last executing test programs:

7m42.488204178s ago: executing program 32 (id=755):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x500]}}], 0xffc8)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000380)={0x0, 0x1, 0xbe})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000040)={0x32b, @tick=0x5, 0xff, {0x0, 0xf7}, 0x0, 0x1})

7m32.475795713s ago: executing program 1 (id=782):
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = semget$private(0x0, 0x6, 0x40d)
semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x1, 0x1800}], 0x1, 0x0)
semop(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a50000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0c000980080001406f000001080008400000000114"], 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
semop(r0, &(0x7f0000000300)=[{0x2, 0x0, 0x2000}], 0x1)
semctl$IPC_RMID(r0, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c00000020010000000000000000000000000002000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ff09000000ffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c6174650000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240009000f0000000000000081000000000000010000000000008c90d4"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0x140}, 0x1, 0x80ff}, 0x844)

7m32.080852005s ago: executing program 3 (id=785):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x8, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_gact={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffa, 0x3, 0x5, 0x2, 0x8e8}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0xdba, 0x7}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) (fail_nth: 4)

7m31.968749636s ago: executing program 4 (id=786):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1f7, 0x80000)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r1, 0xe1bd4000)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) (async)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000002c0)='source\x1f\x18\xf6\xfc\x8f\xff\xd4\xe7\xde\x9c_\x10\xaf\xd2\x9ap\xde+\x12p^(\x1b_\xde?{\xbfUV\xcb\xdfx\xa3\xd5\x7f\x8ae]\xdf\xd1M\x91\xcd5\x939\xc9\x06\xe3k\x01\x9f:\x1eB\x1f0\x9f\xbe\xb5!}\x13\xd1\xae\xf1\xaa6\xe8SS\f }(\xd8\xc8\xd0*\x18\x15\x83\xd6\xeb3`\xc6\xbd\xfa\x82!\x12~e\'\x9e\xaf\x05)\x14\xb1\x9e\xa0\x0f\xb1\xfd\xd0F\x11}\xdeq:\x01F\x03\xef\x1e\x19Z\xb1\x8e\xef\xeeL\xfc\xbewqa\xb0xp\x9dv\xb7\x8dx\xeb\xa0\xa3\xaa\x91\x8d\xd9V\xd1\x8dM!\xd8\xc0\xca\x17\x89\xe8\x18oV-\x1e~\x1d\xd1\xb1\x8cv\xbf\x94\x82\xf7\xffCs\xedhe~N\xc1-03\x97\xfbR\xece-\x7f<{\xb97\x88l\xc5X\x17', &(0x7f0000000040)='S\v)\xcf\x00', 0x0) (async)
r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0xd94, 0x103442)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f0000000080)={0x1, 0x0, 0x1, 0x4, {0x106, 0xe61, 0xfffffffd, 0x1}}) (async)
r3 = socket(0x1e, 0x4, 0x0) (async, rerun: 32)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x0) (rerun: 32)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendto$unix(r5, &(0x7f0000000080)='\x00', 0x1, 0xd1, 0x0, 0x0) (async, rerun: 32)
recvfrom$unix(r6, 0x0, 0xff56, 0x10103, 0x0, 0x0) (async, rerun: 32)
ioctl$SNAPSHOT_SET_SWAP_AREA(r4, 0x400c330d, &(0x7f0000000080)={0x6, 0x100}) (async)
setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000480), 0x4)
recvmmsg(r3, &(0x7f0000002500)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000010c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000040)=""/19, 0x13}, 0x7}], 0x1, 0x40002122, 0x0)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r4, 0x4008af7c, &(0x7f0000000140)={0x0, 0x1}) (async, rerun: 32)
sendmsg$tipc(r3, &(0x7f0000000200)={&(0x7f0000000540)=@id={0x1e, 0x3, 0x3, {0x4e20}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000500)="e8", 0x1}], 0x1}, 0x4800) (async, rerun: 32)
readv(r0, &(0x7f00000005c0), 0x0)

7m31.655161393s ago: executing program 4 (id=788):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000400)='./file0\x00')
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vimc1(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0cc5640, 0x0) (async)
ioctl$VIDIOC_TRY_FMT(r2, 0xc0cc5640, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@gettaction={0x6c, 0x32, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x4}, @action_gd=@TCA_ACT_TAB={0x50, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x21, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8010}, 0x1000)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000003c0))
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r5=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, r5, 0x1, 0xffff, 0xa, 0x1ff, 0x3})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000580)={@private2, @mcast2, @rand_addr=' \x01\x00', 0x2000000, 0x0, 0x5, 0x300, 0xfffffffffffffffd, 0x930311}) (async)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000580)={@private2, @mcast2, @rand_addr=' \x01\x00', 0x2000000, 0x0, 0x5, 0x300, 0xfffffffffffffffd, 0x930311})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback={0x3f}, @loopback, 0x6, 0x0, 0x6, 0x0, 0x4000000000000009, 0x10200})
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r5, <r6=>0x0})
r7 = openat$drirender128(0xffffff9c, &(0x7f0000000300), 0xe0000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r7, 0xc01064c5, &(0x7f0000000540)={&(0x7f0000000500)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000440)={r6, 0x0, 0x0, 0x7, 0x0, [], [0x10, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x40000000]})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001940)=ANY=[@ANYBLOB="300000004000090003000000fddbdf250200000004001f00180009801100e2800800ee00", @ANYRES32=0x0, @ANYBLOB="6600000400000013"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r9 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r9)
ptrace$setregs(0xd, r9, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r9, 0x200, &(0x7f0000000480)={0x0}) (async)
ptrace$getregset(0x4204, r9, 0x200, &(0x7f0000000480)={0x0})

7m31.399660041s ago: executing program 3 (id=789):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f0000001c80)={{0x0}, 0x0}, 0x20)
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x18)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000000)={0xb, {{0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00', 0x10000}}}, 0x88)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc1b}, 0x28)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x7, 0x0, 0x1, 0x0, 0x4, 0x0, 0xbde], 0x1000, 0x3c4210})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x1, @remote, 0xa}, 0x1c, 0x0}}], 0x1, 0x200c4001)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x30008044}, 0x20000000)

7m30.604862173s ago: executing program 1 (id=791):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f00009bf000/0x3000)=nil, 0x3000, 0xf, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00009c1000/0x2000)=nil, 0x2000, 0x0, 0x4, 0x100)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c1100003e00010329bd700000dcdf25030000304af43a16395f7f"], 0x113c}, 0x1, 0x0, 0x0, 0xc011}, 0x400c004)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r5, 0x0, 0x27, 0x0, 0x0)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r6, 0x541b, 0xb)
r7 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00')
pread64(r7, &(0x7f00000000c0)=""/144, 0x90, 0x2f)

7m26.260505842s ago: executing program 4 (id=792):
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/mdstat\x00', 0x1800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x46)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
quotactl_fd$Q_GETFMT(r0, 0xffffffff80000401, 0xffffffffffffffff, &(0x7f0000000040))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x4, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1000a8d0}, 0x0)
close(0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0xc, 0x4, 0xffffbe0000000001, 0x8, 0xffffffff}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r7 = socket(0x8, 0x800, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040))
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000f00000008000300", @ANYRES32=r4, @ANYBLOB="0800320000000000050033"], 0x2c}}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000001240)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r11, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001580)={0x34, r10, 0x1, 0x71bd25, 0x3, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xb0}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x405c000}, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)

7m25.853228743s ago: executing program 3 (id=793):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x37, [0xfffffffc, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x401, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x1, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7d, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00040, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x4, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x8000003, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0x9, 0xfd, 0x601, 0x101, 0xdd80, 0x60a2, 0x7f, 0x9d26, 0x10000, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x55, 0x40, 0xff, 0x5, 0x7fffffff, 0x3, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) (async)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x37, [0xfffffffc, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x401, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x1, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7d, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00040, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x4, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x8000003, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0x9, 0xfd, 0x601, 0x101, 0xdd80, 0x60a2, 0x7f, 0x9d26, 0x10000, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x55, 0x40, 0xff, 0x5, 0x7fffffff, 0x3, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000500), 0xb53a, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x7, 0x40000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

7m21.253997242s ago: executing program 4 (id=794):
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8401)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdedn\xe5+\xf0', 0xffffffffffffffff)
request_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)='\x00', r2)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x30, 0x5, 0xfe, 0xfffff018}, {0x80000006, 0x0, 0x0, 0x7fff}]}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x158, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfe, {0x0, 0x0, 0x0, r5, {0xf}, {}, {0x7, 0x1}}, [@filter_kind_options=@f_u32={{0x8}, {0x12c, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'vxcan1\x00'}, @TCA_U32_SEL={0x114, 0x5, {0x10, 0x9, 0x6, 0x10da, 0xa760, 0x0, 0x10, 0x100, [{0x5, 0x3ff, 0x2, 0x4}, {0x2, 0xffffffff, 0x69c, 0x4000000}, {0x2, 0xd033, 0x57, 0x8000}, {0x1, 0x2, 0x9, 0x8}, {0x6, 0x7fff, 0x9, 0x6}, {0x3, 0xde5, 0x1, 0xbd}, {0x3, 0x80, 0x5, 0x6}, {0x401, 0x7fff, 0x0, 0x40}, {0x8, 0xfffffff9, 0xfffffffa, 0x54}, {0x5, 0x9, 0x2}, {0x1000, 0x2, 0x264, 0x9}, {0x3ff, 0xb, 0x3, 0xa6d}, {0x2, 0x4f, 0x5a2, 0xa2fa}, {0x7, 0x2, 0x7, 0x7}, {0x80, 0x3, 0x2, 0x1e0}, {0xc, 0x8000, 0xfffffffb}]}}]}}]}, 0x158}}, 0x24040084)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)={0x1c, r6, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x6404c081)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
request_key(&(0x7f00000001c0)='rxrpc_s\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='u32\x00', 0xffffffffffffffff)
process_mrelease(0xffffffffffffffff, 0x0)
request_key(&(0x7f00000011c0)='big_key\x00', &(0x7f0000001200)={'syz', 0x1}, &(0x7f0000001240)='\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
add_key(&(0x7f0000000380)='keyring\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f00000002c0)="475a2501db1c4c4386", 0x9, 0xfffffffffffffffb)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r7, 0x4606, &(0x7f0000000080)={0x2})
openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x224141, 0x0)

7m15.966469635s ago: executing program 4 (id=796):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f0000000480)={"9444c474e8fd532614c45a4b617c64c46d007f07accce17c35ef43e6ffaca43875b09866b0691883e9b212354a5bef8e9482389e0c42d4ebe7e7c63aa69cbed6da780cb40e5a74c286ce22e49d56935721394bc1c48fa8c56f99530dfaa9351e066192f9bb25571802080000000000000048ed40863c52e172d1b4eb3caca0c8923da772b3699f3c067a2caa90d73a5b6c0af0e7b3659bba02b1618c47d5b8be94d76d1afc89477e4f42599a970512d75996fb36e1584e182b134a36e4cb7f05adf846122200cee15575c033b0adf2546e8b9a51e335efb4961ed5673795c26e499f87fe934fd2cb67e5209f56c15e0a4a71c83189200f9b583bc1dc4d41007906d5fd4e7fdd5cc5c09c2a78513869bbbd1f206ed65aa8dc91782671ee16a0fb31d8afee51fe11417c600ab4bcae8ae09caa0def39f9fffd8a2e3e9b078ef9519ebc75bc02876267997495a750353e43e9b49fe6605abc85ba2fd12d8066d9401b8f89b19733f873371cfe4409a2b56607bbf9e9c091839d1af32f26b512abe9ed5d142b6875781db8a1aa65b2e4be0ba812a6db01c26b46c77b80fcd0e4462dff9cf945f552d4967f9fe47b6620e5857040740bb669c5cb960108fae6f88cdff32e1499732e7be27d15fb883cc4b6d2305f1a35c9bc51717a085ce1b5a932a2465175a7c86f428461a272a78121b89e61f43d879ea158219a72d6b60f2d6c2c3cd547c238313d7beb0834477b0e48173930b26045377b2d78bc98e347284643c1c574075cb68679c534982402316e6b90b0b89d2c9658e4729d0c2f96e79bbceb9c1200aece033de9dce7753855b9ab37587a95857fe44ebdb830d0392385d288ad2887e3b380d04a157a32a9e52a46419a96367d78b02d637b02fef1aedb2a179f22aa53d9146c502c287a81a5a13f6b25fb206e3d6160057fdc500170cb9984b4c7b5357585f114e9601d53633b68664b5dbdd49e17432fd3addf259c3eebe7023a2f300d81c892777ce69f502b0828e16f9bd6c60feeb332003835dd8d4910d8d1ce9e69f858eca7b2ecb8f0049fad3738280c632a4535c32eba7d3ae04d75ce0e3911e620a863f30c6dbc2204c5c2370b291b864a688e353f1812fa14f60f8043d5611319d1a339f048903a7cb4cf5c16583d4c6a1c979a9ccfb9c4a0b80a18af4cecff62c0ca933c63f1f5f1e62db4ce9c20be6a5b79aab835b639cfbf8134a6fa72e145a5ebe7308109a3de43f2a91cffe28c8f1249708669494ae15c1ff088e8348fba2c8e6d2fbfac7c8e78d4248f5ba452d79f9a8ec730087bf640fbe0e2fda7d1a4fbd49a262d853fb4a44d239a270ff1fb3f20e616e1832ca456f7f0fdf5f1cd114f5f2d18b782da0346a7e1ecfbc1b4ab9cbbc29d32f94b3a19663c0dd8114fe3c8905e97b21cf3e8355cb7b3d3900aafbfd36ca383d1ff1e03"})
pipe(&(0x7f0000000440))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[], 0xff2e)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net\x00')
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r3, 0xc01c64ae, &(0x7f00000008c0)={0x0, 0x3, 0x10001, 0x10, 0x4, 0x1000, 0x4000000})
getdents(r2, 0x0, 0x0)
r4 = gettid()
prlimit64(0x0, 0x2, &(0x7f0000001fc0)={0xfffffffffffffffb, 0xfffffffffffffffb}, 0x0)
brk(0x689d80000000)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000140))
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r5, 0x8008f512, &(0x7f0000000180))
capset(&(0x7f0000000000)={0x9f240e34909cfd9c, r4}, &(0x7f0000000040)={0x2f6a, 0xf75a, 0x3, 0x4, 0x3, 0x1})
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_buf(r6, 0x0, 0x4, &(0x7f0000000200)="440910bc996c301c8183070400", 0xd)
sendto$inet(r6, 0x0, 0x0, 0x20000454, &(0x7f00000000c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
r8 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r7, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r8, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4800}, 0x1)
sendmsg$SMC_PNETID_FLUSH(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00012bbd7000fddbdf250400009c29a8dc6920086bd80c3df7fbb3613d7f3e8e7aaa2e894a3200000000fb5d4e155be20b834e5faaf822e6d2cbbd44d071158fd2d510cbd8b89fc0d0282ed49a561f4c28230bb0c864c84f3276701b4b1bf4d95e985c9c4df7aa5a79b7a7c9279ec8072a401a62dbcdc759cbef2a6af1d599409de165e45c17e44b50cfb0620b0feacfe7390a9a7cd0b1"], 0x20}, 0x1, 0x0, 0x0, 0x4004000}, 0x40010)
setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f00000001c0), 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r9 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r9, 0xc0405602, &(0x7f0000000080)={0xec, 0xb, 0x0, "4a50e6d6cd7658c94d9cbddf04f5cae5e64814db165c0ccac1808e0ccc0df9ff", 0x64737664})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x5, 0x400007f, 0x4000006, 0x9, "42341f9b1000007e4f00"})
r10 = syz_open_pts(r1, 0x103100)
dup3(r10, r1, 0x0)

7m15.892934452s ago: executing program 1 (id=797):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x4000, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000140)=0x400030, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)

