T5920] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[ 1447.056375][T23404] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1447.104000][T23410] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4433'.
[ 1447.114119][ T5920] as10x_usb: error during firmware upload part1
[ 1447.133528][ T5920] Registered device nBox DVB-T Dongle
[ 1447.255800][    T9] usb 1-1: USB disconnect, device number 39
[ 1447.286434][T23407] vlan3: entered allmulticast mode
[ 1447.316221][T23407] bond5: entered allmulticast mode
[ 1447.354289][    T9] Unregistered device nBox DVB-T Dongle
[ 1447.365807][    T9] as10x_usb: device has been disconnected
[ 1447.400943][T23409] bond5: (slave geneve3): making interface the new active one
[ 1447.459257][T23409] geneve3: entered allmulticast mode
[ 1447.473503][T23394] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1447.505298][T23409] bond5: (slave geneve3): Enslaving as an active interface with an up link
[ 1447.653227][T23412] syzkaller0: entered promiscuous mode
[ 1447.666498][T23412] syzkaller0: entered allmulticast mode
[ 1449.632815][T23449] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1449.813000][T23452] netlink: 76 bytes leftover after parsing attributes in process `syz.0.4446'.
[ 1451.170585][    T9] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[ 1451.345725][    T9] usb 1-1: device descriptor read/64, error -71
[ 1451.732027][    T9] usb 1-1: new low-speed USB device number 41 using dummy_hcd
[ 1451.888590][    T9] usb 1-1: device descriptor read/64, error -71
[ 1452.053858][    T9] usb usb1-port1: attempt power cycle
[ 1452.137522][T21256] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[ 1452.317123][T21256] usb 6-1: not running at top speed; connect to a high speed hub
[ 1452.342739][T21256] usb 6-1: config 95 has an invalid interface number: 1 but max is 0
[ 1452.371693][T21256] usb 6-1: config 95 has no interface number 0
[ 1452.407423][T21256] usb 6-1: config 95 interface 1 has no altsetting 0
[ 1452.470258][    T9] usb 1-1: new low-speed USB device number 42 using dummy_hcd
[ 1452.489424][T21256] usb 6-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[ 1452.499245][T21256] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1452.531694][T21256] usb 6-1: Product: syz
[ 1452.536010][T21256] usb 6-1: Manufacturer: syz
[ 1452.547076][    T9] usb 1-1: device descriptor read/8, error -71
[ 1452.561595][T21256] usb 6-1: SerialNumber: syz
[ 1452.822356][    T9] usb 1-1: new low-speed USB device number 43 using dummy_hcd
[ 1452.884721][    T9] usb 1-1: device descriptor read/8, error -71
[ 1452.902445][T23472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1452.911930][T23472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1453.048748][    T9] usb usb1-port1: unable to enumerate USB device
[ 1453.590123][T23480] FAULT_INJECTION: forcing a failure.
[ 1453.590123][T23480] name failslab, interval 1, probability 0, space 0, times 0
[ 1453.603292][T23480] CPU: 0 UID: 0 PID: 23480 Comm: syz.4.4453 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1453.603326][T23480] Tainted: [L]=SOFTLOCKUP
[ 1453.603336][T23480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1453.603350][T23480] Call Trace:
[ 1453.603360][T23480]  <TASK>
[ 1453.603370][T23480]  dump_stack_lvl+0xe8/0x150
[ 1453.603407][T23480]  should_fail_ex+0x412/0x560
[ 1453.603446][T23480]  should_failslab+0xa8/0x100
[ 1453.603478][T23480]  __kmalloc_noprof+0xe8/0x760
[ 1453.603505][T23480]  ? io_cache_alloc_new+0x40/0x100
[ 1453.603538][T23480]  ? __io_alloc_req_refill+0x2a7/0x360
[ 1453.603574][T23480]  io_cache_alloc_new+0x40/0x100
[ 1453.603610][T23480]  io_msg_alloc_async+0x212/0x380
[ 1453.603645][T23480]  io_sendmsg_prep+0x344/0x5f0
[ 1453.603684][T23480]  io_submit_sqes+0xb6d/0x2400
[ 1453.603743][T23480]  __se_sys_io_uring_enter+0x2cc/0x18c0
[ 1453.603771][T23480]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1453.603815][T23480]  ? __fget_files+0x3a0/0x420
[ 1453.603852][T23480]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1453.603884][T23480]  ? fput+0xa0/0xd0
[ 1453.603917][T23480]  ? ksys_write+0x242/0x270
[ 1453.603945][T23480]  ? __pfx_ksys_write+0x10/0x10
[ 1453.603976][T23480]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1453.604004][T23480]  do_syscall_64+0x14d/0xf80
[ 1453.604031][T23480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1453.604054][T23480]  ? clear_bhb_loop+0x40/0x90
[ 1453.604082][T23480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1453.604105][T23480] RIP: 0033:0x7fc18f59c799
[ 1453.604126][T23480] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1453.604147][T23480] RSP: 002b:00007fc190434028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1453.604171][T23480] RAX: ffffffffffffffda RBX: 00007fc18f816180 RCX: 00007fc18f59c799
[ 1453.604188][T23480] RDX: 0000000000000000 RSI: 0000000000003516 RDI: 0000000000000006
[ 1453.604202][T23480] RBP: 00007fc190434090 R08: 0000000000000000 R09: 0000000000000000
[ 1453.604216][T23480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1453.604230][T23480] R13: 00007fc18f816218 R14: 00007fc18f816180 R15: 00007fc18f93fa48
[ 1453.604265][T23480]  </TASK>
[ 1454.122135][T21256] usb 6-1: USB disconnect, device number 2
[ 1454.162035][T23482] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.4455'.
[ 1454.436635][T12475] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[ 1454.626553][ T5920] usb 7-1: new high-speed USB device number 80 using dummy_hcd
[ 1454.634800][T12475] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1454.670112][T12475] usb 1-1: config 0 has no interfaces?
[ 1454.713623][T12475] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1454.728206][T12475] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1454.743900][T12475] usb 1-1: Product: syz
[ 1454.752952][T12475] usb 1-1: Manufacturer: syz
[ 1454.757804][T23490] veth1_to_bond: entered allmulticast mode
[ 1454.759687][T12475] usb 1-1: SerialNumber: syz
[ 1454.801059][T12475] usb 1-1: config 0 descriptor??
[ 1454.826977][ T5920] usb 7-1: Using ep0 maxpacket: 8
[ 1454.847406][ T5920] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[ 1454.855545][ T5920] usb 7-1: config 0 has no interface number 0
[ 1454.885752][T23490] bond1: option packets_per_slave: invalid value (18446744073709551615)
[ 1454.921698][ T5920] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1454.932741][T23490] bond1: option packets_per_slave: allowed values 0 - 65535
[ 1454.945173][ T5920] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1454.977849][T23490] bond1 (unregistering): Released all slaves
[ 1454.989421][ T5920] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1455.021020][T23482] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4455'.
[ 1455.037301][ T5920] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1455.072326][T23482] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4455'.
[ 1455.081835][ T5920] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1455.103199][T23492] veth1_to_bond: left allmulticast mode
[ 1455.110150][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1455.131166][T12475] usb 1-1: USB disconnect, device number 44
[ 1455.139473][ T5920] usb 7-1: config 0 descriptor??
[ 1455.173453][ T5920] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1455.351587][    T9] usb 7-1: USB disconnect, device number 80
[ 1455.387330][    T9] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[ 1455.637607][T23502] netlink: 'syz.5.4459': attribute type 1 has an invalid length.
[ 1455.645445][T23502] netlink: 'syz.5.4459': attribute type 2 has an invalid length.
[ 1455.925798][T23504] FAULT_INJECTION: forcing a failure.
[ 1455.925798][T23504] name failslab, interval 1, probability 0, space 0, times 0
[ 1455.977272][T23504] CPU: 0 UID: 0 PID: 23504 Comm: syz.0.4460 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1455.977309][T23504] Tainted: [L]=SOFTLOCKUP
[ 1455.977318][T23504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1455.977332][T23504] Call Trace:
[ 1455.977341][T23504]  <TASK>
[ 1455.977351][T23504]  dump_stack_lvl+0xe8/0x150
[ 1455.977389][T23504]  should_fail_ex+0x412/0x560
[ 1455.977426][T23504]  should_failslab+0xa8/0x100
[ 1455.977457][T23504]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1455.977482][T23504]  ? __alloc_skb+0x186/0x7d0
[ 1455.977503][T23504]  ? __alloc_skb+0x1d0/0x7d0
[ 1455.977523][T23504]  ? __local_bh_enable_ip+0xd0/0x130
[ 1455.977623][T23504]  __alloc_skb+0x1d0/0x7d0
[ 1455.977662][T23504]  ? netlink_ack_tlv_len+0x6c/0x210
[ 1455.977699][T23504]  netlink_ack+0x146/0xa50
[ 1455.977730][T23504]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1455.977772][T23504]  ? ref_tracker_free+0x693/0x840
[ 1455.977804][T23504]  ? __copy_skb_header+0xa3/0x4a0
[ 1455.977832][T23504]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1455.977863][T23504]  ? __skb_clone+0x63/0x7a0
[ 1455.977897][T23504]  netlink_rcv_skb+0x2b6/0x4b0
[ 1455.977931][T23504]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1455.977966][T23504]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1455.978011][T23504]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1455.978052][T23504]  netlink_unicast+0x80f/0x9b0
[ 1455.978092][T23504]  ? __pfx_netlink_unicast+0x10/0x10
[ 1455.978125][T23504]  ? netlink_sendmsg+0x650/0xb40
[ 1455.978145][T23504]  ? skb_put+0x11b/0x210
[ 1455.978172][T23504]  netlink_sendmsg+0x813/0xb40
[ 1455.978203][T23504]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1455.978228][T23504]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1455.978263][T23504]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1455.978293][T23504]  ____sys_sendmsg+0x972/0x9f0
[ 1455.978329][T23504]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1455.978363][T23504]  ? import_iovec+0x73/0xa0
[ 1455.978391][T23504]  ___sys_sendmsg+0x2a5/0x360
[ 1455.978424][T23504]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1455.978485][T23504]  ? __fget_files+0x2a/0x420
[ 1455.978516][T23504]  ? __fget_files+0x3a0/0x420
[ 1455.978559][T23504]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1455.978589][T23504]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1455.978626][T23504]  ? __pfx_ksys_write+0x10/0x10
[ 1455.978663][T23504]  do_syscall_64+0x14d/0xf80
[ 1455.978689][T23504]  ? trace_irq_disable+0x3b/0x150
[ 1455.978722][T23504]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1455.978752][T23504]  ? clear_bhb_loop+0x40/0x90
[ 1455.978779][T23504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1455.978802][T23504] RIP: 0033:0x7f124619c799
[ 1455.978824][T23504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1455.978843][T23504] RSP: 002b:00007f12470e0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1455.978867][T23504] RAX: ffffffffffffffda RBX: 00007f1246415fa0 RCX: 00007f124619c799
[ 1455.978884][T23504] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1455.978899][T23504] RBP: 00007f12470e0090 R08: 0000000000000000 R09: 0000000000000000
[ 1455.978913][T23504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1455.978927][T23504] R13: 00007f1246416038 R14: 00007f1246415fa0 R15: 00007f124653fa48
[ 1455.978960][T23504]  </TASK>
[ 1457.159002][T23517] xt_hashlimit: overflow, try lower: 3/0
[ 1457.413113][   T30] kauditd_printk_skb: 10 callbacks suppressed
[ 1457.413135][   T30] audit: type=1326 audit(1774392986.762:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1457.662850][   T30] audit: type=1326 audit(1774392986.762:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1458.068130][   T30] audit: type=1326 audit(1774392986.822:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1458.214175][   T30] audit: type=1326 audit(1774392986.952:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1458.467320][   T30] audit: type=1326 audit(1774392986.952:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1458.573155][T23538] FAULT_INJECTION: forcing a failure.
