last executing test programs: 3.676121312s ago: executing program 3 (id=33): r0 = socket$inet6(0xa, 0x4, 0x1) sendto$inet6(r0, 0x0, 0x0, 0x24048048, &(0x7f0000000100)={0xa, 0x4c20, 0x4, @loopback, 0x3}, 0x1c) getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000500)=0x3) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80045510, &(0x7f0000000000)) getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000005c0)={[0x5836, 0x8, 0x7, 0x4000000000000e52, 0x1, 0x5479, 0x1041, 0x200000000006, 0xfffffffffffffffd, 0x1, 0xfffffffffffffffe, 0x100000000, 0x1, 0x40000000009, 0x8000000000005, 0x10000800040068], 0xd000, 0x80}) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a) 3.461557665s ago: executing program 0 (id=34): userfaultfd(0x80801) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$inet(0x2, 0x3, 0x2) creat(&(0x7f0000000140)='./file0\x00', 0xf1) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000080) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) 3.368715281s ago: executing program 3 (id=35): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000240)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x4008014) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000040)={0x0, 0x23, 0x19, {0x19, 0xe, "101a14a768fb68232590edb80689af7678ad6b083c6752"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000200)={0x1c, &(0x7f0000000100)={0x0, 0xf, 0x4f, "591cfd6730c121d0ce0ce7be96008f0346f59936f93e628a004af4ebbf00838989e44d31538af33896f2394eacf994524d96b535f2c1ee98c4e32303fe931e56fb8ac40a1afcb92c18b65b8bc584c3"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x5}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0xa0}}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 3.258834473s ago: executing program 0 (id=36): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.empty_time\x00', 0x275a, 0x0) write$binfmt_misc(r3, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) fallocate(r2, 0x3, 0x0, 0x5345) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000080)=0x40) pwritev(r1, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000060", 0x6}], 0x1, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000c40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x8000}, 0x4) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_devices(r10, &(0x7f0000000000)=ANY=[], 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r10, 0x0) setsockopt$packet_int(r10, 0x107, 0x10, &(0x7f0000000340)=0x10000, 0x4) sendto$packet(r8, &(0x7f00000001c0)="0b032200e0ff25000200475400f6a13bb10000a88800080048031074bee5786e7525fccb3f8c5c4cf38abe4bf220a5a95edf3ce53aa6a8", 0x37, 0x0, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}}, 0x14) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'lo\x00', &(0x7f0000000240)=@ethtool_eeprom={0xc, 0x0, 0x0, 0xed, "097a4d1d5c0696331245bf3318a58af28fc030e6216281672da3384abbb5c5f18641c67f15b0b2346e6ea2dac9d016813f2d1fb13fe66a2f9ab535abffb52bbbf7b5fcd4babaf9eafb86ce67dfb6dd52b08026e9d861b1259148943cd0c4d6022f14bb386a8b6886cceecb16ad328763079aea5d411949b984a478ef78c9bc9a6167db8222445e74fc6a0bea7159fec211af693aeb4f05105150ae4c094f98f6cd8fc9e6a90533d51b3e3b0ec21dc494dea0b82f9d9b7d554ee6e890c52790392782ab4f2d9a3d332931cad166114c41822d8563437a5bd9e86022ce66e54a144940cbccccd5f35fcc21512a6e"}}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x48, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000000)="f00fc7484d36f08266060266b9800000c00f326635000400000f308bc1de780066b9aa0200000f3266b9ab0900000f32f2f031b3e759dc2c", 0x14}], 0x1, 0x9f6a364b3fac2a72, 0x0, 0x0) r11 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r11, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300090a00000000000000000000000300060000000e0002000000e000000900000000000000000200010000000000000604fdec19ecd9030005000000000002"], 0x50}}, 0x0) 3.201330438s ago: executing program 2 (id=37): socket$inet6(0xa, 0x5, 0x0) close(0x3) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}], 0x10) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x44004, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback={0x300}, 0x6}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000004c0)="88", 0x1}], 0x1}, 0x4048043) 2.959754313s ago: executing program 2 (id=38): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendmmsg$inet6(r2, &(0x7f0000004cc0)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x1ff, @private0, 0x401}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000600)="9302d3cd06ca", 0x6}], 0x1}}], 0x1, 0x4840) shutdown(r2, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000540)={0x0, @in6={{0xa, 0x4e22, 0x400, @empty, 0x6}}, 0x7d, 0x0, 0x40, 0x5, 0x0, 0x4, 0x1}, &(0x7f00000002c0)=0x9c) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000140)="410f8b36dbe683660f38cf1c5267470f01f82e660f2e425db95f090000b891c70000ba000000000f30650f94e92e430fc76cf30542dbdf66ba4000b000ee66440f38817705", 0x45}], 0x1, 0x72, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0) ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f00000001c0)=0xd0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0xe6, 0x2, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87}, {0x9, 0x8, 0x5, '\x00', 0xf}, {0xff, 0x7f, 0xd3, '\x00', 0x69}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xf5, '\x00', 0xb4}, {0xb, 0x4, 0x0, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x9, 0xc}, {0x7f, 0x5, 0x4a, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xfb, 0x58, 0xff, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x8, '\x00', 0x86}, {0xf, 0xee, 0x8, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x9}, {0x4, 0x9, 0x5, '\x00', 0xe9}, {0x7, 0x2, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x1}, {0x1, 0xc, 0x4, '\x00', 0x7c}, {0x10, 0x6, 0x92, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}}) 2.686735047s ago: executing program 0 (id=39): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SET_ENDIAN(0x14, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x20241, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000040)="b969080000b80b00000022000000000f3036410f79450041dee60f4dc3b8010000000f01c166b821010f00d00f090fc76c17000f00d80f01d10f01c2", 0xfffffffffffffec8}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) fsetxattr$security_ima(r5, &(0x7f0000000040), &(0x7f0000000080)=ANY=[@ANYBLOB="06"], 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000100001a4745c345971df160003000000060001"], 0x1c}}, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)={[&(0x7f0000000180)='.&#\x00', &(0x7f00000002c0)='\x8dV\xe2\x00', &(0x7f0000000240)='$\x00']}, &(0x7f0000000380)={[&(0x7f00000002c0), &(0x7f0000000300)='\x96\xaf/\xde\x00\x02\x00\x00\x00', &(0x7f0000000340)=',}#,]/,/^**][-\x00']}, 0x400) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000001c0)="2e0f01c866b9800000c00f326635000400000f300f20e06635800000000f22e0360fc77df3ff9e0000f2d99806000fa7c0b800008ed866db440026da02", 0x3d}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 1.749581685s ago: executing program 2 (id=41): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sync_file_range(r1, 0x7fff, 0x6, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1b2fd2c5}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xb0}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SG_GET_SG_TABLESIZE(r3, 0x227f, &(0x7f00000000c0)) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000020c0), 0x2010412, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03000000000000000000020000000900020073797a31000000000800034000000001090001"], 0x34}}, 0x0) r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=[@nested_load_syzos={0x136, 0x14d, {0x3, 0x3, [@code={0xa, 0x89, {"c74424008e000000c7442402200e5456ff1c24c744240000000080c744240204000000c7442406000000000f0114240f22d5470f07c7442400d921b9a2c744240256da7338c7442406000000000f011424f2410fd0440300c744240077000000c744240200000100ff2c244f0fc7586c400f7942670f0011"}}, @out_dx={0x6a, 0x28, {0x397e, 0x4, 0xfffffffffffffff9}}, @nested_load_code={0x12e, 0x64, {0x3, "f3470f32470f22450f22963e360f01c8c744240008000000c744240209000000ff1c240f01d1b9800000c00f3235010000000f30c4417a7e14357b00000066bad10466b8004066ef640f01f8"}}, @cpuid={0x64, 0x18, {0xb, 0x5}}]}}, @nested_amd_set_intercept={0x181, 0x30, {0x0, 0x0, 0x8000000000000001}}, @nested_load_code={0x12e, 0x88, {0x0, "b97c020000b805000000ba000000000f3047ded9b93a0000000f3236430f40efb9c3080000b807000000ba000000000f30c4c1fe2c1e66430fc730c7442400d86d0000c744240230000000c7442406000000000f011c24c74424001a010000c744240207000000ff1c24f04483689500"}}, @enable_nested={0x12c, 0x18}], 0x21d}) recvmmsg(r0, &(0x7f00000060c0)=[{{&(0x7f0000001880)=@ieee802154, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001900)=""/71, 0x47}, {&(0x7f0000001980)=""/118, 0x76}, {&(0x7f0000001a00)=""/131, 0x83}, {&(0x7f0000001ac0)=""/147, 0x93}, {&(0x7f0000001b80)=""/57, 0x39}, {&(0x7f0000001bc0)=""/54, 0x36}, {&(0x7f0000003100)=""/4096, 0x1000}, {&(0x7f0000001c00)=""/179, 0xb3}], 0x8}, 0x8001}, {{&(0x7f0000001d40)=@pppoe={0x18, 0x0, {0x0, @multicast}}, 0x80, &(0x7f00000042c0)=[{&(0x7f0000001dc0)=""/84, 0x54}, {&(0x7f0000001e40)=""/74, 0x4a}, {&(0x7f0000001ec0)=""/35, 