7m15.559443138s ago: executing program 3 (id=799):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r2, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)='B', 0x1}], 0x1}}], 0x1, 0x400c404)
exit(0xfe)
sendmmsg$inet6(r2, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f0000000a00)=[{0x0}, {&(0x7f0000000100)="f87abaf2a77b5815767cc9125844", 0xe}, {&(0x7f0000002380)="127f1caf1a75e02d7a4a49633fe22369c9e599ac7651f9eec5612e30d7989c79b7910c156d6999d7d3db1e1a037da719bec50a2cd809497e66b768936ecb7f3f9f557a65612f0b32317386d66624ab11d87557c6d0b49a733f43a10511655cfc9c6d327564c21a78da58d73f20f0532ee92765f83096e4ddafd16326f73c24d09aaf69f51f931642a48e4619f14c33b70a3caea9b2192b7ec1af1146f2056e364056fe02e5cded4d486add9c3d098a7929270e9b4f4ab79b5b8e6ddcffe3d82c31fc4987832409f3b6a6752df8916d74ae98f7fef6e876ee01f6f85aca53ce51318c13dc35b685b310924d136b85a02eb8ad490efcd5d637f962ea0e4c102b317844258c028306e2b1a9bde21142f28b3e9de8a0eb79724c3cd5532df021b885b059d0edf634d051933bc0aef33196acebf6d89afeaf4e50d4f5697fabc0c2a84307038a7be47effcac5610d33053369dd6c936f0777b5cac570950a2459b754b84b8e3cddc3881f917bbd1495eacedad6029780d8f515f18d04d1986928bdd4f3eaaa553903c0cd409858ef7d431ebd6065d2d283065dc784406e8b9cdf7f90e7014311fab3c5121d2d6b2743d275dd47a4673936a6b50386900069d19c29025ba3a2c3c7b4dcece9aea28e9ce66a6bc743d95278cfabc84cd9eb3dd14521563bb98454ce26615062f71279abe438d69d6932978d4cd5a57c693e9338ea8b3b1ecbe7409b197f92117d2f56a56bb7e045b881c76b2da33f69b6a0bb5a2a53a84496942cafc2facc7df0490a7bbd2633e9b565a42e70135ef6cd5e61c217a7a2bd841b8a5cefdc2a29a7c6476fbab83d6235af7ee2905bfac8dc1ea5d2365146e8fa1baee4e8a52f150ed3d4ec47c2803952f8048dd7b24e80c0ac95ad3263856be31805ea71cde8cdac1fd51511417c9afd16835f82822784a92bc6bbfc83be13daca34028f388f3a0b17d4af48f057053ec713c694270455be337c8ca0ce124b7a19ccfb511e8f5c5dd0205a25ca132ac19bd35aab928cbe4dd499cac0b6051b3139f9e58e124f5793f3dc8a04fd2b93e962366efaa422ff743e057f191a782c9c6c17647a9a1d0f59057b9dc364b4622d66378b53b5db207e5a2f397e97e8dd8e4005ec74205ae6dfe3984cc89e01403c948a1425b0fcc2754a135d4a0e58c0fc929a5bb32424f044e0cae66346604f0693175f3327d58c14b612589beb308288c2b101e9730ca385bf2fe7c4c18fe4d09a06275735e205693cc3f6a4cd73da0a3fee395d284589416f9fc743df4f7c437e17b438c2a1de362bcb95d8b985849d889268dd814cece6b65fccef66612ba649d2acb759fd00cf163b2e679ca8a3947aa5d74eb4b98013d3c8675b7aa515e2fbf2c11143ac942ef53a4917f9befed416d5d71b78d324163c52dde97e166aed03bdff43559690c51e8fbb0a94e42dd7fb5ce9330cc24f6a9b81d8f5f7621d94d5a3be197e20ae10c3d717c7c6c05805f12eeb68409e89c30cf615a4ea5e2cb6e1b8d5973d6d34d11cb4de6e1ed9bac49163b0757613f3d5eff5f89620abc1f2931fe73058a08e2ed819b4719e652b37472e31dfc53852bc6b5c7d107b31e904502ddfa529ddc2444119593a6c062578fd4ac92223b2d24f73b8811dd8b6283fae6d5f4dbb1f12e8a231b76ee59cd397cdda079163ec49a57e9b854e161cbb331b6b23c3d74a280b8b88951d364f5b46542eba51e76f0cd3a40283f1e7d6fa9c98087c899c35792ca880fbcae0e5892ee7e5638ffa1059b3030b4b8b9493bc155876575942fd7c50ddf84e60a891f13422064c38d390a2a89aced8ac619a22f5eac1f11038618182e72822a60742dc3660d0f4dda8da7e7f301dfce2daf081f3d94bd97ef4feeb5d5dd7b7cba9059065b0c647e7e7950127aea7b9db99b2c31dfb005d5598758831da6e0f130f4d482d0af89a814e68fa94a975dc19260192926ed282e6bae6b6adeba4db14f858c02a0a3ca2ff000fbca6dc8ee2f83cad42ba021170791ee5271c63d102907598b3bada09208371ac63f3b28895fece35a366af2d0d2e66f000ffb7d636717e98a47ee41d5596d07bd0e73a734d56ad1a20f64d7c85f033edd848979aa75064c1e03a8bd266a5cf2676e8cc6fc3da195d2907459c1e2630d847857e99e30410183044a7c053d9a52fe332afa9e7b5c2d3373b07cebda635d35fb9e4c9357555052e9d9ac10fa6c9b874544b4e839d4c1d25d72822e2378a3c0874b97935f6a0d8c598c8b1675251181528af3ac135e214f39323b00a9c7e785b1fb76ab14ec0c789be7ae4346a18e8e023b3b36307752ce11dd1c91118a2fd79bd6bc13ca3d97e0783c05a3ac28543aac3a30049c573250fa1e3dfd3e06d35e1d95bbbfc00d1f772d41db387e68d12bb16125b67233c368b47dac23a7924ffda3b0d67fa3463f96cea95e00cd366b9ac6b5c35e7b2a2689cf5acc3c37e7392bf110194aeb95dd3921d40169ea8a2053c4b0118b77f078d018fa7ea1f22c4e20e181a83dda976ecf5f7e24c2e82127a7ec52003e7f921cc4b4cb0ca832b24ce3a6fbb45c71e051d1a8c6ac220a51541a604bb67ba1d4b50a2c7a5174bacdb43e51dd446196383d54b0dbd8cb1dc48e3ef0c7f0504c9895ded1d0e200aaa4fce68f221fe9b69c6d44915996fe8dd2c2020f6ee901613e8e2bc737f6bf56dcb996bc74cd6596b49526342eec5a6baf3207ca9db68a316935b72e1cf9ad92ec071a0079b5bccf3ca048abf682ac6bb766e5c9080149796b395146dd47b09205b15449685226e77718464963f744488e21e9384b1e9802035f68cdbbd17c7c6ba1d669810374adf0a6292a7314ec3c38e2f399ca0e38cea67a08e952fb090bc8eca229f1c03a92d17ba48dc99c76e90ce27d5c0a1b082acde1a53a424f07a9472127a359c57756692c54a2f69056054a6f4b675e2089b753825136708f0b25392ed893e9e63b81fdf2c8a2d990bbc1ad3522cb18d982033c1acdc90a9dcb2e2b58f686ea6630a15e1baa195dd62fab0da3300189b08b35d3dfe1050e457151db08cd904bf23056b19178056358f11bf2640eeb716cf73a6886e2a8c64d0fd31f7fb943623115e43ef58f33b9237ec2a47d69a4f425c90af07bd97ae7073c74433d18e14fa3262575d3c538e5209e522083b39f849e829e4a353a1355f518de6865bdcff45ed8d5a9e3d794c35f7d94d0964e10a995afcbe0419047686052f31f86f0894579de45ee2da74ac49b7971ecf49e134fb8427e563a301229ed3419290a863e2289be4e5a64b04e88530c3e14e1f7ed66a830917ce2fbbf6f32c83d4e66506b80a91c2f948cb42537ea7985559cf398b5756e2c0ace0bc3118b82d80fce16a46356a42971fb6a3beddd75fc55d335589718d5c2be12c065160618d1e7f15a2bc5d6327b87b578b7a1204fd2b5e5790956c794051bbbbde256e813ced020b5ec3fd3033f67bd47ce71916ac4614e608143c28dae8a1dd75015b9de13cf8b0c8bb4edec6578450d3311d5850f36553c77ca411454b3a19b0d3fa4876b1bc740386cea354723606958ffb060c80070305b867e80420b5101e49e60f269abfa96c7c65654dc7c28fd96da04cc0a59f55ff89a8ef3397f3f648492753d7f23413df665669fb9869c8394197e25c23b1242c14cca8bc1adb3227c1004df67efeb5b78f0db463147a61d6ec45b7f012032001a69c977b2999d76172040e64271f7c6e568f0084fa7af4bc55f98649fba8d2a20cf7b71721b1735bc8ae576cd1d7d768f1e0e6f4eff12c5c6f57c0b53412368a84c4f9d85fde8ebf946bc4578f18e8952ff82599207d45e877312a9b0f3f2ebceb5b1e63f4a3586426c4cbf962d57c55ae77473dbca243725363564ebb70f9c864c4023b045694a1b789337601803f58869faa7d5f62bb70e6630c079cf2aa2b1a554249dce16093fa5ff937037c9b3a28c9c62cf379a84cb080d3396e7159f9aed9f61555855a3d49e06791f3772d6afabc0b4690d447859a520d75e02e6e0b294f804e9feb0afe989324c8e37f8e23720159035a57557e5db9da9b00e2dfbf50e90a72682d7fd85cf274e8e8820cb4594381f55e040d83aa299c2d337101b06adab6e5e89d7c175b293a18d9a40bb5caa7db9cbd6cb65ce1f87239bbf156add375eafec31eac22509cdb959c9a19ee951586f2202b21e23d3b0319b15f5274ed86dbe54500397700305fab98f1aa75f1569eb683ab471741fd239056952b05c63cd4721fe8a995d2b5f174cdd012b525c7ebbab65be10fb3bb865ed55810d4c400e0fb391a41e0de679ffa09a7506d294a8838c5b15d48ac110c3f4bea84b07650a4aecdd1eeaaa74e6110321e3914488d9f4e99a6588b5ba1305bf6473fa90e0b025781aa841b80e2c8bf315432f4dacca3f284a58199fa9f9fa5cfe684468b5a067ab86b769e656ce0755aaa4e5c25b637d134f707ec78a9b21a883e82965d487719e9544c57abfe018f6147516807d4d64f4eb0d6beae3d855ecafdd120827263f577ef93775c2eeff03770a8e5bb88d8ff7925f49967088ced98bc9cbf8a2c91b08bf88c93e74c9f2b392dcea803ed0ad6603abd8f70877a5a536b93b66ca86dbf67f6060fc6996af5682efe1ce6ad30c3644b4519ec936a2687035b977a1f9f4a99451b767a78131677beee40cde99900797e03b9120903af3938633cc948ad7ddc1e15830c780a6e15c83f3327bd8e60511043420efe9c1d802ce69dd84ac9a3a52d4710158e1831db359fc649b88861ba3c1b6b7e8cea64b1dc804c491c1680d4e5387bf9f3d6a2216b20ac105186faf361b7261f39a54ee6b3a4fd351ccb8c568e3550cce03aa691b6a87c52698f07ed31dae6a9b874e1bdcf527ab78822753a58af6f51d20668dd58214322dc76be4dcd6ef03137c9efd31730f9cfc5fb402cf9fd518bdcf1756fa571f6030c22f0b4997b37bd8379d39c3bde3883b9d2f273dc51", 0xdd0}, {&(0x7f0000000900)="e6fc22c688755d55abfd1f152735b28eb62467355463893f2f653633390b921e244607d17bf4ee9bc3f20b6bd8fb122bb8cb682891f961432b52847a163a35c4120c316bd3f0866093a0a56724c959d268e89c5f3ad75c3cc48559ed73af3505a5282ddd54f3811d3f2ce136829ea1b8716fa5d9c5d17bef7578552f9f386a66f8778ab9d3483e85395e4d0a251b1bd17a8c5de65f22653cd37896cf758ccc0bf7ba0471f15dd324", 0xa8}], 0x4}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)}}, {{0x0, 0x0, &(0x7f0000000500)=[{0x0}], 0x1, &(0x7f0000001900)=[@flowinfo={{0x14, 0x29, 0xb, 0x5}}, @rthdr_2292={{0x18, 0x29, 0x39, {0x1d}}}], 0x30}}, {{0x0, 0x0, &(0x7f0000001c80), 0x0, &(0x7f0000001cc0)}}, {{&(0x7f0000001d40)={0xa, 0x4e23, 0x5, @loopback, 0x7}, 0x1c, &(0x7f0000001ec0), 0x0, &(0x7f0000001f00)=[@rthdrdstopts={{0x98, 0x29, 0x37, {0x0, 0xf, '\x00', [@hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @multicast1}}, @calipso={0x7, 0x30, {0x0, 0xa, 0x7, 0x9, [0x5, 0x9, 0xfffffffffffffff8, 0x80000001, 0xfffffffffffffffb]}}, @ra={0x5, 0x2, 0x16f}, @pad1, @jumbo={0xc2, 0x4, 0xffff}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @calipso={0x7, 0x20, {0x0, 0x6, 0xbe, 0x1000, [0x8, 0x4, 0x53]}}, @ra={0x5, 0x2, 0x2}]}}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x87, 0x2, 0x1, 0x4, 0x0, [@mcast2]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0xbdbc}}, @rthdr={{0x98, 0x29, 0x39, {0x2c, 0x10, 0x1, 0x26, 0x0, [@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, @rand_addr=' \x01\x00', @private2, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @remote}, @private1, @remote]}}}, @hopopts_2292={{0xc0, 0x29, 0x36, {0x3a, 0x14, '\x00', [@generic={0x0, 0x7a, "99f3b8d900a5ae4edb45d11588e8044120dd199a92e72b3766b0566c9e0a4b2f912b67f7242e75adb00f3189407105c235ae44378129e1db639a43ec87f9ad2ff3a147947816f85cfbe4b1b1dca1dd7b9513c1c471a8dbfcaf748c65bd8557af2aadad62204a1d2bb4dd77dc851a698b0077257922a5b47cd725"}, @pad1, @calipso={0x7, 0x20, {0x3, 0x6, 0x80, 0x2, [0xede5, 0x4, 0x9]}}]}}}], 0x230}}], 0x5, 0x48c0) (fail_nth: 1)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xfffffffffffffffe, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
getdents(r3, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0xfffffffd, 0x4, 0xfffffffe}, 0x3c)
socket$igmp(0x2, 0x3, 0x2)
madvise(&(0x7f00002a3000/0x2000)=nil, 0x2000, 0xc)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4000)
socket$rxrpc(0x21, 0x2, 0x2)

7m15.34299519s ago: executing program 1 (id=800):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x5, @loopback, 0x5d96}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r1)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10)
shutdown(r1, 0x1)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000a40)={0x0, @in6={{0xa, 0x4e24, 0x5, @loopback, 0x1}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000018, 0x31, 0xffff1896, 0x3, 0x6, 0x8, 0x1b}, 0x9c)

7m15.327806459s ago: executing program 4 (id=801):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x10bc84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4122, 0x101a}], 0x1, 0x8001, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0xfb}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x100}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, '\"'}]}], {0x14}}, 0x88}}, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x7, 0x0, 0x9, 0xfa11, 0xffffffff}, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x3554000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000010000104000000000000e00000000000", @ANYRES32=0x0, @ANYBLOB="c14d000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
fadvise64(r8, 0x85f5, 0x4000000005, 0x4)

7m14.719823984s ago: executing program 1 (id=803):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x80000)
io_setup(0x42, &(0x7f0000000100)=<r2=>0x0)
sendmmsg$alg(r1, &(0x7f0000004400)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810}], 0x1, 0x10)
io_submit(r2, 0x1, &(0x7f0000000200)=[&(0x7f0000000140)={0x8000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000000)='e', 0x1, 0x0, 0x0, 0x2}])

7m14.719553453s ago: executing program 3 (id=804):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x4a, &(0x7f0000000040)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x2, 0x4}}}}}}}, 0x0)
syz_emit_ethernet(0x4b, &(0x7f00000001c0)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "a12600", 0x15, 0x6, 0x0, @remote, @local, {[], {{0x11, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x13}, {'`'}}}}}}}, 0x0)

7m13.684322334s ago: executing program 3 (id=805):
r0 = socket$netlink(0x10, 0x3, 0x4)
fcntl$dupfd(r0, 0x0, r0)
socket(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket(0x2, 0x80805, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xa, 0x2, &(0x7f0000000400)=@raw=[@call={0x85, 0x0, 0x0, 0x47}, @generic={0x2, 0x0, 0xc, 0x8000, 0x1000}], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
clock_settime(0xfffffffb, &(0x7f0000000140)={0x77359400})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ftruncate(0xffffffffffffffff, 0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0xc000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x141, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0xd)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
fchdir(r6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
openat$cgroup_freezer_state(r6, &(0x7f00000001c0), 0x2, 0x0)

7m13.353732001s ago: executing program 1 (id=806):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
socket$packet(0x11, 0xa, 0x300)
syz_open_dev$vcsa(&(0x7f0000000300), 0xc, 0x4c0300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000200)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
creat(0x0, 0x122)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r4, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r4, 0x0, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r4, 0x0, 0x8c0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
syz_open_dev$vbi(&(0x7f0000000140), 0x1, 0x2)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r5, &(0x7f0000000100)="fd0a0fc6dd4887c6048236609465f2e31c82c5f6be73b435a314bd11a3ccedb8ec4c8219ed81f552d8a12b9b15cdca91", 0x30, 0x404c801, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x9, 0x7ffc0002}]})
capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000100)={0x9, 0xfff, 0xfffffff2, 0xffffffff, 0x2, 0x5f})
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548", 0x36, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x19, &(0x7f0000000280)=ANY=[], 0x0)

6m59.557481393s ago: executing program 33 (id=801):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x10bc84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = ioctl$KVM_GET_STATS_FD_cpu(r5, 0xaece)
preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4122, 0x101a}], 0x1, 0x8001, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0xfb}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x100}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, '\"'}]}], {0x14}}, 0x88}}, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x7, 0x0, 0x9, 0xfa11, 0xffffffff}, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x3554000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000010000104000000000000e00000000000", @ANYRES32=0x0, @ANYBLOB="c14d000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
fadvise64(r8, 0x85f5, 0x4000000005, 0x4)

6m57.955571044s ago: executing program 34 (id=805):
r0 = socket$netlink(0x10, 0x3, 0x4)
fcntl$dupfd(r0, 0x0, r0)
socket(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket(0x2, 0x80805, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xa, 0x2, &(0x7f0000000400)=@raw=[@call={0x85, 0x0, 0x0, 0x47}, @generic={0x2, 0x0, 0xc, 0x8000, 0x1000}], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
clock_settime(0xfffffffb, &(0x7f0000000140)={0x77359400})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ftruncate(0xffffffffffffffff, 0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0xc000)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x141, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0xd)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
fchdir(r6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
openat$cgroup_freezer_state(r6, &(0x7f00000001c0), 0x2, 0x0)

6m57.522286599s ago: executing program 35 (id=806):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
socket$packet(0x11, 0xa, 0x300)
syz_open_dev$vcsa(&(0x7f0000000300), 0xc, 0x4c0300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000200)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
creat(0x0, 0x122)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r4, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r4, 0x0, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r4, 0x0, 0x8c0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
syz_open_dev$vbi(&(0x7f0000000140), 0x1, 0x2)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r5, &(0x7f0000000100)="fd0a0fc6dd4887c6048236609465f2e31c82c5f6be73b435a314bd11a3ccedb8ec4c8219ed81f552d8a12b9b15cdca91", 0x30, 0x404c801, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x9, 0x7ffc0002}]})
capset(&(0x7f00000000c0)={0x19980330}, &(0x7f0000000100)={0x9, 0xfff, 0xfffffff2, 0xffffffff, 0x2, 0x5f})
sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548", 0x36, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0x19, &(0x7f0000000280)=ANY=[], 0x0)

5m57.636687921s ago: executing program 2 (id=843):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xfffb}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {0x0, 0xfff1}, {0x81ff, 0x4}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x20000801}, 0x4041080)

5m51.062131799s ago: executing program 2 (id=847):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$TIPC_NL_MON_GET(r0, 0x0, 0x10)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
sendmmsg(r1, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
unshare(0x2c020400)
r3 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$F_GET_RW_HINT(r3, 0x40f, &(0x7f0000000140))

5m50.940549983s ago: executing program 5 (id=848):
socket$kcm(0x10, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008fc0a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

5m50.267514345s ago: executing program 5 (id=849):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0xffffffffffffffda, 0x0, {0x7, 0x1f, 0x2, 0x29350f4c, 0x5, 0x2, 0x4, 0x3, 0x0, 0x0, 0x4}}, 0x50) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1) (async, rerun: 32)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x1, 0x1000, &(0x7f0000003000/0x1000)=nil}) (rerun: 32)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x72, 0x0, 0x0) (async, rerun: 32)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5m50.138997079s ago: executing program 2 (id=850):
syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003280)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a32000000000900020073797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe080003400000800108000180fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb648b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c6290a9714bd4dcbd2a388139f3e46f69916f335c0002800900020073797a3000000000080003400000000908000180000000000900020073797a3000000000080003400000000808000180fffffffd080003400000000408000340fffffff908000180fffffffb0800034000000003a80002801c000280080003400000020008000340fffffff508000340000000001400028008000340000000050800034000000007720001001c2cce526d2ee30fb33f426450278cb35ac06b1cef15fefc26b5c17a8c9251bed316fccb5588f2e071fc355537fcf458cf14217f16ce4c12a4b559f3e807c94c6cc4f418baebc6024b74b9dbc5ef66dbbe91812ea247db80670c101ed494f105ad9c09b4eaf8d5c133b46a311c1a00001c0302802000028008000180fffffffc0900020073797a320000000008000340000000035c00028008000180fffffffc08000180fffffffc08000180fffffffb0900020073797a300000000008000340000000060900020073797a30000000000900020073797a31000000000900020073797a310000000008000180fffffffbf6000100330e5af714359ac9da33381a13071148dbe4293800e6be0290efbb549850cda132ca27a55553fd77c3067504c4596086f4001f53d49e8111395ebccb983c6b04735a58ab2617dfc62123b09c8dc5a47154667414dc28e8369829764b2e3cc23303a882890bad6d3a70d9e15701ec8c4c15a46d38c9ed6bc8658f8a45a02083f563324a27c649bab7cbcb485c289bd8df0a040128df6891ab48095977e0463f8e3ed7ba6df976ee30768954dfeb3f08c942b2c9384aa0b78baf92ecf5e4d73788afb1bc5a8f7c4b454897cd8bcac7f19cdd949fac66756da3b9311e13362eee317df853f6bc7e4638eb145a1484d3780e09b50000c8000100d5c1e4159bf770e02e6e1ebe911d7513709588175328d2e11f2ebf3f6967c49bedcb2a5459a45272bb8084e3bb55ea7a80166d97ec16457ed7d2a834d9aafdb2a54110ddc7975eaeda4f897ec7d533c27df0ce5ff92cfedadc67fff850ee5d07822d72b27af229d17ad2f8d802ae40d98f373e348a04b4f0270c71f82319de3a0331f165204896e0e448cf7ea0f8eb32a312fda6716f72f0234742fe6708ad0adf587ea21d94b8c8f5080028dda1e21d3d9ac82d8edd12941631b72b692ecc262d6ae12393000100c56deda494a09379df59bad8f0f17376b307ce49571034af728b1c4bf694e3b91406b976944238ab36ccaf40e3d92952ba87aa27af6353a82868c9508577a1b6a349fce75b3e4952b04b9527f496b5555e6db110dec07430b01446635eff12f136dbcb54fd4dc90b02e1bc6488ed74efd9eeb1b6de6e2a234f6c323df5c28a0352d03b34ee4f64ab614078125aa3cc0048000280080003400000000c08000340000000010900020073797a310000000008000180fffffffd0800034000008000080003400000dc5b08000180fffffffc08000180fffffffb2c0202804b000100cece2d8ff50c68c1060c2e691ddc50c6d87b46b4e5f6695010163d98bac2d9d7693cff0ec1e2107f58d3c305c78e5a596df92f1dbe80793dce5424be9e7951890023db7d0b9b2700e5000100f46e4b21dd4b92221713eece21b0e3bfb3fe995725eca78713a8d11ac82a6aefeeeab4720bd136479523ccafa34771afedeafc55275842bb7adb37ff3c93b19d9d5139f8b67ee81e380faa9506e6c8e5956cf7efc9828438d340b1bf747ec7f9b12eb2f8c31049c1fc37e8f28812ea0aadd0caa7e32f6bb4b2b7a4473e5fa876c87bf285a503660ea12a0cfff6863a87c64ea83c31e737e278edcad77cb964828c7049d335e25156fd4d1c2faada6a8363794fe487155fbfd7c2e1b8504d4a744357734f51fca0426ffe929280df27411f8a90a067b285e970fa1e403722ae91dd000000f400010073e22ba6603d1c92836887468b100c2dc430efeb2ef19c66bd0582fe94df7b5a20292fdfbd2009980dbf9651685f7713bfb0f42583e452670f29e2cabf848fcdcb7a2067f0b257efd7dc927e540584b08f026e14be231afa797e36410d8ad6cbced8c5d2cce2f5a8b75713e57b3161b5b4ce78f283bf59a04f90bc1c5a4371abed0124c621ecb51b6166ad39f14216c09456232b7ea8dd7058bbbeae8b1c13df7ffa1515a359309683421d783f4fb00547cb06b3f974e65f28397c2c16675436a414b6e28d61800c35bdc05f9837e14491ce0fa7c0fbf6f61dd8f7eceac62373ed913de212a188ad5fa12d0eab8a0b440900010073797a30"], 0xb98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40800)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x44043, 0xfffffffe, 0x3, 0x3}, 0x3c)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$IPSET_CMD_SWAP(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, 0x6, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x800)