[ 1458.573155][T23538] name failslab, interval 1, probability 0, space 0, times 0
[ 1458.676381][T23538] CPU: 1 UID: 0 PID: 23538 Comm: syz.7.4468 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1458.676419][T23538] Tainted: [L]=SOFTLOCKUP
[ 1458.676427][T23538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1458.676441][T23538] Call Trace:
[ 1458.676450][T23538]  <TASK>
[ 1458.676460][T23538]  dump_stack_lvl+0xe8/0x150
[ 1458.676497][T23538]  should_fail_ex+0x412/0x560
[ 1458.676532][T23538]  should_failslab+0xa8/0x100
[ 1458.676562][T23538]  __kmalloc_noprof+0xe8/0x760
[ 1458.676587][T23538]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1458.676601][   T30] audit: type=1326 audit(1774392986.952:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23528 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1c4d35cfce code=0x7ffc0000
[ 1458.676624][T23538]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1458.676738][T23538]  genl_family_rcv_msg_doit+0xd9/0x330
[ 1458.676824][T23538]  ? __asan_memcpy+0x40/0x70
[ 1458.676904][T23538]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1458.677000][T23538]  ? apparmor_capable+0x126/0x170
[ 1458.677073][T23538]  ? bpf_lsm_capable+0x9/0x20
[ 1458.677149][T23538]  ? security_capable+0x7e/0x2c0
[ 1458.677248][T23538]  genl_rcv_msg+0x61c/0x7a0
[ 1458.677334][T23538]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1458.677393][T23538]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 1458.677465][T23538]  ? __lock_acquire+0x6b5/0x2cf0
[ 1458.677568][T23538]  netlink_rcv_skb+0x232/0x4b0
[ 1458.677672][T23538]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1458.677739][T23538]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1458.677878][T23538]  ? down_read+0x272/0x2e0
[ 1458.677951][T23538]  ? genl_rcv+0xd/0x40
[ 1458.678024][T23538]  genl_rcv+0x28/0x40
[ 1458.678087][T23538]  netlink_unicast+0x80f/0x9b0
[ 1458.678217][T23538]  ? __pfx_netlink_unicast+0x10/0x10
[ 1458.678317][T23538]  ? netlink_sendmsg+0x650/0xb40
[ 1458.678362][T23538]  ? skb_put+0x11b/0x210
[ 1458.678431][T23538]  netlink_sendmsg+0x813/0xb40
[ 1458.678509][T23538]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1458.678580][T23538]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1458.678672][T23538]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1458.678747][T23538]  ____sys_sendmsg+0x972/0x9f0
[ 1458.678842][T23538]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1458.678936][T23538]  ? import_iovec+0x73/0xa0
[ 1458.679012][T23538]  ___sys_sendmsg+0x2a5/0x360
[ 1458.679095][T23538]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1458.679259][T23538]  ? __fget_files+0x2a/0x420
[ 1458.679344][T23538]  ? __fget_files+0x3a0/0x420
[ 1458.679459][T23538]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1458.679550][T23538]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1458.679675][T23538]  ? __pfx_ksys_write+0x10/0x10
[ 1458.679771][T23538]  do_syscall_64+0x14d/0xf80
[ 1458.679836][T23538]  ? trace_irq_disable+0x3b/0x150
[ 1458.679921][T23538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1458.680078][T23538]  ? clear_bhb_loop+0x40/0x90
[ 1458.680185][T23538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1458.680250][T23538] RIP: 0033:0x7fb7d2f9c799
[ 1458.680313][T23538] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1458.680358][T23538] RSP: 002b:00007fb7d3ed9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1458.680422][T23538] RAX: ffffffffffffffda RBX: 00007fb7d3215fa0 RCX: 00007fb7d2f9c799
[ 1458.680466][T23538] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[ 1458.680507][T23538] RBP: 00007fb7d3ed9090 R08: 0000000000000000 R09: 0000000000000000
[ 1458.680548][T23538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1458.680590][T23538] R13: 00007fb7d3216038 R14: 00007fb7d3215fa0 R15: 00007fb7d333fa48
[ 1458.680677][T23538]  </TASK>
[ 1459.778533][T23545] input: syz1 as /devices/virtual/input/input105
[ 1459.927994][   T30] audit: type=1326 audit(1774392987.252:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23528 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1460.004065][   T30] audit: type=1326 audit(1774392987.422:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1460.068026][   T30] audit: type=1326 audit(1774392987.482:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23522 comm="syz.6.4466" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f1c4d39c799 code=0x7ffc0000
[ 1460.809061][T23555] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4475'.
[ 1461.656223][ T5920] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1461.856148][ T5920] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1461.901780][ T5920] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1461.986462][ T5920] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1462.035045][ T5920] usb 6-1: config 0 descriptor??
[ 1462.558062][ T5920] usbhid 6-1:0.0: can't add hid device: -71
[ 1462.564623][ T5920] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1462.642582][T23573] netlink: 'syz.6.4479': attribute type 1 has an invalid length.
[ 1462.650566][T23573] netlink: 'syz.6.4479': attribute type 2 has an invalid length.
[ 1462.718801][ T5920] usb 6-1: USB disconnect, device number 3
[ 1462.976408][T23582] netlink: 'syz.0.4480': attribute type 1 has an invalid length.
[ 1462.985314][T23582] netlink: 'syz.0.4480': attribute type 2 has an invalid length.
[ 1463.332079][ T5920] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[ 1463.568966][ T5920] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1463.632038][T23586] FAULT_INJECTION: forcing a failure.
[ 1463.632038][T23586] name failslab, interval 1, probability 0, space 0, times 0
[ 1463.645317][ T5920] usb 6-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.40
[ 1463.676260][ T5920] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1463.693555][T23586] CPU: 1 UID: 0 PID: 23586 Comm: syz.4.4482 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1463.693582][T23586] Tainted: [L]=SOFTLOCKUP
[ 1463.693588][T23586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1463.693599][T23586] Call Trace:
[ 1463.693606][T23586]  <TASK>
[ 1463.693612][T23586]  dump_stack_lvl+0xe8/0x150
[ 1463.693639][T23586]  should_fail_ex+0x412/0x560
[ 1463.693665][T23586]  ? __d_alloc+0x37/0x6f0
[ 1463.693682][T23586]  should_failslab+0xa8/0x100
[ 1463.693704][T23586]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 1463.693728][T23586]  __d_alloc+0x37/0x6f0
[ 1463.693748][T23586]  d_alloc+0x4b/0x190
[ 1463.693762][T23586]  ? lookup_one_qstr_excl+0xc8/0x360
[ 1463.693788][T23586]  lookup_one_qstr_excl+0xdc/0x360
[ 1463.693811][T23586]  ? lookup_noperm_common+0x245/0x430
[ 1463.693837][T23586]  start_dirop+0x5c/0x90
[ 1463.693861][T23586]  simple_start_creating+0xcc/0x110
[ 1463.693876][T23586]  ? __pfx_simple_start_creating+0x10/0x10
[ 1463.693892][T23586]  ? do_raw_spin_unlock+0xf5/0x210
[ 1463.693910][T23586]  ? mntput+0x65/0xc0
[ 1463.693932][T23586]  debugfs_start_creating+0xdb/0x1a0
[ 1463.693951][T23586]  __debugfs_create_file+0x6f/0x400
[ 1463.693971][T23586]  debugfs_create_file_full+0x3f/0x60
[ 1463.693990][T23586]  ref_tracker_dir_debugfs+0x197/0x360
[ 1463.694015][T23586]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 1463.694060][T23586]  ? __kvmalloc_node_noprof+0x545/0x8a0
[ 1463.694079][T23586]  ? alloc_netdev_mqs+0xa6/0x11b0
[ 1463.694102][T23586]  ? __raw_spin_lock_init+0x45/0x100
[ 1463.694121][T23586]  alloc_netdev_mqs+0x272/0x11b0
[ 1463.694140][T23586]  ? __pfx_ip6gre_tap_setup+0x10/0x10
[ 1463.694169][T23586]  rtnl_create_link+0x31f/0xd70
[ 1463.694195][T23586]  rtnl_newlink_create+0x277/0xb70
[ 1463.694214][T23586]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1463.694238][T23586]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1463.694258][T23586]  ? __pfx___mutex_lock+0x10/0x10
[ 1463.694291][T23586]  ? ns_capable+0x89/0xe0
[ 1463.694315][T23586]  rtnl_newlink+0x1666/0x1be0
[ 1463.694342][T23586]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1463.694355][T23586]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1463.694399][T23586]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1463.694415][T23586]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1463.694442][T23586]  ? kmem_cache_free+0x187/0x630
[ 1463.694459][T23586]  ? nlmon_xmit+0xb0/0x100
[ 1463.694487][T23586]  ? __lock_acquire+0x6b5/0x2cf0
[ 1463.694512][T23586]  ? __local_bh_enable_ip+0xd0/0x130
[ 1463.694533][T23586]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1463.694550][T23586]  ? __dev_queue_xmit+0x277/0x3890
[ 1463.694568][T23586]  ? __local_bh_enable_ip+0xd0/0x130
[ 1463.694588][T23586]  ? __dev_queue_xmit+0x277/0x3890
[ 1463.694625][T23586]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1463.694640][T23586]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1463.694668][T23586]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1463.694691][T23586]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1463.694714][T23586]  ? ref_tracker_free+0x693/0x840
[ 1463.694737][T23586]  ? __copy_skb_header+0xa3/0x4a0
[ 1463.694757][T23586]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1463.694780][T23586]  ? __skb_clone+0x63/0x7a0
[ 1463.694804][T23586]  netlink_rcv_skb+0x232/0x4b0
[ 1463.694830][T23586]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1463.694855][T23586]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1463.694888][T23586]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1463.694917][T23586]  netlink_unicast+0x80f/0x9b0
[ 1463.694945][T23586]  ? __pfx_netlink_unicast+0x10/0x10
[ 1463.694969][T23586]  ? netlink_sendmsg+0x650/0xb40
[ 1463.694982][T23586]  ? skb_put+0x11b/0x210
[ 1463.695001][T23586]  netlink_sendmsg+0x813/0xb40
[ 1463.695023][T23586]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1463.695040][T23586]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1463.695065][T23586]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1463.695085][T23586]  ____sys_sendmsg+0x972/0x9f0
[ 1463.695111][T23586]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1463.695136][T23586]  ? import_iovec+0x73/0xa0
[ 1463.695156][T23586]  ___sys_sendmsg+0x2a5/0x360
[ 1463.695179][T23586]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1463.695225][T23586]  ? __fget_files+0x2a/0x420
[ 1463.695247][T23586]  ? __fget_files+0x3a0/0x420
[ 1463.695283][T23586]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1463.695304][T23586]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1463.695330][T23586]  ? __pfx_ksys_write+0x10/0x10
[ 1463.695357][T23586]  do_syscall_64+0x14d/0xf80
[ 1463.695373][T23586]  ? trace_irq_disable+0x3b/0x150
[ 1463.695397][T23586]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1463.695412][T23586]  ? clear_bhb_loop+0x40/0x90
[ 1463.695432][T23586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1463.695448][T23586] RIP: 0033:0x7fc18f59c799
[ 1463.695463][T23586] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1463.695477][T23586] RSP: 002b:00007fc190476028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1463.695494][T23586] RAX: ffffffffffffffda RBX: 00007fc18f815fa0 RCX: 00007fc18f59c799
[ 1463.695506][T23586] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1463.695516][T23586] RBP: 00007fc190476090 R08: 0000000000000000 R09: 0000000000000000
[ 1463.695526][T23586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1463.695536][T23586] R13: 00007fc18f816038 R14: 00007fc18f815fa0 R15: 00007fc18f93fa48
[ 1463.695560][T23586]  </TASK>
[ 1464.768159][ T5920] usb 6-1: config 0 descriptor??
[ 1464.790471][ T5920] input: USB Pegasus Device 0e20:0101 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input106
[ 1464.954059][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1464.964860][ T5179] usb 6-1: control msg error: -71
[ 1464.970527][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1464.973647][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1464.984617][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.003031][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.015653][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.026288][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.037069][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.047524][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.066247][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.086258][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.096862][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.107229][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.117801][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.128432][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.138929][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.156197][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.167449][    C1] usb 6-1: pegasus_irq - nonzero urb status received: -71
[ 1465.178155][    C1] usb 6-1: pegasus_irq - urb shutting down with status: -2
[ 1465.305845][ T5920] usb 6-1: USB disconnect, device number 4
[ 1466.279048][T23598] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4485'.
[ 1467.074020][T23610] netlink: 'syz.0.4487': attribute type 13 has an invalid length.
[ 1471.353781][T23654] netlink: 'syz.6.4497': attribute type 1 has an invalid length.
[ 1471.361777][T23654] netlink: 'syz.6.4497': attribute type 2 has an invalid length.
[ 1472.325528][T23662] vlan2: entered promiscuous mode
[ 1472.400143][T23668] netlink: 'syz.4.4500': attribute type 7 has an invalid length.
[ 1473.963750][T23682] openvswitch: netlink: IP tunnel dst address not specified
[ 1474.965347][T23692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4509'.
[ 1475.421278][T23698] FAULT_INJECTION: forcing a failure.
[ 1475.421278][T23698] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1475.435198][T23698] CPU: 0 UID: 0 PID: 23698 Comm: syz.5.4510 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1475.435232][T23698] Tainted: [L]=SOFTLOCKUP
[ 1475.435241][T23698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1475.435256][T23698] Call Trace:
[ 1475.435267][T23698]  <TASK>
[ 1475.435277][T23698]  dump_stack_lvl+0xe8/0x150
[ 1475.435314][T23698]  should_fail_ex+0x412/0x560
[ 1475.435352][T23698]  _copy_from_user+0x2d/0xb0
[ 1475.435380][T23698]  ___sys_sendmsg+0x1c6/0x360
[ 1475.435414][T23698]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1475.435476][T23698]  ? __fget_files+0x2a/0x420
[ 1475.435509][T23698]  ? __fget_files+0x3a0/0x420
[ 1475.435553][T23698]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1475.435591][T23698]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1475.435628][T23698]  ? __pfx_ksys_write+0x10/0x10
[ 1475.435665][T23698]  do_syscall_64+0x14d/0xf80
[ 1475.435691][T23698]  ? trace_irq_disable+0x3b/0x150
[ 1475.435724][T23698]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1475.435748][T23698]  ? clear_bhb_loop+0x40/0x90
[ 1475.435776][T23698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1475.435798][T23698] RIP: 0033:0x7fab6099c799
[ 1475.435820][T23698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1475.435840][T23698] RSP: 002b:00007fab618ec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1475.435864][T23698] RAX: ffffffffffffffda RBX: 00007fab60c16180 RCX: 00007fab6099c799
[ 1475.435881][T23698] RDX: 0000000000000004 RSI: 00002000000005c0 RDI: 000000000000000a
[ 1475.435896][T23698] RBP: 00007fab618ec090 R08: 0000000000000000 R09: 0000000000000000
[ 1475.435910][T23698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1475.435924][T23698] R13: 00007fab60c16218 R14: 00007fab60c16180 R15: 00007fab60d3fa48
[ 1475.435958][T23698]  </TASK>
[ 1476.361572][T23704] netlink: 'syz.0.4511': attribute type 1 has an invalid length.
[ 1476.372366][T23704] netlink: 'syz.0.4511': attribute type 2 has an invalid length.
[ 1477.835809][T23718] 
: renamed from bond_slave_0 (while UP)
[ 1478.009279][T23720] team_slave_0: entered promiscuous mode
[ 1478.015106][T23720] team_slave_1: entered promiscuous mode
[ 1478.026791][T23720] vlan4: entered promiscuous mode
[ 1478.031881][T23720] team0: entered promiscuous mode
[ 1478.755695][T23731] netlink: 'syz.6.4517': attribute type 1 has an invalid length.
[ 1478.763718][T23731] netlink: 'syz.6.4517': attribute type 2 has an invalid length.
[ 1479.232805][T23743] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4520'.
[ 1479.263211][T23746] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4521'.