0x23}, {&(0x7f0000001f00)=""/199, 0xc7}, {&(0x7f0000002000)=""/126, 0x7e}, {&(0x7f0000004100)=""/76, 0x4c}, {&(0x7f0000002080)=""/20, 0x14}, {&(0x7f0000004180)=""/92, 0x5c}, {&(0x7f0000004200)=""/142, 0x8e}], 0x9, &(0x7f0000004380)=""/201, 0xc9}, 0x5}, {{&(0x7f0000004480)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f0000004780)=[{&(0x7f0000004500)=""/223, 0xdf}, {&(0x7f0000004600)=""/102, 0x66}, {&(0x7f0000004680)=""/248, 0xf8}], 0x3, &(0x7f00000047c0)=""/181, 0xb5}, 0x3}, {{&(0x7f0000004880)=@phonet, 0x80, &(0x7f0000004980)=[{&(0x7f0000004900)=""/83, 0x53}], 0x1, &(0x7f00000049c0)=""/5, 0x5}, 0x4f50}, {{&(0x7f0000004a00)=@sco, 0x80, &(0x7f0000004c80)=[{&(0x7f0000004a80)=""/68, 0x44}, {&(0x7f0000004b00)=""/221, 0xdd}, {&(0x7f0000004c00)=""/55, 0x37}, {&(0x7f0000004c40)=""/1, 0x1}], 0x4, &(0x7f0000004cc0)=""/1, 0x1}, 0xc}, {{&(0x7f0000004d00)=@tipc=@name, 0x80, &(0x7f0000006000)=[{&(0x7f0000004d80)=""/93, 0x5d}, {&(0x7f0000004e00)=""/233, 0xe9}, {&(0x7f0000004f00)=""/207, 0xcf}, {&(0x7f0000005000)=""/4096, 0x1000}], 0x4, &(0x7f0000006040)=""/85, 0x55}, 0x8}], 0x6, 0x140, &(0x7f0000006240)={0x0, 0x3938700}) recvmmsg(r2, &(0x7f0000001740)=[{{&(0x7f0000000240)=@x25, 0x80, &(0x7f0000000100)=[{&(0x7f00000007c0)=""/139, 0x8b}, {&(0x7f0000000880)=""/131, 0x83}, {&(0x7f0000000940)=""/168, 0xa8}], 0x3, &(0x7f00000001c0)=""/9, 0x9}, 0x6}, {{&(0x7f0000000440)=@generic, 0x80, &(0x7f0000000dc0)=[{&(0x7f0000000a00)=""/206, 0xce}, {&(0x7f0000000b00)=""/223, 0xdf}, {&(0x7f0000000c00)=""/141, 0x8d}, {&(0x7f0000000cc0)=""/252, 0xfc}, {&(0x7f0000000300)=""/53, 0x35}], 0x5, &(0x7f0000000e40)=""/198, 0xc6}, 0x7}, {{&(0x7f0000000f40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000fc0)=""/174, 0xae}], 0x1}, 0x4}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000001080)=""/69, 0x45}, {&(0x7f0000001100)=""/116, 0x74}, {&(0x7f0000001180)=""/26, 0x1a}, {&(0x7f00000011c0)=""/247, 0xf7}, {&(0x7f00000012c0)=""/117, 0x75}, {&(0x7f0000001340)=""/63, 0x3f}, {&(0x7f0000001380)=""/116, 0x74}, {&(0x7f0000001400)=""/243, 0xf3}, {&(0x7f0000002100)=""/4096, 0x1000}, {&(0x7f0000001500)=""/186, 0xba}], 0xa, &(0x7f0000001680)=""/148, 0x94}, 0x4}], 0x4, 0x11001, &(0x7f0000001840)) ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece) 1.592317339s ago: executing program 2 (id=42): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x3ff, 0x2) (async) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3ff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x2, @raw_data="38175ed207001e865955595663236001fa07be47030889be80d49d06a746282b8fef2c2f8769f0ee07cab1907ee285d53c42e0a921f91991520631345f02a7a36722d36443983bf3d734ee9f55d2514d0eb113763bf52f582f87805a7b8867bc0400a8593f928a8194a934b7b615b30a89c87f515f708c750218968027c43480c0df58b0ed48a110ee63b82cbd218c748b7b768015a7b633cf69d3771007105ecaf6f7c9b03c1d6d2db5210febe3a652a8035515e3513046406b628d9e02d09e43895d6c93457d59"}) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000000c0)={0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0xa, 0x2) (async) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @redirect={0x5, 0x1, 0x0, @multicast2, {0x10, 0x4, 0x2, 0x10, 0x2, 0x68, 0xff, 0x7, 0x84, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@generic={0x7, 0xd, "1470c7f26eb8370a02e95f"}, @timestamp_addr={0x44, 0x1c, 0x26, 0x1, 0x7, [{@loopback, 0x7}, {@loopback, 0x80000000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}]}]}}}}}, 0x6a) 1.57028389s ago: executing program 0 (id=43): r0 = socket$inet6(0xa, 0x4, 0x1) sendto$inet6(r0, 0x0, 0x0, 0x24048048, 0x0, 0x0) getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000500)=0x3) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80045510, &(0x7f0000000000)) getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000005c0)={[0x5836, 0x8, 0x7, 0x4000000000000e52, 0x1, 0x5479, 0x1041, 0x200000000006, 0xfffffffffffffffd, 0x1, 0xfffffffffffffffe, 0x100000000, 0x1, 0x40000000009, 0x8000000000005, 0x10000800040068], 0xd000, 0x80}) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a) 1.458364701s ago: executing program 2 (id=44): userfaultfd(0x80801) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$inet(0x2, 0x3, 0x2) creat(&(0x7f0000000140)='./file0\x00', 0xf1) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x20000080) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) 1.374793506s ago: executing program 0 (id=45): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = memfd_secret(0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000140)={0x0, 0x0, {0x0, 0x0, 0x0, 0x7ff, 0x0, 0x50000}}) dup(r0) r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x105080) ioctl$BLKROGET(r2, 0x125e, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000), 0x45) 1.374483349s ago: executing program 2 (id=46): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000240)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000040)={0x0, 0x23, 0x19, {0x19, 0xe, "101a14a768fb68232590edb80689af7678ad6b083c6752"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000200)={0x1c, &(0x7f0000000100)={0x0, 0xf, 0x4f, "591cfd6730c121d0ce0ce7be96008f0346f59936f93e628a004af4ebbf00838989e44d31538af33896f2394eacf994524d96b535f2c1ee98c4e32303fe931e56fb8ac40a1afcb92c18b65b8bc584c3"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x5}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0xa0}}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000240)={0x40, 0xe, 0x52, "2761cc415ac1b8ad5be7fce9aed2538b445321fcd836d0da6054ac60f06d6b69017839ec8f54b2240386536d0aaa2768d077cd8813da7dd6d385027b6fd534459fbea274b6ba2667385fc3ff151e65e93c55"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 1.327587516s ago: executing program 0 (id=47): r0 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f00000000c0)="3c00000058001f00032ae4f9002304000a04d65f080001000201000217d1ae3b70b0406700912deb5b859322340b0100000078f72e230a19fb2bcb1d", 0x3c) fcntl$addseals(r0, 0x409, 0x5) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000009c0)=ANY=[@ANYBLOB="9f01000083667d1040206502d14e0102030109021b0001f6000000090400000190f19c000905f3ed8295091f8fee2efe39472f1ea3227d052d7556c97a470fa22bee95e09780953cc585369ad5511fb3243191c3"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, 0x0, &(0x7f0000000100)) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000050005000100000008000400000000000500060000000000080003"], 0x34}}, 0x0) r7 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0) r8 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r10 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$SO_BINDTODEVICE_wg(r10, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4) ioctl$SIOCPNGETOBJECT(r10, 0x89e0, &(0x7f0000000480)) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r9, 0x10f, 0x84, 0x0, &(0x7f0000000080)) write$tun(r4, &(0x7f0000000ec0)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x4, 0x1, 0x14}, @ipv4=@generic={{0x6, 0x4, 0x1, 0x27, 0x20, 0x65, 0x0, 0x60, 0x2, 0x0, @initdev={0xac, 0x1e, 0xc, 0x0}, @broadcast, {[@noop]}}, "11f3305280f125e6"}}, 0x2e) r11 = syz_open_dev$video(&(0x7f0000000240), 0x75, 0x700) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r11, 0xc034564b, &(0x7f0000000040)={0x0, 0x42474752, 0x780, 0x438, 0x3, @stepwise={{0x2, 0x7ffd}, {0x2, 0xfff}, {0x5, 0xd}}}) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000200)={0x2c, &(0x7f0000000080)={0x40, 0x0, 0x6d, {0x6d, 0x9, "bdb13dfb44b37c08c39d12ffa735d939196ab6477ac89ced78ccff173c8813580b971887eba0eee5692a2882303f5eb1b780b70505adcb45f4524aadc71176d27d583a1ac8bb2cddbb578fc3efe12de33bb62965a8aa1129b36ad15dbbdca1d8a1848127d6d82487d60637"}}, &(0x7f0000000680)=ANY=[@ANYBLOB="00031000e5c2b2ac010a9df61e82e4ee5eb66e8f12c5d6e914646b6e794100"], &(0x7f0000000140)={0x0, 0xf, 0x2d, {0x5, 0xf, 0x2d, 0x2, [@ssp_cap={0x10, 0x10, 0xa, 0xaf, 0x1, 0xff, 0xf, 0x7, [0xc0]}, @ssp_cap={0x18, 0x10, 0xa, 0x7, 0x3, 0xb507, 0x1100, 0x1c94, [0xffc0, 0xc0, 0xffc000]}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf, 0x1, 0x2, 0x6d, "0fdbcd95", "d0cdc9a6"}}, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xfb, 0x10, 0x2, 0x3, 0x5, 0x2, 0x8}}}, &(0x7f00000008c0)={0x84, &(0x7f0000000240)={0x40, 0x1, 0xb3, "1b43e62ee6f30a891f3d615d8a6c75e1d31dad1bb642ad37acf4e3eff155e9e7464e45e3b53084e1df913377bb97de43629d7373bd40a308179ba18408a0d25e1b40eaed1c4703d846b706a717d05c637c16b85b8560be10f5b60e6ffc918ed5ce7fabd4bf9c7f8244b1019a7893c03f5f85ed1dec5e0d663ac32cdc8c537dcb81f983069e7da5f370086aeecc89cb6ab3a3ce78ba51ab779bb024116c1cc56d282324278a049025a19797565039fd5f2b32e0"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0xfe}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f00000005c0)={0x20, 0x0, 0x8, {0x20, 0x8, [0xff]}}, &(0x7f0000000600)={0x40, 0x7, 0x2}, &(0x7f0000000640)={0x40, 0x9, 0x1, 0x9}, &(0x7f0000000580)={0x40, 0xb, 0x2, "caf4"}, &(0x7f00000006c0)={0x40, 0xf, 0x2, 0x10}, &(0x7f0000000700)={0x40, 0x13, 0x6, @local}, &(0x7f0000000740)={0x40, 0x17, 0x6, @local}, &(0x7f0000000780)={0x40, 0x19, 0x2, "76b4"}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0x8000}, &(0x7f0000000800)={0x40, 0x1c, 0x1}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0xf2}}) syz_usb_control_io$hid(r2, 