5m49.745852548s ago: executing program 5 (id=851):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000680)={0x0, 0x4, 0x28}, 0xc)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x101801, 0x0)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, 0x0)
ioctl$TUNSETLINK(r2, 0x400454cd, 0x110)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x6)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, &(0x7f0000000240)={0xa, 0x2, 0x2, {0x46, 0x13, 0xfffb, 0xf7168000}})
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)=""/202, 0xca}], 0x1)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, 0x0, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f0, 0xffffff7a, 0xffffffff, 0x1f0, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x158, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e0000007f0000000000ffffff7f00", 0x80, 0x3, {0x4}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x9, 0x38, 0x1d}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)

5m45.820378939s ago: executing program 5 (id=852):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x1, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sched_setattr(0x0, &(0x7f00000010c0)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0)
keyctl$set_timeout(0xf, 0x0, 0x1c4e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x28001}, 0x8000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000080)=ANY=[], 0x0)
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001500), 0x200)
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000140)=[@reply={0x40406316, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x800, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r3, &(0x7f0000001200)={'#! ', './file0', [{0x20, '\x98\xe1Cvg\x9cO\x16\xc0TC\xe8\xb8\x91W\xb8\x84\xdf\xbe\xbd\x8f\x81!\xf2V[\x03V\xba/\xb9+\xd2\x95\xe0t\x0f<}T\v\x0f\xe8\xae\x89\xfa^\xce\xae[t/\x12\x1f\x02\x85\xbd\xbc\r(\xfd\xf2\xeeB\x12\xdc\x06\x1d\xd8\x86g\xcf\xb6\xde\xeb\xfc\xfc~A\x95\x8a6'}, {0x20, '5\xed\xe9\xe8\f\xcb\x82;\xc5\x98\"\x1c\x8d\xbb,X}\xec\x9f\xe5\xf0\x1f\x02\a\x0e\xe09\x17\xa9\xdbXP\x94}L\x17WT\xc0Rc\xe5\xd3\x9a\xcfGr3\xbaf\x8aS\xc6Q\x16\xf4\x9f\x02u.\xaf\xf3\xb8\x0e\x85a8\x03\x02\xf4\xf1\\b\x1ew\xd4F\xf1\xf9I\xe4\xca\xb1\xa51Sk\xdf\xc7\xd2\x87.b\xb9|+\x9f3@\xdfs\xa0\x01\x8fV/0\x8bo\xccQ\x9c\x9e\xae!b\xa0 \xea\xa4(C\n\x96\xdf\xd2\xd6\x91\x90\x83 \xb2\xb4\xac{\x02\xde,Ff\x98\x84\x16\x1b\x96\xac\x9e\x17\xf0\x13\xfa\xd1+\xcc\x19\x81ZZ\xa0\xde\xeb\xf3`\x0e\x87:` \x1b\xec\xc81\xb7\x91\xfdcL\xdcH/<w\x83\xd4B\x1cd\x8e\x98\xabd\xbc\f#\x92\xaf\xe5/|\x15\xaf\x81\x81\xe2l\x91'}]}, 0x12d)
close(r3)
execve(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000001540)=[@wr_crn={0x67, 0x20, {0x8, 0x4}}, @uexit={0x0, 0x18}, @set_irq_handler={0xc8, 0x20, {0x2d, 0x1}}, @wrmsr={0x65, 0x20, {0xacf, 0x8001}}, @nested_create_vm={0x12d, 0x18}, @set_irq_handler={0xc8, 0x20, {0x73, 0x1}}, @uexit={0x0, 0x18, 0x7}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x3, @control16, 0x0, 0x3, 0x6}}, @set_irq_handler={0xc8, 0x20, {0xd9, 0x2}}, @in_dx={0x69, 0x20, {0x5ef1, 0x4}}, @enable_nested={0x12c, 0x18}, @wr_drn={0x68, 0x20, {0x6, 0x6}}, @wr_drn={0x68, 0x20, {0x2, 0x8}}, @nested_create_vm={0x12d, 0x18}, @in_dx={0x69, 0x20, {0xe8a2, 0x4}}, @wrmsr={0x65, 0x20, {0x273, 0xffffffffffffffc0}}, @nested_load_code={0x12e, 0x61, {0x3, "66b812000f00d066b8fe000f00d8b95d0900000f320f005e0066400f38805909c48235b6dcb981040000b84e4a0000ba000000000f30410f013b66baa00066b84a0066eff3400f1eeb"}}, @set_irq_handler={0xc8, 0x20, {0xa6}}], 0x271})

5m45.760171698s ago: executing program 2 (id=853):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1000, 0x0, 0x4, 0x0, {0x0, 0x3, 0x1002}, {0x350, 0xfffffffd, 0x1}, {0xf4ef}, {0x8000, 0x0, 0xffe}, 0x0, 0x100, 0x0, 0xd618, 0x0, 0x4, 0x0, 0x205, 0x0, 0x6, 0x0, 0x0, 0x8, 0x4, 0x0, 0xb})
r3 = io_uring_setup(0x3eaa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1a3})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_UNREGISTER_RING_FDS(r3, 0x15, &(0x7f0000003d40)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
rmdir(0x0)
syz_open_procfs(0x0, &(0x7f0000000500)='fdinfo\x00')
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000c0000000000000000000000000000003bb409a4cc8927b0ffae1ff9000000000000"], 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b000000000a000000000000100004000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000001c0000000000087e2805ad", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf98000000000000b5080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405668, &(0x7f0000000100)={0x0, 0x20, 0x2})
r6 = socket$inet6(0xa, 0x80002, 0x0)
r7 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}]}]}}]}, 0xac}, 0x1, 0x7a00}, 0x0)
setsockopt$inet6_udp_int(r6, 0x11, 0x67, &(0x7f0000000180)=0x91, 0x4)

5m43.474120158s ago: executing program 5 (id=854):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f00009bf000/0x3000)=nil, 0x3000, 0xf, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00009c1000/0x2000)=nil, 0x2000, 0x0, 0x4, 0x100)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c1100003e00010329bd700000dcdf25030000304af43a16395f7f"], 0x113c}, 0x1, 0x0, 0x0, 0xc011}, 0x400c004)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, 0x0, 0x0)
r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x541b, 0xb)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00')
pread64(r5, &(0x7f00000000c0)=""/144, 0x90, 0x2f)

5m42.296568036s ago: executing program 2 (id=855):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000380)="e7add1e9c2625c10032c3d89ff01ada0d70932b46a842ed277fac258083ca490d31f341236eccf4507576c4d033dfc3e4f695143a1ad", 0x36)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/vmstat\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800"], 0xa8}}, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000240)=0x8, r3, 0x0, 0x0, 0x1}}, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0))
clock_getres(0xeaffffff, 0x0)
r4 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000700)="f7", 0x1}], 0x1}, 0x4000000)
syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r8, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000800)=""/189, 0xbd}, {0x0}], 0x2}, 0x0, 0x40000103})
io_uring_enter(r4, 0x46f3, 0x0, 0x0, 0x0, 0x0)
r9 = syz_open_dev$vbi(&(0x7f0000000180), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r9, 0xc0045627, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_FREQUENCY(r9, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0x4009})
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)

5m39.43676165s ago: executing program 5 (id=856):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r2 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="04010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e2000004e2000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc000000000000000000000000000000000200000000000000000000000000060000000000000000000000000000f985128a60e476faba590347000100000000000000000000000000000000000000000000000000000020008100f67e9d6f20827239cec600000700000000000000000000000000000000000400fdffffffe80a0000003074ed290000000a000210700000000000000014000e00fe800000000000f07f"], 0x104}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r6, 0x3b71, &(0x7f0000000200)={0x49, 0x2, &(0x7f0000000240)="63489d29c6e1f1289467cfed2e79f4a57dc0523527abd1c7df6e1011341a1d5ab5ea4b680a2fda378d7bda6cb2bd6b0f1e94bcb9be650fa2d5924beea841fe8432d1a43cb4206f71cfa0c0aaae96bb2ba8d9a35405d6d3b9e49cbd8261ffa36ca5b2fd4c686624dd4a9e3760546983dcdd738716305b11b2f613145e1a780354", 0x80, 0x7})
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0103257f379351ef73f8900000000e0001006e657464657673696d0000000f0002006e097464657673696d300000"], 0x34}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r7 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), r8)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002cbd7000fddb8579339e0000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8080)
r10 = getpid()
fcntl$setsig(r4, 0xa, 0x3a)
syz_pidfd_open(r10, 0x0)
fcntl$lock(r7, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x3, 0x100000001, r10})
setitimer(0x2, &(0x7f0000000040)={{}, {0x0, 0x2710}}, 0x0)

5m39.151100504s ago: executing program 2 (id=857):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="840000001000010029bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="4db20200201a0100140003006e657464657673696d30000000000000480016804400018040000c8014000104ff0300ff88a8000014000100390e00003f0000000d000000810000001400010006000000af0600000700000088a8000005001100060000000000000000000000337289ae8504346600e663960b2466b8aeb6d543ca7b0ab342095dd8aa80a9436ac2f322cd6bb964e3248157af44c58b53fb284ad18ee521b78b0b06ef2dad6158b7e9a5a099c23ff2e5a4f76b865a82818641f06dd6e5a447eed69dd0eb0c356e744afe52ad9e3f7a4ee55afa2316f56ff79b8928a92f1afe8c6d0077f0960092ad769d4294fff153"], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}]})
r6 = msgget$private(0x0, 0x4a0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c0002800600010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
msgctl$IPC_STAT(r6, 0x2, 0x0)
msgsnd(r6, &(0x7f0000000440)=ANY=[@ANYBLOB], 0xe3, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x3, 0x4, 0x1000000000000002, 0x102000000000002, 0x8000000d, 0x2004c8, 0xffff, 0x3, 0xffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0xd0b, 0xfffffffffffffff9, 0x2000000000000003, 0x5], 0x80a0000, 0x4284})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r8, 0x40505331, &(0x7f0000000540)={{}, {0x18}, 0x0, 0x7})
socket(0x400000000010, 0x3, 0x0)

5m23.091576837s ago: executing program 36 (id=856):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r2 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="04010000100007000000000000000000ff020000000000000000000000000001e00000020000000000000000000000004e2000004e2000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc000000000000000000000000000000000200000000000000000000000000060000000000000000000000000000f985128a60e476faba590347000100000000000000000000000000000000000000000000000000000020008100f67e9d6f20827239cec600000700000000000000000000000000000000000400fdffffffe80a0000003074ed290000000a000210700000000000000014000e00fe800000000000f07f"], 0x104}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r6 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r6, 0x3b71, &(0x7f0000000200)={0x49, 0x2, &(0x7f0000000240)="63489d29c6e1f1289467cfed2e79f4a57dc0523527abd1c7df6e1011341a1d5ab5ea4b680a2fda378d7bda6cb2bd6b0f1e94bcb9be650fa2d5924beea841fe8432d1a43cb4206f71cfa0c0aaae96bb2ba8d9a35405d6d3b9e49cbd8261ffa36ca5b2fd4c686624dd4a9e3760546983dcdd738716305b11b2f613145e1a780354", 0x80, 0x7})
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000002740)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0103257f379351ef73f8900000000e0001006e657464657673696d0000000f0002006e097464657673696d300000"], 0x34}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r7 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), r8)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002cbd7000fddb8579339e0000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8080)
r10 = getpid()
fcntl$setsig(r4, 0xa, 0x3a)
syz_pidfd_open(r10, 0x0)
fcntl$lock(r7, 0x7, &(0x7f0000000180)={0x1, 0x0, 0x3, 0x100000001, r10})
setitimer(0x2, &(0x7f0000000040)={{}, {0x0, 0x2710}}, 0x0)

5m22.923820721s ago: executing program 37 (id=857):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
msgctl$MSG_STAT(0x0, 0xb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$dri(0x0, 0xd21, 0x4000)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="840000001000010029bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="4db20200201a0100140003006e657464657673696d30000000000000480016804400018040000c8014000104ff0300ff88a8000014000100390e00003f0000000d000000810000001400010006000000af0600000700000088a8000005001100060000000000000000000000337289ae8504346600e663960b2466b8aeb6d543ca7b0ab342095dd8aa80a9436ac2f322cd6bb964e3248157af44c58b53fb284ad18ee521b78b0b06ef2dad6158b7e9a5a099c23ff2e5a4f76b865a82818641f06dd6e5a447eed69dd0eb0c356e744afe52ad9e3f7a4ee55afa2316f56ff79b8928a92f1afe8c6d0077f0960092ad769d4294fff153"], 0x84}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$swradio(&(0x7f0000000240), 0x0, 0x2)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}]})
r6 = msgget$private(0x0, 0x4a0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c0002800600010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)
msgctl$IPC_STAT(r6, 0x2, 0x0)
msgsnd(r6, &(0x7f0000000440)=ANY=[@ANYBLOB], 0xe3, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x3, 0x4, 0x1000000000000002, 0x102000000000002, 0x8000000d, 0x2004c8, 0xffff, 0x3, 0xffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0xd0b, 0xfffffffffffffff9, 0x2000000000000003, 0x5], 0x80a0000, 0x4284})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r8, 0x40505331, &(0x7f0000000540)={{}, {0x18}, 0x0, 0x7})
socket(0x400000000010, 0x3, 0x0)

5.654341331s ago: executing program 8 (id=2849):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
readv(r0, &(0x7f0000000280)=[{&(0x7f0000002000)=""/80, 0x50}], 0x1)

4.763423858s ago: executing program 6 (id=2857):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONNECT(r0, 0x0, 0x408d0)

4.675603715s ago: executing program 8 (id=2859):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x39)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)

4.607774318s ago: executing program 6 (id=2861):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x10)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(0xffffffffffffffff)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r4 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x65, <r5=>r4}, './file1/file0\x00'})
openat$cgroup_subtree(r5, 0x0, 0x2, 0x0)
r6 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0x8)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendto$inet(r7, &(0x7f0000000380)="cd", 0x1, 0x4000, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000240)={0x2, 0x0, 0x20006, 0xffffffff}, 0x10)
sendto$inet6(r7, &(0x7f0000000200)='x', 0x1, 0x4000050, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x4}, 0x8)
link(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000001c0)='./file0\x00')

4.503198335s ago: executing program 8 (id=2863):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='scalable', 0x8)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

4.055625221s ago: executing program 0 (id=2865):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000380)=0x38800000, 0x4)
sendmmsg(r0, &(0x7f0000001c00), 0x40000000000017a, 0x40840)

4.054562873s ago: executing program 0 (id=2866):
mkdir(&(0x7f0000000000)='./file0\x00', 0x42)
socket$igmp6(0xa, 0x3, 0x2)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x5, 0xff, 0x0, 0xb49, 0x6, 0x8e7, 0x7, 0x81}, 0x0)
brk(0x400000ffc000)
r4 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0xff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="7365aa6c97a937451dbece6375726974792e2f640004000000000000"])
ioctl$FS_IOC_RESVSP(r4, 0x80086601, 0x0)
r5 = fsopen(&(0x7f0000000280)='vxfs\x00', 0x1)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'syztnl0\x00', 0x0})
fsconfig$FSCONFIG_SET_FLAG(r5, 0x0, &(0x7f0000000300)='posixacl\x00', 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000001c0)='f', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000200), 0x4)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0)
socket(0x10, 0x3, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00'})

3.487385167s ago: executing program 7 (id=2869):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200)=0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c)
r5 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000040), &(0x7f0000000280))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
bpf$PROG_LOAD(0x5, &(0x7f0000002680)={0x14, 0x3, &(0x7f0000000a00)=ANY=[@ANYBLOB="180000004000000009010000f1ffffff9500000000000000e2ee121deedfacd43ee6491f6f8ef97b0f1ef88f7a9e3a042c6623e7a672e72cf81a335d46e48bf44b356d60711ea7240e7e700bf574063aca3ee39782c903b5d395bb7579114551be15e80ea7322858ad49ebc178b7d14b3d4a0bbd4834d4"], 0x0, 0xfffffff5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, &(0x7f00000025c0)=[0xffffffffffffffff], &(0x7f0000002600)=[{0x1, 0x5, 0x4, 0x7}], 0x10, 0x1c000000}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000007f000000030000000900000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00), &(0x7f0000000880)="d400aeed12d3215cf3f48935a296826f3a63a7405f6f55bfe861907ebd7ec276d649824d3665043aa7e6948f21941755968f5309d9c9d7036a7cd9d53ffaa2888d71183b7151c68b34d4dc1f0000000000f69a85d9196bdf2e37e553644db0cbb19586868900f967da2af7951d2979c89314565135b452f6d7068c3450", 0x402, r8}, 0x38)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/233, &(0x7f00000001c0), &(0x7f0000000240), 0x6, r8}, 0x38)
sendmsg$NFNL_MSG_ACCT_DEL(r2, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[@ANYBLOB="2c000000030301040000000000000000020000050900010073797a31000000000900010801d305afcf49a24f"], 0x2c}, 0x1, 0x0, 0x0, 0xc091}, 0x4040004)
ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000040)={0xfffffeff})
close(r7)
io_uring_enter(r5, 0x1f85, 0x40110a, 0x4d, 0x0, 0xa6)
recvmmsg$unix(r4, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000005c0)=""/227, 0xe3}], 0x1}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/156, 0x9c}], 0x1}}], 0x2, 0x40000000, 0x0)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
r9 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r9, 0xc0d05640, &(0x7f0000000900)={0xa, @sliced={0x0, [0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xfff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4d, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x8000, 0x0, 0x1, 0x0, 0x8, 0xfffc, 0x14, 0xf, 0x0, 0x0, 0x20, 0x0, 0x0, 0x3]}})

3.44238361s ago: executing program 9 (id=2870):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
readv(r0, &(0x7f0000000280)=[{&(0x7f0000002000)=""/80, 0x50}], 0x1)

3.390922671s ago: executing program 8 (id=2871):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={{0x14}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x850}, 0x0)

3.268526319s ago: executing program 8 (id=2872):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pwritev(r0, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a81815", 0x7a}, {0x0}, {&(0x7f0000000680)}], 0x5, 0xc, 0x5)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xdb, 0xd})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.028144996s ago: executing program 6 (id=2873):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x0, 0x2, 0x9}, 0x20)

2.731214941s ago: executing program 6 (id=2874):
syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2.599906947s ago: executing program 0 (id=2875):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x4008031, 0xffffffffffffffff, 0x5b76f000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)

2.447991007s ago: executing program 9 (id=2876):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x7, 0x5, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000010)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(r0, 0x8b1b, &(0x7f0000000040))

2.32119241s ago: executing program 6 (id=2877):
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x6, 0x18, 0xce0, 0x0, 0xb47, 0x9, 0x8, 0xffffeff9, 0x3}, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r2 = socket(0x1d, 0x2, 0x0)
write(r2, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000400)={0x2, 0x4e20, @remote}, 0x10)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000700)={0x3a, 0x6, '\x00', [@ra={0x5, 0x2, 0x1ff}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0xf42}, @jumbo={0xc2, 0x4, 0x1}, @jumbo={0xc2, 0x4, 0x6}, @hao={0xc9, 0x10, @local}, @enc_lim={0x4, 0x1, 0x3}, @ra={0x5, 0x2, 0x6}]}, 0x40)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @local}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}})

2.314825415s ago: executing program 8 (id=2878):
syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
pause()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)