[ 1479.275659][T23743] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1479.500507][T23748] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4523'.
[ 1480.005708][   T30] audit: type=1326 audit(1774393009.352:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23755 comm="syz.5.4526" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab6099c799 code=0x0
[ 1480.103453][T23760] hsr0: entered promiscuous mode
[ 1480.177807][T23760] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4527'.
[ 1480.364228][T23764] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4529'.
[ 1480.451782][T23764] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4529'.
[ 1480.499369][T23764] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4529'.
[ 1480.538853][T23767] netlink: 'syz.4.4528': attribute type 7 has an invalid length.
[ 1480.798279][T23771] FAULT_INJECTION: forcing a failure.
[ 1480.798279][T23771] name failslab, interval 1, probability 0, space 0, times 0
[ 1480.861943][T23771] CPU: 0 UID: 0 PID: 23771 Comm: syz.7.4530 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1480.862019][T23771] Tainted: [L]=SOFTLOCKUP
[ 1480.862030][T23771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1480.862043][T23771] Call Trace:
[ 1480.862053][T23771]  <TASK>
[ 1480.862063][T23771]  dump_stack_lvl+0xe8/0x150
[ 1480.862100][T23771]  should_fail_ex+0x412/0x560
[ 1480.862137][T23771]  should_failslab+0xa8/0x100
[ 1480.862165][T23771]  ? sk_prot_alloc+0x57/0x210
[ 1480.862190][T23771]  kmem_cache_alloc_noprof+0x87/0x650
[ 1480.862222][T23771]  sk_prot_alloc+0x57/0x210
[ 1480.862244][T23771]  ? sk_alloc+0x27/0x390
[ 1480.862269][T23771]  sk_alloc+0x3a/0x390
[ 1480.862297][T23771]  inet_create+0x7a0/0x1000
[ 1480.862326][T23771]  ? inet_create+0x9c/0x1000
[ 1480.862358][T23771]  __sock_create+0x4b2/0x9d0
[ 1480.862401][T23771]  mptcp_subflow_create_socket+0xfb/0x800
[ 1480.862435][T23771]  ? __pfx_do_ip_setsockopt+0x10/0x10
[ 1480.862463][T23771]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[ 1480.862497][T23771]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1480.862525][T23771]  __mptcp_nmpc_sk+0x155/0x790
[ 1480.862558][T23771]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[ 1480.862586][T23771]  ? mptcp_setsockopt+0xf07/0x36a0
[ 1480.862621][T23771]  ? __local_bh_enable_ip+0xd0/0x130
[ 1480.862655][T23771]  mptcp_setsockopt+0xf0f/0x36a0
[ 1480.862696][T23771]  ? __pfx_mptcp_setsockopt+0x10/0x10
[ 1480.862730][T23771]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1480.862764][T23771]  ? __fget_files+0x2a/0x420
[ 1480.862795][T23771]  ? aa_sock_opt_perm+0xff/0x1a0
[ 1480.862829][T23771]  ? sock_common_setsockopt+0x36/0xc0
[ 1480.862861][T23771]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1480.862897][T23771]  do_sock_setsockopt+0x17c/0x1b0
[ 1480.862927][T23771]  __x64_sys_setsockopt+0x13d/0x1b0
[ 1480.862958][T23771]  do_syscall_64+0x14d/0xf80
[ 1480.862990][T23771]  ? trace_irq_disable+0x3b/0x150
[ 1480.863022][T23771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1480.863045][T23771]  ? clear_bhb_loop+0x40/0x90
[ 1480.863072][T23771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1480.863095][T23771] RIP: 0033:0x7fb7d2f9c799
[ 1480.863115][T23771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1480.863135][T23771] RSP: 002b:00007fb7d3ed9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1480.863158][T23771] RAX: ffffffffffffffda RBX: 00007fb7d3215fa0 RCX: 00007fb7d2f9c799
[ 1480.863175][T23771] RDX: 0000000000000013 RSI: 0000000000000000 RDI: 0000000000000003
[ 1480.863188][T23771] RBP: 00007fb7d3ed9090 R08: 0000000000000004 R09: 0000000000000000
[ 1480.863203][T23771] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1480.863217][T23771] R13: 00007fb7d3216038 R14: 00007fb7d3215fa0 R15: 00007fb7d333fa48
[ 1480.863252][T23771]  </TASK>
[ 1481.145799][T23771] netlink: 76 bytes leftover after parsing attributes in process `syz.7.4530'.
[ 1481.156203][T23771] netlink: 'syz.7.4530': attribute type 6 has an invalid length.
[ 1481.163978][T23771] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4530'.
[ 1482.212819][T23791] FAULT_INJECTION: forcing a failure.
[ 1482.212819][T23791] name failslab, interval 1, probability 0, space 0, times 0
[ 1482.301648][T23791] CPU: 1 UID: 0 PID: 23791 Comm: syz.7.4538 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1482.301686][T23791] Tainted: [L]=SOFTLOCKUP
[ 1482.301696][T23791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1482.301710][T23791] Call Trace:
[ 1482.301719][T23791]  <TASK>
[ 1482.301729][T23791]  dump_stack_lvl+0xe8/0x150
[ 1482.301766][T23791]  should_fail_ex+0x412/0x560
[ 1482.301806][T23791]  should_failslab+0xa8/0x100
[ 1482.301837][T23791]  __kmalloc_noprof+0xe8/0x760
[ 1482.301864][T23791]  ? snd_ctl_new+0x6e/0x290
[ 1482.301897][T23791]  ? down_write+0x16d/0x200
[ 1482.301930][T23791]  snd_ctl_new+0x6e/0x290
[ 1482.301961][T23791]  snd_ctl_elem_add+0x3fd/0xa90
[ 1482.302007][T23791]  snd_ctl_ioctl+0xf4f/0x1db0
[ 1482.302037][T23791]  ? kasan_save_free_info+0x46/0x50
[ 1482.302074][T23791]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1482.302102][T23791]  ? format_decode+0xd0/0xe10
[ 1482.302137][T23791]  ? kasan_save_track+0x4f/0x80
[ 1482.302161][T23791]  ? kasan_save_track+0x3e/0x80
[ 1482.302183][T23791]  ? kasan_save_free_info+0x46/0x50
[ 1482.302263][T23791]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1482.302298][T23791]  ? tomoyo_path_number_perm+0x219/0x630
[ 1482.302334][T23791]  ? tomoyo_path_number_perm+0x219/0x630
[ 1482.302357][T23791]  ? do_vfs_ioctl+0x1166/0x1530
[ 1482.302379][T23791]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1482.302407][T23791]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1482.302440][T23791]  ? __fget_files+0x2a/0x420
[ 1482.302466][T23791]  ? __fget_files+0x2a/0x420
[ 1482.302488][T23791]  ? __fget_files+0x3a0/0x420
[ 1482.302511][T23791]  ? __fget_files+0x2a/0x420
[ 1482.302536][T23791]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1482.302557][T23791]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1482.302577][T23791]  __se_sys_ioctl+0xfc/0x170
[ 1482.302598][T23791]  do_syscall_64+0x14d/0xf80
[ 1482.302616][T23791]  ? trace_irq_disable+0x3b/0x150
[ 1482.302639][T23791]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1482.302655][T23791]  ? clear_bhb_loop+0x40/0x90
[ 1482.302674][T23791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1482.302690][T23791] RIP: 0033:0x7fb7d2f9c799
[ 1482.302705][T23791] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1482.302719][T23791] RSP: 002b:00007fb7d3ed9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1482.302735][T23791] RAX: ffffffffffffffda RBX: 00007fb7d3215fa0 RCX: 00007fb7d2f9c799
[ 1482.302747][T23791] RDX: 0000200000000040 RSI: 00000000c1105518 RDI: 0000000000000003
[ 1482.302758][T23791] RBP: 00007fb7d3ed9090 R08: 0000000000000000 R09: 0000000000000000
[ 1482.302767][T23791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1482.302777][T23791] R13: 00007fb7d3216038 R14: 00007fb7d3215fa0 R15: 00007fb7d333fa48
[ 1482.302801][T23791]  </TASK>
[ 1482.577563][ T5920] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[ 1482.736155][ T5920] usb 1-1: Using ep0 maxpacket: 8
[ 1482.757649][ T5920] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13
[ 1482.769057][ T5920] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[ 1482.778614][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1482.787857][ T5920] usb 1-1: Product: syz
[ 1482.792074][ T5920] usb 1-1: Manufacturer: syz
[ 1482.806581][ T5920] usb 1-1: SerialNumber: syz
[ 1482.814175][ T5920] usb 1-1: config 0 descriptor??
[ 1482.824759][ T5920] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[ 1483.031521][ T5920] gspca_zc3xx: reg_w_i err -71
[ 1483.251985][T23801] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4542'.
[ 1483.353537][T23803] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4542'.
[ 1483.636155][ T5920] gspca_zc3xx: Unknown sensor - set to TAS5130C
[ 1483.653820][ T5920] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1483.696185][ T5920] usb 1-1: USB disconnect, device number 45
[ 1484.236594][T18958] usb 1-1: new full-speed USB device number 46 using dummy_hcd
[ 1484.422787][T18958] usb 1-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[ 1484.438044][T18958] usb 1-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[ 1484.456190][T18958] usb 1-1: Product: syz
[ 1484.467232][T18958] usb 1-1: Manufacturer: syz
[ 1484.475471][T18958] usb 1-1: SerialNumber: syz
[ 1484.494941][T18958] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[ 1484.782473][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.788960][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.062407][T18958] vp7045: USB control message 'out' went wrong.
[ 1485.080841][T18958] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1485.104116][T18958] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[ 1485.124483][T18958] usb 1-1: USB disconnect, device number 46
[ 1485.326692][T23828] netlink: 'syz.4.4550': attribute type 1 has an invalid length.
[ 1485.334482][T23828] netlink: 'syz.4.4550': attribute type 2 has an invalid length.
[ 1485.543969][T12475] usb 7-1: new high-speed USB device number 81 using dummy_hcd
[ 1485.996559][T12475] usb 7-1: Using ep0 maxpacket: 32
[ 1486.009462][T12475] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[ 1486.026798][T12475] usb 7-1: config 0 has no interface number 0
[ 1486.058562][T12475] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1486.069257][T12475] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1486.086159][T12475] usb 7-1: Product: syz
[ 1486.125254][T12475] usb 7-1: Manufacturer: syz
[ 1486.134967][T12475] usb 7-1: SerialNumber: syz
[ 1486.149409][T12475] usb 7-1: config 0 descriptor??
[ 1486.577465][T12475] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1486.604506][T12475] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1486.877794][T23841] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4556'.
[ 1486.908378][T23841] netlink: 'syz.5.4556': attribute type 6 has an invalid length.
[ 1486.917695][T23841] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4556'.
[ 1487.253903][T23852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1487.282083][T23852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1487.475460][T12475] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[ 1487.493797][T12475] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[ 1487.502207][T18958] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1487.535485][T12475] usb 7-1: USB disconnect, device number 81
[ 1487.676779][T18958] usb 6-1: Using ep0 maxpacket: 16
[ 1487.683212][T18958] usb 6-1: too many configurations: 60, using maximum allowed: 8
[ 1487.703698][T18958] usb 6-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[ 1487.714049][T18958] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[ 1487.730534][T18958] usb 6-1: Product: syz
[ 1487.734977][T18958] usb 6-1: Manufacturer: syz
[ 1487.741777][T18958] usb 6-1: SerialNumber: syz
[ 1487.750388][T18958] usb 6-1: config 0 descriptor??
[ 1487.760487][T18958] pwc: Philips SPC 880NC USB webcam detected.
[ 1488.518899][    T9] usb 7-1: new high-speed USB device number 82 using dummy_hcd
[ 1488.697012][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 1488.711119][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 208, changing to 7
[ 1488.728563][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 18189, setting to 1024
[ 1488.744503][    T9] usb 7-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[ 1488.754330][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1488.764024][    T9] usb 7-1: Product: syz
[ 1488.772831][    T9] usb 7-1: Manufacturer: syz
[ 1488.795580][    T9] usb 7-1: SerialNumber: syz
[ 1488.820173][    T9] usb 7-1: config 0 descriptor??
[ 1488.853663][T23872] netlink: 'syz.0.4565': attribute type 1 has an invalid length.
[ 1488.861771][T23872] netlink: 'syz.0.4565': attribute type 2 has an invalid length.
[ 1488.886275][    T9] usb 7-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1489.043680][T23878] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1489.058951][T23878] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1490.026840][T12475] usb 7-1: USB disconnect, device number 82
[ 1490.046658][T17849] usb 7-1: Failed to submit usb control message: -71
[ 1490.058763][T17849] usb 7-1: unable to send the bmi data to the device: -71
[ 1490.078649][T17849] usb 7-1: unable to get target info from device
[ 1490.085098][T17849] usb 7-1: could not get target info (-71)
[ 1490.104902][T17849] usb 7-1: could not probe fw (-71)
[ 1490.124428][T23881] binder: 23880:23881 ioctl 80106720 2000000002c0 returned -22
[ 1490.249665][T18958] pwc: Warning: more than 1 configuration available.
[ 1490.279425][T18958] pwc: Failed to set LED on/off time (-71)
[ 1490.288833][T18958] pwc: send_video_command error -71
[ 1490.294165][T18958] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1490.341719][T18958] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[ 1490.373660][T23884] syzkaller0: entered promiscuous mode
[ 1490.382745][T18958] usb 6-1: USB disconnect, device number 5
[ 1490.396227][T23884] syzkaller0: entered allmulticast mode
[ 1490.558036][T23887] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4569'.
[ 1490.711459][T23892] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4571'.
[ 1490.731722][T23891] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4571'.
[ 1490.768393][T18958] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1490.926989][T18958] usb 6-1: Using ep0 maxpacket: 8
[ 1490.935113][T18958] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1490.958198][T23901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4572'.