0x0, 0x0) 766.083903ms ago: executing program 1 (id=50): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4890}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = accept4(0xffffffffffffffff, &(0x7f0000000400)=@sco={0x1f, @none}, &(0x7f0000000380)=0x80, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000700)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f00000004c0)={0x1e0, 0x24, 0x20, 0x70bd27, 0x25dfdbff, {0x8}, [@nested={0x14f, 0x10f, 0x0, 0x1, [@typed={0x14, 0x16, 0x0, 0x0, @ipv6=@mcast1}, @typed={0x6, 0x4d, 0x0, 0x0, @str='-\x00'}, @nested={0x4, 0xd4}, @generic="99da4f0b43e5ad65e90a5aa4c3dee1a0f10784898da4bc5361755dae210693d4468224e3f14c4128c0b289ae194d36d1458f6b35f7290f9ebe14bcb18c93f870c166e5c464fc86925d6636", @generic="64dfbddab6af4f3f766dab2b14648150bd2b1af6730024847f1b8de006dde7314f7633930464c7686155a46cf3947bd76bd2fc34891a84e694cba36149fe93682f52439d944caf14a80623451cb996343fdce2a737c8c6da753906adf3754f457629bbfa77f220e41e150d59ca0c545811726ace4b51d6073a156c213fa96e16aa3594fb37422d98277115a1ec525fa529fb8dc3ccf8fa6df37ba9ac61b7c84a80d607b6b2418aa885a6cfcf5d4437619a30a4d7518303ce3a4048465402805a00967b169ab4396a80183cebe48db092a24803aa5ce373518c660eeb", @nested={0x4, 0xc4}]}, @typed={0x7c, 0x31, 0x0, 0x0, @binary="1d7f39b49e745c6f4a327973e5c5aa6571269e094bbb8605e6ced0915c975671c384a98796ef7720456896bd9451a42a2b89ae94d28c73fe999c68c59b9f0e567137d639709c0ed7de0c8489cb0807378c3a208f89522a199db8daa120f0c35d0297dc32458c71580c287dd736c4fbd9a5684548375ab4c8"}]}, 0x1e0}}, 0x4000010) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000000010104000000000000000800000000000000361400018008000100e000000108000200e00000010c0002800500010000000000140005800e000100736e6d705f74726170000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4048040}, 0x0) tee(r2, r0, 0x7, 0xd) mq_notify(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x16, 0x1, @thr={0x0, 0x0}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x14, 0x3d, 0x301, 0x70bd25, 0xfffffffc, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0xc}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_DEBUGREGS(r5, 0x8080aea1, &(0x7f00000001c0)) r6 = socket$rds(0x15, 0x5, 0x0) r7 = syz_io_uring_setup(0x964, &(0x7f0000000240)={0x0, 0x5af7, 0x4000, 0x0, 0x3dd}, &(0x7f0000000140), &(0x7f00000002c0)) mmap$IORING_OFF_CQ_RING(&(0x7f0000ff0000/0x1000)=nil, 0x1000, 0x2000005, 0x13, r7, 0x8000000) bind$rds(r6, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0x3c, r8, 0x1, 0x70bd27, 0x0, {0x54}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x3c}}, 0xc084) sendmsg$DEVLINK_CMD_PORT_GET(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x14, r8, 0x1, 0x70bd25, 0x4, {0x54}}, 0x14}, 0x1, 0x0, 0x0, 0x4048890}, 0x0) sendmsg$rds(r6, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x37, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000bc0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535ef976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fce30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac353b21fe733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52af50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472787621147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600"}) 587.741318ms ago: executing program 3 (id=51): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, 0x0) 506.980755ms ago: executing program 1 (id=52): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1fe, 0x1, 0x0, 0x1000, &(0x7f0000036000/0x1000)=nil}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setuid(0xee01) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0x2}, 0x6) write$bt_hci(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="01"], 0xe) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000000)={0x0, 0x11000}) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9}) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103001) ioctl$SG_IO(r4, 0x2285, &(0x7f00000010c0)={0x53, 0xfffffffffffffffc, 0x6, 0xb0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000001080)="2ebe69ae6200", 0x0, 0x1, 0x34, 0x22, 0x0}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000001c0)={0x1fe, 0x0, &(0x7f0000feb000/0x4000)=nil}) 471.537864ms ago: executing program 3 (id=53): r0 = socket$inet6(0xa, 0x4, 0x1) sendto$inet6(r0, 0x0, 0x0, 0x24048048, 0x0, 0x0) getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000500)=0x3) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80045510, &(0x7f0000000000)) getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f00000005c0)={[0x5836, 0x8, 0x7, 0x4000000000000e52, 0x1, 0x5479, 0x1041, 0x200000000006, 0xfffffffffffffffd, 0x1, 0xfffffffffffffffe, 0x100000000, 0x1, 0x40000000009, 0x8000000000005, 0x10000800040068], 0xd000, 0x80}) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10"], 0x1a) 366.676366ms ago: executing program 1 (id=54): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) (async) r1 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) (async, rerun: 32) r2 = socket$rxrpc(0x21, 0x2, 0xa) (rerun: 32) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r2, 0x110, 0x3, &(0x7f0000000000), 0x4) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000b40)={0x0, [[0x9ef8, 0x0, 0x0, 0x0, 0x5d11], [0x10000, 0x0, 0x0, 0x0, 0x3a3], [0x7]], '\x00', [{}, {0x3, 0x8}, {0x1}, {0x0, 0x80000000}, {0x3, 0x0, 0x0, 0x1, 0x1}, {0x18, 0x5f}, {}, {0x0, 0x6}, {0x0, 0x3}, {0x0, 0xfffffffe}, {0x0, 0xbcf}, {0x0, 0x2}], '\x00', 0x1000}) (async) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="bcea"]) (async) r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000000)={0x0, 0xffff, 0x8, {0x7ff, 0xe}, {0x5, 0x4}, @cond=[{0x101, 0x0, 0x10, 0x4, 0x8, 0x2}, {0x1677, 0x2, 0x7fff, 0x100, 0xf78, 0x6}]}) 307.51576ms ago: executing program 3 (id=55): userfaultfd(0x80801) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$inet(0x2, 0x3, 0x2) creat(&(0x7f0000000140)='./file0\x00', 0xf1) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}}, 0x20000080) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) 289.50554ms ago: executing program 1 (id=56): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x38, 0xfff, 0xfffffffffffffffd, 0x180, 0x2, 0x14, 0xf0, 0x0, 0x7fffffffffffe, 0x5, 0x9, 0x8, 0x0, 0x45, 0xffffffffffffffff, 0xbdb], 0xfec00000, 0x1c4213}) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000040)={0x190, 0x258, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {0x0, 0x0, 0x1}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 185.466069ms ago: executing program 3 (id=57): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xb, 0x201, 0x0, 0x0, {0x3, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x24000080}, 0x10) r1 = syz_usb_connect(0x0, 0x202, &(0x7f0000000180)=ANY=[@ANYBLOB="1201100152018b401e040740185d000000010902f00101040000030904"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) move_pages(0x0, 0x1, &(0x7f00000001c0)=[&(0x7f0000ffd000/0x2000)=nil], &(0x7f0000000200)=[0x6], 0x0, 0x2) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r3, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x9004) syz_usb_control_io$sierra_net(r1, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000140)={0x40, 0x15}, 0x0, 0x0}) 75.021746ms ago: executing program 1 (id=58): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x18400700}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x8, 0x70bd2a, 0x25dfdbff, {}, [@GTPA_O_TEI={0x8, 0x9, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) 0s ago: executing program 1 (id=59): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0xfffe, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010104}, 0x3}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'batadv_slave_1\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x1}}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x9) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r7, &(0x7f0000000100)={0x2, 0x4e23, 0x0, @mcast1, 0x4}, 0x1c) r8 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r8, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac710aa7d0000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, &(0x7f0000000000)=0x9, 0x8, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r5, 0x40089416, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mbind(&(0x7f0000051000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000080)=0x2, 0x95, 0x2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.154' (ED25519) to the list of known hosts. [ 66.857508][ T5822] cgroup: Unknown subsys name 'net' [ 66.993345][ T5822] cgroup: Unknown subsys name 'cpuset' [ 