2.240155573s ago: executing program 9 (id=2879):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000300)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4004af61, &(0x7f0000000200)=0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c)
r5 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad7, 0x10000, 0x3, 0x400}, &(0x7f0000000040), &(0x7f0000000280))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
bpf$PROG_LOAD(0x5, &(0x7f0000002680)={0x14, 0x3, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x0, 0xfffffff5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, &(0x7f00000025c0)=[0xffffffffffffffff], &(0x7f0000002600)=[{0x1, 0x5, 0x4, 0x7}], 0x10, 0x1c000000}, 0x94)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000007f000000030000000900000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00), &(0x7f0000000880)="d400aeed12d3215cf3f48935a296826f3a63a7405f6f55bfe861907ebd7ec276d649824d3665043aa7e6948f21941755968f5309d9c9d7036a7cd9d53ffaa2888d71183b7151c68b34d4dc1f0000000000f69a85d9196bdf2e37e553644db0cbb19586868900f967da2af7951d2979c89314565135b452f6d7068c3450", 0x402, r8}, 0x38)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/233, &(0x7f00000001c0), &(0x7f0000000240), 0x6, r8}, 0x38)
sendmsg$NFNL_MSG_ACCT_DEL(r2, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[@ANYBLOB="2c000000030301040000000000000000020000050900010073797a31000000000900010801d305afcf49a24f"], 0x2c}, 0x1, 0x0, 0x0, 0xc091}, 0x4040004)
ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000040)={0xfffffeff})
close(r7)
io_uring_enter(r5, 0x1f85, 0x40110a, 0x4d, 0x0, 0xa6)
recvmmsg$unix(r4, 0x0, 0x0, 0x40000000, 0x0)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000900)={0xa, @sliced={0x0, [0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xfff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4d, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x8000, 0x0, 0x1, 0x0, 0x8, 0xfffc, 0x14, 0xf, 0x0, 0x0, 0x20, 0x0, 0x0, 0x3]}})

2.220977351s ago: executing program 7 (id=2880):
open(0x0, 0x0, 0x0)
prctl$PR_SET_NAME(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.735612736s ago: executing program 7 (id=2881):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='veno', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

1.188117911s ago: executing program 7 (id=2882):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x5, &(0x7f00000000c0)={0x10, 0x2}, 0x10)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x60, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}]}}}]}, 0x60}}, 0x0)

1.074615037s ago: executing program 7 (id=2883):
r0 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x2000c015}, 0x2404c8c0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000080)={{0xfffffffc, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x39, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0xa, 0x200008, 0x5, 0x1ffff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv6_delroute={0x2c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x10, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2e00}, [@RTA_PRIORITY={0x8, 0x1e, 0x1}, @RTA_EXPIRES={0x8, 0x17, 0xffffffff}]}, 0x2c}}, 0x4000054)

1.01081545s ago: executing program 7 (id=2884):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000540)={{}, {0x18}})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000a00)=[{{&(0x7f0000000080)={0xa, 0x4e24, 0x8, @private1={0xfc, 0x1, '\x00', 0x43}, 0xfff}, 0x1c, &(0x7f0000001740)=[{&(0x7f00000002c0)='`', 0x1}], 0x1}}, {{&(0x7f0000002300)={0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x7}, 0x1c, &(0x7f00000033c0)=[{&(0x7f0000002380)="03", 0x1}], 0x1}}], 0x2, 0x24008041)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
r3 = syz_usb_connect(0x3, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@delchain={0x24, 0x2e, 0x31, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff2, 0xffff}, {0x0, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x4)

953.905556ms ago: executing program 6 (id=2885):
mkdir(&(0x7f0000000000)='./file0\x00', 0x42)
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x5, 0xff, 0x0, 0xb49, 0x6, 0x8e7, 0x7, 0x81}, 0x0)
brk(0x400000ffc000)
r5 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0xff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="7365aa6c97a937451dbece6375726974792e2f640004000000000000"])
ioctl$FS_IOC_RESVSP(r5, 0x80086601, 0x0)
r6 = fsopen(&(0x7f0000000280)='vxfs\x00', 0x1)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000600)={'syztnl0\x00', 0x0})
fsconfig$FSCONFIG_SET_FLAG(r6, 0x0, &(0x7f0000000300)='posixacl\x00', 0x0, 0x0)
sendmmsg$inet6(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000001c0)='f', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000200), 0x4)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x1314, 0x1184, 0x150, 0x150, 0x1184, 0xf8010000, 0x124c, 0x238, 0x238, 0x124c, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, [], [], 'team_slave_0\x00', 'hsr0\x00', {0xff}, {}, 0x84}, 0x0, 0x111c, 0x1184, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x1, 0x1, './cgroup.net/syz0\x00', 0x1000000, {0x8}}}, @common=@hbh={{0x48}, {0x3, 0x4, 0x1, [0x1ff, 0x3, 0xe, 0x1, 0x54f, 0xe, 0x0, 0xa, 0x1, 0xe5, 0x1, 0x400, 0x9, 0x5, 0xe, 0xfe0], 0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [0x0, 0x0, 0x0, 0xff000000], [0x0, 0x0, 0xff000000], 'batadv_slave_0\x00', 'gre0\x00', {}, {}, 0x87}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x1370)
socket(0x10, 0x3, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00'})

952.795142ms ago: executing program 9 (id=2886):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a010400000000000000000200ffff400004803c0001800b00010065787468647200002c000280050002008300000008000340000000d50800044000000001080006400000000208000140000000130900010073797a3000af59000900020073797a32"], 0x94}}, 0x8000)

858.691976ms ago: executing program 0 (id=2887):
syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)

856.937576ms ago: executing program 9 (id=2888):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x2, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x78, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x8001, 0x3151, 0x401, 0x6, 0xaa3c}, 0x3, 0x1, 0x6, 0x6, 0x7, 0x13, 0x11, 0xc, 0x6, 0x7f, {0x4, 0x407c, 0x7, 0x4, 0x2b52, 0x2}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x400dc}, 0x20000000)

696.580192ms ago: executing program 9 (id=2889):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r3, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10)
unshare(0x60600)
syz_clone(0x1940380, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = inotify_init1(0x80000)
inotify_add_watch(r4, &(0x7f00000001c0)='./cgroup\x00', 0x500082c)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0xa1a)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000845, &(0x7f00000001c0)={0xa, 0x2, 0x9d5f, @empty, 0x98}, 0x1c)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r5, 0xc008551b, &(0x7f0000000000)=ANY=[@ANYBLOB="050076cb08ecffff7effffff0101c000"])
pipe(&(0x7f0000000040)={<r6=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEL_MPATH(r6, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000f8ff", @ANYRES16, @ANYBLOB="000229bd7000fbdbdf25180000000a0006000802110000010000"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
fanotify_init(0x200, 0x0)
r7 = getgid()
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x3, 0x0, 0x0, 0x0, r7, 0x2, 0x3}, 0x2, 0x7, 0x0, 0x0, 0x0, 0x0, 0x9})
quotactl_fd$Q_GETQUOTA(r4, 0xffffffff80000700, 0x0, &(0x7f0000000400))
keyctl$read(0xb, 0x0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
unshare(0x68040200)

618.333224ms ago: executing program 0 (id=2890):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x22883, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r0=>0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x2}])
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x60)

0s ago: executing program 0 (id=2891):
socket$netlink(0x10, 0x3, 0x8000000004)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCL_BLANKSCREEN(r0, 0x560e, &(0x7f0000000000))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = openat$nullb(0xffffff9c, &(0x7f00000003c0), 0xe00, 0x0)
ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000400))
ioctl$TIOCL_BLANKSCREEN(r1, 0x560e, &(0x7f0000000000))
ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000140)={0xb, 0x2, 0x1402, 0x105})
ioctl$TIOCSWINSZ(r1, 0x5414, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x35c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000002b40)={0x0, 0x7})
r3 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00140d00030000382da7a0cf9d69898caf8d7a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000200)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x1, &(0x7f0000000040)={0xf, "c6c1f7b5109921b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})
openat$fuse(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r5, &(0x7f0000000080)="0d32818e", 0x4, 0x300000000000000}])

kernel console output (not intermixed with test programs):