[ 1491.070073][T18958] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1491.197015][T18958] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1491.207387][T18958] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1491.221881][T18958] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1491.231334][T18958] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1491.423453][T23909] netlink: 84 bytes leftover after parsing attributes in process `syz.6.4577'.
[ 1491.449491][T18958] usb 6-1: GET_CAPABILITIES returned 0
[ 1491.456447][T18958] usbtmc 6-1:16.0: can't read capabilities
[ 1491.845801][T11594] usb 6-1: USB disconnect, device number 6
[ 1492.266164][T11594] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1492.363175][T23917] syzkaller0: entered promiscuous mode
[ 1492.380524][T23917] syzkaller0: entered allmulticast mode
[ 1492.457377][T11594] usb 5-1: config 0 has an invalid interface number: 127 but max is 0
[ 1492.469575][T11594] usb 5-1: config 0 has no interface number 0
[ 1492.476504][T11594] usb 5-1: config 0 interface 127 has no altsetting 0
[ 1492.499542][T11594] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[ 1492.549377][T11594] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1492.617392][T11594] usb 5-1: Product: syz
[ 1492.618759][T11594] usb 5-1: Manufacturer: syz
[ 1492.626633][T11594] usb 5-1: SerialNumber: syz
[ 1492.638582][T11594] usb 5-1: config 0 descriptor??
[ 1492.698764][T11594] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 1492.714356][T11594] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1492.881205][T11594] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[ 1492.906382][T23907] digitv: more than 2 i2c messages at a time is not handled yet. TODO.
[ 1492.937814][T11594] usb 5-1: media controller created
[ 1493.001556][T11594] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1493.526572][   T24] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1493.705171][T11594] DVB: Unable to find symbol mt352_attach()
[ 1493.746786][   T24] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1493.783237][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1493.856240][   T24] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1493.896395][T11594] DVB: Unable to find symbol nxt6000_attach()
[ 1493.905842][   T24] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1493.953100][T11594] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[ 1493.972664][   T24] usb 6-1: Manufacturer: syz
[ 1494.004171][T11594] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input107
[ 1494.027015][   T24] usb 6-1: config 0 descriptor??
[ 1494.067124][T11594] dvb-usb: schedule remote query interval to 1000 msecs.
[ 1494.097737][T11594] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[ 1494.154978][T11594] dvb-usb: bulk message failed: -22 (7/0)
[ 1494.181437][T11594] dvb-usb: bulk message failed: -22 (7/0)
[ 1494.211266][   T24] rc_core: IR keymap rc-hauppauge not found
[ 1494.248098][T23926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1494.261122][   T24] Registered IR keymap rc-empty
[ 1494.272187][   T24] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1494.288702][T23926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1494.330953][   T24] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input108
[ 1494.508171][T23952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4581'.
[ 1494.576198][   T24] usb 6-1: USB disconnect, device number 7
[ 1495.176325][   T24] dvb-usb: bulk message failed: -22 (7/0)
[ 1495.190061][   T24] dvb-usb: error while querying for an remote control event.
[ 1495.426165][   T24] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[ 1495.576164][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1495.583145][   T24] usb 1-1: config 0 has an invalid interface number: 202 but max is 1
[ 1495.606208][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1495.628638][   T24] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1495.643685][   T24] usb 1-1: config 0 has no interface number 0
[ 1495.666328][   T24] usb 1-1: too many endpoints for config 0 interface 202 altsetting 87: 182, using maximum allowed: 30
[ 1495.691690][   T24] usb 1-1: config 0 interface 202 altsetting 87 endpoint 0x2 has invalid maxpacket 255, setting to 64
[ 1495.718675][   T24] usb 1-1: config 0 interface 202 altsetting 87 has 1 endpoint descriptor, different from the interface descriptor's value: 182
[ 1495.757850][   T24] usb 1-1: config 0 interface 202 has no altsetting 0
[ 1495.781726][   T24] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.2b
[ 1495.796121][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1495.813607][   T24] usb 1-1: Product: syz
[ 1495.817942][   T24] usb 1-1: Manufacturer: syz
[ 1495.822655][   T24] usb 1-1: SerialNumber: syz
[ 1495.882541][   T24] usb 1-1: config 0 descriptor??
[ 1495.915666][   T24] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1496.108336][T23976] loop2: detected capacity change from 0 to 7
[ 1496.125961][T23976]  loop2: [POWERTEC] p1 p2
[ 1496.142681][T23976] loop2: p1 size 131072 extends beyond EOD, truncated
[ 1496.167258][T23976] loop2: p2 start 16974337 is beyond EOD, truncated
[ 1496.192931][ T1150] usb 1-1: Failed to submit usb control message: -71
[ 1496.194498][T11594] usb 1-1: USB disconnect, device number 47
[ 1496.208540][ T1150] usb 1-1: unable to send the bmi data to the device: -71
[ 1496.218567][ T1150] usb 1-1: unable to get target info from device
[ 1496.225034][ T1150] usb 1-1: could not get target info (-71)
[ 1496.256852][ T1150] usb 1-1: could not probe fw (-71)
[ 1496.290950][   T24] dvb-usb: bulk message failed: -22 (7/0)
[ 1496.300831][   T24] dvb-usb: error while querying for an remote control event.
[ 1497.011760][T23989] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1497.326373][   T24] dvb-usb: bulk message failed: -22 (7/0)
[ 1497.332273][   T24] dvb-usb: error while querying for an remote control event.
[ 1498.023916][T12475] usb 5-1: USB disconnect, device number 4
[ 1498.169162][T12475] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[ 1498.261560][T23994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4590'.
[ 1498.305410][T23994] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1498.312858][T23994] IPv6: NLM_F_CREATE should be set when creating new route
[ 1498.431729][T23999] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4591'.
[ 1498.536196][T18958] usb 7-1: new high-speed USB device number 83 using dummy_hcd
[ 1498.718210][T18958] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1498.730322][T18958] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1498.780248][T18958] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1498.804982][T18958] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1498.842464][T18958] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1498.863204][T18958] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1498.885173][T18958] usb 7-1: config 0 descriptor??
[ 1499.256735][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 1499.368155][T18958] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1499.416525][    T9] usb 5-1: Using ep0 maxpacket: 16
[ 1499.424517][    T9] usb 5-1: config 0 has no interfaces?
[ 1499.433279][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1499.445694][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1499.778263][T24014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1499.818808][    T9] usb 5-1: SerialNumber: syz
[ 1499.828219][    T9] usb 5-1: config 0 descriptor??
[ 1499.837679][T24014] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1499.983821][T24014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1499.992974][T24014] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1500.042557][    T9] usb 5-1: USB disconnect, device number 5
[ 1500.126391][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[ 1501.475726][T12475] usb 7-1: USB disconnect, device number 83
[ 1502.853282][T24049] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1503.715352][T24054] netlink: 'syz.4.4606': attribute type 1 has an invalid length.
[ 1503.723357][T24054] netlink: 'syz.4.4606': attribute type 2 has an invalid length.
[ 1503.814326][T24053] syzkaller0: entered promiscuous mode
[ 1503.831516][T24053] syzkaller0: entered allmulticast mode
[ 1504.345831][T24057] syzkaller0: entered promiscuous mode
[ 1504.351618][T24057] syzkaller0: entered allmulticast mode
[ 1504.495890][T24064] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4608'.
[ 1504.509009][T24064] input: syz0 as /devices/virtual/input/input110
[ 1504.785187][T24066] netlink: 'syz.0.4609': attribute type 10 has an invalid length.
[ 1504.826286][T24066] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[ 1504.839950][T24066] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[ 1504.860644][T24066] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[ 1504.878966][T24066] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1505.175900][T24080] loop7: detected capacity change from 0 to 7
[ 1505.231842][T24081] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4613'.
[ 1505.776207][T12475] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[ 1505.909165][T24080] Dev loop7: unable to read RDB block 7
[ 1505.960021][T12475] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1505.972127][T12475] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[ 1505.996414][   T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[ 1506.004487][T24080]  loop7: unable to read partition table
[ 1506.011535][T12475] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1506.023780][T12475] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1506.163797][   T24] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[ 1506.201752][   T24] usb 1-1: config 1 has no interface number 0
[ 1506.227523][   T24] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 64
[ 1506.263394][T12475] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[ 1506.284025][   T24] usb 1-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1506.338629][   T24] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1506.380025][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1506.392019][T24080] loop7: partition table beyond EOD, truncated
[ 1506.418790][   T24] usb 1-1: Product: syz
[ 1506.419634][T12475] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1506.443915][   T24] usb 1-1: Manufacturer: syz
[ 1506.456814][T24080] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1506.476139][   T24] usb 1-1: SerialNumber: syz
[ 1506.480885][T12475] usb 5-1: Product: syz
[ 1506.540899][T24087] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1506.554410][T12475] usb 5-1: Manufacturer: syz
[ 1506.631018][T24087] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1506.643569][T12475] usb 5-1: SerialNumber: syz
[ 1506.706398][   T24] usb 1-1: Expected 3 endpoints, found: 2
[ 1506.825914][T12475] usb 5-1: config 0 descriptor??
[ 1507.288416][T24082] netlink: 'syz.4.4615': attribute type 12 has an invalid length.
[ 1507.925980][T24096] dlm: non-version read from control device 36
[ 1508.024360][T11343] usb 5-1: USB disconnect, device number 6
[ 1508.600167][T11343] usb 1-1: USB disconnect, device number 48
[ 1509.203380][T24116] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1510.488540][T24124] netlink: 'syz.5.4625': attribute type 1 has an invalid length.
[ 1510.506220][T24124] netlink: 'syz.5.4625': attribute type 2 has an invalid length.
[ 1511.216379][T11343] usb 7-1: new high-speed USB device number 84 using dummy_hcd
[ 1511.366398][T11343] usb 7-1: device descriptor read/64, error -71
[ 1511.576379][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[ 1511.646358][T11343] usb 7-1: new high-speed USB device number 85 using dummy_hcd
[ 1511.756769][    T9] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1511.765882][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1511.797552][T24136] team0: entered promiscuous mode
[ 1511.803929][    T9] usb 5-1: config 0 descriptor??
[ 1511.809214][T24136] team_slave_0: entered promiscuous mode
[ 1511.818048][T24136] team_slave_1: entered promiscuous mode
[ 1511.836227][T11343] usb 7-1: device descriptor read/64, error -71
[ 1511.845987][T24136] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1511.875522][T24136] team0: Device macvlan3 is already an upper device of the team interface
[ 1511.894965][T24136] team0: left promiscuous mode
[ 1511.903302][T24136] team_slave_0: left promiscuous mode
[ 1511.923143][T24136] team_slave_1: left promiscuous mode
[ 1511.985830][T11343] usb usb7-port1: attempt power cycle
[ 1512.047697][    T9] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1512.055302][T24140] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4631'.
[ 1512.346205][T11343] usb 7-1: new high-speed USB device number 86 using dummy_hcd
[ 1512.506355][T11343] usb 7-1: device descriptor read/8, error -71
[ 1513.036199][T11343] usb 7-1: new high-speed USB device number 87 using dummy_hcd
[ 1513.057246][T11343] usb 7-1: device descriptor read/8, error -71
[ 1513.169552][T11343] usb usb7-port1: unable to enumerate USB device
[ 1513.896267][ T5920] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 1514.059196][ T5920] usb 1-1: Using ep0 maxpacket: 16
[ 1514.067686][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1514.109803][ T5920] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1514.155829][ T5920] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1514.193645][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1514.262193][ T5920] usb 1-1: config 0 descriptor??
[ 1514.686785][T24155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1514.695822][T24155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1514.735424][T24155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1514.783240][T24155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1515.058055][T24155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1515.076882][T24155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1515.193541][ T5920] microsoft 0003:045E:07DA.0024: report is too long
[ 1515.216154][ T5920] microsoft 0003:045E:07DA.0024: item 0 4 0 8 parsing failed
[ 1515.246937][ T5920] microsoft 0003:045E:07DA.0024: parse failed
[ 1515.253188][ T5920] microsoft 0003:045E:07DA.0024: probe with driver microsoft failed with error -22
[ 1515.499094][    T9] [drm:udl_init] *ERROR* Selecting channel failed
[ 1515.520622][T24155] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1515.580371][    T9] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[ 1515.631830][    T9] [drm] Initialized udl on minor 2
[ 1515.667102][    T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1515.707249][    T9] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1515.748204][T12475] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1515.779446][    T9] usb 5-1: USB disconnect, device number 7
[ 1515.792011][T12475] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1515.815094][ T5920] usb 1-1: USB disconnect, device number 49
[ 1516.195374][T24175] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1517.050095][T24178] netlink: 'syz.0.4641': attribute type 1 has an invalid length.
[ 1517.058194][T24178] netlink: 'syz.0.4641': attribute type 2 has an invalid length.
[ 1517.215344][T24181] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4642'.
[ 1517.437254][T24167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4638'.
[ 1518.290629][T24192] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1518.322738][T24191] tipc: Disabling bearer <eth:syzkaller0>
[ 1518.456179][T12475] usb 7-1: new high-speed USB device number 88 using dummy_hcd
[ 1518.596655][T12475] usb 7-1: device descriptor read/64, error -71
[ 1518.763380][T24205] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4650'.
[ 1518.853203][T12475] usb 7-1: new high-speed USB device number 89 using dummy_hcd
[ 1518.861109][    T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 1519.007160][T12475] usb 7-1: device descriptor read/64, error -71
[ 1519.026219][    T9] usb 1-1: Using ep0 maxpacket: 16
[ 1519.037675][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1519.081576][    T9] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1519.106152][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1519.117631][T12475] usb usb7-port1: attempt power cycle
[ 1519.136162][    T9] usb 1-1: Product: syz
[ 1519.144926][    T9] usb 1-1: Manufacturer: syz
[ 1519.167154][    T9] usb 1-1: SerialNumber: syz
[ 1519.182152][    T9] usb 1-1: config 0 descriptor??