67.002060][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.305580][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.405764][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.415603][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.415868][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.426809][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.441484][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.442788][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.449981][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.461164][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.472963][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.473547][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.480993][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.489389][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.496904][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.504205][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.510205][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.525288][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.527589][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.543949][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.544881][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.563088][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.056294][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 71.103922][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 71.238032][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 71.297338][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 71.308754][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.316556][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.323914][ T5835] bridge_slave_0: entered allmulticast mode [ 71.332794][ T5835] bridge_slave_0: entered promiscuous mode [ 71.336473][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.347683][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.393654][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.400918][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.408583][ T5835] bridge_slave_1: entered allmulticast mode [ 71.416013][ T5835] bridge_slave_1: entered promiscuous mode [ 71.496392][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.503852][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.511185][ T5833] bridge_slave_0: entered allmulticast mode [ 71.518320][ T5833] bridge_slave_0: entered promiscuous mode [ 71.535164][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.570076][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.577319][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.585042][ T5833] bridge_slave_1: entered allmulticast mode [ 71.592346][ T5833] bridge_slave_1: entered promiscuous mode [ 71.607644][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.627200][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.634558][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.642099][ T5836] bridge_slave_0: entered allmulticast mode [ 71.649275][ T5836] bridge_slave_0: entered promiscuous mode [ 71.687258][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.694654][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.702053][ T5836] bridge_slave_1: entered allmulticast mode [ 71.709260][ T5836] bridge_slave_1: entered promiscuous mode [ 71.739686][ T5835] team0: Port device team_slave_0 added [ 71.759872][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.769334][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.776947][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.784390][ T5834] bridge_slave_0: entered allmulticast mode [ 71.791891][ T5834] bridge_slave_0: entered promiscuous mode [ 71.801505][ T5835] team0: Port device team_slave_1 added [ 71.820379][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.839577][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.846869][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.854346][ T5834] bridge_slave_1: entered allmulticast mode [ 71.861494][ T5834] bridge_slave_1: entered promiscuous mode [ 71.881730][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.894599][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.949439][ T5833] team0: Port device team_slave_0 added [ 71.967757][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.975074][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.002912][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.028841][ T5833] team0: Port device team_slave_1 added [ 72.038285][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.055420][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.062451][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.088477][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.102935][ T5836] team0: Port device team_slave_0 added [ 72.121596][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.140549][ T5836] team0: Port device team_slave_1 added [ 72.188403][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.195463][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.221812][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.235213][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.242243][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.268373][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.282063][ T5834] team0: Port device team_slave_0 added [ 72.315904][ T5834] team0: Port device team_slave_1 added [ 72.323041][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.330061][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.356231][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.390131][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.397146][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.423345][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.440953][ T5835] hsr_slave_0: entered promiscuous mode [ 72.447850][ T5835] hsr_slave_1: entered promiscuous mode [ 72.486010][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.493211][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.519344][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.530561][ T5847] Bluetooth: hci2: command tx timeout [ 72.533052][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.543202][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.569563][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.610435][ T5839] Bluetooth: hci3: command tx timeout [ 72.610440][ T5837] Bluetooth: hci1: command tx timeout [ 72.622378][ T5847] Bluetooth: hci0: command tx timeout [ 72.652225][ T5833] hsr_slave_0: entered promiscuous mode [ 72.659110][ T5833] hsr_slave_1: entered promiscuous mode [ 72.665891][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 72.671773][ T5833] Cannot create hsr debugfs directory [ 72.722657][ T5836] hsr_slave_0: entered promiscuous mode [ 72.729233][ T5836] hsr_slave_1: entered promiscuous mode [ 72.735834][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 72.742179][ T5836] Cannot create hsr debugfs directory [ 72.810249][ T5834] hsr_slave_0: entered promiscuous mode [ 72.817197][ T5834] hsr_slave_1: entered promiscuous mode [ 72.823985][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 72.829768][ T5834] Cannot create hsr debugfs directory [ 73.228598][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.244266][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.260567][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.272450][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.353519][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.366784][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.391937][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.402937][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.499248][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.517569][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.533955][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.557584][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.644359][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.657994][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.675734][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.695287][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.730954][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.812191][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.847620][ T1015] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.855318][ T1015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.875027][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.899826][ T1015] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.906995][ T1015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.981535][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.018476][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.031925][ T1015] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.039509][ T1015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.068528][ T1015] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.075824][ T1015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.128110][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.158325][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.196963][ T1015] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.204198][ T1015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.235145][ T1015] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.242596][ T1015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.280578][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.326180][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.333432][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.368105][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.375301][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.533117][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.611437][ T5847] Bluetooth: hci2: command tx timeout [ 74.690499][ T5847] Bluetooth: hci1: command tx timeout [ 74.703911][ T5847] Bluetooth: hci0: command tx timeout [ 74.709582][ T5839] Bluetooth: hci3: command tx timeout [ 74.736223][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.863486][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.873989][ T5835] veth0_vlan: entered promiscuous mode [ 74.917237][ T5835] veth1_vlan: entered promiscuous mode [ 74.966690][ T5833] veth0_vlan: entered promiscuous mode [ 74.992841][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.022159][ T5836] veth0_vlan: entered promiscuous mode [ 75.028827][ T5833] veth1_vlan: entered promiscuous mode [ 75.074151][ T5836] veth1_vlan: entered promiscuous mode [ 75.093190][ T5835] veth0_macvtap: entered promiscuous mode [ 75.108205][ T5835] veth1_macvtap: entered promiscuous mode [ 75.154090][ T5833] veth0_macvtap: entered promiscuous mode [ 75.168649][ T5833] veth1_macvtap: entered promiscuous mode [ 75.191026][ T5836] veth0_macvtap: entered promiscuous mode [ 75.220911][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.232037][ T5836] veth1_macvtap: entered promiscuous mode [ 75.257170][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.292399][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.302063][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.316140][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.327687][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.339486][ T5834] veth0_vlan: entered promiscuous mode [ 75.347826][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.357686][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.376784][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.398760][ T736] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.407583][ T736] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.433766][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.449197][ T736] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.459314][ T736] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.506564][ T1015] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.517001][ T1015] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.531284][ T1015] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.540150][ T1015] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.551060][ T5834] veth1_vlan: entered promiscuous mode [ 75.714268][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.725559][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.741031][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.755266][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.804206][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.807723][ T5834] veth0_macvtap: entered promiscuous mode [ 75.821793][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.852269][ T5834] veth1_macvtap: entered promiscuous mode [ 75.861803][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.876656][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.923355][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 75.967555][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.989567][ T736] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.994819][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.024784][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.025621][ T736] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.084454][ T5930] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1'. [ 76.084596][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.154246][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.163380][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.183903][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.201888][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.350325][ T5933] cgroup: Invalid name [ 76.464155][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.483100][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.526462][ T1015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.539768][ T1015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.649988][ T1229] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 76.658544][ T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 76.690815][ T5839] Bluetooth: hci2: command tx timeout [ 76.753475][ T5937] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 76.770044][ T5839] Bluetooth: hci3: command tx timeout [ 76.775598][ T5847] Bluetooth: hci0: command tx timeout [ 76.775624][ T5837] Bluetooth: hci1: command tx timeout [ 76.836490][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.857929][ T1229] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.893673][ T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 76.895900][ T5939] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5'. [ 76.905167][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 76.946860][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.965710][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 76.994391][ T10] usb 3-1: config 0 descriptor?? [ 77.001503][ T1229] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 77.029934][ T1229] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.041897][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 77.056786][ T5944] vivid-002: ================= START STATUS ================= [ 77.070340][ T1229] usb 2-1: config 0 descriptor?? [ 77.076930][ T5944] vivid-002: Radio HW Seek Mode: Bounded [ 77.085404][ T5944] vivid-002: Radio Programmable HW Seek: false [ 77.096944][ T5944] vivid-002: RDS Rx I/O Mode: Block I/O [ 77.107256][ T1229] gspca_main: spca561-2.14.0 probing abcd:cdee [ 77.115817][ T5944] vivid-002: Generate RBDS Instead of RDS: false [ 77.127565][ T5944] vivid-002: RDS Reception: true [ 77.133080][ T5944] vivid-002: RDS Program Type: 0 inactive [ 77.142745][ T5944] vivid-002: RDS PS Name: inactive [ 77.160260][ T5944] vivid-002: RDS Radio Text: inactive [ 77.172546][ T5944] vivid-002: RDS Traffic Announcement: false inactive [ 77.190421][ T5944] vivid-002: RDS Traffic Program: false inactive [ 77.199300][ T5944] vivid-002: RDS Music: false inactive [ 77.205663][ T5944] vivid-002: ================== END STATUS ================== [ 77.296577][ T1229] spca561 2-1:0.0: probe with driver spca561 failed with error -22 [ 77.314546][ T1229] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 77.323211][ T1229] usb 2-1: MIDIStreaming interface descriptor not found [ 77.331432][ T5952] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 77.338350][ T5952] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 77.351194][ T5955] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 77.375760][ T5952] vhci_hcd vhci_hcd.0: Device attached [ 77.444493][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 77.456301][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 77.475498][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 77.492346][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 77.508334][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 77.521291][ T5957] syz.0.9 uses obsolete (PF_INET,SOCK_PACKET) [ 77.543609][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 77.563372][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 77.585333][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 77.599333][ T1229] usb 2-1: USB disconnect, device number 2 [ 77.619685][ T5928] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 77.622652][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 77.776225][ T5954] usbip_core: unknown command [ 77.781080][ T5954] vhci_hcd: unknown pdu 808464432 [ 77.786317][ T5954] usbip_core: unknown command [ 77.794422][ T35] vhci_hcd vhci_hcd.0: stop threads [ 77.806960][ T35] vhci_hcd vhci_hcd.0: release socket [ 77.828317][ T35] vhci_hcd vhci_hcd.0: disconnect device [ 77.852344][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 77.870645][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 77.883329][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 77.892633][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 77.920285][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 77.936449][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 77.966389][ T5969] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12'. [ 77.975639][ T10] pwc: Registered as video103. [ 77.984274][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 78.076438][ T10] usb 3-1: USB disconnect, device number 2 [ 78.279816][ T5927] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 78.439784][ T1229] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 78.439944][ T5927] usb 2-1: Using ep0 maxpacket: 16 [ 78.468126][ T5927] usb 2-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 78.482362][ T5927] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024 [ 78.496217][ T5927] usb 2-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1 [ 78.507129][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.519358][ T5927] usb 2-1: Product: syz [ 78.525152][ T5927] usb 2-1: Manufacturer: syz [ 78.534984][ T5927] usb 2-1: SerialNumber: syz [ 78.560632][ T5927] em28xx 2-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0) [ 78.575115][ T5927] em28xx 2-1:246.0: Audio interface 0 found (Vendor Class) [ 78.610026][ T1229] usb 4-1: Using ep0 maxpacket: 32 [ 78.616350][ T1229] usb 4-1: too many configurations: 17, using maximum allowed: 8 [ 78.633785][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.655210][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.664263][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.672560][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.680071][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.688266][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.696695][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.707819][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.715729][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.724183][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.740876][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.760831][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.774169][ T5837] Bluetooth: hci2: command tx timeout [ 78.788359][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.799143][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.807404][ T1229] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 78.816003][ T1229] usb 4-1: config 0 has no interface number 0 [ 78.824903][ T1229] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 78.836032][ T1229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.844941][ T1229] usb 4-1: Product: syz [ 78.849323][ T1229] usb 4-1: Manufacturer: syz [ 78.855915][ T5837] Bluetooth: hci1: command tx timeout [ 78.860375][ T5847] Bluetooth: hci0: command tx timeout [ 78.861947][ T1229] usb 4-1: SerialNumber: syz [ 78.867249][ T5839] Bluetooth: hci3: command tx timeout [ 78.878083][ T1229] usb 4-1: config 0 descriptor?? [ 78.890877][ T1229] etas_es58x 4-1:0.2: Starting syz syz (Serial Number syz) [ 78.991653][ T5969] syzkaller1: entered promiscuous mode [ 78.997317][ T5969] syzkaller1: entered allmulticast mode [ 79.110463][ T5992] sctp: [Deprecated]: syz.2.19 (pid 5992) Use of int in max_burst socket option. [ 79.110463][ T5992] Use struct sctp_assoc_value instead [ 79.232598][ T5927] em28xx 2-1:246.0: unknown em28xx chip ID (0) [ 79.251644][ T5927] em28xx 2-1:246.0: Config register raw data: 0x1b [ 79.439889][ T1229] etas_es58x 4-1:0.2: could not parse product info: '' [ 79.452561][ T5927] em28xx 2-1:246.0: AC97 chip type couldn't be determined [ 79.460373][ T5927] em28xx 2-1:246.0: No AC97 audio processor [ 79.468593][ T5927] em28xx 2-1:246.0: We currently don't support analog TV or stream capture on dual tuners. [ 79.518910][ T6001] process 'syz.2.22' launched './file0' with NULL argv: empty string added [ 79.543667][ T6003] netlink: 'syz.0.23': attribute type 1 has an invalid length. [ 79.553778][ T6003] netlink: 224 bytes leftover after parsing attributes in process `syz.0.23'. [ 79.840623][ T5927] em28xx 2-1:246.0: unknown em28xx chip ID (0) [ 79.847482][ T5927] em28xx 2-1:246.0: Config register raw data: 0xfffffffb [ 79.855696][ T5927] em28xx 2-1:246.0: AC97 chip type couldn't be determined [ 79.864407][ T5927] em28xx 2-1:246.0: No AC97 audio processor [ 79.950650][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 80.061723][ T5504] etas_es58x 4-1:0.2 can0: bit-timing not yet defined [ 80.105251][ T5927] usb 2-1: USB disconnect, device number 3 [ 80.115762][ T5927] em28xx 2-1:246.0: Disconnecting em28xx #1 [ 80.123113][ T5927] em28xx 2-1:246.0: Disconnecting em28xx [ 80.123665][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.141600][ T9] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 80.145190][ T5927] em28xx 2-1:246.0: Freeing device [ 80.155452][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.156746][ T5927] em28xx 2-1:246.0: Freeing device [ 80.171520][ T9] usb 1-1: config 0 descriptor?? [ 80.175632][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 80.523073][ T6029] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 81.008206][ C0] etas_es58x 4-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0x0005. [ 81.019768][ C0] etas_es58x 4-1:0.2: es58x_split_urb_try_recovery: Recovery failed [ 81.027751][ C0] etas_es58x 4-1:0.2: es58x_split_urb() returned error -EBADMSG [ 81.100389][ T5504] etas_es58x 4-1:0.2: es58x_free_urbs: Timeout, some TX urbs still remain [ 81.110233][ C0] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.118449][ C0] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.126138][ C0] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.133864][ C0] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.141570][ C0] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.149178][ T5504] etas_es58x 4-1:0.2 can0: es58x_open: Could not open the network device: -EINVAL [ 81.314611][ T6046] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 81.430485][ T6051] warning: `syz.2.31' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 81.498574][ T6051] mkiss: ax0: crc mode is auto. [ 81.589206][ T24] cfg80211: failed to load regulatory.db [ 81.749997][ T5905] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 81.761343][ T24] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 81.872417][ T5504] etas_es58x 4-1:0.2: es58x_set_realtime_diff_ns: Previous request to set timestamp has not completed yet [ 81.899294][ C1] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.909096][ C1] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.916993][ C1] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.926434][ C1] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.935890][ T5905] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 81.948402][ C1] etas_es58x 4-1:0.2: es58x_read_bulk_callback: error -ENOENT [ 81.956112][ T5504] etas_es58x 4-1:0.2 can1: es58x_open: Could not open the network device: -EBUSY [ 81.966808][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 81.979688][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 81.992564][ T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 82.003724][ T24] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 82.015258][ T5905] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 82.024463][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.032804][ T5905] usb 3-1: Product: syz [ 82.037091][ T5905] usb 3-1: Manufacturer: syz [ 82.042282][ T5905] usb 3-1: SerialNumber: syz [ 82.047567][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 82.061523][ T24] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 82.070608][ T24] usb 2-1: Product: syz [ 82.074842][ T24] usb 2-1: SerialNumber: syz [ 82.084983][ T5905] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 82.099929][ T6055] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 82.273051][ T5927] usb 4-1: USB disconnect, device number 2 [ 82.306690][ T5927] etas_es58x 4-1:0.2: Disconnecting syz syz [ 82.324611][ T5905] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 82.326510][ T6055] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 82.360691][ T6055] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 82.409422][ T5905] usb 3-1: USB disconnect, device number 3 [ 82.638854][ T9] pwc: send_video_command error -71 [ 82.654503][ T9] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 82.681427][ T9] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 82.703355][ T9] usb 1-1: USB disconnect, device number 2 [ 82.767608][ T5928] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 82.956419][ T6082] loop2: detected capacity change from 0 to 7 [ 82.983715][ T5846] Dev loop2: unable to read RDB block 7 [ 82.994019][ T6055] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 83.002035][ T5846] loop2: unable to read partition table [ 83.011298][ T6055] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 83.018710][ T5846] loop2: partition table beyond EOD, truncated [ 83.037351][ T6082] Dev loop2: unable to read RDB block 7 [ 83.043041][ T6082] loop2: unable to read partition table [ 83.050692][ T6082] loop2: partition table beyond EOD, truncated [ 83.069098][ T6082] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 83.110138][ T5927] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 83.223399][ T24] cdc_ncm 2-1:1.0: failed to get mac address [ 83.248780][ T5208] Dev loop2: unable to read RDB block 7 [ 83.256814][ T5208] loop2: unable to read partition table [ 83.269882][ T5208] loop2: partition table beyond EOD, truncated [ 83.285102][ T5927] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 83.302872][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.333707][ T5927] usb 4-1: Product: syz [ 83.349986][ T5927] usb 4-1: Manufacturer: syz [ 83.357637][ T5927] usb 4-1: SerialNumber: syz [ 83.372849][ T5927] usb 4-1: config 0 descriptor?? [ 83.594105][ T24] cdc_ncm 2-1:1.0: bind() failure [ 83.616801][ T5927] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 83.633260][ T24] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 83.645498][ T24] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 