 syz.8.1027 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  415.479899][T10132] Tainted: [L]=SOFTLOCKUP
[  415.479906][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  415.479917][T10132] Call Trace:
[  415.479925][T10132]  <TASK>
[  415.479933][T10132]  dump_stack_lvl+0xe8/0x150
[  415.479963][T10132]  should_fail_ex+0x414/0x560
[  415.479998][T10132]  _copy_from_user+0x2d/0xb0
[  415.480022][T10132]  ___sys_recvmsg+0x12e/0x510
[  415.480053][T10132]  ? __pfx____sys_recvmsg+0x10/0x10
[  415.480082][T10132]  ? __fget_files+0x2a/0x420
[  415.480139][T10132]  do_recvmmsg+0x307/0x770
[  415.480172][T10132]  ? __pfx_do_recvmmsg+0x10/0x10
[  415.480210][T10132]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  415.480250][T10132]  __x64_sys_recvmmsg+0x190/0x240
[  415.480278][T10132]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  415.480315][T10132]  do_syscall_64+0xec/0xf80
[  415.480335][T10132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.480354][T10132]  ? trace_irq_disable+0x37/0x100
[  415.480378][T10132]  ? clear_bhb_loop+0x60/0xb0
[  415.480402][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.480421][T10132] RIP: 0033:0x7efd8f18f749
[  415.480439][T10132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.480456][T10132] RSP: 002b:00007efd900c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  415.480477][T10132] RAX: ffffffffffffffda RBX: 00007efd8f3e5fa0 RCX: 00007efd8f18f749
[  415.480492][T10132] RDX: 0000000000000300 RSI: 0000200000000440 RDI: 0000000000000003
[  415.480505][T10132] RBP: 00007efd900c0090 R08: 0000000000000000 R09: 0000000000000000
[  415.480517][T10132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  415.480529][T10132] R13: 00007efd8f3e6038 R14: 00007efd8f3e5fa0 R15: 00007efd8f50fa28
[  415.480563][T10132]  </TASK>
[  415.707250][ T8654] usb 10-1: config 0 has no interface number 0
[  415.857301][ T8654] usb 10-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  415.866545][ T8654] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.875466][ T8654] usb 10-1: Product: syz
[  415.879980][ T8654] usb 10-1: Manufacturer: syz
[  415.889983][ T8654] usb 10-1: SerialNumber: syz
[  415.903627][ T8654] usb 10-1: config 0 descriptor??
[  415.912243][ T8654] quatech2 10-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  416.124816][ T8654] usb 10-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  416.195479][T10153] loop2: detected capacity change from 0 to 7
[  416.196958][ T8654] usb 10-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  416.202467][T10153] Dev loop2: unable to read RDB block 7
[  416.239090][T10151] netlink: 'syz.8.1033': attribute type 13 has an invalid length.
[  416.246962][T10151] netlink: 52 bytes leftover after parsing attributes in process `syz.8.1033'.
[  416.262010][T10153]  loop2: unable to read partition table
[  416.272125][T10153] loop2: partition table beyond EOD, truncated
[  416.292402][T10153] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  417.753236][T10206] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1047'.
[  417.784233][T10207] net veth1_virt_wifi ªªªªª»: renamed from virt_wifi0
[  417.979839][    C1] usb 10-1: qt2_read_bulk_callback - non-zero urb status: -71
[  417.980152][ T5933] usb 10-1: USB disconnect, device number 6
[  418.010315][ T5933] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  418.049357][ T5933] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  418.082328][ T5933] quatech2 10-1:0.51: device disconnected
[  418.924639][ T5933] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  419.262579][ T5933] usb 7-1: config 0 has an invalid interface number: 255 but max is 0
[  419.274613][ T5933] usb 7-1: config 0 has no interface number 0
[  419.280712][ T5933] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  419.466395][ T5933] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  419.524562][ T5933] usb 7-1: config 0 interface 255 has no altsetting 0
[  419.570750][ T5933] usb 7-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  419.785136][ T5933] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.989592][ T5933] usb 7-1: config 0 descriptor??
[  420.020405][ T5933] ums-realtek 7-1:0.255: USB Mass Storage device detected
[  420.063047][T10242] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1056'.
[  420.246008][T10219] netlink: 175008 bytes leftover after parsing attributes in process `syz.6.1052'.
[  420.278175][T10219] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(17)
[  420.285032][T10219] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  420.346576][T10219] vhci_hcd vhci_hcd.0: Device attached
[  420.389556][T10249] vhci_hcd: connection closed
[  420.391464][ T8773] vhci_hcd vhci_hcd.6: stop threads
[  420.404682][ T5906] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  420.427305][T10256] FAULT_INJECTION: forcing a failure.
[  420.427305][T10256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.438077][ T8773] vhci_hcd vhci_hcd.6: release socket
[  420.452625][ T8773] vhci_hcd vhci_hcd.6: disconnect device
[  420.473491][T10256] CPU: 1 UID: 0 PID: 10256 Comm: syz.7.1060 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  420.473521][T10256] Tainted: [L]=SOFTLOCKUP
[  420.473528][T10256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  420.473540][T10256] Call Trace:
[  420.473548][T10256]  <TASK>
[  420.473557][T10256]  dump_stack_lvl+0xe8/0x150
[  420.473586][T10256]  should_fail_ex+0x414/0x560
[  420.473621][T10256]  _copy_from_user+0x2d/0xb0
[  420.473644][T10256]  ___sys_sendmsg+0x158/0x2a0
[  420.473669][T10256]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.473689][T10256]  ? __lock_acquire+0x6b6/0x2cf0
[  420.473753][T10256]  __sys_sendmmsg+0x227/0x430
[  420.473780][T10256]  ? __pfx___sys_sendmmsg+0x10/0x10
[  420.473801][T10256]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  420.473839][T10256]  ? ksys_write+0x22a/0x250
[  420.473856][T10256]  ? __pfx_ksys_write+0x10/0x10
[  420.473876][T10256]  __x64_sys_sendmmsg+0xa0/0xc0
[  420.473915][T10256]  do_syscall_64+0xec/0xf80
[  420.473934][T10256]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.473952][T10256]  ? trace_irq_disable+0x37/0x100
[  420.473982][T10256]  ? clear_bhb_loop+0x60/0xb0
[  420.474004][T10256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.474022][T10256] RIP: 0033:0x7fd76078f749
[  420.474039][T10256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.474056][T10256] RSP: 002b:00007fd761594038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  420.474076][T10256] RAX: ffffffffffffffda RBX: 00007fd7609e5fa0 RCX: 00007fd76078f749
[  420.474091][T10256] RDX: 0000000000000299 RSI: 0000200000003dc0 RDI: 0000000000000004
[  420.474103][T10256] RBP: 00007fd761594090 R08: 0000000000000000 R09: 0000000000000000
[  420.474116][T10256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  420.474128][T10256] R13: 00007fd7609e6038 R14: 00007fd7609e5fa0 R15: 00007fd760b0fa28
[  420.474154][T10256]  </TASK>
[  420.899420][T10263] QAT: failed to copy from user.
[  420.911794][ T9260] usb 7-1: USB disconnect, device number 7
[  420.937458][T10263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1061'.
[  420.974579][ T5906] usb 9-1: Using ep0 maxpacket: 8
[  421.216832][ T5906] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  421.225690][ T5906] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  421.247708][ T5906] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  421.350677][ T5906] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  421.364215][ T5906] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  421.420195][ T5906] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  421.458369][ T5906] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.700395][T10278] netlink: 'syz.6.1062': attribute type 2 has an invalid length.
[  421.732111][T10278] !: entered promiscuous mode
[  421.743290][T10278] netlink: 'syz.6.1062': attribute type 2 has an invalid length.
[  421.751218][T10278] !: left promiscuous mode
[  421.774598][   T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  421.819890][T10244] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1057'.
[  421.829080][T10244] netlink: 180 bytes leftover after parsing attributes in process `syz.8.1057'.
[  421.975303][   T10] usb 8-1: Using ep0 maxpacket: 8
[  421.982428][   T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  421.991955][   T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  422.019597][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  422.096160][   T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  422.149782][   T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  422.185169][   T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  422.225784][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.500422][   T10] usb 8-1: GET_CAPABILITIES returned 0
[  422.510109][   T10] usbtmc 8-1:16.0: can't read capabilities
[  422.702003][   T10] usb 8-1: USB disconnect, device number 5
[  422.903832][T10271] syz_tun: entered promiscuous mode
[  422.931947][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  422.931962][   T30] audit: type=1326 audit(1767962965.484:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.002398][   T30] audit: type=1326 audit(1767962965.514:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.015866][T10270] syz_tun: left promiscuous mode
[  423.088602][   T30] audit: type=1326 audit(1767962965.524:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.172664][   T30] audit: type=1326 audit(1767962965.524:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.252577][   T30] audit: type=1326 audit(1767962965.524:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.343853][ T5906] usb 9-1: usb_control_msg returned -71
[  423.370485][ T5906] usbtmc 9-1:16.0: can't read capabilities
[  423.376762][   T30] audit: type=1326 audit(1767962965.554:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.456341][ T5906] usb 9-1: USB disconnect, device number 4
[  423.494765][   T30] audit: type=1326 audit(1767962965.554:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.580581][   T30] audit: type=1326 audit(1767962965.664:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10270 comm="syz.7.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76078f749 code=0x7ffc0000
[  423.911245][T10315] FAULT_INJECTION: forcing a failure.
[  423.911245][T10315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  423.934645][T10315] CPU: 1 UID: 0 PID: 10315 Comm: syz.9.1070 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  423.934675][T10315] Tainted: [L]=SOFTLOCKUP
[  423.934682][T10315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  423.934694][T10315] Call Trace:
[  423.934701][T10315]  <TASK>
[  423.934714][T10315]  dump_stack_lvl+0xe8/0x150
[  423.934744][T10315]  should_fail_ex+0x414/0x560
[  423.934777][T10315]  _copy_from_user+0x2d/0xb0
[  423.934800][T10315]  ucma_resolve_ip+0x9a/0x280
[  423.934816][T10315]  ? __pfx_ucma_resolve_ip+0x10/0x10
[  423.934834][T10315]  ucma_write+0x249/0x2e0
[  423.934846][T10315]  ? __pfx_ucma_write+0x10/0x10
[  423.934856][T10315]  ? security_file_permission+0x75/0x290
[  423.934868][T10315]  ? rw_verify_area+0x255/0x4d0
[  423.934885][T10315]  vfs_writev+0x4b6/0x960
[  423.934905][T10315]  ? __pfx_ucma_write+0x10/0x10
[  423.934917][T10315]  ? __pfx_vfs_writev+0x10/0x10
[  423.934935][T10315]  ? __fget_files+0x2a/0x420
[  423.934950][T10315]  ? __fget_files+0x3a0/0x420
[  423.934962][T10315]  ? __fget_files+0x2a/0x420
[  423.934978][T10315]  do_writev+0x14d/0x2d0
[  423.934991][T10315]  ? __pfx_do_writev+0x10/0x10
[  423.935009][T10315]  do_syscall_64+0xec/0xf80
[  423.935020][T10315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.935029][T10315]  ? trace_irq_disable+0x37/0x100
[  423.935042][T10315]  ? clear_bhb_loop+0x60/0xb0
[  423.935055][T10315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.935065][T10315] RIP: 0033:0x7f7b9ff8f749
[  423.935075][T10315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  423.935084][T10315] RSP: 002b:00007f7ba0eba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  423.935096][T10315] RAX: ffffffffffffffda RBX: 00007f7ba01e5fa0 RCX: 00007f7b9ff8f749
[  423.935104][T10315] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003
[  423.935111][T10315] RBP: 00007f7ba0eba090 R08: 0000000000000000 R09: 0000000000000000
[  423.935117][T10315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  423.935124][T10315] R13: 00007f7ba01e6038 R14: 00007f7ba01e5fa0 R15: 00007f7ba030fa28
[  423.935140][T10315]  </TASK>
[  424.407888][T10327] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1075'.
[  424.629512][T10299] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1064'.
[  425.066430][   T30] audit: type=1326 audit(1767962967.564:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10326 comm="syz.8.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  425.128382][T10342] netlink: 104 bytes leftover after parsing attributes in process `syz.7.1077'.
[  425.414778][   T30] audit: type=1326 audit(1767962967.564:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10326 comm="syz.8.1075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  426.037886][ T5898] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  426.224585][ T5898] usb 9-1: Using ep0 maxpacket: 32
[  426.268498][ T5898] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  426.301889][ T5898] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.330102][ T5898] usb 9-1: config 0 descriptor??
[  426.557713][ T5898] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  426.616168][ T5898] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  426.655466][ T5898] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  426.662656][ T5898] usb 9-1: media controller created
[  426.814331][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  428.270987][   T10] IPVS: starting estimator thread 0...
[  428.328669][T10391] netlink: 20 bytes leftover after parsing attributes in process `syz.9.1085'.
[  428.376291][T10386] IPVS: using max 31 ests per chain, 74400 per kthread
[  428.549442][T10396] Option '[¢ yò$
[  428.549442][T10396] ÿø�>ÖÚŽœáTkõ­­SÆ@SœV•ÿfhJ' to dns_resolver key: bad/missing value
[  428.573701][T10394] dummy0: entered promiscuous mode
[  428.583645][T10394] dummy0: left promiscuous mode
[  428.675004][ T5898] az6027: usb out operation failed. (-71)
[  428.708613][ T5898] az6027: usb out operation failed. (-71)
[  428.759503][ T5898] stb0899_attach: Driver disabled by Kconfig
[  428.778592][ T5898] az6027: no front-end attached
[  428.778592][ T5898] 
[  428.802905][ T5898] az6027: usb out operation failed. (-71)
[  428.830093][ T5898] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  428.869553][ T5898] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input23
[  428.918688][ T5898] dvb-usb: schedule remote query interval to 400 msecs.
[  428.931768][ T5898] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  428.991908][ T5898] usb 9-1: USB disconnect, device number 5
[  429.241912][ T5898] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  430.981410][T10432] FAULT_INJECTION: forcing a failure.
[  430.981410][T10432] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.084693][T10432] CPU: 1 UID: 0 PID: 10432 Comm: syz.9.1093 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  431.084724][T10432] Tainted: [L]=SOFTLOCKUP
[  431.084731][T10432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  431.084743][T10432] Call Trace:
[  431.084751][T10432]  <TASK>
[  431.084759][T10432]  dump_stack_lvl+0xe8/0x150
[  431.084788][T10432]  should_fail_ex+0x414/0x560
[  431.084822][T10432]  _copy_from_user+0x2d/0xb0
[  431.084847][T10432]  do_ipv6_setsockopt+0x23e/0x2eb0
[  431.084878][T10432]  ? get_pid_task+0x20/0x1f0
[  431.084901][T10432]  ? aa_label_sk_perm+0x4c4/0x610
[  431.084928][T10432]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  431.084953][T10432]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  431.084974][T10432]  ? get_pid_task+0x20/0x1f0
[  431.084996][T10432]  ? get_pid_task+0x20/0x1f0
[  431.085028][T10432]  ? __lock_acquire+0x6b6/0x2cf0
[  431.085062][T10432]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  431.085083][T10432]  ? aa_sk_perm+0x15f/0x920
[  431.085107][T10432]  ? aa_sk_perm+0x7ee/0x920
[  431.085132][T10432]  ? __pfx_aa_sk_perm+0x10/0x10
[  431.085156][T10432]  ? __fget_files+0x2a/0x420
[  431.085179][T10432]  ? aa_sock_opt_perm+0xff/0x1a0
[  431.085206][T10432]  ipv6_setsockopt+0x59/0x170
[  431.085230][T10432]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  431.085262][T10432]  do_sock_setsockopt+0x17c/0x1b0
[  431.085288][T10432]  __x64_sys_setsockopt+0x13f/0x1b0
[  431.085315][T10432]  do_syscall_64+0xec/0xf80
[  431.085334][T10432]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.085352][T10432]  ? trace_irq_disable+0x37/0x100
[  431.085376][T10432]  ? clear_bhb_loop+0x60/0xb0
[  431.085398][T10432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.085416][T10432] RIP: 0033:0x7f7b9ff8f749
[  431.085432][T10432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.085449][T10432] RSP: 002b:00007f7ba0eba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  431.085470][T10432] RAX: ffffffffffffffda RBX: 00007f7ba01e5fa0 RCX: 00007f7b9ff8f749
[  431.085485][T10432] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  431.085495][T10432] RBP: 00007f7ba0eba090 R08: 0000000000000310 R09: 0000000000000000
[  431.085507][T10432] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.085518][T10432] R13: 00007f7ba01e6038 R14: 00007f7ba01e5fa0 R15: 00007f7ba030fa28
[  431.085580][T10432]  </TASK>
[  431.664757][ T8661] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  431.825158][T10455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1101'.
[  431.854649][T10455] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'.
[  431.884558][ T8661] usb 9-1: Using ep0 maxpacket: 16
[  431.902204][ T8661] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.925089][ T9260] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  431.936196][T10455] bond1: entered promiscuous mode
[  431.941666][ T8661] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.991882][ T8661] usb 9-1: config 0 interface 0 has no altsetting 0
[  432.029896][ T8661] usb 9-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  432.069488][ T8661] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.103492][T10461] netlink: 'syz.0.1102': attribute type 39 has an invalid length.
[  432.132849][ T9260] usb 8-1: Using ep0 maxpacket: 32
[  432.144327][ T8661] usb 9-1: config 0 descriptor??
[  432.154310][ T9260] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  432.179884][ T9260] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.213324][ T9260] usb 8-1: config 0 descriptor??
[  432.438976][ T9260] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  432.470576][ T9260] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  432.550036][ T9260] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  432.571347][ T9260] usb 8-1: media controller created
[  432.634891][ T5914] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  432.656638][ T9260] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  432.729468][ T8661] usbhid 9-1:0.0: can't add hid device: -71
[  432.749451][ T8661] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  432.764369][ T8661] usb 9-1: USB disconnect, device number 6
[  432.816579][ T5914] usb 7-1: config index 0 descriptor too short (expected 1068, got 27)
[  432.826529][ T5914] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  432.851650][ T5914] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  432.878111][ T5914] usb 7-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9
[  432.887462][ T5914] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.901513][ T5914] usb 7-1: Product: syz
[  432.907862][ T5914] usb 7-1: Manufacturer: syz
[  432.912737][ T5914] usb 7-1: SerialNumber: syz
[  432.929412][ T5914] usb 7-1: config 0 descriptor??
[  433.415569][ T5906] usb 7-1: USB disconnect, device number 8
[  434.714101][ T9260] az6027: usb out operation failed. (-71)
[  434.737386][ T9260] az6027: usb out operation failed. (-71)
[  434.768975][ T9260] stb0899_attach: Driver disabled by Kconfig
[  434.792204][ T9260] az6027: no front-end attached
[  434.792204][ T9260] 
[  434.818412][ T9260] az6027: usb out operation failed. (-71)
[  434.824819][ T9260] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  434.845747][ T9260] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input24
[  434.925688][ T9260] dvb-usb: schedule remote query interval to 400 msecs.
[  434.932663][ T9260] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  434.997619][T10535] FAULT_INJECTION: forcing a failure.
[  434.997619][T10535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  435.025318][ T9260] usb 8-1: USB disconnect, device number 6
[  435.085555][T10535] CPU: 1 UID: 0 PID: 10535 Comm: syz.9.1115 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  435.085586][T10535] Tainted: [L]=SOFTLOCKUP
[  435.085593][T10535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  435.085605][T10535] Call Trace:
[  435.085613][T10535]  <TASK>
[  435.085621][T10535]  dump_stack_lvl+0xe8/0x150
[  435.085650][T10535]  should_fail_ex+0x414/0x560
[  435.085684][T10535]  _copy_from_iter+0x1cd/0x1630
[  435.085714][T10535]  ? __pfx__copy_from_iter+0x10/0x10
[  435.085734][T10535]  ? __build_skb_around+0x22d/0x3c0
[  435.085757][T10535]  ? __alloc_skb+0x198/0x3a0
[  435.085774][T10535]  ? netlink_sendmsg+0x642/0xb30
[  435.085797][T10535]  ? skb_put+0x11b/0x210
[  435.085819][T10535]  netlink_sendmsg+0x6b2/0xb30
[  435.085849][T10535]  ? __pfx_netlink_sendmsg+0x10/0x10
[  435.085875][T10535]  ? aa_sock_msg_perm+0xf1/0x1b0
[  435.085900][T10535]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  435.085917][T10535]  ? __pfx_netlink_sendmsg+0x10/0x10
[  435.085946][T10535]  __sock_sendmsg+0x21c/0x270
[  435.085974][T10535]  ____sys_sendmsg+0x505/0x820
[  435.086002][T10535]  ? __pfx_____sys_sendmsg+0x10/0x10
[  435.086032][T10535]  ? import_iovec+0x74/0xa0
[  435.086057][T10535]  ___sys_sendmsg+0x21f/0x2a0
[  435.086080][T10535]  ? __pfx____sys_sendmsg+0x10/0x10
[  435.086132][T10535]  ? __fget_files+0x2a/0x420
[  435.086153][T10535]  ? __fget_files+0x3a0/0x420
[  435.086186][T10535]  __x64_sys_sendmsg+0x19b/0x260
[  435.086212][T10535]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  435.086242][T10535]  ? __pfx_ksys_write+0x10/0x10
[  435.086262][T10535]  ? __secure_computing+0xe2/0x2a0
[  435.086288][T10535]  do_syscall_64+0xec/0xf80
[  435.086308][T10535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.086326][T10535]  ? trace_irq_disable+0x37/0x100
[  435.086350][T10535]  ? clear_bhb_loop+0x60/0xb0
[  435.086373][T10535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.086391][T10535] RIP: 0033:0x7f7b9ff8f749
[  435.086408][T10535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  435.086432][T10535] RSP: 002b:00007f7ba0eba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  435.086453][T10535] RAX: ffffffffffffffda RBX: 00007f7ba01e5fa0 RCX: 00007f7b9ff8f749
[  435.086467][T10535] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000004
[  435.086479][T10535] RBP: 00007f7ba0eba090 R08: 0000000000000000 R09: 0000000000000000
[  435.086489][T10535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.086500][T10535] R13: 00007f7ba01e6038 R14: 00007f7ba01e5fa0 R15: 00007f7ba030fa28
[  435.086528][T10535]  </TASK>
[  435.610460][ T9260] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  435.733155][ T8661] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  435.915485][ T8661] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  435.944617][ T8661] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  435.967727][ T8661] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  435.997255][ T8661] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.026265][ T8661] usb 1-1: config 0 descriptor??
[  436.105350][T10567] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1120'.
[  436.366665][ T8661] ath6kl: Failed to submit usb control message: -71
[  436.382277][ T8661] ath6kl: unable to send the bmi data to the device: -71
[  436.400032][ T8661] ath6kl: Unable to send get target info: -71
[  436.477064][ T9260] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  436.501473][ T8661] ath6kl: Failed to init ath6kl core: -71
[  436.535676][ T8661] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  436.559158][ T8661] usb 1-1: USB disconnect, device number 36
[  436.666900][ T9260] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[  436.679231][ T9260] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  436.712971][ T9260] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  436.771718][ T9260] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  436.802308][ T9260] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  436.838551][ T9260] usb 7-1: Manufacturer: syz
[  436.857761][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  436.863899][ T5838] Bluetooth: hci1: command 0x0406 tx timeout
[  436.866320][ T5150] Bluetooth: hci0: command 0x0406 tx timeout
[  436.894386][ T9260] usb 7-1: config 0 descriptor??
[  436.922289][ T9260] igorplugusb 7-1:0.0: incorrect number of endpoints
[  437.147254][T10573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.237736][T10573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.792678][T10611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.802341][T10611] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.983995][T10614] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1122'.
[  438.154798][T10614] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1122'.
[  438.215750][T10614] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1122'.
[  438.233631][T10614] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1122'.
[  438.265820][T10614] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1122'.
[  438.695598][ T8661] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  438.854747][ T8661] usb 10-1: Using ep0 maxpacket: 32
[  438.866932][ T8661] usb 10-1: too many configurations: 20, using maximum allowed: 8
[  438.890462][ T8661] usb 10-1: unable to read config index 0 descriptor/start: -61
[  438.900481][ T8661] usb 10-1: can't read configurations, error -61
[  439.034776][ T8661] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  439.076052][T10643] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1132'.
[  439.140003][T10649] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1132'.
[  439.204620][ T8661] usb 10-1: Using ep0 maxpacket: 32
[  439.241258][ T8661] usb 10-1: too many configurations: 20, using maximum allowed: 8
[  439.260072][ T8661] usb 10-1: unable to read config index 0 descriptor/start: -61