[ 1519.194405][    T9] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1519.204258][    T9] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1519.231727][    T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1519.336943][    T9] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2
[ 1519.487387][T12475] usb 7-1: new high-speed USB device number 90 using dummy_hcd
[ 1519.531258][T12475] usb 7-1: device descriptor read/8, error -71
[ 1519.819571][T12475] usb 7-1: new high-speed USB device number 91 using dummy_hcd
[ 1519.905753][T12475] usb 7-1: device descriptor read/8, error -71
[ 1520.057986][T12475] usb usb7-port1: unable to enumerate USB device
[ 1520.169606][T24221] netlink: 'syz.7.4654': attribute type 1 has an invalid length.
[ 1520.178080][T24221] netlink: 'syz.7.4654': attribute type 2 has an invalid length.
[ 1520.607177][T12475] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1520.746190][T12475] usb 5-1: device descriptor read/64, error -71
[ 1520.986202][T12475] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1521.116175][T12475] usb 5-1: device descriptor read/64, error -71
[ 1521.226626][T12475] usb usb5-port1: attempt power cycle
[ 1521.566382][T12475] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1521.587196][T12475] usb 5-1: device descriptor read/8, error -71
[ 1521.671815][T24232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1521.686709][T24232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1521.717679][T24233] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1521.836189][T12475] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1522.099964][T24235] input: syz1 as /devices/virtual/input/input112
[ 1522.147821][T12475] usb 5-1: device descriptor read/8, error -71
[ 1522.170251][T24236] FAULT_INJECTION: forcing a failure.
[ 1522.170251][T24236] name failslab, interval 1, probability 0, space 0, times 0
[ 1522.196921][T24232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1522.206653][T24236] CPU: 0 UID: 0 PID: 24236 Comm: syz.5.4660 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1522.206688][T24236] Tainted: [L]=SOFTLOCKUP
[ 1522.206697][T24236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1522.206712][T24236] Call Trace:
[ 1522.206721][T24236]  <TASK>
[ 1522.206731][T24236]  dump_stack_lvl+0xe8/0x150
[ 1522.206767][T24236]  should_fail_ex+0x412/0x560
[ 1522.206806][T24236]  should_failslab+0xa8/0x100
[ 1522.206837][T24236]  __kmalloc_noprof+0xe8/0x760
[ 1522.206874][T24236]  ? kobject_get_path+0xc5/0x2f0
[ 1522.206902][T24236]  ? __kasan_kmalloc+0x93/0xb0
[ 1522.206932][T24236]  kobject_get_path+0xc5/0x2f0
[ 1522.206962][T24236]  ? kobject_uevent_env+0x28c/0x9e0
[ 1522.206998][T24236]  kobject_uevent_env+0x2a1/0x9e0
[ 1522.207041][T24236]  device_del+0x750/0x8f0
[ 1522.207068][T24236]  ? irqentry_exit+0x59e/0x620
[ 1522.207102][T24236]  ? __pfx_device_del+0x10/0x10
[ 1522.207140][T24236]  cdev_device_del+0x27/0xf0
[ 1522.207172][T24236]  evdev_disconnect+0x4c/0xb0
[ 1522.207210][T24236]  __input_unregister_device+0x3a3/0x640
[ 1522.207249][T24236]  input_unregister_device+0x9b/0x100
[ 1522.207283][T24236]  uinput_destroy_device+0x6c1/0x8c0
[ 1522.207317][T24236]  uinput_ioctl_handler+0x73c/0x14a0
[ 1522.207350][T24236]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[ 1522.207388][T24236]  ? __fget_files+0x2a/0x420
[ 1522.207419][T24236]  ? __fget_files+0x3a0/0x420
[ 1522.207457][T24236]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1522.207487][T24236]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1522.207511][T24236]  __se_sys_ioctl+0xfc/0x170
[ 1522.207540][T24236]  do_syscall_64+0x14d/0xf80
[ 1522.207565][T24236]  ? trace_irq_disable+0x3b/0x150
[ 1522.207597][T24236]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.207621][T24236]  ? clear_bhb_loop+0x40/0x90
[ 1522.207649][T24236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.207671][T24236] RIP: 0033:0x7fab6099c799
[ 1522.207692][T24236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1522.207712][T24236] RSP: 002b:00007fab6190d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1522.207735][T24236] RAX: ffffffffffffffda RBX: 00007fab60c16090 RCX: 00007fab6099c799
[ 1522.207752][T24236] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003
[ 1522.207765][T24236] RBP: 00007fab6190d090 R08: 0000000000000000 R09: 0000000000000000
[ 1522.207779][T24236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1522.207793][T24236] R13: 00007fab60c16128 R14: 00007fab60c16090 R15: 00007fab60d3fa48
[ 1522.207829][T24236]  </TASK>
[ 1522.469276][T24232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1522.568868][T12475] usb usb5-port1: unable to enumerate USB device
[ 1523.797375][T24252] xt_SECMARK: invalid mode: 2
[ 1524.099141][T24257] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1524.188109][T24257] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1524.229413][T24259] syzkaller0: entered promiscuous mode
[ 1524.241689][T24259] syzkaller0: entered allmulticast mode
[ 1524.636180][  T798] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1524.694654][T24262] netlink: 'syz.4.4668': attribute type 1 has an invalid length.
[ 1524.706311][T24262] netlink: 'syz.4.4668': attribute type 2 has an invalid length.
[ 1524.776337][T11594] usb 7-1: new full-speed USB device number 92 using dummy_hcd
[ 1524.804894][  T798] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1524.827766][  T798] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[ 1524.858557][  T798] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.979807][T11594] usb 7-1: device descriptor read/64, error -71
[ 1524.998335][  T798] usb 6-1: config 0 descriptor??
[ 1525.027068][  T798] smsusb:smsusb_probe: board id=8, interface number 0
[ 1525.041389][T24273] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1525.066287][  T798] smsusb:smsusb_probe: Device initialized with return code -19
[ 1525.358062][ T5920] usb 1-1: USB disconnect, device number 50
[ 1525.436196][T11594] usb 7-1: new full-speed USB device number 93 using dummy_hcd
[ 1525.517719][T24276] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1525.574309][   T30] audit: type=1326 audit(1774393054.842:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6099c799 code=0x7ffc0000
[ 1525.626118][T11594] usb 7-1: device descriptor read/64, error -71
[ 1525.632673][   T30] audit: type=1326 audit(1774393054.852:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab6099c799 code=0x7ffc0000
[ 1525.684994][   T30] audit: type=1326 audit(1774393054.852:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6099c799 code=0x7ffc0000
[ 1525.737805][T11594] usb usb7-port1: attempt power cycle
[ 1525.747419][   T30] audit: type=1326 audit(1774393054.852:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab6099c799 code=0x7ffc0000
[ 1525.837141][   T30] audit: type=1326 audit(1774393054.852:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6099c799 code=0x7ffc0000
[ 1525.908682][   T30] audit: type=1326 audit(1774393054.852:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab6099e007 code=0x7ffc0000
[ 1525.985406][   T30] audit: type=1326 audit(1774393054.852:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fab6095cfce code=0x7ffc0000
[ 1526.061083][   T30] audit: type=1326 audit(1774393054.862:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fab6095cfce code=0x7ffc0000
[ 1526.086630][T11594] usb 7-1: new full-speed USB device number 94 using dummy_hcd
[ 1526.453858][T24283] program syz.4.4675 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1526.467570][T11594] usb 7-1: device descriptor read/8, error -71
[ 1526.497451][T24285] program syz.4.4675 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1526.560459][   T30] audit: type=1326 audit(1774393054.862:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fab6095cfce code=0x7ffc0000
[ 1526.688304][   T30] audit: type=1326 audit(1774393054.862:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24263 comm="syz.5.4669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fab6095cfce code=0x7ffc0000
[ 1526.716234][T11594] usb 7-1: new full-speed USB device number 95 using dummy_hcd
[ 1526.786789][T11594] usb 7-1: device descriptor read/8, error -71
[ 1526.881008][T24291] netlink: 'syz.4.4676': attribute type 7 has an invalid length.
[ 1526.926148][T11594] usb usb7-port1: unable to enumerate USB device
[ 1527.186215][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805b1ad000: rx timeout, send abort
[ 1527.586167][T11594] usb 1-1: new full-speed USB device number 51 using dummy_hcd
[ 1527.686740][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031823000: rx timeout, send abort
[ 1527.696155][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805b1ad000: abort rx timeout. Force session deactivation
[ 1527.712982][T24295] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4679'.
[ 1527.722217][T24295] netlink: 'syz.6.4679': attribute type 7 has an invalid length.
[ 1527.730150][T24295] netlink: 'syz.6.4679': attribute type 8 has an invalid length.
[ 1527.742210][T24295] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4679'.
[ 1527.761827][T11594] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 65535, setting to 64
[ 1527.806470][T11594] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[ 1527.824168][T24295] ip6gretap0: entered promiscuous mode
[ 1527.841049][  T798] usb 6-1: USB disconnect, device number 8
[ 1527.849310][T11594] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 1527.869332][T24295] syz_tun: entered promiscuous mode
[ 1527.911915][T11594] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1527.924396][T24295] ip6gretap0: left promiscuous mode
[ 1527.936369][T11594] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1527.967187][T24295] syz_tun: left promiscuous mode
[ 1527.986194][T11594] usb 1-1: Product: syz
[ 1528.002714][T11594] usb 1-1: Manufacturer: syz
[ 1528.022634][T11594] usb 1-1: SerialNumber: syz
[ 1528.062749][T11594] cdc_mbim 1-1:1.0: skipping garbage
[ 1528.177002][T24300] bond1: option tlb_dynamic_lb: invalid value (16)
[ 1528.186200][T24300] bond1 (unregistering): Released all slaves
[ 1528.194993][    C0] vcan0: j1939_tp_rxtimer: 0xffff888031823000: abort rx timeout. Force session deactivation
[ 1528.255278][T24293] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1528.267438][T24293] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1528.807690][T24310] openvswitch: netlink: IP tunnel dst address not specified
[ 1528.929897][T24293] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1528.955662][T24293] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1529.001274][T11594] cdc_mbim 1-1:1.0: dwNtbInMaxSize=3 is too small. Using 2048
[ 1529.010521][T11594] cdc_mbim 1-1:1.0: setting rx_max = 2048
[ 1529.177410][T24319] netlink: 'syz.7.4685': attribute type 1 has an invalid length.
[ 1529.185192][T24319] netlink: 'syz.7.4685': attribute type 2 has an invalid length.
[ 1529.318640][T11594] cdc_mbim 1-1:1.0: setting tx_max = 60
[ 1529.358497][T11594] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1529.466203][T11594] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1529.511139][T11594] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[ 1529.716359][T11594] usb 1-1: USB disconnect, device number 51
[ 1529.745951][T24325] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4688'.
[ 1530.072262][T24328] tipc: New replicast peer: 0.0.0.0
[ 1530.082938][T24328] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1530.486612][T24332] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4691'.
[ 1531.076179][ T5920] tipc: Node number set to 3260599102
[ 1531.230398][T24348] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4694'.
[ 1531.708047][T24356] FAULT_INJECTION: forcing a failure.
[ 1531.708047][T24356] name failslab, interval 1, probability 0, space 0, times 0
[ 1531.761843][T24356] CPU: 0 UID: 0 PID: 24356 Comm: syz.5.4697 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1531.761880][T24356] Tainted: [L]=SOFTLOCKUP
[ 1531.761888][T24356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1531.761902][T24356] Call Trace:
[ 1531.761911][T24356]  <TASK>
[ 1531.761951][T24356]  dump_stack_lvl+0xe8/0x150
[ 1531.761989][T24356]  should_fail_ex+0x412/0x560
[ 1531.762027][T24356]  should_failslab+0xa8/0x100
[ 1531.762058][T24356]  __kmalloc_noprof+0xe8/0x760
[ 1531.762084][T24356]  ? snd_ctl_elem_add+0x436/0xa90
[ 1531.762119][T24356]  snd_ctl_elem_add+0x436/0xa90
[ 1531.762164][T24356]  snd_ctl_ioctl+0xf4f/0x1db0
[ 1531.762198][T24356]  ? kasan_save_free_info+0x46/0x50
[ 1531.762236][T24356]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1531.762264][T24356]  ? format_decode+0xd0/0xe10
[ 1531.762300][T24356]  ? kasan_save_track+0x4f/0x80
[ 1531.762322][T24356]  ? kasan_save_track+0x3e/0x80
[ 1531.762343][T24356]  ? kasan_save_free_info+0x46/0x50
[ 1531.762426][T24356]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1531.762460][T24356]  ? tomoyo_path_number_perm+0x219/0x630
[ 1531.762491][T24356]  ? tomoyo_path_number_perm+0x219/0x630
[ 1531.762524][T24356]  ? do_vfs_ioctl+0x1166/0x1530
[ 1531.762554][T24356]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1531.762595][T24356]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1531.762643][T24356]  ? __fget_files+0x2a/0x420
[ 1531.762680][T24356]  ? __fget_files+0x2a/0x420
[ 1531.762711][T24356]  ? __fget_files+0x3a0/0x420
[ 1531.762742][T24356]  ? __fget_files+0x2a/0x420
[ 1531.762779][T24356]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1531.762807][T24356]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1531.762841][T24356]  __se_sys_ioctl+0xfc/0x170
[ 1531.762871][T24356]  do_syscall_64+0x14d/0xf80
[ 1531.762894][T24356]  ? trace_irq_disable+0x3b/0x150
[ 1531.762933][T24356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1531.762956][T24356]  ? clear_bhb_loop+0x40/0x90
[ 1531.762984][T24356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1531.763006][T24356] RIP: 0033:0x7fab6099c799
[ 1531.763026][T24356] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1531.763045][T24356] RSP: 002b:00007fab6192e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1531.763068][T24356] RAX: ffffffffffffffda RBX: 00007fab60c15fa0 RCX: 00007fab6099c799
[ 1531.763084][T24356] RDX: 0000200000000040 RSI: 00000000c1105518 RDI: 0000000000000003
[ 1531.763098][T24356] RBP: 00007fab6192e090 R08: 0000000000000000 R09: 0000000000000000
[ 1531.763110][T24356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1531.763122][T24356] R13: 00007fab60c16038 R14: 00007fab60c15fa0 R15: 00007fab60d3fa48
[ 1531.763153][T24356]  </TASK>
[ 1532.749700][   T30] kauditd_printk_skb: 27 callbacks suppressed
[ 1532.749721][   T30] audit: type=1800 audit(1774393062.102:2152): pid=24368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.4700" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0
[ 1532.890066][T24371] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4701'.