83.660917][ T24] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 83.693657][ T6104] kvm: MONITOR instruction emulated as NOP! [ 83.697844][ T24] usb 2-1: USB disconnect, device number 4 [ 84.210127][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 84.334224][ T6116] netlink: 'syz.1.40': attribute type 29 has an invalid length. [ 84.371332][ T6116] netlink: 'syz.1.40': attribute type 29 has an invalid length. [ 84.400535][ T6116] netlink: 500 bytes leftover after parsing attributes in process `syz.1.40'. [ 84.474612][ T6118] autofs: Bad value for 'fd' [ 84.573387][ T6120] vim2m vim2m.0: Fourcc format (0x56595559) invalid. [ 84.588844][ T6120] syzkaller1: entered promiscuous mode [ 84.597647][ T6120] syzkaller1: entered allmulticast mode [ 84.692856][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 84.874266][ T6134] netlink: 32 bytes leftover after parsing attributes in process `syz.0.47'. [ 85.049729][ T24] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 85.068496][ T5927] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 85.081642][ T5927] usb 4-1: USB disconnect, device number 3 [ 85.130032][ T5905] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 85.203241][ T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 85.216907][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.226786][ T24] usb 3-1: Product: syz [ 85.232059][ T24] usb 3-1: Manufacturer: syz [ 85.236692][ T24] usb 3-1: SerialNumber: syz [ 85.246947][ T24] usb 3-1: config 0 descriptor?? [ 85.287662][ T6139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'. [ 85.299789][ T5905] usb 1-1: Using ep0 maxpacket: 16 [ 85.307397][ T5905] usb 1-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 85.319715][ T5905] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 34178, setting to 1024 [ 85.323001][ T6139] netlink: 220 bytes leftover after parsing attributes in process `syz.1.49'. [ 85.346724][ T5905] usb 1-1: New USB device found, idVendor=2040, idProduct=0265, bcdDevice=4e.d1 [ 85.357819][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.366291][ T5905] usb 1-1: Product: syz [ 85.370990][ T5905] usb 1-1: Manufacturer: syz [ 85.375661][ T5905] usb 1-1: SerialNumber: syz [ 85.389067][ T5905] em28xx 1-1:246.0: New device syz syz @ 480 Mbps (2040:0265, interface 0, class 0) [ 85.398961][ T5905] em28xx 1-1:246.0: Audio interface 0 found (Vendor Class) [ 85.445249][ T6141] netlink: 56 bytes leftover after parsing attributes in process `syz.1.50'. [ 85.465362][ T24] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 85.506698][ T6141] kvm: vcpu 0: requested 148514 ns lapic timer period limited to 200000 ns [ 85.515731][ T6141] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer. [ 85.689847][ T6145] capability: warning: `syz.1.52' uses deprecated v2 capabilities in a way that may be insecure [ 85.856201][ T6134] syzkaller1: entered promiscuous mode [ 85.886362][ T6134] syzkaller1: entered allmulticast mode [ 86.125587][ T5905] em28xx 1-1:246.0: unknown em28xx chip ID (0) [ 86.133944][ T5905] em28xx 1-1:246.0: Config register raw data: 0x1b [ 86.269689][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 86.337473][ T5905] em28xx 1-1:246.0: AC97 chip type couldn't be determined [ 86.346533][ T5905] em28xx 1-1:246.0: No AC97 audio processor [ 86.357051][ T5905] ================================================================== [ 86.365235][ T5905] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x6a/0x130 [ 86.373841][ T5905] Read of size 8 at addr ffff88807bdec250 by task kworker/1:4/5905 [ 86.381730][ T5905] [ 86.384075][ T5905] CPU: 1 UID: 0 PID: 5905 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) [ 86.384090][ T5905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 86.384100][ T5905] Workqueue: usb_hub_wq hub_event [ 86.384125][ T5905] Call Trace: [ 86.384133][ T5905] [ 86.384139][ T5905] dump_stack_lvl+0xe8/0x150 [ 86.384159][ T5905] print_address_description+0x55/0x1e0 [ 86.384177][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 86.384190][ T5905] print_report+0x58/0x70 [ 86.384205][ T5905] kasan_report+0x117/0x150 [ 86.384219][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 86.384233][ T5905] __list_add_valid_or_report+0x6a/0x130 [ 86.384245][ T5905] em28xx_init_extension+0x56/0x1c0 [ 86.384262][ T5905] ? media_device_init+0x2e5/0x520 [ 86.384280][ T5905] em28xx_init_dev+0xc01/0x3280 [ 86.384297][ T5905] ? __pfx_em28xx_init_dev+0x10/0x10 [ 86.384315][ T5905] ? mutex_init_lockdep+0xdf/0x110 [ 86.384329][ T5905] em28xx_usb_probe+0x157b/0x2b10 [ 86.384351][ T5905] usb_probe_interface+0x668/0xc90 [ 86.384368][ T5905] ? __pfx_usb_probe_interface+0x10/0x10 [ 86.384381][ T5905] really_probe+0x267/0xaf0 [ 86.384395][ T5905] __driver_probe_device+0x18c/0x320 [ 86.384406][ T5905] driver_probe_device+0x4f/0x240 [ 86.384425][ T5905] __device_attach_driver+0x279/0x430 [ 86.384437][ T5905] bus_for_each_drv+0x258/0x2f0 [ 86.384451][ T5905] ? __pfx___device_attach_driver+0x10/0x10 [ 86.384463][ T5905] ? __pfx_bus_for_each_drv+0x10/0x10 [ 86.384478][ T5905] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.384490][ T5905] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.384507][ T5905] __device_attach+0x2c5/0x450 [ 86.384519][ T5905] ? __pfx___device_attach+0x10/0x10 [ 86.384530][ T5905] ? _raw_spin_unlock+0x28/0x50 [ 86.384546][ T5905] device_initial_probe+0xa1/0xd0 [ 86.384557][ T5905] bus_probe_device+0x12a/0x220 [ 86.384570][ T5905] ? device_add+0x726/0xb70 [ 86.384586][ T5905] device_add+0x7b6/0xb70 [ 86.384603][ T5905] usb_set_configuration+0x1a87/0x2110 [ 86.384624][ T5905] usb_generic_driver_probe+0x8d/0x150 [ 86.384637][ T5905] usb_probe_device+0x1c4/0x3b0 [ 86.384652][ T5905] ? __pfx_usb_probe_device+0x10/0x10 [ 86.384664][ T5905] really_probe+0x267/0xaf0 [ 86.384677][ T5905] __driver_probe_device+0x18c/0x320 [ 86.384688][ T5905] driver_probe_device+0x4f/0x240 [ 86.384700][ T5905] __device_attach_driver+0x279/0x430 [ 86.384713][ T5905] bus_for_each_drv+0x258/0x2f0 [ 86.384726][ T5905] ? __pfx___device_attach_driver+0x10/0x10 [ 86.384738][ T5905] ? __pfx_bus_for_each_drv+0x10/0x10 [ 86.384751][ T5905] ? lockdep_hardirqs_on+0x7a/0x110 [ 86.384762][ T5905] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 86.384779][ T5905] __device_attach+0x2c5/0x450 [ 86.384790][ T5905] ? __pfx___device_attach+0x10/0x10 [ 86.384801][ T5905] ? _raw_spin_unlock+0x28/0x50 [ 86.384816][ T5905] device_initial_probe+0xa1/0xd0 [ 86.384827][ T5905] bus_probe_device+0x12a/0x220 [ 86.384840][ T5905] ? device_add+0x726/0xb70 [ 86.384855][ T5905] device_add+0x7b6/0xb70 [ 86.384871][ T5905] usb_new_device+0xa08/0x16f0 [ 86.384891][ T5905] ? __pfx_usb_new_device+0x10/0x10 [ 86.384908][ T5905] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.384925][ T5905] hub_event+0x2a1c/0x4f30 [ 86.384950][ T5905] ? __pfx_hub_event+0x10/0x10 [ 86.384966][ T5905] ? process_one_work+0x8bb/0x1780 [ 86.384981][ T5905] process_one_work+0x9ab/0x1780 [ 86.385002][ T5905] ? __pfx_process_one_work+0x10/0x10 [ 86.385016][ T5905] ? do_raw_spin_lock+0x12b/0x2f0 [ 86.385034][ T5905] worker_thread+0xba8/0x11e0 [ 86.385047][ T5905] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 86.385063][ T5905] ? __kthread_parkme+0x7a/0x1f0 [ 86.385074][ T5905] ? __kthread_parkme+0x19c/0x1f0 [ 86.385086][ T5905] kthread+0x388/0x470 [ 86.385098][ T5905] ? __pfx_worker_thread+0x10/0x10 [ 86.385108][ T5905] ? __pfx_kthread+0x10/0x10 [ 86.385120][ T5905] ret_from_fork+0x51e/0xb90 [ 86.385136][ T5905] ? __pfx_ret_from_fork+0x10/0x10 [ 86.385150][ T5905] ? __switch_to+0xc7d/0x1450 [ 86.385164][ T5905] ? __pfx_kthread+0x10/0x10 [ 86.385177][ T5905] ret_from_fork_asm+0x1a/0x30 [ 86.385192][ T5905] [ 86.385197][ T5905] [ 86.783995][ T5905] Allocated by task 0: [ 86.788047][ T5905] kasan_save_track+0x3e/0x80 [ 86.792719][ T5905] __kasan_slab_alloc+0x6c/0x80 [ 86.797565][ T5905] kmem_cache_alloc_node_noprof+0x384/0x690 [ 86.803462][ T5905] __alloc_skb+0x27d/0x7d0 [ 86.807860][ T5905] __netdev_alloc_skb+0xc1/0x810 [ 86.812777][ T5905] __ieee80211_beacon_get+0xc06/0x1880 [ 86.818233][ T5905] ieee80211_beacon_get_tim+0xbd/0x2c0 [ 86.823700][ T5905] mac80211_hwsim_beacon_tx+0x3c5/0x870 [ 86.829249][ T5905] __iterate_interfaces+0x2ab/0x590 [ 86.834526][ T5905] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 86.841535][ T5905] mac80211_hwsim_beacon+0xbb/0x180 [ 86.846737][ T5905] __hrtimer_run_queues+0x3d1/0xa70 [ 86.851918][ T5905] hrtimer_run_softirq+0x17a/0x240 [ 86.857010][ T5905] handle_softirqs+0x22a/0x870 [ 86.861759][ T5905] __irq_exit_rcu+0xca/0x220 [ 86.866343][ T5905] irq_exit_rcu+0x9/0x30 [ 86.870574][ T5905] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 86.876192][ T5905] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 86.882331][ T5905] [ 86.884634][ T5905] Freed by task 0: [ 86.888329][ T5905] kasan_save_track+0x3e/0x80 [ 86.892989][ T5905] kasan_save_free_info+0x46/0x50 [ 86.897997][ T5905] __kasan_slab_free+0x5c/0x80 [ 86.902760][ T5905] kmem_cache_free+0x189/0x640 [ 86.907504][ T5905] skb_release_data+0x81c/0xa80 [ 86.912334][ T5905] __kfree_skb+0x5d/0x210 [ 86.916646][ T5905] mac80211_hwsim_beacon_tx+0x3e8/0x870 [ 86.922174][ T5905] __iterate_interfaces+0x2ab/0x590 [ 86.927354][ T5905] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 86.934364][ T5905] mac80211_hwsim_beacon+0xbb/0x180 [ 86.939570][ T5905] __hrtimer_run_queues+0x3d1/0xa70 [ 86.944753][ T5905] hrtimer_run_softirq+0x17a/0x240 [ 86.949856][ T5905] handle_softirqs+0x22a/0x870 [ 86.954655][ T5905] __irq_exit_rcu+0xca/0x220 [ 86.959271][ T5905] irq_exit_rcu+0x9/0x30 [ 86.963504][ T5905] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 86.969212][ T5905] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 86.975174][ T5905] [ 86.977478][ T5905] The buggy address belongs to the object at ffff88807bdec000 [ 86.977478][ T5905] which belongs to the cache skbuff_small_head of size 704 [ 86.992029][ T5905] The buggy address is located 592 bytes inside of [ 86.992029][ T5905] freed 704-byte region [ffff88807bdec000, ffff88807bdec2c0) [ 87.005801][ T5905] [ 87.008209][ T5905] The buggy address belongs to the physical page: [ 87.014606][ T5905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bdec [ 87.023353][ T5905] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 87.031850][ T5905] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 87.039391][ T5905] page_type: f5(slab) [ 87.043376][ T5905] raw: 00fff00000000040 ffff88801f2cea00 dead000000000100 dead000000000122 [ 87.051963][ T5905] raw: 0000000000000000 0000000800130013 00000000f5000000 0000000000000000 [ 87.060544][ T5905] head: 00fff00000000040 ffff88801f2cea00 dead000000000100 dead000000000122 [ 87.069201][ T5905] head: 0000000000000000 0000000800130013 00000000f5000000 0000000000000000 [ 87.077855][ T5905] head: 00fff00000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff [ 87.086527][ T5905] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 87.095289][ T5905] page dumped because: kasan: bad access detected [ 87.101708][ T5905] page_owner tracks the page as allocated [ 87.107417][ T5905] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 0, tgid 0 (swapper/1), ts 80210453527, free_ts 80156715036 [ 87.127555][ T5905] post_alloc_hook+0x231/0x280 [ 87.132412][ T5905] get_page_from_freelist+0x2418/0x24b0 [ 87.138121][ T5905] __alloc_frozen_pages_noprof+0x233/0x3d0 [ 87.143910][ T5905] allocate_slab+0x77/0x660 [ 87.148399][ T5905] refill_objects+0x339/0x3d0 [ 87.153056][ T5905] __pcs_replace_empty_main+0x321/0x720 [ 87.158590][ T5905] kmem_cache_alloc_node_noprof+0x441/0x690 [ 87.164585][ T5905] __alloc_skb+0x27d/0x7d0 [ 87.168983][ T5905] ndisc_alloc_skb+0x9f/0x480 [ 87.173669][ T5905] ndisc_send_rs+0x2b5/0x630 [ 87.178242][ T5905] addrconf_rs_timer+0x395/0x6d0 [ 87.183157][ T5905] call_timer_fn+0x192/0x640 [ 87.187747][ T5905] __run_timer_base+0x652/0x8b0 [ 87.192664][ T5905] run_timer_softirq+0xb7/0x170 [ 87.197505][ T5905] handle_softirqs+0x22a/0x870 [ 87.202346][ T5905] __irq_exit_rcu+0xca/0x220 [ 87.207009][ T5905] page last free pid 5927 tgid 5927 stack trace: [ 87.213316][ T5905] __free_frozen_pages+0xbf0/0xd00 [ 87.218414][ T5905] em28xx_usb_disconnect+0x27f/0x2f0 [ 87.223698][ T5905] usb_unbind_interface+0x26e/0x910 [ 87.228879][ T5905] device_release_driver_internal+0x4d9/0x870 [ 87.235191][ T5905] bus_remove_device+0x455/0x570 [ 87.240210][ T5905] device_del+0x527/0x8f0 [ 87.244526][ T5905] usb_disable_device+0x3d4/0x8d0 [ 87.249534][ T5905] usb_disconnect+0x32f/0x990 [ 87.254197][ T5905] hub_event+0x1cc9/0x4f30 [ 87.258595][ T5905] process_one_work+0x9ab/0x1780 [ 87.263517][ T5905] worker_thread+0xbee/0x11e0 [ 87.268175][ T5905] kthread+0x388/0x470 [ 87.272241][ T5905] ret_from_fork+0x51e/0xb90 [ 87.276813][ T5905] ret_from_fork_asm+0x1a/0x30 [ 87.281562][ T5905] [ 87.283867][ T5905] Memory state around the buggy address: [ 87.289477][ T5905] ffff88807bdec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.297520][ T5905] ffff88807bdec180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.305559][ T5905] >ffff88807bdec200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 87.313605][ T5905] ^ [ 87.320255][ T5905] ffff88807bdec280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 87.328292][ T5905] ffff88807bdec300: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 87.336355][ T5905] ================================================================== [ 87.360385][ T24] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 87.364391][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 87.453849][ T9] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 87.458698][ T5905] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 87.458718][ T5905] CPU: 1 UID: 0 PID: 5905 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) [ 87.458736][ T5905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 87.458747][ T5905] Workqueue: usb_hub_wq hub_event [ 87.458770][ T5905] Call Trace: [ 87.458777][ T5905] [ 87.458784][ T5905] vpanic+0x56c/0xa60 [ 87.458803][ T5905] ? __pfx_vpanic+0x10/0x10 [ 87.458821][ T5905] panic+0xc5/0xd0 [ 87.458842][ T5905] ? __pfx_panic+0x10/0x10 [ 87.458856][ T5905] ? preempt_schedule_thunk+0x16/0x30 [ 87.458876][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 87.458892][ T5905] ? preempt_schedule_thunk+0x16/0x30 [ 87.458910][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 87.458925][ T5905] check_panic_on_warn+0x89/0xb0 [ 87.458944][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 87.458961][ T5905] end_report+0x73/0x180 [ 87.458978][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 87.458992][ T5905] kasan_report+0x128/0x150 [ 87.459009][ T5905] ? __list_add_valid_or_report+0x6a/0x130 [ 87.459026][ T5905] __list_add_valid_or_report+0x6a/0x130 [ 87.459043][ T5905] em28xx_init_extension+0x56/0x1c0 [ 87.459063][ T5905] ? media_device_init+0x2e5/0x520 [ 87.459085][ T5905] em28xx_init_dev+0xc01/0x3280 [ 87.459109][ T5905] ? __pfx_em28xx_init_dev+0x10/0x10 [ 87.459133][ T5905] ? mutex_init_lockdep+0xdf/0x110 [ 87.459150][ T5905] em28xx_usb_probe+0x157b/0x2b10 [ 87.459180][ T5905] usb_probe_interface+0x668/0xc90 [ 87.459202][ T5905] ? __pfx_usb_probe_interface+0x10/0x10 [ 87.459220][ T5905] really_probe+0x267/0xaf0 [ 87.459238][ T5905] __driver_probe_device+0x18c/0x320 [ 87.459254][ T5905] driver_probe_device+0x4f/0x240 [ 87.459271][ T5905] __device_attach_driver+0x279/0x430 [ 87.459287][ T5905] bus_for_each_drv+0x258/0x2f0 [ 87.459307][ T5905] ? __pfx___device_attach_driver+0x10/0x10 [ 87.459321][ T5905] ? __pfx_bus_for_each_drv+0x10/0x10 [ 87.459339][ T5905] ? lockdep_hardirqs_on+0x7a/0x110 [ 87.459354][ T5905] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 87.459377][ T5905] __device_attach+0x2c5/0x450 [ 87.459392][ T5905] ? __pfx___device_attach+0x10/0x10 [ 87.459408][ T5905] ? _raw_spin_unlock+0x28/0x50 [ 87.459428][ T5905] device_initial_probe+0xa1/0xd0 [ 87.459443][ T5905] bus_probe_device+0x12a/0x220 [ 87.459460][ T5905] ? device_add+0x726/0xb70 [ 87.459485][ T5905] device_add+0x7b6/0xb70 [ 87.459507][ T5905] usb_set_configuration+0x1a87/0x2110 [ 87.459533][ T5905] usb_generic_driver_probe+0x8d/0x150 [ 87.459551][ T5905] usb_probe_device+0x1c4/0x3b0 [ 87.459571][ T5905] ? __pfx_usb_probe_device+0x10/0x10 [ 87.459588][ T5905] really_probe+0x267/0xaf0 [ 87.459605][ T5905] __driver_probe_device+0x18c/0x320 [ 87.459620][ T5905] driver_probe_device+0x4f/0x240 [ 87.459636][ T5905] __device_attach_driver+0x279/0x430 [ 87.459653][ T5905] bus_for_each_drv+0x258/0x2f0 [ 87.459671][ T5905] ? __pfx___device_attach_driver+0x10/0x10 [ 87.459686][ T5905] ? __pfx_bus_for_each_drv+0x10/0x10 [ 87.459703][ T5905] ? lockdep_hardirqs_on+0x7a/0x110 [ 87.459717][ T5905] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 87.459738][ T5905] __device_attach+0x2c5/0x450 [ 87.459753][ T5905] ? __pfx___device_attach+0x10/0x10 [ 87.459768][ T5905] ? _raw_spin_unlock+0x28/0x50 [ 87.459789][ T5905] device_initial_probe+0xa1/0xd0 [ 87.459804][ T5905] bus_probe_device+0x12a/0x220 [ 87.459823][ T5905] ? device_add+0x726/0xb70 [ 87.459849][ T5905] device_add+0x7b6/0xb70 [ 87.459870][ T5905] usb_new_device+0xa08/0x16f0 [ 87.459896][ T5905] ? __pfx_usb_new_device+0x10/0x10 [ 87.459918][ T5905] ? _raw_spin_unlock_irq+0x23/0x50 [ 87.459940][ T5905] hub_event+0x2a1c/0x4f30 [ 87.459973][ T5905] ? __pfx_hub_event+0x10/0x10 [ 87.459994][ T5905] ? process_one_work+0x8bb/0x1780 [ 87.460015][ T5905] process_one_work+0x9ab/0x1780 [ 87.460043][ T5905] ? __pfx_process_one_work+0x10/0x10 [ 87.460062][ T5905] ? do_raw_spin_lock+0x12b/0x2f0 [ 87.460086][ T5905] worker_thread+0xba8/0x11e0 [ 87.460104][ T5905] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 87.460124][ T5905] ? __kthread_parkme+0x7a/0x1f0 [ 87.460139][ T5905] ? __kthread_parkme+0x19c/0x1f0 [ 87.460156][ T5905] kthread+0x388/0x470 [ 87.460172][ T5905] ? __pfx_worker_thread+0x10/0x10 [ 87.460185][ T5905] ? __pfx_kthread+0x10/0x10 [ 87.460201][ T5905] ret_from_fork+0x51e/0xb90 [ 87.460222][ T5905] ? __pfx_ret_from_fork+0x10/0x10 [ 87.460241][ T5905] ? __switch_to+0xc7d/0x1450 [ 87.460259][ T5905] ? __pfx_kthread+0x10/0x10 [ 87.460276][ T5905] ret_from_fork_asm+0x1a/0x30 [ 87.460296][ T5905] [ 87.464576][ T5905] Kernel Offset: disabled