[  439.291408][ T8661] usb 10-1: can't read configurations, error -61
[  439.335023][ T8661] usb usb10-port1: attempt power cycle
[  439.685587][ T8661] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  439.715307][ T8661] usb 10-1: Using ep0 maxpacket: 32
[  439.723948][ T8661] usb 10-1: too many configurations: 20, using maximum allowed: 8
[  439.743529][ T8661] usb 10-1: unable to read config index 0 descriptor/start: -61
[  439.768970][ T8661] usb 10-1: can't read configurations, error -61
[  439.901130][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  439.907755][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  439.917844][ T8661] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  439.940021][T10643] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  439.948469][T10643] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  439.995618][ T8661] usb 10-1: Using ep0 maxpacket: 32
[  440.010299][ T5913] usb 7-1: USB disconnect, device number 9
[  440.017418][ T8661] usb 10-1: too many configurations: 20, using maximum allowed: 8
[  440.031125][ T8661] usb 10-1: unable to read config index 0 descriptor/start: -61
[  440.046345][ T8661] usb 10-1: can't read configurations, error -61
[  440.068605][ T8661] usb usb10-port1: unable to enumerate USB device
[  440.101636][T10643] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  440.113421][T10643] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  440.346118][T10643] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  440.352268][T10643] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  440.412040][T10643] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  440.431795][T10643] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  440.469918][T10643] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  440.489167][T10643] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  440.504858][T10643] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  440.533286][T10643] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  441.016418][ T5913] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  441.165776][T10702] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1143'.
[  441.176219][ T5837] Bluetooth: hci0: command 0x0406 tx timeout
[  441.184986][ T5913] usb 8-1: Using ep0 maxpacket: 8
[  441.191821][ T5913] usb 8-1: config 228 interface 0 altsetting 11 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  441.218336][ T5913] usb 8-1: config 228 interface 0 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  441.255042][ T5913] usb 8-1: config 228 interface 0 has no altsetting 0
[  441.261862][ T5913] usb 8-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00
[  441.294693][ T5913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.309864][ T5913] usb 8-1: rejected 1 configuration due to insufficient available bus power
[  441.331552][ T5913] usb 8-1: no configuration chosen from 1 choice
[  441.671907][T10713] netlink: 'syz.9.1146': attribute type 10 has an invalid length.
[  442.146981][ T5837] Bluetooth: hci1: command 0x0406 tx timeout
[  442.421852][ T5837] Bluetooth: hci2: command 0x0406 tx timeout
[  442.467783][ T5837] Bluetooth: hci5: command 0x0c1a tx timeout
[  442.544586][ T5837] Bluetooth: hci6: command 0x0c1a tx timeout
[  442.895247][T10739] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1150'.
[  442.979212][T10742] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1150'.
[  443.019271][T10744] FAULT_INJECTION: forcing a failure.
[  443.019271][T10744] name failslab, interval 1, probability 0, space 0, times 0
[  443.032356][T10744] CPU: 0 UID: 0 PID: 10744 Comm: syz.0.1151 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  443.032384][T10744] Tainted: [L]=SOFTLOCKUP
[  443.032392][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  443.032404][T10744] Call Trace:
[  443.032412][T10744]  <TASK>
[  443.032420][T10744]  dump_stack_lvl+0xe8/0x150
[  443.032451][T10744]  should_fail_ex+0x414/0x560
[  443.032495][T10744]  should_failslab+0xa8/0x100
[  443.032521][T10744]  kmem_cache_alloc_lru_noprof+0x8d/0x6e0
[  443.032554][T10744]  ? __d_alloc+0x37/0x6f0
[  443.032584][T10744]  __d_alloc+0x37/0x6f0
[  443.032621][T10744]  d_alloc+0x4b/0x190
[  443.032644][T10744]  ? lookup_one_qstr_excl+0xc8/0x360
[  443.032672][T10744]  lookup_one_qstr_excl+0xdc/0x360
[  443.032697][T10744]  ? lookup_noperm_common+0x245/0x430
[  443.032726][T10744]  start_dirop+0x5c/0x90
[  443.032753][T10744]  simple_start_creating+0xc4/0x100
[  443.032780][T10744]  ? __pfx_simple_start_creating+0x10/0x10
[  443.032807][T10744]  ? do_raw_spin_unlock+0x122/0x240
[  443.032835][T10744]  ? mntput+0x65/0xc0
[  443.032859][T10744]  debugfs_start_creating+0xdb/0x1a0
[  443.032882][T10744]  __debugfs_create_file+0x6f/0x400
[  443.032908][T10744]  debugfs_create_file_full+0x3f/0x60
[  443.032932][T10744]  ref_tracker_dir_debugfs+0x14e/0x2d0
[  443.032954][T10744]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  443.033000][T10744]  ? trace_kmalloc+0x1f/0xb0
[  443.033017][T10744]  ? __kvmalloc_node_noprof+0x5f5/0x920
[  443.033043][T10744]  ? __raw_spin_lock_init+0x45/0x100
[  443.033073][T10744]  alloc_netdev_mqs+0x272/0x11b0
[  443.033100][T10744]  ? __pfx_erspan_setup+0x10/0x10
[  443.033131][T10744]  rtnl_create_link+0x31f/0xcf0
[  443.033166][T10744]  rtnl_newlink_create+0x25c/0xb00
[  443.033203][T10744]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  443.033232][T10744]  ? __pfx___mutex_lock+0x10/0x10
[  443.033263][T10744]  ? ns_capable+0x8a/0xf0
[  443.033285][T10744]  rtnl_newlink+0x16e7/0x1c90
[  443.033322][T10744]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.033341][T10744]  ? do_syscall_64+0xec/0xf80
[  443.033361][T10744]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.033417][T10744]  ? kasan_quarantine_put+0xbb/0x1f0
[  443.033436][T10744]  ? lockdep_hardirqs_on+0x7b/0x110
[  443.033462][T10744]  ? kmem_cache_free+0x197/0x620
[  443.033480][T10744]  ? nlmon_xmit+0xb0/0x100
[  443.033516][T10744]  ? __lock_acquire+0x6b6/0x2cf0
[  443.033546][T10744]  ? __local_bh_enable_ip+0xd0/0x130
[  443.033566][T10744]  ? lockdep_hardirqs_on+0x7b/0x110
[  443.033584][T10744]  ? __dev_queue_xmit+0x289/0x31c0
[  443.033615][T10744]  ? __local_bh_enable_ip+0xd0/0x130
[  443.033634][T10744]  ? __dev_queue_xmit+0x289/0x31c0
[  443.033667][T10744]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  443.033704][T10744]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.033725][T10744]  rtnetlink_rcv_msg+0x7cf/0xb70
[  443.033750][T10744]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  443.033771][T10744]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.033790][T10744]  ? ref_tracker_free+0x63a/0x7d0
[  443.033811][T10744]  ? __asan_memcpy+0x40/0x70
[  443.033839][T10744]  ? __pfx_ref_tracker_free+0x10/0x10
[  443.033864][T10744]  ? __skb_clone+0x63/0x7a0
[  443.033896][T10744]  netlink_rcv_skb+0x208/0x470
[  443.033922][T10744]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.033946][T10744]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  443.033982][T10744]  ? netlink_deliver_tap+0x2e/0x1b0
[  443.034015][T10744]  netlink_unicast+0x82f/0x9e0
[  443.034046][T10744]  ? __pfx_netlink_unicast+0x10/0x10
[  443.034068][T10744]  ? __alloc_skb+0x198/0x3a0
[  443.034089][T10744]  ? netlink_sendmsg+0x642/0xb30
[  443.034112][T10744]  ? skb_put+0x11b/0x210
[  443.034137][T10744]  netlink_sendmsg+0x805/0xb30
[  443.034171][T10744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.034205][T10744]  ? aa_sock_msg_perm+0xf1/0x1b0
[  443.034232][T10744]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  443.034250][T10744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.034276][T10744]  __sock_sendmsg+0x21c/0x270
[  443.034308][T10744]  ____sys_sendmsg+0x505/0x820
[  443.034337][T10744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.034370][T10744]  ? import_iovec+0x74/0xa0
[  443.034398][T10744]  ___sys_sendmsg+0x21f/0x2a0
[  443.034424][T10744]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.034485][T10744]  ? __fget_files+0x2a/0x420
[  443.034510][T10744]  ? __fget_files+0x3a0/0x420
[  443.034541][T10744]  __x64_sys_sendmsg+0x19b/0x260
[  443.034566][T10744]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  443.034599][T10744]  ? __pfx_ksys_write+0x10/0x10
[  443.034637][T10744]  do_syscall_64+0xec/0xf80
[  443.034657][T10744]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.034676][T10744]  ? trace_irq_disable+0x37/0x100
[  443.034700][T10744]  ? clear_bhb_loop+0x60/0xb0
[  443.034724][T10744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.034743][T10744] RIP: 0033:0x7fcec798f749
[  443.034761][T10744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.034779][T10744] RSP: 002b:00007fcec889d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  443.034800][T10744] RAX: ffffffffffffffda RBX: 00007fcec7be5fa0 RCX: 00007fcec798f749
[  443.034816][T10744] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  443.034828][T10744] RBP: 00007fcec889d090 R08: 0000000000000000 R09: 0000000000000000
[  443.034846][T10744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.034858][T10744] R13: 00007fcec7be6038 R14: 00007fcec7be5fa0 R15: 00007fcec7d0fa28
[  443.034891][T10744]  </TASK>
[  443.819539][ T5906] usb 8-1: USB disconnect, device number 7
[  443.998186][T10739] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  444.004227][T10739] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  444.022161][T10739] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  444.031012][T10739] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  444.038241][T10739] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  444.268004][T10775] netlink: 'syz.9.1157': attribute type 10 has an invalid length.
[  444.298143][T10775] 8021q: adding VLAN 0 to HW filter on device batadv0
[  444.309575][T10775] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  444.314808][ T9260] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  444.324983][T10780] netlink: 'syz.9.1157': attribute type 10 has an invalid length.
[  444.333673][T10780] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1157'.
[  444.464656][ T8661] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  444.507574][ T9260] usb 1-1: unable to get BOS descriptor or descriptor too short
[  444.536567][ T9260] usb 1-1: not running at top speed; connect to a high speed hub
[  444.552653][ T9260] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  444.690823][ T9260] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  444.701827][ T8661] usb 8-1: Using ep0 maxpacket: 8
[  444.711974][ T8661] usb 8-1: config 0 has an invalid interface number: 237 but max is 0
[  444.726326][ T8661] usb 8-1: config 0 has no interface number 0
[  444.798187][ T9260] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  444.810556][ T8661] usb 8-1: New USB device found, idVendor=093a, idProduct=2460, bcdDevice=2a.87
[  444.823698][T10792] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1161'.
[  444.833597][ T8661] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.892921][ T8661] usb 8-1: Product: syz
[  444.898251][ T9260] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 8193, setting to 64
[  444.923347][ T8661] usb 8-1: Manufacturer: syz
[  444.932735][ T8661] usb 8-1: SerialNumber: syz
[  444.953834][ T9260] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  444.968946][ T9260] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.992132][ T8661] usb 8-1: config 0 descriptor??
[  444.999276][ T9260] usb 1-1: Product: syz
[  445.010782][ T9260] usb 1-1: Manufacturer: syz
[  445.030475][ T9260] usb 1-1: SerialNumber: syz
[  445.033617][ T5827] Bluetooth: hci0: command 0x0406 tx timeout
[  445.215149][ T8661] gspca_main: pac207-2.14.0 probing 093a:2460
[  445.348075][ T8661] gspca_pac207: Failed to read a register (index 0x0001, error -110)
[  445.432481][ T5993] usb 8-1: USB disconnect, device number 8
[  445.554182][ T9260] usb 1-1: 0:2 : does not exist
[  445.635154][ T9260] usb 1-1: USB disconnect, device number 37
[  445.683231][ T9095] udevd[9095]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  446.003419][T10823] netlink: 152 bytes leftover after parsing attributes in process `syz.9.1167'.
[  446.032949][T10823] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1167'.
[  446.055642][ T5150] Bluetooth: hci1: command 0x0406 tx timeout
[  446.061672][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[  446.072326][ T5827] Bluetooth: hci5: command 0x0c1a tx timeout
[  446.078373][ T5837] Bluetooth: hci6: command 0x0c1a tx timeout
[  446.749582][ T5993] IPVS: starting estimator thread 0...
[  446.954618][T10845] IPVS: using max 52 ests per chain, 124800 per kthread
[  447.530039][T10867] FAULT_INJECTION: forcing a failure.
[  447.530039][T10867] name failslab, interval 1, probability 0, space 0, times 0
[  447.555812][T10867] CPU: 0 UID: 0 PID: 10867 Comm: syz.8.1176 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  447.555841][T10867] Tainted: [L]=SOFTLOCKUP
[  447.555848][T10867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  447.555860][T10867] Call Trace:
[  447.555867][T10867]  <TASK>
[  447.555876][T10867]  dump_stack_lvl+0xe8/0x150
[  447.555906][T10867]  should_fail_ex+0x414/0x560
[  447.555943][T10867]  should_failslab+0xa8/0x100
[  447.555968][T10867]  __kmalloc_cache_noprof+0x84/0x700
[  447.555989][T10867]  ? tcf_proto_create+0x65/0x330
[  447.556021][T10867]  tcf_proto_create+0x65/0x330
[  447.556058][T10867]  tc_new_tfilter+0x11aa/0x15b0
[  447.556104][T10867]  ? __pfx_tc_new_tfilter+0x10/0x10
[  447.556143][T10867]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  447.556177][T10867]  ? __pfx_tc_new_tfilter+0x10/0x10
[  447.556201][T10867]  rtnetlink_rcv_msg+0x7cf/0xb70
[  447.556225][T10867]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  447.556246][T10867]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  447.556265][T10867]  ? ref_tracker_free+0x63a/0x7d0
[  447.556284][T10867]  ? __asan_memcpy+0x40/0x70
[  447.556313][T10867]  ? __pfx_ref_tracker_free+0x10/0x10
[  447.556330][T10867]  ? __skb_clone+0x63/0x7a0
[  447.556361][T10867]  netlink_rcv_skb+0x208/0x470
[  447.556386][T10867]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  447.556416][T10867]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  447.556452][T10867]  ? netlink_deliver_tap+0x2e/0x1b0
[  447.556484][T10867]  netlink_unicast+0x82f/0x9e0
[  447.556516][T10867]  ? __pfx_netlink_unicast+0x10/0x10
[  447.556536][T10867]  ? __alloc_skb+0x198/0x3a0
[  447.556557][T10867]  ? netlink_sendmsg+0x642/0xb30
[  447.556581][T10867]  ? skb_put+0x11b/0x210
[  447.556606][T10867]  netlink_sendmsg+0x805/0xb30
[  447.556641][T10867]  ? __pfx_netlink_sendmsg+0x10/0x10
[  447.556670][T10867]  ? aa_sock_msg_perm+0xf1/0x1b0
[  447.556698][T10867]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  447.556717][T10867]  ? __pfx_netlink_sendmsg+0x10/0x10
[  447.556743][T10867]  __sock_sendmsg+0x21c/0x270
[  447.556776][T10867]  ____sys_sendmsg+0x505/0x820
[  447.556805][T10867]  ? __pfx_____sys_sendmsg+0x10/0x10
[  447.556839][T10867]  ? import_iovec+0x74/0xa0
[  447.556866][T10867]  ___sys_sendmsg+0x21f/0x2a0
[  447.556893][T10867]  ? __pfx____sys_sendmsg+0x10/0x10
[  447.556951][T10867]  ? __fget_files+0x2a/0x420
[  447.556975][T10867]  ? __fget_files+0x3a0/0x420
[  447.557010][T10867]  __x64_sys_sendmsg+0x19b/0x260
[  447.557037][T10867]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  447.557071][T10867]  ? __pfx_ksys_write+0x10/0x10
[  447.557101][T10867]  do_syscall_64+0xec/0xf80
[  447.557122][T10867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.557141][T10867]  ? trace_irq_disable+0x37/0x100
[  447.557165][T10867]  ? clear_bhb_loop+0x60/0xb0
[  447.557187][T10867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.557206][T10867] RIP: 0033:0x7efd8f18f749
[  447.557223][T10867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.557241][T10867] RSP: 002b:00007efd900c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  447.557259][T10867] RAX: ffffffffffffffda RBX: 00007efd8f3e5fa0 RCX: 00007efd8f18f749
[  447.557267][T10867] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  447.557274][T10867] RBP: 00007efd900c0090 R08: 0000000000000000 R09: 0000000000000000
[  447.557281][T10867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.557288][T10867] R13: 00007efd8f3e6038 R14: 00007efd8f3e5fa0 R15: 00007efd8f50fa28
[  447.557305][T10867]  </TASK>
[  448.134711][ T5827] Bluetooth: hci5: command 0x0c1a tx timeout
[  448.144826][ T5837] Bluetooth: hci6: command 0x0c1a tx timeout
[  448.581345][T10895] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  448.589495][ T5914] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  448.757154][ T5914] usb 9-1: unable to get BOS descriptor or descriptor too short
[  448.766770][ T5914] usb 9-1: not running at top speed; connect to a high speed hub
[  448.788915][ T5914] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  448.833117][ T5914] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  448.868682][ T5914] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  448.886547][ T5914] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.901799][ T5914] usb 9-1: Product: syz
[  448.967466][ T5914] usb 9-1: Manufacturer: syz
[  448.980292][ T5914] usb 9-1: SerialNumber: syz
[  449.281920][T10882] netdevsim netdevsim9: Direct firmware load for /
[  449.281920][T10882]  failed with error -2
[  449.321565][ T5914] usb 9-1: 0:2 : does not exist
[  449.331352][T10882] netdevsim netdevsim9: Falling back to sysfs fallback for: /
[  449.331352][T10882] 
[  449.363356][ T5914] usb 9-1: 5:0: cannot get min/max values for control 2 (id 5)
[  449.387450][ T5914] usb 9-1: 5:0: cannot get min/max values for control 2 (id 5)
[  449.401369][ T5914] usb 9-1: 5:0: cannot get min/max values for control 3 (id 5)
[  449.474110][ T5914] usb 9-1: 5:0: cannot get min/max values for control 4 (id 5)
[  449.524949][ T5914] usb 9-1: 5:0: cannot get min/max values for control 4 (id 5)
[  449.538053][ T5914] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  449.628191][ T5914] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  449.758221][ T5914] usb 9-1: 5:0: cannot get min/max values for control 3 (id 5)
[  449.811111][ T5914] usb 9-1: 5:0: cannot get min/max values for control 2 (id 5)
[  449.879594][ T5914] usb 9-1: USB disconnect, device number 7
[  450.126787][ T9260] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  450.264587][ T8720] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[  450.304560][ T9260] usb 10-1: Using ep0 maxpacket: 16
[  450.328335][T10930] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1187'.
[  450.414907][ T9260] usb 10-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  450.436140][ T8720] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  450.439813][ T9260] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.479193][ T8720] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  450.494161][ T9260] usb 10-1: Product: syz
[  450.504354][ T9260] usb 10-1: Manufacturer: syz
[  450.529378][ T9260] usb 10-1: SerialNumber: syz
[  450.534156][ T8720] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  450.554050][ T8720] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.559529][ T9260] usb 10-1: config 0 descriptor??
[  450.590753][T10916] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  450.609015][T10916] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  450.659492][ T8720] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  450.735896][ T5914] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  450.894611][ T5914] usb 8-1: Using ep0 maxpacket: 32
[  450.903165][ T5914] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  450.924703][ T5914] usb 8-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  450.936557][ T5914] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.980417][ T5914] usb 8-1: Product: syz
[  450.992376][ T5914] usb 8-1: Manufacturer: syz
[  451.006093][ T5914] usb 8-1: SerialNumber: syz
[  451.116631][ T5914] usb 8-1: config 0 descriptor??
[  451.144354][ T9260] dvb_usb_dtv5100 10-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  451.156395][ T5914] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  451.363051][ T5898] usb 10-1: USB disconnect, device number 11
[  451.398132][T10934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.426053][T10934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.659452][ T5914] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71
[  451.676957][ T5914] gspca_pac7302 8-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  451.717858][ T5914] usb 8-1: USB disconnect, device number 9
[  452.302999][T10986] fuse: Bad value for 'fd'
[  452.684584][ T5993] usb 10-1: new full-speed USB device number 12 using dummy_hcd
[  452.846425][ T5993] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  452.922557][ T5993] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  452.962696][ T5993] usb 10-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[  452.989484][ T5993] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.021559][ T5993] usb 10-1: config 0 descriptor??
[  453.306459][ T5898] usb 1-1: USB disconnect, device number 38
[  453.449795][ T5993] uclogic 0003:5543:0064.0006: item fetching failed at offset 0/1
[  453.458150][ T5993] uclogic 0003:5543:0064.0006: parse failed
[  453.485683][ T5993] uclogic 0003:5543:0064.0006: probe with driver uclogic failed with error -22
[  453.666637][ T5993] usb 10-1: USB disconnect, device number 12
[  453.794643][ T8720] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  454.004692][ T8720] usb 9-1: Using ep0 maxpacket: 32
[  454.011935][ T8720] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  454.024174][ T8720] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  454.054723][ T8720] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  454.070739][ T8720] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.095427][ T8720] usb 9-1: config 0 descriptor??
[  454.552310][ T8720] savu 0003:1E7D:2D5A.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[  455.002168][ T5993] usb 9-1: USB disconnect, device number 8
[  455.038397][T11052] bridge0: entered promiscuous mode
[  455.117327][T11052] vlan2: entered promiscuous mode
[  455.199879][T11047] fido_id[11047]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  455.344960][ T8720] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  455.555301][ T8720] usb 8-1: Using ep0 maxpacket: 32
[  455.566337][ T8720] usb 8-1: config 4 has an invalid interface number: 71 but max is 0
[  455.574422][ T8720] usb 8-1: config 4 has no interface number 0
[  455.607049][ T8720] usb 8-1: config 4 interface 71 altsetting 10 endpoint 0x9 has invalid wMaxPacketSize 0
[  455.654591][ T8720] usb 8-1: config 4 interface 71 has no altsetting 0
[  455.667098][ T8720] usb 8-1: New USB device found, idVendor=595a, idProduct=0001, bcdDevice=42.2c
[  455.699574][ T8720] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.750135][ T8720] usb 8-1: Product: syz
[  455.754318][ T8720] usb 8-1: Manufacturer: syz
[  455.810826][ T8720] usb 8-1: SerialNumber: syz
[  456.173381][T11076] netlink: 132 bytes leftover after parsing attributes in process `syz.8.1214'.
[  456.269644][ T8720] usb 8-1: USB disconnect, device number 10
[  456.299820][T11077] tipc: Invalid UDP bearer configuration
[  456.299872][T11077] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  460.204614][   T10] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  460.250682][T11171] FAULT_INJECTION: forcing a failure.
[  460.250682][T11171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  460.314660][T11171] CPU: 1 UID: 0 PID: 11171 Comm: syz.9.1234 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  460.314689][T11171] Tainted: [L]=SOFTLOCKUP
[  460.314693][T11171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  460.314700][T11171] Call Trace:
[  460.314705][T11171]  <TASK>
[  460.314713][T11171]  dump_stack_lvl+0xe8/0x150
[  460.314732][T11171]  should_fail_ex+0x414/0x560
[  460.314752][T11171]  _copy_to_user+0x31/0xb0
[  460.314766][T11171]  simple_read_from_buffer+0xe1/0x170
[  460.314782][T11171]  proc_fail_nth_read+0x1b3/0x220
[  460.314795][T11171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  460.314807][T11171]  ? rw_verify_area+0x2a6/0x4d0
[  460.314823][T11171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  460.314835][T11171]  vfs_read+0x200/0xa30
[  460.314844][T11171]  ? fdget_pos+0x247/0x320
[  460.314859][T11171]  ? __pfx___mutex_lock+0x10/0x10
[  460.314872][T11171]  ? __pfx_vfs_read+0x10/0x10
[  460.314882][T11171]  ? __fget_files+0x2a/0x420
[  460.314897][T11171]  ? __fget_files+0x3a0/0x420
[  460.314909][T11171]  ? __fget_files+0x2a/0x420
[  460.314925][T11171]  ksys_read+0x145/0x250
[  460.314938][T11171]  ? __pfx_ksys_read+0x10/0x10
[  460.314954][T11171]  do_syscall_64+0xec/0xf80
[  460.314965][T11171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.314975][T11171]  ? trace_irq_disable+0x37/0x100
[  460.314988][T11171]  ? clear_bhb_loop+0x60/0xb0
[  460.315001][T11171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.315011][T11171] RIP: 0033:0x7f7b9ff8e15c
[  460.315022][T11171] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  460.315031][T11171] RSP: 002b:00007f7ba0eba030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  460.315044][T11171] RAX: ffffffffffffffda RBX: 00007f7ba01e5fa0 RCX: 00007f7b9ff8e15c
[  460.315053][T11171] RDX: 000000000000000f RSI: 00007f7ba0eba0a0 RDI: 0000000000000006
[  460.315059][T11171] RBP: 00007f7ba0eba090 R08: 0000000000000000 R09: 0000000000000000
[  460.315066][T11171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.315072][T11171] R13: 00007f7ba01e6038 R14: 00007f7ba01e5fa0 R15: 00007f7ba030fa28
[  460.315089][T11171]  </TASK>
[  460.554375][   T10] usb 7-1: Using ep0 maxpacket: 16
[  460.591893][   T10] usb 7-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  460.661470][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.739482][   T10] usb 7-1: Product: syz
[  460.743679][   T10] usb 7-1: Manufacturer: syz
[  460.749548][T11179] syzkaller0: entered promiscuous mode
[  460.794799][   T10] usb 7-1: SerialNumber: syz
[  460.804643][T11179] syzkaller0: entered allmulticast mode
[  460.972277][   T10] usb 7-1: config 0 descriptor??
[  461.239672][   T10] speedtch 7-1:0.0: speedtch_bind: wrong device class 68
[  461.262899][   T10] speedtch 7-1:0.0: usbatm_usb_probe: bind failed: -19!
[  461.460280][T11166] MPI: mpi too large (32768 bits)
[  462.045137][T11223] 
: renamed from bridge_slave_0 (while UP)
[  462.442069][T11228] netlink: 104 bytes leftover after parsing attributes in process `syz.9.1245'.
[  463.237634][ T5993] usb 7-1: USB disconnect, device number 10
[  501.341200][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.348023][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  514.312498][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1257'.