[ 1533.266902][T24383] sock: sock_set_timeout: `syz.5.4706' (pid 24383) tries to set negative timeout
[ 1533.904125][T24401] netlink: 'syz.0.4712': attribute type 10 has an invalid length.
[ 1534.086708][T24415] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4716'.
[ 1534.527645][    T9] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[ 1534.718064][    T9] usb 1-1: Using ep0 maxpacket: 8
[ 1534.734028][    T9] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1534.756313][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1534.763217][    T9] usb 1-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[ 1534.777437][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1534.837661][    T9] usb 1-1: config 0 descriptor??
[ 1535.308664][    T9] usb 1-1: string descriptor 0 read error: -71
[ 1535.319283][    T9] usbhid 1-1:0.0: can't add hid device: -71
[ 1535.325296][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1535.351075][    T9] usb 1-1: USB disconnect, device number 52
[ 1536.592754][T24443] FAULT_INJECTION: forcing a failure.
[ 1536.592754][T24443] name failslab, interval 1, probability 0, space 0, times 0
[ 1536.658163][T24443] CPU: 0 UID: 0 PID: 24443 Comm: syz.6.4725 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1536.658201][T24443] Tainted: [L]=SOFTLOCKUP
[ 1536.658210][T24443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1536.658224][T24443] Call Trace:
[ 1536.658234][T24443]  <TASK>
[ 1536.658244][T24443]  dump_stack_lvl+0xe8/0x150
[ 1536.658286][T24443]  should_fail_ex+0x412/0x560
[ 1536.658325][T24443]  should_failslab+0xa8/0x100
[ 1536.658356][T24443]  __kmalloc_noprof+0xe8/0x760
[ 1536.658383][T24443]  ? seg6_local_build_state+0x153/0xe00
[ 1536.658417][T24443]  seg6_local_build_state+0x153/0xe00
[ 1536.658447][T24443]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1536.658540][T24443]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1536.658624][T24443]  ? __pfx_seg6_local_build_state+0x10/0x10
[ 1536.658668][T24443]  ? lwtunnel_build_state+0xe2/0x4c0
[ 1536.658699][T24443]  lwtunnel_build_state+0x384/0x4c0
[ 1536.658730][T24443]  ? lwtunnel_build_state+0xe2/0x4c0
[ 1536.658759][T24443]  fib_nh_common_init+0x131/0x3d0
[ 1536.658788][T24443]  ? in6_dev_get+0x1a/0x290
[ 1536.658824][T24443]  ? __pfx_fib_nh_common_init+0x10/0x10
[ 1536.658852][T24443]  ? in6_dev_get+0x1a/0x290
[ 1536.658893][T24443]  ? in6_dev_get+0x1a/0x290
[ 1536.658929][T24443]  fib6_nh_init+0xf3a/0x1f90
[ 1536.658962][T24443]  ? __pfx_fib6_nh_init+0x10/0x10
[ 1536.658980][T24443]  ? __kasan_kmalloc+0x93/0xb0
[ 1536.659004][T24443]  ? __kmalloc_noprof+0x35c/0x760
[ 1536.659025][T24443]  ? fib6_info_alloc+0x30/0xf0
[ 1536.659055][T24443]  ? ip6_route_info_create+0x142/0x860
[ 1536.659076][T24443]  ? ip6_route_add+0x49/0x1b0
[ 1536.659094][T24443]  ? inet6_rtm_newroute+0x268/0x19e0
[ 1536.659124][T24443]  ? rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1536.659158][T24443]  ? netlink_rcv_skb+0x232/0x4b0
[ 1536.659189][T24443]  ? netlink_unicast+0x80f/0x9b0
[ 1536.659216][T24443]  ? netlink_sendmsg+0x813/0xb40
[ 1536.659236][T24443]  ? ____sys_sendmsg+0x972/0x9f0
[ 1536.659260][T24443]  ? ___sys_sendmsg+0x2a5/0x360
[ 1536.659283][T24443]  ? __x64_sys_sendmsg+0x1bd/0x2a0
[ 1536.659307][T24443]  ? do_syscall_64+0x14d/0xf80
[ 1536.659331][T24443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.659388][T24443]  ? ip_fib_metrics_init+0x421/0x710
[ 1536.659423][T24443]  ? trace_kmalloc+0x2a/0x110
[ 1536.659451][T24443]  ip6_route_info_create_nh+0x16a/0xad0
[ 1536.659481][T24443]  ? __pfx_ip6_route_info_create_nh+0x10/0x10
[ 1536.659508][T24443]  ? ip6_route_info_create+0x508/0x860
[ 1536.659536][T24443]  ip6_route_add+0x6e/0x1b0
[ 1536.659560][T24443]  inet6_rtm_newroute+0x268/0x19e0
[ 1536.659600][T24443]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1536.659624][T24443]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1536.659651][T24443]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1536.659681][T24443]  ? kmem_cache_free+0x187/0x630
[ 1536.659705][T24443]  ? nlmon_xmit+0xb0/0x100
[ 1536.659741][T24443]  ? __lock_acquire+0x6b5/0x2cf0
[ 1536.659775][T24443]  ? __local_bh_enable_ip+0xd0/0x130
[ 1536.659805][T24443]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1536.659856][T24443]  ? __pfx_inet6_rtm_newroute+0x10/0x10
[ 1536.659894][T24443]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1536.659934][T24443]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1536.659967][T24443]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1536.660000][T24443]  ? ref_tracker_free+0x693/0x840
[ 1536.660032][T24443]  ? __copy_skb_header+0xa3/0x4a0
[ 1536.660060][T24443]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1536.660092][T24443]  ? __skb_clone+0x63/0x7a0
[ 1536.660127][T24443]  netlink_rcv_skb+0x232/0x4b0
[ 1536.660162][T24443]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1536.660199][T24443]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1536.660244][T24443]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1536.660286][T24443]  netlink_unicast+0x80f/0x9b0
[ 1536.660324][T24443]  ? __pfx_netlink_unicast+0x10/0x10
[ 1536.660357][T24443]  ? netlink_sendmsg+0x650/0xb40
[ 1536.660376][T24443]  ? skb_put+0x11b/0x210
[ 1536.660403][T24443]  netlink_sendmsg+0x813/0xb40
[ 1536.660433][T24443]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1536.660458][T24443]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1536.660492][T24443]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1536.660520][T24443]  ____sys_sendmsg+0x972/0x9f0
[ 1536.660556][T24443]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1536.660591][T24443]  ? import_iovec+0x73/0xa0
[ 1536.660625][T24443]  ___sys_sendmsg+0x2a5/0x360
[ 1536.660658][T24443]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1536.660721][T24443]  ? __fget_files+0x2a/0x420
[ 1536.660754][T24443]  ? __fget_files+0x3a0/0x420
[ 1536.660797][T24443]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1536.660827][T24443]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1536.660863][T24443]  ? __pfx_ksys_write+0x10/0x10
[ 1536.660908][T24443]  do_syscall_64+0x14d/0xf80
[ 1536.660932][T24443]  ? trace_irq_disable+0x3b/0x150
[ 1536.660964][T24443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.660987][T24443]  ? clear_bhb_loop+0x40/0x90
[ 1536.661014][T24443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.661037][T24443] RIP: 0033:0x7f1c4d39c799
[ 1536.661058][T24443] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1536.661078][T24443] RSP: 002b:00007f1c4e230028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1536.661102][T24443] RAX: ffffffffffffffda RBX: 00007f1c4d615fa0 RCX: 00007f1c4d39c799
[ 1536.661119][T24443] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000006
[ 1536.661133][T24443] RBP: 00007f1c4e230090 R08: 0000000000000000 R09: 0000000000000000
[ 1536.661147][T24443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1536.661161][T24443] R13: 00007f1c4d616038 R14: 00007f1c4d615fa0 R15: 00007f1c4d73fa48
[ 1536.661195][T24443]  </TASK>
[ 1537.221377][   T24] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 1537.899553][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1537.910051][   T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1537.932521][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1537.942091][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1537.973155][   T24] usb 1-1: config 0 descriptor??
[ 1538.550156][T24449] ALSA: mixer_oss: invalid OSS volume 'PHl�6��q
ӆ���ONEOUT'
[ 1538.671531][T24449] ALSA: mixer_oss: invalid index 1374389
[ 1538.926427][ T5920] usb 7-1: new full-speed USB device number 96 using dummy_hcd
[ 1539.059366][   T24] usb 1-1: USB disconnect, device number 53
[ 1539.086922][T11594] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1539.118680][ T5920] usb 7-1: config 0 has an invalid interface number: 235 but max is 0
[ 1539.136344][ T5920] usb 7-1: config 0 has no interface number 0
[ 1539.142611][ T5920] usb 7-1: config 0 interface 235 has no altsetting 0
[ 1539.218557][ T5920] usb 7-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18
[ 1539.250580][ T5920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1539.286076][T11594] usb 5-1: Using ep0 maxpacket: 16
[ 1539.291716][T24460] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4731'.
[ 1539.300863][ T5920] usb 7-1: Product: syz
[ 1539.315751][ T5920] usb 7-1: Manufacturer: syz
[ 1539.325792][T11594] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1539.353126][ T5920] usb 7-1: SerialNumber: syz
[ 1539.385890][T11594] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1539.404232][ T5920] usb 7-1: config 0 descriptor??
[ 1539.466606][T11594] usb 5-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[ 1539.478584][ T5920] keyspan 7-1:0.235: Keyspan 1 port adapter converter detected
[ 1539.661446][T24468] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1539.671400][T11594] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1539.717122][ T5920] keyspan 7-1:0.235: found no endpoint descriptor for endpoint 87
[ 1539.763795][ T5920] keyspan 7-1:0.235: found no endpoint descriptor for endpoint 7
[ 1539.794341][T11594] usb 5-1: config 0 descriptor??
[ 1539.848756][ T5920] keyspan 7-1:0.235: found no endpoint descriptor for endpoint 81
[ 1539.940324][ T5920] keyspan 7-1:0.235: found no endpoint descriptor for endpoint 1
[ 1539.964290][ T5920] keyspan 7-1:0.235: found no endpoint descriptor for endpoint 85
[ 1540.011050][ T5920] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1540.132645][T11594] usbhid 5-1:0.0: can't add hid device: -71
[ 1540.146223][T11594] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1540.178010][T11594] usb 5-1: USB disconnect, device number 12
[ 1540.216624][ T5920] usb 7-1: USB disconnect, device number 96
[ 1540.226250][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1540.252603][ T5920] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1540.283070][ T5920] keyspan 7-1:0.235: device disconnected
[ 1540.426212][    T9] usb 6-1: Using ep0 maxpacket: 32
[ 1540.433538][    T9] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[ 1540.501415][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1540.547450][    T9] usb 6-1: config 0 descriptor??
[ 1540.781264][    T9] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[ 1540.860826][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1540.894156][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[ 1540.946255][    T9] usb 6-1: media controller created
[ 1540.983212][T24470] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1541.037188][T24483] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1541.103612][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1541.354804][    T9] DVB: Unable to find symbol dib7000p_attach()
[ 1541.375220][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[ 1541.606807][    T9] rc_core: IR keymap rc-dib0700-rc5 not found
[ 1541.699965][    T9] Registered IR keymap rc-empty
[ 1541.863564][    T9] dvb-usb: could not initialize remote control.
[ 1541.905294][    T9] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[ 1541.937102][    T9] usb 6-1: USB disconnect, device number 9
[ 1542.149791][    T9] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[ 1542.240076][T24498] fuse: Bad value for 'user_id'
[ 1542.260731][T24498] fuse: Bad value for 'user_id'
[ 1542.344181][T24498] netlink: 'syz.5.4742': attribute type 1 has an invalid length.
[ 1542.356194][T24498] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1542.499518][T24504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4743'.
[ 1542.660216][T24506] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4744'.
[ 1543.346179][T21256] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1543.416206][  T798] usb 7-1: new high-speed USB device number 97 using dummy_hcd
[ 1543.512160][T21256] usb 6-1: Using ep0 maxpacket: 16
[ 1543.530683][T24522] macvlan2: entered promiscuous mode
[ 1543.566296][T24522] mac80211_hwsim hwsim34 wlan1: entered promiscuous mode
[ 1543.949105][  T798] usb 7-1: config 220 has an invalid interface number: 76 but max is 2
[ 1543.963232][  T798] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1543.984753][  T798] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1544.007197][  T798] usb 7-1: config 220 has no interface number 2
[ 1544.029089][  T798] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1544.072789][  T798] usb 7-1: config 220 interface 0 has no altsetting 0
[ 1544.080579][T21256] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1544.096195][  T798] usb 7-1: config 220 interface 76 has no altsetting 0
[ 1544.119573][  T798] usb 7-1: config 220 interface 1 has no altsetting 0
[ 1544.119580][T21256] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1544.119605][T21256] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1544.175535][  T798] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1544.198165][  T798] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1544.217780][  T798] usb 7-1: Product: syz
[ 1544.229073][T21256] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1544.232785][  T798] usb 7-1: Manufacturer: syz
[ 1544.253336][  T798] usb 7-1: SerialNumber: syz
[ 1544.274324][T21256] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1544.316997][T21256] usb 6-1: Product: syz
[ 1544.321224][T21256] usb 6-1: Manufacturer: syz
[ 1544.325851][T21256] usb 6-1: SerialNumber: syz
[ 1544.512540][  T798] uvcvideo 7-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1544.538292][  T798] uvcvideo 7-1:220.0: No valid video chain found.
[ 1544.636346][T21256] usb 6-1: 0:2 : does not exist
[ 1544.659751][  T798] usb 7-1: selecting invalid altsetting 0
[ 1544.668750][T21256] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1544.804419][  T798] usb 7-1: selecting invalid altsetting 0
[ 1544.810468][  T798] usbtest 7-1:220.1: probe with driver usbtest failed with error -22
[ 1544.836534][T21256] usb 6-1: USB disconnect, device number 10
[ 1544.951884][  T798] usb 7-1: USB disconnect, device number 97
[ 1545.290566][T24545] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4757'.
[ 1545.470928][T24545] macvtap5: entered promiscuous mode
[ 1545.478984][T24545] macvtap5: entered allmulticast mode
[ 1545.515929][T24545] 8021q: adding VLAN 0 to HW filter on device macvtap5
[ 1545.534333][T24550] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4758'.
[ 1545.827585][T24558] netlink: 'syz.6.4760': attribute type 7 has an invalid length.
[ 1545.896754][ T5144] Bluetooth: hci2: adv larger than maximum supported
[ 1545.929872][T24556] netlink: 'syz.0.4759': attribute type 1 has an invalid length.
[ 1545.958690][T24560] netlink: 'syz.6.4760': attribute type 10 has an invalid length.
[ 1545.979919][T24556] netlink: 'syz.0.4759': attribute type 2 has an invalid length.
[ 1546.018873][T24558] netlink: 'syz.6.4760': attribute type 10 has an invalid length.
[ 1546.061985][T24560] team0: Port device dummy0 added
[ 1546.163686][T24558] team0: Port device dummy0 removed
[ 1546.215465][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.222600][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.329529][T24565] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4762'.
[ 1546.963165][T24588] dummy0: entered promiscuous mode
[ 1546.976937][T24588] vlan5: entered promiscuous mode
[ 1547.058495][T24586] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4771'.
[ 1547.896307][ T5920] usb 1-1: new full-speed USB device number 54 using dummy_hcd
[ 1548.077860][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1548.274336][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1548.323503][ T5920] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1548.400985][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1548.438780][ T5920] usb 1-1: config 0 descriptor??
[ 1548.898753][ T5920] elan 0003:04F3:0755.0025: unknown main item tag 0x0
[ 1548.915783][ T5920] elan 0003:04F3:0755.0025: unknown main item tag 0x0
[ 1548.946329][ T5920] elan 0003:04F3:0755.0025: unknown main item tag 0x0
[ 1548.953267][ T5920] elan 0003:04F3:0755.0025: unknown main item tag 0x0
[ 1548.981123][ T5920] elan 0003:04F3:0755.0025: unknown main item tag 0x0
[ 1549.047251][ T5920] elan 0003:04F3:0755.0025: failed to start in urb: -90
[ 1549.118388][ T5920] elan 0003:04F3:0755.0025: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[ 1549.192078][ T5920] usb 1-1: USB disconnect, device number 54
[ 1549.608029][T24616] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1549.701274][T24618] =======================================================
[ 1549.701274][T24618] WARNING: The mand mount option has been deprecated and
[ 1549.701274][T24618]          and is ignored by this kernel. Remove the mand
[ 1549.701274][T24618]          option from the mount to silence this warning.
[ 1549.701274][T24618] =======================================================
[ 1549.908476][T24621] bond0: (slave bond0): Error: Device is in use and cannot be enslaved
[ 1550.130969][T24628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4784'.
[ 1550.159250][T24628] team_slave_0: entered promiscuous mode
[ 1550.165010][T24628] team_slave_1: entered promiscuous mode
[ 1550.181464][T24628] macvtap5: entered promiscuous mode
[ 1550.196466][T24628] team0: entered promiscuous mode
[ 1550.207537][T24628] macvtap5: entered allmulticast mode
[ 1550.224027][T24628] team0: entered allmulticast mode
[ 1550.253958][T24628] team_slave_0: entered allmulticast mode
[ 1550.266925][T24628] team_slave_1: entered allmulticast mode
[ 1550.295765][T24628] 8021q: adding VLAN 0 to HW filter on device macvtap5
[ 1550.355486][T24629] team0: left allmulticast mode
[ 1550.376232][T24629] team_slave_0: left allmulticast mode
[ 1550.386798][T24629] team_slave_1: left allmulticast mode
[ 1550.402616][T24629] team0: left promiscuous mode
[ 1550.416690][T24629] team_slave_0: left promiscuous mode
[ 1550.422172][T24629] team_slave_1: left promiscuous mode
[ 1550.519673][   T30] audit: type=1326 audit(1774393079.872:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24638 comm="syz.4.4788" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc18f59c799 code=0x0
[ 1550.708798][T24646] input: syz1 as /devices/virtual/input/input116
[ 1550.836159][ T5920] usb 7-1: new full-speed USB device number 98 using dummy_hcd
[ 1551.018438][ T5920] usb 7-1: config 2 has an invalid interface number: 88 but max is 0
[ 1551.029684][ T5920] usb 7-1: config 2 has no interface number 0
[ 1551.113697][ T5920] usb 7-1: config 2 interface 88 altsetting 7 endpoint 0x6 has invalid maxpacket 256, setting to 64
[ 1551.140701][ T5920] usb 7-1: config 2 interface 88 altsetting 7 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 1551.167953][ T5920] usb 7-1: config 2 interface 88 has no altsetting 0
[ 1551.190375][ T5920] usb 7-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[ 1551.203607][ T5920] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1551.272881][ T5920] usb 7-1: Product: syz
[ 1551.284943][ T5920] usb 7-1: Manufacturer: syz
[ 1551.299121][ T5920] usb 7-1: SerialNumber: syz
[ 1551.335149][T24641] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1551.376737][T24641] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1551.447712][T21256] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1551.587891][T24641] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1551.600609][T24641] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1551.620938][T21256] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1551.630124][T21256] usb 6-1: config 129 has an invalid interface number: 135 but max is 0
[ 1551.652517][T21256] usb 6-1: config 129 has an invalid interface number: 5 but max is 0
[ 1551.728886][T21256] usb 6-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[ 1551.758139][T21256] usb 6-1: config 129 has no interface number 0
[ 1551.781475][T21256] usb 6-1: config 129 has no interface number 1
[ 1551.803693][T21256] usb 6-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[ 1551.845808][T21256] usb 6-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[ 1551.891762][T21256] usb 6-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[ 1551.986639][T21256] usb 6-1: config 129 interface 135 has no altsetting 0
[ 1552.012674][T21256] usb 6-1: config 129 interface 5 has no altsetting 0
[ 1552.114061][T21256] usb 6-1: string descriptor 0 read error: -22
[ 1552.120740][T21256] usb 6-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[ 1552.132194][T21256] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1552.179062][T21256] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1552.199106][T21256] usb 6-1: MIDIStreaming interface descriptor not found
[ 1552.501381][T21256] usb 6-1: USB disconnect, device number 11
[ 1552.769520][ T5920] asix 7-1:2.88 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1552.972995][ T5144] Bluetooth: hci2: unexpected Set CIG Parameters response data
[ 1552.980978][ T5144] Bluetooth: hci2: unexpected event for opcode 0x2062
[ 1552.991524][ T5920] asix 7-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1553.007178][ T5920] asix 7-1:2.88 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 1553.037753][ T5920] asix 7-1:2.88: probe with driver asix failed with error -71
[ 1553.065964][ T5920] usb 7-1: USB disconnect, device number 98
[ 1553.311182][T24664] FAULT_INJECTION: forcing a failure.
[ 1553.311182][T24664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1553.351543][T24664] CPU: 0 UID: 0 PID: 24664 Comm: syz.7.4797 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1553.351578][T24664] Tainted: [L]=SOFTLOCKUP
[ 1553.351587][T24664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1553.351600][T24664] Call Trace:
[ 1553.351609][T24664]  <TASK>
[ 1553.351618][T24664]  dump_stack_lvl+0xe8/0x150
[ 1553.351654][T24664]  should_fail_ex+0x412/0x560
[ 1553.351690][T24664]  _copy_to_user+0x31/0xb0
[ 1553.351718][T24664]  simple_read_from_buffer+0xe1/0x170
[ 1553.351756][T24664]  proc_fail_nth_read+0x1bb/0x230
[ 1553.351793][T24664]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1553.351828][T24664]  ? rw_verify_area+0x2a6/0x4d0
[ 1553.351852][T24664]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1553.351885][T24664]  vfs_read+0x20c/0xa70
[ 1553.351907][T24664]  ? fdget_pos+0x246/0x320
[ 1553.351932][T24664]  ? __pfx___mutex_lock+0x10/0x10
[ 1553.351970][T24664]  ? __pfx_vfs_read+0x10/0x10
[ 1553.351995][T24664]  ? __fget_files+0x2a/0x420
[ 1553.352032][T24664]  ? __fget_files+0x3a0/0x420
[ 1553.352063][T24664]  ? __fget_files+0x2a/0x420
[ 1553.352105][T24664]  ksys_read+0x150/0x270
[ 1553.352131][T24664]  ? __pfx_ksys_read+0x10/0x10
[ 1553.352167][T24664]  do_syscall_64+0x14d/0xf80
[ 1553.352193][T24664]  ? trace_irq_disable+0x3b/0x150
[ 1553.352226][T24664]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1553.352248][T24664]  ? clear_bhb_loop+0x40/0x90
[ 1553.352276][T24664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1553.352298][T24664] RIP: 0033:0x7fb7d2f5cfce
[ 1553.352319][T24664] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1553.352338][T24664] RSP: 002b:00007fb7d3ed8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1553.352362][T24664] RAX: ffffffffffffffda RBX: 00007fb7d3ed96c0 RCX: 00007fb7d2f5cfce
[ 1553.352379][T24664] RDX: 000000000000000f RSI: 00007fb7d3ed90a0 RDI: 0000000000000004
[ 1553.352394][T24664] RBP: 00007fb7d3ed9090 R08: 0000000000000000 R09: 0000000000000000
[ 1553.352408][T24664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1553.352421][T24664] R13: 00007fb7d3216038 R14: 00007fb7d3215fa0 R15: 00007fb7d333fa48
[ 1553.352456][T24664]  </TASK>
[ 1553.940602][T11343] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1554.106203][T11343] usb 6-1: Using ep0 maxpacket: 8
[ 1554.118488][T11343] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1554.136165][T11343] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1554.187033][T11343] usb 6-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01
[ 1554.197792][T11343] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1554.205840][T11343] usb 6-1: Product: syz
[ 1554.250999][T11343] usb 6-1: Manufacturer: syz
[ 1554.255780][T11343] usb 6-1: SerialNumber: syz
[ 1554.305871][T11343] usb 6-1: config 0 descriptor??
[ 1554.365350][T11343] radioshark 6-1:0.0: Invalid radioSHARK device
[ 1554.383249][T11343] radioshark 6-1:0.0: probe with driver radioshark failed with error -22
[ 1554.403754][T11343] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1554.573296][T21256] usb 6-1: USB disconnect, device number 12
[ 1556.145719][T24701] FAULT_INJECTION: forcing a failure.
[ 1556.145719][T24701] name failslab, interval 1, probability 0, space 0, times 0
[ 1556.190870][T24701] CPU: 1 UID: 0 PID: 24701 Comm: syz.5.4810 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1556.190900][T24701] Tainted: [L]=SOFTLOCKUP
[ 1556.190906][T24701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1556.190917][T24701] Call Trace:
[ 1556.190924][T24701]  <TASK>
[ 1556.190931][T24701]  dump_stack_lvl+0xe8/0x150
[ 1556.190962][T24701]  should_fail_ex+0x412/0x560
[ 1556.190990][T24701]  should_failslab+0xa8/0x100
[ 1556.191013][T24701]  __kvmalloc_node_noprof+0x178/0x8a0
[ 1556.191033][T24701]  ? nla_strdup+0xb8/0x140
[ 1556.191048][T24701]  ? nf_tables_newchain+0x1c7a/0x2890
[ 1556.191075][T24701]  nf_tables_newchain+0x1c7a/0x2890
[ 1556.191105][T24701]  ? __pfx_nf_tables_newchain+0x10/0x10
[ 1556.191180][T24701]  ? nfnl_pernet+0x23/0x240
[ 1556.191219][T24701]  ? __nla_parse+0x40/0x60
[ 1556.191248][T24701]  nfnetlink_rcv+0x1240/0x27b0
[ 1556.191294][T24701]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1556.191327][T24701]  ? ref_tracker_free+0x693/0x840
[ 1556.191371][T24701]  ? __netlink_deliver_tap+0x807/0x850
[ 1556.191396][T24701]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1556.191437][T24701]  netlink_unicast+0x80f/0x9b0
[ 1556.191466][T24701]  ? __pfx_netlink_unicast+0x10/0x10
[ 1556.191489][T24701]  ? netlink_sendmsg+0x650/0xb40
[ 1556.191502][T24701]  ? skb_put+0x11b/0x210
[ 1556.191522][T24701]  netlink_sendmsg+0x813/0xb40
[ 1556.191544][T24701]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1556.191561][T24701]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1556.191612][T24701]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1556.191643][T24701]  ____sys_sendmsg+0x972/0x9f0
[ 1556.191678][T24701]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1556.191703][T24701]  ? import_iovec+0x73/0xa0
[ 1556.191723][T24701]  ___sys_sendmsg+0x2a5/0x360
[ 1556.191746][T24701]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1556.191790][T24701]  ? __fget_files+0x2a/0x420
[ 1556.191813][T24701]  ? __fget_files+0x3a0/0x420
[ 1556.191844][T24701]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1556.191865][T24701]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1556.191890][T24701]  ? __pfx_ksys_write+0x10/0x10
[ 1556.191916][T24701]  do_syscall_64+0x14d/0xf80
[ 1556.191934][T24701]  ? trace_irq_disable+0x3b/0x150
[ 1556.191958][T24701]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1556.191974][T24701]  ? clear_bhb_loop+0x40/0x90
[ 1556.191993][T24701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1556.192009][T24701] RIP: 0033:0x7fab6099c799
[ 1556.192025][T24701] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1556.192039][T24701] RSP: 002b:00007fab6192e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1556.192056][T24701] RAX: ffffffffffffffda RBX: 00007fab60c15fa0 RCX: 00007fab6099c799
[ 1556.192068][T24701] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[ 1556.192078][T24701] RBP: 00007fab6192e090 R08: 0000000000000000 R09: 0000000000000000
[ 1556.192088][T24701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1556.192098][T24701] R13: 00007fab60c16038 R14: 00007fab60c15fa0 R15: 00007fab60d3fa48
[ 1556.192122][T24701]  </TASK>
[ 1557.215963][T24709] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4813'.