[  514.339169][T11380] bond0: option resend_igmp: invalid value (16711680)
[  514.362057][T11380] bond0: option resend_igmp: allowed values 0 - 255
[  514.627905][ T5993] IPVS: starting estimator thread 0...
[  514.714654][T11395] IPVS: using max 32 ests per chain, 76800 per kthread
[  514.732858][T11398] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1264'.
[  514.837301][  T979] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  514.952114][T11409] FAULT_INJECTION: forcing a failure.
[  514.952114][T11409] name failslab, interval 1, probability 0, space 0, times 0
[  514.966067][T11409] CPU: 1 UID: 0 PID: 11409 Comm: syz.7.1268 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  514.966085][T11409] Tainted: [L]=SOFTLOCKUP
[  514.966090][T11409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  514.966097][T11409] Call Trace:
[  514.966103][T11409]  <TASK>
[  514.966108][T11409]  dump_stack_lvl+0xe8/0x150
[  514.966129][T11409]  should_fail_ex+0x414/0x560
[  514.966149][T11409]  should_failslab+0xa8/0x100
[  514.966163][T11409]  __kmalloc_cache_noprof+0x84/0x700
[  514.966175][T11409]  ? mall_change+0x312/0x8f0
[  514.966190][T11409]  mall_change+0x312/0x8f0
[  514.966206][T11409]  ? __pfx_mall_change+0x10/0x10
[  514.966225][T11409]  tc_new_tfilter+0xdca/0x15b0
[  514.966253][T11409]  ? __pfx_tc_new_tfilter+0x10/0x10
[  514.966274][T11409]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  514.966293][T11409]  ? __pfx_tc_new_tfilter+0x10/0x10
[  514.966306][T11409]  rtnetlink_rcv_msg+0x7cf/0xb70
[  514.966318][T11409]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  514.966341][T11409]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  514.966359][T11409]  ? ref_tracker_free+0x63a/0x7d0
[  514.966377][T11409]  ? __asan_memcpy+0x40/0x70
[  514.966404][T11409]  ? __pfx_ref_tracker_free+0x10/0x10
[  514.966418][T11409]  ? __skb_clone+0x63/0x7a0
[  514.966435][T11409]  netlink_rcv_skb+0x208/0x470
[  514.966449][T11409]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  514.966461][T11409]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  514.966480][T11409]  ? netlink_deliver_tap+0x2e/0x1b0
[  514.966496][T11409]  netlink_unicast+0x82f/0x9e0
[  514.966512][T11409]  ? __pfx_netlink_unicast+0x10/0x10
[  514.966523][T11409]  ? __alloc_skb+0x198/0x3a0
[  514.966533][T11409]  ? netlink_sendmsg+0x642/0xb30
[  514.966545][T11409]  ? skb_put+0x11b/0x210
[  514.966558][T11409]  netlink_sendmsg+0x805/0xb30
[  514.966576][T11409]  ? __pfx_netlink_sendmsg+0x10/0x10
[  514.966593][T11409]  ? aa_sock_msg_perm+0xf1/0x1b0
[  514.966608][T11409]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  514.966618][T11409]  ? __pfx_netlink_sendmsg+0x10/0x10
[  514.966631][T11409]  __sock_sendmsg+0x21c/0x270
[  514.966648][T11409]  ____sys_sendmsg+0x505/0x820
[  514.966663][T11409]  ? __pfx_____sys_sendmsg+0x10/0x10
[  514.966680][T11409]  ? import_iovec+0x74/0xa0
[  514.966695][T11409]  ___sys_sendmsg+0x21f/0x2a0
[  514.966708][T11409]  ? __pfx____sys_sendmsg+0x10/0x10
[  514.966738][T11409]  ? __fget_files+0x2a/0x420
[  514.966751][T11409]  ? __fget_files+0x3a0/0x420
[  514.966768][T11409]  __x64_sys_sendmsg+0x19b/0x260
[  514.966782][T11409]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  514.966799][T11409]  ? __pfx_ksys_write+0x10/0x10
[  514.966815][T11409]  do_syscall_64+0xec/0xf80
[  514.966826][T11409]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.966836][T11409]  ? trace_irq_disable+0x37/0x100
[  514.966850][T11409]  ? clear_bhb_loop+0x60/0xb0
[  514.966862][T11409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.966873][T11409] RIP: 0033:0x7fd76078f749
[  514.966884][T11409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.966893][T11409] RSP: 002b:00007fd761594038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  514.966905][T11409] RAX: ffffffffffffffda RBX: 00007fd7609e5fa0 RCX: 00007fd76078f749
[  514.966913][T11409] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  514.966920][T11409] RBP: 00007fd761594090 R08: 0000000000000000 R09: 0000000000000000
[  514.966927][T11409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  514.966933][T11409] R13: 00007fd7609e6038 R14: 00007fd7609e5fa0 R15: 00007fd760b0fa28
[  514.966949][T11409]  </TASK>
[  514.967126][T11411] FAULT_INJECTION: forcing a failure.
[  514.967126][T11411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  515.024946][  T979] usb 7-1: Using ep0 maxpacket: 16
[  515.029263][T11411] CPU: 0 UID: 0 PID: 11411 Comm: syz.0.1269 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  515.029292][T11411] Tainted: [L]=SOFTLOCKUP
[  515.029300][T11411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  515.029312][T11411] Call Trace:
[  515.029320][T11411]  <TASK>
[  515.029328][T11411]  dump_stack_lvl+0xe8/0x150
[  515.029357][T11411]  should_fail_ex+0x414/0x560
[  515.029391][T11411]  _copy_to_user+0x31/0xb0
[  515.029416][T11411]  simple_read_from_buffer+0xe1/0x170
[  515.029444][T11411]  proc_fail_nth_read+0x1b3/0x220
[  515.029466][T11411]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  515.029490][T11411]  ? rw_verify_area+0x2a6/0x4d0
[  515.029518][T11411]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  515.029540][T11411]  vfs_read+0x200/0xa30
[  515.029557][T11411]  ? fdget_pos+0x247/0x320
[  515.029589][T11411]  ? __pfx___mutex_lock+0x10/0x10
[  515.029612][T11411]  ? __pfx_vfs_read+0x10/0x10
[  515.029630][T11411]  ? __fget_files+0x2a/0x420
[  515.029658][T11411]  ? __fget_files+0x3a0/0x420
[  515.029679][T11411]  ? __fget_files+0x2a/0x420
[  515.029710][T11411]  ksys_read+0x145/0x250
[  515.029730][T11411]  ? __pfx_ksys_read+0x10/0x10
[  515.029758][T11411]  do_syscall_64+0xec/0xf80
[  515.029777][T11411]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.029796][T11411]  ? trace_irq_disable+0x37/0x100
[  515.029821][T11411]  ? clear_bhb_loop+0x60/0xb0
[  515.029843][T11411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.029862][T11411] RIP: 0033:0x7fcec798e15c
[  515.029879][T11411] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  515.029896][T11411] RSP: 002b:00007fcec889d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  515.029917][T11411] RAX: ffffffffffffffda RBX: 00007fcec7be5fa0 RCX: 00007fcec798e15c
[  515.029933][T11411] RDX: 000000000000000f RSI: 00007fcec889d0a0 RDI: 000000000000000a
[  515.029945][T11411] RBP: 00007fcec889d090 R08: 0000000000000000 R09: 0000000000000000
[  515.029958][T11411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.029969][T11411] R13: 00007fcec7be6038 R14: 00007fcec7be5fa0 R15: 00007fcec7d0fa28
[  515.029999][T11411]  </TASK>
[  515.559293][  T979] usb 7-1: config 252 has an invalid interface number: 213 but max is 0
[  515.568246][  T979] usb 7-1: config 252 has no interface number 0
[  515.574626][  T979] usb 7-1: config 252 interface 213 has no altsetting 0
[  515.638359][ T5906] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  515.854201][  T979] usb 7-1: New USB device found, idVendor=0458, idProduct=7005, bcdDevice=6d.16
[  515.877890][  T979] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.901849][  T979] usb 7-1: Product: syz
[  515.911832][  T979] usb 7-1: Manufacturer: syz
[  515.939432][ T5906] usb 9-1: Using ep0 maxpacket: 16
[  515.951565][ T5906] usb 9-1: config 0 has an invalid interface number: 8 but max is 0
[  515.959865][ T5906] usb 9-1: config 0 has no interface number 0
[  515.970269][ T5906] usb 9-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x5D, changing to 0xD
[  515.986672][  T979] usb 7-1: SerialNumber: syz
[  516.012548][ T5906] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  516.030385][  T979] gspca_main: sn9c2028-2.14.0 probing 0458:7005
[  516.038827][ T5906] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  516.055821][ T5906] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  516.069414][ T5906] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  516.077087][T11424] gtp0: entered promiscuous mode
[  516.078211][ T5906] usb 9-1: Product: syz
[  516.082419][T11424] gtp0: entered allmulticast mode
[  516.092267][ T5906] usb 9-1: SerialNumber: syz
[  516.121029][ T5906] usb 9-1: config 0 descriptor??
[  516.131824][ T5906] usbhid 9-1:0.8: couldn't find an input interrupt endpoint
[  516.218152][  T979] gspca_sn9c2028: read1 error -71
[  516.234134][  T979] gspca_sn9c2028: read1 error -71
[  516.239546][  T979] gspca_sn9c2028: read1 error -71
[  516.259747][  T979] sn9c2028 7-1:252.213: probe with driver sn9c2028 failed with error -71
[  516.276875][   T10] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  516.289202][  T979] usb 7-1: USB disconnect, device number 11
[  516.350148][T11407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.371486][T11407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.386486][ T5906] usb 9-1: USB disconnect, device number 9
[  516.431845][   T10] usb 8-1: device descriptor read/64, error -71
[  516.508896][T11436] loop5: detected capacity change from 0 to 7
[  516.528047][T11427] Dev loop5: unable to read RDB block 7
[  516.533664][T11427]  loop5: AHDI p1 p2 p3
[  516.538428][T11427] loop5: partition table partially beyond EOD, truncated
[  516.546604][T11427] loop5: p1 start 1601398130 is beyond EOD, truncated
[  516.553973][T11427] loop5: p2 start 1702059890 is beyond EOD, truncated
[  516.563771][T11436] Dev loop5: unable to read RDB block 7
[  516.580345][T11436]  loop5: AHDI p1 p2 p3
[  516.591249][T11436] loop5: partition table partially beyond EOD, truncated
[  516.598653][T11436] loop5: p1 start 1601398130 is beyond EOD, truncated
[  516.619929][T11436] loop5: p2 start 1702059890 is beyond EOD, truncated
[  516.684954][   T10] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  516.796161][T11442] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1278'.
[  516.845254][   T10] usb 8-1: device descriptor read/64, error -71
[  516.958140][   T10] usb usb8-port1: attempt power cycle
[  517.224604][  T979] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  517.517138][T11454] netlink: 104 bytes leftover after parsing attributes in process `syz.8.1280'.
[  517.528527][   T10] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  517.559489][   T10] usb 8-1: device descriptor read/8, error -71
[  517.684862][  T979] usb 7-1: device descriptor read/64, error -71
[  517.814702][   T10] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  517.848865][   T10] usb 8-1: device descriptor read/8, error -71
[  517.965384][   T10] usb usb8-port1: unable to enumerate USB device
[  517.975502][  T979] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  518.165516][  T979] usb 7-1: device descriptor read/64, error -71
[  518.275439][  T979] usb usb7-port1: attempt power cycle
[  518.491264][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  518.491960][   T30] audit: type=1326 audit(1767963061.044:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.577346][   T30] audit: type=1326 audit(1767963061.044:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.614654][  T979] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  518.624939][   T30] audit: type=1326 audit(1767963061.054:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.663041][   T30] audit: type=1326 audit(1767963061.054:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.714798][  T979] usb 7-1: device descriptor read/8, error -71
[  518.757066][   T30] audit: type=1326 audit(1767963061.054:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.839891][   T30] audit: type=1326 audit(1767963061.084:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.902951][   T30] audit: type=1326 audit(1767963061.084:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  518.954614][  T979] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  518.967388][   T30] audit: type=1326 audit(1767963061.084:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  519.005507][  T979] usb 7-1: device descriptor read/8, error -71
[  519.043704][   T30] audit: type=1326 audit(1767963061.084:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11462 comm="syz.8.1283" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  519.124942][  T979] usb usb7-port1: unable to enumerate USB device
[  519.553345][   T30] audit: type=1326 audit(1767963062.104:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11484 comm="syz.9.1293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  520.812092][T11517] kvm: Disabled LAPIC found during irq injection
[  523.392480][T11440] Set syz1 is full, maxelem 65536 reached
[  524.797345][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  524.797363][   T30] audit: type=1326 audit(1767963067.354:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  524.914761][   T30] audit: type=1326 audit(1767963067.384:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  524.972072][   T30] audit: type=1326 audit(1767963067.384:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.022915][   T30] audit: type=1326 audit(1767963067.384:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.060638][   T30] audit: type=1326 audit(1767963067.384:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.113663][   T30] audit: type=1326 audit(1767963067.384:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.154636][   T30] audit: type=1326 audit(1767963067.384:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.179625][   T30] audit: type=1326 audit(1767963067.384:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.224742][   T30] audit: type=1326 audit(1767963067.384:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.260433][   T30] audit: type=1326 audit(1767963067.384:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11630 comm="syz.9.1350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  525.468816][T11651] kvm: pic: non byte write
[  525.821219][T11663] netlink: 2 bytes leftover after parsing attributes in process `syz.6.1361'.
[  529.923726][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  529.923752][   T30] audit: type=1326 audit(1767963072.474:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  529.967386][   T30] audit: type=1326 audit(1767963072.514:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.012317][   T30] audit: type=1326 audit(1767963072.514:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.097457][   T30] audit: type=1326 audit(1767963072.514:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.192192][   T30] audit: type=1326 audit(1767963072.514:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.283963][   T30] audit: type=1326 audit(1767963072.514:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.361631][   T30] audit: type=1326 audit(1767963072.514:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.465018][   T30] audit: type=1326 audit(1767963072.514:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11815 comm="syz.0.1423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  530.867718][   T30] audit: type=1326 audit(1767963073.424:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11859 comm="syz.9.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  530.965402][   T30] audit: type=1326 audit(1767963073.424:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11859 comm="syz.9.1444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  531.388215][T11887] kvm: pic: non byte write
[  531.728155][T11904] kvm: vcpu 0: requested 148514 ns lapic timer period limited to 200000 ns
[  531.764664][T11904] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer.
[  534.592315][T12005] io-wq is not configured for unbound workers
[  535.527293][T12039] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  535.703906][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  535.703923][   T30] audit: type=1326 audit(1767963078.254:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  535.757188][   T30] audit: type=1326 audit(1767963078.254:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  535.821031][   T30] audit: type=1326 audit(1767963078.254:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  535.872980][   T30] audit: type=1326 audit(1767963078.254:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  535.910064][   T30] audit: type=1326 audit(1767963078.254:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  535.935525][   T30] audit: type=1326 audit(1767963078.254:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  535.962206][   T30] audit: type=1326 audit(1767963078.254:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  536.004651][   T30] audit: type=1326 audit(1767963078.254:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  536.031943][   T30] audit: type=1326 audit(1767963078.254:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  536.136719][   T30] audit: type=1326 audit(1767963078.254:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12049 comm="syz.8.1514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7efd8f18f749 code=0x7ffc0000
[  538.397822][T12209] IPv6: addrconf: prefix option has invalid lifetime
[  539.521516][T12263] kvm: pic: non byte write
[  541.451182][T12334] netlink: 72 bytes leftover after parsing attributes in process `syz.9.1636'.
[  541.497421][T12336] 8021q: adding VLAN 0 to HW filter on device bond1
[  541.514911][T12336] bond0: (slave bond1): Enslaving as an active interface with an up link
[  542.433227][T12390] 8021q: VLANs not supported on sit0
[  544.393376][T12472] ipip0: entered promiscuous mode
[  544.398803][T12472] ipip0: entered allmulticast mode
[  544.409959][T12472] team0: Device ipip0 is of different type
[  546.600230][T12579] bond1: option xmit_hash_policy: invalid value (6)
[  546.618276][T12579] bond1 (unregistering): Released all slaves
[  547.360500][T12611] loop2: detected capacity change from 0 to 7
[  547.369989][T12611] Dev loop2: unable to read RDB block 7
[  547.376795][T12611]  loop2: unable to read partition table
[  547.382612][T12611] loop2: partition table beyond EOD, truncated
[  547.400702][T12611] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  547.600731][T12624] veth2: entered allmulticast mode
[  550.066888][T12715] syzkaller0: entered promiscuous mode
[  550.072519][T12715] syzkaller0: entered allmulticast mode
[  551.598358][T12782] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1823'.
[  551.746345][T12782] team0: Port device team_slave_0 removed
[  552.710612][   T30] kauditd_printk_skb: 76 callbacks suppressed
[  552.710629][   T30] audit: type=1326 audit(1767963095.254:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12810 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  552.791935][   T30] audit: type=1326 audit(1767963095.254:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12810 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  552.855819][   T30] audit: type=1326 audit(1767963095.254:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12810 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  552.914580][   T30] audit: type=1326 audit(1767963095.254:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12810 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  552.965011][   T30] audit: type=1326 audit(1767963095.254:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12810 comm="syz.0.1836" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcec798f749 code=0x7ffc0000
[  553.319163][T12829] bridge0: entered promiscuous mode
[  553.326671][T12829] bridge0: left promiscuous mode
[  553.469891][T12838] netlink: 'syz.7.1846': attribute type 10 has an invalid length.
[  555.939999][T12919] program syz.9.1880 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  559.634667][T13092] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1948'.
[  559.664742][T13092] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1948'.
[  559.912556][T13105] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  559.912556][T13105] The task syz.7.1953 (13105) triggered the difference, watch for misbehavior.
[  560.745119][T13127] loop5: detected capacity change from 0 to 4015
[  560.834102][T11427] Buffer I/O error on dev loop5, logical block 501, async page read
[  562.787442][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  562.804725][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  563.836393][T13228] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2001'.
[  564.370360][T13255] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2012'.
[  564.643618][T13264] kvm: pic: level sensitive irq not supported
[  564.643875][T13264] kvm: pic: non byte read
[  564.669249][T13264] kvm: pic: level sensitive irq not supported
[  564.669321][T13264] kvm: pic: non byte read
[  564.724320][T13277] netlink: 'syz.6.2020': attribute type 9 has an invalid length.
[  565.796971][T13338] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2045'.
[  565.938928][T13345] xt_hashlimit: max too large, truncated to 1048576
[  566.705281][T13390] kvm: pic: non byte read
[  566.710089][T13390] kvm: pic: non byte read
[  566.714830][T13390] kvm: pic: non byte read
[  566.854327][T13399] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2072'.
[  567.083384][T13410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2074'.
[  567.096442][T13410] netlink: 320 bytes leftover after parsing attributes in process `syz.0.2074'.
[  567.839838][T13433] netlink: 72 bytes leftover after parsing attributes in process `syz.7.2086'.
[  568.223991][T13454] netlink: 'syz.0.2093': attribute type 10 has an invalid length.
[  570.814872][T13516] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.822137][T13516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.864549][T13519] team_slave_0: entered promiscuous mode
[  570.870606][T13519] team_slave_1: entered promiscuous mode
[  570.878519][T13519] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  570.886245][T13519] team0: Device macvtap1 is already an upper device of the team interface
[  570.903022][T13519] team_slave_0: left promiscuous mode
[  570.908553][T13519] team_slave_1: left promiscuous mode
[  571.105770][T13535] syzkaller0: entered promiscuous mode
[  571.113088][T13535] syzkaller0: entered allmulticast mode
[  571.125369][T13538] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond_slave_1, syncid = 8, id = 0
[  571.137353][T13536] IPVS: stopping backup sync thread 13538 ...
[  571.391182][T13550] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.398407][T13550] bridge0: port 1(bridge_slave_0) entered forwarding state
[  572.091912][T13586] bridge0: port 1(bridge_slave_0) entered blocking state
[  572.099069][T13586] bridge0: port 1(bridge_slave_0) entered forwarding state
[  572.494653][  T979] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  572.655995][  T979] usb 10-1: Using ep0 maxpacket: 32
[  572.702261][  T979] usb 10-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  572.723348][  T979] usb 10-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  572.754985][  T979] usb 10-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  572.779897][  T979] usb 10-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  572.797950][  T979] usb 10-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  572.807969][  T979] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.816214][  T979] usb 10-1: Product: syz
[  572.820544][  T979] usb 10-1: Manufacturer: syz
[  572.827562][  T979] usb 10-1: SerialNumber: syz
[  572.927968][    C1] imon 10-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  573.121641][  T979] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/input/input25
[  573.190480][  T979] imon 10-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  573.208650][  T979]  (id 0x00)
[  573.314855][  T979] rc_core: IR keymap rc-imon-pad not found
[  573.322918][  T979] Registered IR keymap rc-empty
[  573.328502][  T979] imon 10-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  573.360647][  T979] imon 10-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  573.370787][T13620] bridge0: port 1(bridge_slave_0) entered blocking state
[  573.377908][T13620] bridge0: port 1(bridge_slave_0) entered forwarding state
[  573.423093][  T979] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0
[  573.465491][  T979] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0/input26
[  573.524283][  T979] imon 10-1:155.0: iMON device (15c2:ffdc, intf0) on usb<10:13> initialized
[  573.661953][T13592] imon:send_packet: packet tx failed (-71)
[  573.662028][ T9260] usb 10-1: USB disconnect, device number 13
[  573.694804][T13592] imon:vfd_write: send packet #0 failed
[  575.034722][ T9260] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  575.254590][ T9260] usb 9-1: config 0 has no interfaces?
[  575.359798][ T9260] usb 9-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  575.381309][ T9260] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.410653][ T9260] usb 9-1: config 0 descriptor??
[  575.524631][ T5933] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  575.674959][ T5933] usb 8-1: device descriptor read/64, error -71
[  575.944585][ T5933] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  576.084583][ T5933] usb 8-1: device descriptor read/64, error -71
[  576.195777][ T5933] usb usb8-port1: attempt power cycle
[  576.730779][ T5933] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  576.786351][ T5933] usb 8-1: device descriptor read/8, error -71
[  577.054726][ T5933] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  577.165340][ T5933] usb 8-1: device descriptor read/8, error -71
[  577.247962][   T30] audit: type=1326 audit(1767963119.804:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13693 comm="syz.0.2187" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcec798f749 code=0x0
[  577.286511][ T5933] usb usb8-port1: unable to enumerate USB device
[  577.365538][T13706] loop5: detected capacity change from 0 to 2719
[  577.461792][T13494] Buffer I/O error on dev loop5, logical block 339, async page read
[  577.664894][ T5906] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  577.849550][T13722] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2191'.
[  577.879330][ T5906] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[  577.887750][ T5906] usb 1-1: config 0 has no interface number 0
[  577.893894][ T5906] usb 1-1: config 0 interface 148 altsetting 0 endpoint 0x7 has invalid maxpacket 36624, setting to 64
[  578.461319][ T8720] usb 9-1: USB disconnect, device number 10
[  578.657274][ T5906] usb 1-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.ec
[  578.703513][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.744638][ T5906] usb 1-1: Product: syz
[  578.754768][ T5906] usb 1-1: Manufacturer: syz
[  578.802562][ T5906] usb 1-1: SerialNumber: syz
[  578.838126][ T5906] usb 1-1: config 0 descriptor??
[  578.886093][T13706] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  578.905395][ T5906] kobil_sct 1-1:0.148: KOBIL USB smart card terminal converter detected