[ 1557.819562][T11343] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1557.894318][T24719] veth1_to_hsr: entered promiscuous mode
[ 1557.903601][T24719] macsec2: entered promiscuous mode
[ 1557.956487][T11343] usb 6-1: device descriptor read/64, error -71
[ 1557.971318][T24719] macsec2: entered allmulticast mode
[ 1557.977038][T24719] veth1_to_hsr: entered allmulticast mode
[ 1558.209864][T11343] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1558.459255][T11343] usb 6-1: device descriptor read/64, error -71
[ 1558.609180][T11343] usb usb6-port1: attempt power cycle
[ 1558.947448][T11343] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1558.992815][T11343] usb 6-1: device descriptor read/8, error -71
[ 1559.236148][T11343] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1559.294428][T24751] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4824'.
[ 1559.340759][T11343] usb 6-1: device descriptor read/8, error -71
[ 1559.345512][T24751] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4824'.
[ 1559.366244][T24751] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4824'.
[ 1559.457860][T11343] usb usb6-port1: unable to enumerate USB device
[ 1559.959286][    T9] usb 7-1: new high-speed USB device number 99 using dummy_hcd
[ 1560.148603][    T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1560.177765][    T9] usb 7-1: config 1 has an invalid descriptor of length 179, skipping remainder of the config
[ 1560.225289][    T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1560.295471][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 166, changing to 11
[ 1560.336221][    T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 17401, setting to 1024
[ 1560.370250][    T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1560.387619][    T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1560.408383][    T9] usb 7-1: Product: syz
[ 1560.412616][    T9] usb 7-1: Manufacturer: syz
[ 1560.474173][    T9] cdc_wdm 7-1:1.0: skipping garbage
[ 1560.508945][    T9] cdc_wdm 7-1:1.0: skipping garbage
[ 1560.536640][    T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[ 1560.542594][    T9] cdc_wdm 7-1:1.0: Unknown control protocol
[ 1560.679513][    T9] usb 7-1: USB disconnect, device number 99
[ 1607.650819][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.657420][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1628.136254][    C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!
[ 1633.294208][T24779] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4833'.
[ 1633.496380][  T798] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1633.529726][T24787] vivid-000: disconnect
[ 1633.565003][   T30] audit: type=1326 audit(1774393162.912:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24782 comm="syz.0.4838" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f124619c799 code=0x0
[ 1633.998237][  T798] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1634.010650][  T798] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1634.031585][  T798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1634.063880][  T798] usb 5-1: config 0 descriptor??
[ 1634.236136][T24782] vivid-000: reconnect
[ 1634.294770][  T798] usbhid 5-1:0.0: can't add hid device: -71
[ 1634.318816][  T798] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1634.356168][   T24] usb 7-1: new full-speed USB device number 100 using dummy_hcd
[ 1634.356991][  T798] usb 5-1: USB disconnect, device number 13
[ 1634.996346][  T798] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1635.201251][  T798] usb 5-1: Using ep0 maxpacket: 16
[ 1635.215590][  T798] usb 5-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1635.231670][  T798] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1635.246845][  T798] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1635.358791][  T798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1635.378073][  T798] usb 5-1: config 0 descriptor??
[ 1635.619411][T24813] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4844'.
[ 1635.635222][T24813] input: syz0 as /devices/virtual/input/input117
[ 1635.863723][T24775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1635.876936][T24775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1635.949246][  T798] mcp2221 0003:04D8:00DD.0026: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[ 1636.144781][    C0] ==================================================================
[ 1636.152923][    C0] BUG: KASAN: use-after-free in mcp2221_raw_event+0x106a/0x1240
[ 1636.160665][    C0] Read of size 1 at addr ffff888031a7bfff by task swapper/0/0
[ 1636.168163][    C0] 
[ 1636.170769][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1636.170844][    C0] Tainted: [L]=SOFTLOCKUP
[ 1636.170867][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1636.170891][    C0] Call Trace:
[ 1636.170906][    C0]  <IRQ>
[ 1636.170945][    C0]  dump_stack_lvl+0xe8/0x150
[ 1636.171015][    C0]  print_report+0xba/0x230
[ 1636.171056][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.171128][    C0]  kasan_report+0x117/0x150
[ 1636.171204][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.171276][    C0]  mcp2221_raw_event+0x106a/0x1240
[ 1636.171336][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1636.171381][    C0]  ? down_trylock+0x50/0xb0
[ 1636.171459][    C0]  hid_input_report+0x41d/0x580
[ 1636.171534][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[ 1636.171612][    C0]  hid_irq_in+0x47e/0x6d0
[ 1636.171666][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[ 1636.171746][    C0]  dummy_timer+0xbbd/0x45d0
[ 1636.171849][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1636.171935][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1636.171979][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1636.172037][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1636.172109][    C0]  __hrtimer_run_queues+0x53a/0xcc0
[ 1636.172204][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1636.172288][    C0]  ? ktime_get_update_offsets_now+0x3b2/0x3d0
[ 1636.172347][    C0]  hrtimer_run_softirq+0x182/0x5a0
[ 1636.172435][    C0]  handle_softirqs+0x22a/0x870
[ 1636.172507][    C0]  ? __irq_exit_rcu+0x5f/0x150
[ 1636.172610][    C0]  __irq_exit_rcu+0x5f/0x150
[ 1636.172666][    C0]  irq_exit_rcu+0x9/0x30
[ 1636.172734][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1636.172781][    C0]  </IRQ>
[ 1636.172787][    C0]  <TASK>
[ 1636.172819][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1636.172877][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1636.172930][    C0] Code: 5e 6c 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 a2 1a 00 fb f4 <e9> fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[ 1636.172968][    C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000246
[ 1636.173020][    C0] RAX: 00000000018f0763 RBX: ffffffff819a913a RCX: 0000000080000001
[ 1636.173049][    C0] RDX: 0000000000000001 RSI: ffffffff8def8bf9 RDI: ffffffff8c27c900
[ 1636.173076][    C0] RBP: ffffffff8e407eb0 R08: ffff8880b863399b R09: 1ffff110170c6733
[ 1636.173108][    C0] R10: dffffc0000000000 R11: ffffed10170c6734 R12: 0000000000000000
[ 1636.173143][    C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 1ffffffff1c929d8
[ 1636.173194][    C0]  ? do_idle+0x36a/0x5f0
[ 1636.173265][    C0]  default_idle+0x9/0x20
[ 1636.173323][    C0]  default_idle_call+0x72/0xb0
[ 1636.173387][    C0]  do_idle+0x36a/0x5f0
[ 1636.173447][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1636.173523][    C0]  cpu_startup_entry+0x43/0x60
[ 1636.173615][    C0]  rest_init+0x2de/0x300
[ 1636.173675][    C0]  start_kernel+0x385/0x3d0
[ 1636.173723][    C0]  x86_64_start_reservations+0x24/0x30
[ 1636.173798][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1636.173864][    C0]  common_startup_64+0x13e/0x147
[ 1636.173920][    C0]  </TASK>
[ 1636.173947][    C0] 
[ 1636.476094][    C0] The buggy address belongs to the physical page:
[ 1636.482565][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031a7b800 pfn:0x31a7b
[ 1636.492683][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1636.499850][    C0] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[ 1636.508467][    C0] raw: ffff888031a7b800 0000000000000000 00000000ffffffff 0000000000000000
[ 1636.517166][    C0] page dumped because: kasan: bad access detected
[ 1636.523609][    C0] page_owner tracks the page as freed
[ 1636.529000][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5194, tgid 5194 (udevd), ts 1620493174170, free_ts 1631570934439
[ 1636.549610][    C0]  post_alloc_hook+0x231/0x280
[ 1636.554420][    C0]  get_page_from_freelist+0x24dc/0x2580
[ 1636.560142][    C0]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1636.566067][    C0]  allocate_slab+0x77/0x660
[ 1636.570600][    C0]  refill_objects+0x331/0x3c0
[ 1636.575306][    C0]  __pcs_replace_empty_main+0x2e6/0x730
[ 1636.581062][    C0]  kmem_cache_alloc_noprof+0x37d/0x650
[ 1636.586545][    C0]  do_getname+0x2e/0x250
[ 1636.590819][    C0]  __se_sys_unlink+0x1e/0x140
[ 1636.595525][    C0]  do_syscall_64+0x14d/0xf80
[ 1636.600138][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1636.606060][    C0] page last free pid 5194 tgid 5194 stack trace:
[ 1636.612402][    C0]  __free_frozen_pages+0xc2b/0xdb0
[ 1636.617556][    C0]  __slab_free+0x263/0x2b0
[ 1636.622024][    C0]  qlist_free_all+0x97/0x100
[ 1636.626647][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1636.632137][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1636.637025][    C0]  kmem_cache_alloc_noprof+0x2bc/0x650
[ 1636.642521][    C0]  do_getname+0x2e/0x250
[ 1636.646802][    C0]  __se_sys_unlink+0x1e/0x140
[ 1636.651510][    C0]  do_syscall_64+0x14d/0xf80
[ 1636.656124][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1636.662046][    C0] 
[ 1636.664398][    C0] Memory state around the buggy address:
[ 1636.670050][    C0]  ffff888031a7be80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1636.678142][    C0]  ffff888031a7bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1636.686229][    C0] >ffff888031a7bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1636.694310][    C0]                                                                 ^
[ 1636.702344][    C0]  ffff888031a7c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1636.710512][    C0]  ffff888031a7c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1636.718618][    C0] ==================================================================
[ 1636.726720][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1636.733956][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1636.744490][    C0] Tainted: [L]=SOFTLOCKUP
[ 1636.748843][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1636.759097][    C0] Call Trace:
[ 1636.762422][    C0]  <IRQ>
[ 1636.765296][    C0]  vpanic+0x56c/0xa60
[ 1636.769324][    C0]  ? __pfx_vpanic+0x10/0x10
[ 1636.773956][    C0]  panic+0xc5/0xd0
[ 1636.777712][    C0]  ? __pfx_panic+0x10/0x10
[ 1636.782161][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.787478][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1636.792317][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.797650][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.802969][    C0]  check_panic_on_warn+0x89/0xb0
[ 1636.807934][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.813254][    C0]  end_report+0x73/0x180
[ 1636.817702][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.823027][    C0]  kasan_report+0x128/0x150
[ 1636.827591][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1636.832922][    C0]  mcp2221_raw_event+0x106a/0x1240
[ 1636.838105][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1636.843953][    C0]  ? down_trylock+0x50/0xb0
[ 1636.848502][    C0]  hid_input_report+0x41d/0x580
[ 1636.853397][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[ 1636.858899][    C0]  hid_irq_in+0x47e/0x6d0
[ 1636.863277][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[ 1636.868693][    C0]  dummy_timer+0xbbd/0x45d0
[ 1636.873271][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1636.878250][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1636.884090][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1636.889068][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1636.894050][    C0]  __hrtimer_run_queues+0x53a/0xcc0
[ 1636.899381][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1636.905135][    C0]  ? ktime_get_update_offsets_now+0x3b2/0x3d0
[ 1636.911238][    C0]  hrtimer_run_softirq+0x182/0x5a0
[ 1636.916473][    C0]  handle_softirqs+0x22a/0x870
[ 1636.921295][    C0]  ? __irq_exit_rcu+0x5f/0x150
[ 1636.926099][    C0]  __irq_exit_rcu+0x5f/0x150
[ 1636.930808][    C0]  irq_exit_rcu+0x9/0x30
[ 1636.935088][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1636.940759][    C0]  </IRQ>
[ 1636.943827][    C0]  <TASK>
[ 1636.946788][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1636.952892][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1636.958551][    C0] Code: 5e 6c 02 c3 cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 a2 1a 00 fb f4 <e9> fc e9 02 00 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[ 1636.978184][    C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000246
[ 1636.984282][    C0] RAX: 00000000018f0763 RBX: ffffffff819a913a RCX: 0000000080000001
[ 1636.992280][    C0] RDX: 0000000000000001 RSI: ffffffff8def8bf9 RDI: ffffffff8c27c900
[ 1637.000288][    C0] RBP: ffffffff8e407eb0 R08: ffff8880b863399b R09: 1ffff110170c6733
[ 1637.008285][    C0] R10: dffffc0000000000 R11: ffffed10170c6734 R12: 0000000000000000
[ 1637.016277][    C0] R13: 1ffffffff1c929d8 R14: 0000000000000000 R15: 1ffffffff1c929d8
[ 1637.024273][    C0]  ? do_idle+0x36a/0x5f0
[ 1637.028736][    C0]  default_idle+0x9/0x20
[ 1637.033007][    C0]  default_idle_call+0x72/0xb0
[ 1637.037802][    C0]  do_idle+0x36a/0x5f0
[ 1637.041918][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1637.046553][    C0]  cpu_startup_entry+0x43/0x60
[ 1637.051356][    C0]  rest_init+0x2de/0x300
[ 1637.055637][    C0]  start_kernel+0x385/0x3d0
[ 1637.060177][    C0]  x86_64_start_reservations+0x24/0x30
[ 1637.065696][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1637.070875][    C0]  common_startup_64+0x13e/0x147
[ 1637.075862][    C0]  </TASK>
[ 1637.079529][    C0] Kernel Offset: disabled
[ 1637.083870][    C0] Rebooting in 86400 seconds..