[  579.043605][ T5906] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  579.117513][ T5933] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  579.157220][T13734] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.164338][T13734] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.286158][ T5933] usb 9-1: Using ep0 maxpacket: 8
[  579.295085][ T5933] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  579.312639][ T5933] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  579.331207][ T5933] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  579.333999][ T5906] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  579.361259][ T5933] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  579.361946][ T5906] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  579.375751][ T5933] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  579.404215][ T5933] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  579.433143][ T5933] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.685265][ T5933] usb 9-1: usb_control_msg returned -32
[  579.691388][ T5933] usbtmc 9-1:16.0: can't read capabilities
[  580.340341][ T5933] usb 1-1: USB disconnect, device number 39
[  580.353825][ T5933] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  580.400415][ T5933] kobil_sct 1-1:0.148: device disconnected
[  581.870778][ T8720] usb 9-1: USB disconnect, device number 11
[  582.335181][ T8720] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  582.514576][ T8720] usb 9-1: Using ep0 maxpacket: 32
[  582.539024][ T8720] usb 9-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  582.572532][ T8720] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.599230][ T8720] usb 9-1: Product: syz
[  582.700197][ T8720] usb 9-1: Manufacturer: syz
[  582.721243][ T8720] usb 9-1: SerialNumber: syz
[  582.789149][ T8720] usb 9-1: config 0 descriptor??
[  583.047500][ T8720] RobotFuzz Open Source InterFace, OSIF 9-1:0.0: version d4.15 found at bus 009 address 012
[  583.059338][T13800] bridge0: port 1(bridge_slave_0) entered blocking state
[  583.066436][T13800] bridge0: port 1(bridge_slave_0) entered forwarding state
[  583.436657][  T979] usb 9-1: USB disconnect, device number 12
[  583.443062][T13781] i2c i2c-1: failure writing data
[  584.284822][ T8720] usb 8-1: new low-speed USB device number 19 using dummy_hcd
[  584.444617][ T8720] usb 8-1: Invalid ep0 maxpacket: 64
[  584.590435][ T8720] usb 8-1: new low-speed USB device number 20 using dummy_hcd
[  584.719753][T13841] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.726864][T13841] bridge0: port 1(bridge_slave_0) entered forwarding state
[  584.864585][ T8720] usb 8-1: Invalid ep0 maxpacket: 64
[  584.870160][ T8720] usb usb8-port1: attempt power cycle
[  585.314843][ T8720] usb 8-1: new low-speed USB device number 21 using dummy_hcd
[  585.402112][ T8720] usb 8-1: Invalid ep0 maxpacket: 64
[  585.538008][ T8720] usb 8-1: new low-speed USB device number 22 using dummy_hcd
[  585.597679][ T8720] usb 8-1: Invalid ep0 maxpacket: 64
[  585.631142][ T8720] usb usb8-port1: unable to enumerate USB device
[  587.845676][T13922] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.853454][T13922] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.982782][T13927] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2256'.
[  587.992183][T13927] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2256'.
[  588.001327][T13927] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2256'.
[  588.126312][T13931] dvmrp6: entered allmulticast mode
[  588.339896][T13927] netlink: 16186 bytes leftover after parsing attributes in process `syz.8.2256'.
[  589.664632][ T6047] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  589.834649][ T6047] usb 7-1: Using ep0 maxpacket: 16
[  589.858592][ T6047] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  589.895364][ T6047] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  589.911547][ T6047] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  589.974837][ T6047] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  589.983903][ T6047] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.009053][ T6047] usb 7-1: config 0 descriptor??
[  590.488216][ T6047] input: HID 05ac:8241 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:05AC:8241.0009/input/input27
[  590.615422][ T6047] appleir 0003:05AC:8241.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0
[  590.679253][ T6047] usb 7-1: USB disconnect, device number 16
[  590.731462][T14002] input: syz1 as /devices/virtual/input/input28
[  590.921982][T14002] netlink: 'syz.8.2283': attribute type 1 has an invalid length.
[  590.939834][T14002] gretap1: entered allmulticast mode
[  592.642362][   T10] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  592.934590][   T10] usb 8-1: Using ep0 maxpacket: 8
[  593.099761][   T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  593.131168][   T10] usb 8-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[  593.176002][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.257795][   T10] usb 8-1: config 0 descriptor??
[  593.467576][T14050] syz.0.2303 (14050): drop_caches: 2
[  594.057695][T14080] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2312'.
[  594.880770][T14097] netlink: 16186 bytes leftover after parsing attributes in process `syz.9.2321'.
[  594.960432][ T6047] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  594.970183][ T6047] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  595.493695][ T8720] usb 8-1: USB disconnect, device number 23
[  596.090170][T14128] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2331'.
[  596.622159][T14133] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.2333'.
[  596.698061][T14133] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.2333'.
[  597.770348][T14169] netlink: 40 bytes leftover after parsing attributes in process `syz.9.2348'.
[  597.885439][T14176] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2349'.
[  597.895410][T14176] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2349'.
[  597.904390][T14176] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2349'.
[  598.061471][T14176] netlink: 16186 bytes leftover after parsing attributes in process `syz.8.2349'.
[  601.411978][T14244] netlink: 212408 bytes leftover after parsing attributes in process `syz.7.2375'.
[  601.522829][T14254] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2374'.
[  601.583633][T14254] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2374'.
[  601.598997][T14254] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2374'.
[  601.915456][T14262] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.2374'.
[  605.953727][   T10] IPVS: starting estimator thread 0...
[  606.184721][T14341] IPVS: using max 52 ests per chain, 124800 per kthread
[  606.236336][T14321] bridge2: entered promiscuous mode
[  606.241606][T14321] bridge2: entered allmulticast mode
[  606.305440][  T979] usb 10-1: new low-speed USB device number 14 using dummy_hcd
[  606.340355][T14347] bridge4: entered promiscuous mode
[  606.356127][T14347] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.2404'.
[  606.725855][  T979] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  606.774578][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  606.808010][  T979] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  606.880965][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  606.946972][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  607.005677][  T979] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  607.039447][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  607.071896][  T979] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  607.134276][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  607.171728][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  607.219592][  T979] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  607.236007][   T10] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  607.249442][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  607.306950][  T979] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  607.360240][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  607.449800][   T10] usb 8-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice=1e.a0
[  607.464595][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.484312][   T10] usb 8-1: config 0 descriptor??
[  607.509787][   T10] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input30
[  607.524735][  T979] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  607.712775][  T979] usb 10-1: string descriptor 0 read error: -22
[  607.760971][T14355] bond2: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  607.793715][  T979] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  607.812326][T14355] bond2 (unregistering): Released all slaves
[  607.860949][  T979] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.954203][  T979] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  608.408875][ T5185] bcm5974 8-1:0.0: could not read from device
[  608.436345][   T10] usb 8-1: USB disconnect, device number 24
[  608.448388][ T5185] bcm5974 8-1:0.0: could not read from device
[  608.546247][T14386] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2418'.
[  609.126345][   T10] usb 1-1: new full-speed USB device number 40 using dummy_hcd
[  609.442218][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=b0.23
[  609.452702][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.520627][   T10] usb 1-1: config 0 descriptor??
[  609.565417][T14404] netdevsim netdevsim7 : renamed from netdevsim0 (while UP)
[  609.599613][   T10] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input31
[  609.790615][T14408] program syz.7.2427 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  610.020488][ T8787] usb 10-1: USB disconnect, device number 14
[  610.781815][T14427] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.2435'.
[  610.799507][T14427] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.2435'.
[  611.815764][ T5185] bcm5974 1-1:0.0: could not read from device
[  611.825373][ T5185] bcm5974 1-1:0.0: could not read from device
[  611.835116][   T10] usb 1-1: USB disconnect, device number 40
[  611.847429][ T5185] bcm5974 1-1:0.0: could not read from device
[  611.912902][T13494] udevd[13494]: Error opening device "/dev/input/event4": No such file or directory
[  611.976149][T13494] udevd[13494]: Unable to EVIOCGABS device "/dev/input/event4"
[  611.983872][T13494] udevd[13494]: Unable to EVIOCGABS device "/dev/input/event4"
[  612.006992][T13494] udevd[13494]: Unable to EVIOCGABS device "/dev/input/event4"
[  612.017127][T13494] udevd[13494]: Unable to EVIOCGABS device "/dev/input/event4"
[  612.034589][ T8787] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  612.214613][ T8787] usb 8-1: Using ep0 maxpacket: 32
[  612.226013][ T8787] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  612.302867][ T8787] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  612.320043][ T8787] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  612.381354][ T8787] usb 8-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  612.403931][ T8787] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.437198][ T8787] usb 8-1: config 0 descriptor??
[  612.873354][ T8787] input: HID 0458:5011 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0458:5011.000B/input/input32
[  613.192316][ T8787] input: HID 0458:5011 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0458:5011.000B/input/input33
[  613.263198][ T8787] kye 0003:0458:5011.000B: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.7-1/input0
[  613.342692][ T8787] usb 8-1: USB disconnect, device number 25
[  613.454688][T14466] fido_id[14466]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory
[  614.236966][T14498] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.244065][T14498] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.840277][T14504] wireguard0: entered promiscuous mode
[  614.877009][T14504] wireguard0: entered allmulticast mode
[  615.237838][T14524] netlink: 52 bytes leftover after parsing attributes in process `syz.9.2467'.
[  617.973406][T14554] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2479'.
[  618.532385][T14584] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2492'.
[  619.834619][ T8720] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  619.997591][ T8720] usb 10-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice=1e.a0
[  620.031566][ T8720] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.070513][ T8720] usb 10-1: config 0 descriptor??
[  620.092775][ T8720] input: bcm5974 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input34
[  620.269177][T14628] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2506'.
[  620.332633][T14615] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  620.433457][T14615] bond1 (unregistering): Released all slaves
[  620.697484][T14627] bridge3: entered promiscuous mode
[  620.888953][ T5185] bcm5974 10-1:0.0: could not read from device
[  620.924612][ T5185] bcm5974 10-1:0.0: could not read from device
[  620.949602][ T8720] usb 10-1: USB disconnect, device number 15
[  621.444313][T14653] netlink: 'syz.0.2511': attribute type 29 has an invalid length.
[  621.452575][T14653] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2511'.
[  621.889206][T14670] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2519'.
[  623.956060][T14716] input: syz1 as /devices/virtual/input/input35
[  624.194632][ T8661] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  624.217172][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.224053][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  624.356016][ T8661] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  624.365377][ T8661] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.376389][ T8661] usb 8-1: config 0 descriptor??
[  624.383735][ T8661] cp210x 8-1:0.0: cp210x converter detected
[  624.587526][T14725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  624.597671][T14725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  624.628549][ T8661] cp210x 8-1:0.0: failed to get vendor val 0x370b size 1: -121
[  624.636278][ T8661] cp210x 8-1:0.0: querying part number failed
[  624.648044][ T8661] usb 8-1: cp210x converter now attached to ttyUSB0
[  625.503922][T14755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  625.582891][T14755] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.127649][T14773] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.2553'.
[  626.141173][T14773] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.2553'.
[  626.204875][  T979] usb 8-1: USB disconnect, device number 26
[  626.234041][  T979] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  626.254088][  T979] cp210x 8-1:0.0: device disconnected
[  626.824928][ T8661] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  626.977316][ T8661] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.988907][ T8661] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 3
[  627.004352][T14800] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2566'.
[  627.016515][ T8661] usb 9-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  627.025685][ T8661] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.040410][ T8661] usb 9-1: config 0 descriptor??
[  627.460799][T14827] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2577'.
[  627.472645][T14788] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2560'.
[  627.487157][T14814] bridge4: entered promiscuous mode
[  627.495898][T14827] netlink: 'syz.9.2577': attribute type 5 has an invalid length.
[  627.496025][ T8661] Bluetooth: Can't get state to change to load configuration err
[  627.538015][ T8661] Bluetooth: Loading sysconfig file failed
[  627.544000][ T8661] ath3k 9-1:0.0: probe with driver ath3k failed with error -16
[  627.556827][T14827] netlink: 48 bytes leftover after parsing attributes in process `syz.9.2577'.
[  627.561744][ T8661] usb 9-1: USB disconnect, device number 13
[  627.756145][T14827] geneve2: entered promiscuous mode
[  627.778839][T14827] geneve2: entered allmulticast mode
[  628.468550][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88807ad91c00: rx timeout, send abort
[  628.478849][    C1] vxcan1: j1939_tp_rxtimer: 0xffff88807ad90800: rx timeout, send abort
[  628.487457][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88807ad91c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  628.502831][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88807ad90800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  628.909510][T14871] ptrace attach of "./syz-executor exec"[9100] was attempted by "./syz-executor exec"[14871]
[  629.136661][T14867] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  629.150384][T14867] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  629.162134][T14867] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  629.170770][T14867] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  629.182114][T14867] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  631.015003][ T5827] Bluetooth: hci0: command 0x0406 tx timeout
[  631.197117][ T5827] Bluetooth: hci1: command 0x0406 tx timeout
[  631.254638][ T5827] Bluetooth: hci6: command 0x0c1a tx timeout
[  631.254670][ T5837] Bluetooth: hci2: command 0x0406 tx timeout
[  631.260724][ T5836] Bluetooth: hci5: command 0x0c1a tx timeout
[  631.930824][T14911] pim6reg: entered allmulticast mode
[  631.936309][   T30] audit: type=1326 audit(1767963174.474:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  631.985960][T14911] pim6reg: left allmulticast mode
[  632.044610][   T30] audit: type=1326 audit(1767963174.474:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b9ff8df90 code=0x7ffc0000
[  632.131800][   T30] audit: type=1326 audit(1767963174.474:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.179330][   T30] audit: type=1326 audit(1767963174.474:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.232515][   T30] audit: type=1326 audit(1767963174.474:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.273790][T14919] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.2605'.
[  632.304490][   T30] audit: type=1326 audit(1767963174.474:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.327133][   T30] audit: type=1326 audit(1767963174.474:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.380571][   T30] audit: type=1326 audit(1767963174.474:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.403341][T14919] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.2605'.
[  632.424593][   T30] audit: type=1326 audit(1767963174.474:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.463643][   T30] audit: type=1326 audit(1767963174.474:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14909 comm="syz.9.2604" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b9ff8f749 code=0x7ffc0000
[  632.597176][ T8661] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  632.612299][ T8661] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  635.162095][T15000] tipc: Started in network mode
[  635.167080][T15000] tipc: Node identity 84e, cluster identity 4711
[  635.173430][T15000] tipc: Node number set to 2126
[  635.960920][T15017] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2645'.
[  636.064076][T15023] fuse: Bad value for 'fd'
[  636.450062][T15046] netlink: 56 bytes leftover after parsing attributes in process `syz.8.2655'.
[  636.491272][T15047] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2657'.
[  639.231219][ T8720] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  639.305310][T15092] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  639.715943][ T8720] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.715972][ T8720] usb 8-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[  639.715986][ T8720] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.717408][ T8720] usb 8-1: config 0 descriptor??
[  639.737158][ T8720] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  640.397330][T15093] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  640.431162][T15093] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  640.507004][T15098] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  640.935247][   T12] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  640.954279][   T12] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  640.983496][   T12] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.086435][   T12] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.295783][T15106] kvm: pic: non byte write
[  641.949087][   T10] usb 8-1: USB disconnect, device number 27
[  643.272724][ T5933] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  643.459914][ T5933] usb 8-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice=1e.a0
[  643.495869][ T5933] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.565912][ T5933] usb 8-1: config 0 descriptor??
[  643.574386][ T5933] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input36
[  643.809525][T15146] bond2: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  643.850752][T15146] bond2 (unregistering): Released all slaves
[  643.991351][ T5185] bcm5974 8-1:0.0: could not read from device
[  644.053812][ T5185] bcm5974 8-1:0.0: could not read from device
[  644.084995][ T5185] bcm5974 8-1:0.0: could not read from device
[  644.091454][ T5933] usb 8-1: USB disconnect, device number 28
[  646.486725][T15220] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2710'.
[  646.577300][T15224] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2712'.
[  646.586238][T15225] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  646.788404][T15230] kvm: pic: non byte write
[  647.045643][   T10] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  647.196949][T15252] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2721'.
[  647.244611][   T10] usb 10-1: Using ep0 maxpacket: 32
[  647.259547][   T10] usb 10-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  647.271784][   T10] usb 10-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  647.312663][   T10] usb 10-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  647.331297][   T10] usb 10-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  647.355702][   T10] usb 10-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  647.377495][   T10] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.416114][   T10] usb 10-1: Product: syz
[  647.420429][   T10] usb 10-1: Manufacturer: syz
[  647.425364][   T10] usb 10-1: SerialNumber: syz
[  647.440653][    C0] imon 10-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  647.450572][   T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/input/input37
[  647.664814][   T10] imon 10-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  647.676889][   T10]  (id 0x00)
[  647.774722][   T10] rc_core: IR keymap rc-imon-pad not found
[  647.783961][   T10] Registered IR keymap rc-empty
[  647.845982][   T10] imon 10-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  647.860762][   T10] imon 10-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  647.997846][   T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0
[  648.036824][   T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:155.0/rc/rc0/input38
[  648.086128][   T10] imon 10-1:155.0: iMON device (15c2:ffdc, intf0) on usb<10:16> initialized
[  648.204892][ T5906] usb 10-1: USB disconnect, device number 16
[  648.594381][T15275] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2727'.
[  648.966803][T15285] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  649.140939][T15285] bond1 (unregistering): Released all slaves
[  650.424430][T15318] fuse: Bad value for 'fd'
[  651.024719][ T6047] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  651.254583][ T6047] usb 1-1: Using ep0 maxpacket: 16
[  651.280930][ T6047] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  651.290788][ T6047] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.313842][ T6047] usb 1-1: Product: syz
[  651.324842][ T6047] usb 1-1: Manufacturer: syz
[  651.334108][ T6047] usb 1-1: SerialNumber: syz
[  651.441846][ T6047] usb 1-1: config 0 descriptor??
[  651.479284][T15346] fuse: Bad value for 'fd'
[  651.938996][ T6047] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  651.956896][ T6047] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  652.018043][ T6047] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  652.033298][ T6047] usb 1-1: media controller created
[  652.111685][ T6047] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  652.128934][T15329] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2747'.
[  652.235372][ T6047] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  652.253491][ T6047] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  652.276236][T15361] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2761'.
[  652.609305][T15371] bridge3: entered promiscuous mode
[  652.719427][ T5906] usb 1-1: USB disconnect, device number 41
[  652.775650][ T5906] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  652.785758][T15379] fuse: Bad value for 'fd'
[  653.117346][ T6047] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  653.141448][ T6047] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  653.664619][ T5906] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  653.826914][ T5906] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  653.857784][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  653.869775][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  653.880441][ T5906] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  653.909823][ T5906] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  653.922752][ T5906] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  653.951246][ T5906] usb 1-1: Manufacturer: syz
[  654.005458][ T5906] usb 1-1: config 0 descriptor??
[  654.473753][ T5906] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[  654.486342][ T5906] appleir 0003:05AC:8243.000E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  655.019981][ T8720] usb 1-1: USB disconnect, device number 42
[  656.399544][ T8661] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  656.512707][ T8661] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  657.104640][ T8661] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  657.267835][ T8661] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  657.278981][ T8661] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  657.323711][ T8661] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  657.342169][ T8661] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  657.369576][ T8661] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  657.390295][ T8661] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  657.433134][ T8661] usb 8-1: Manufacturer: syz
[  657.450566][ T8661] usb 8-1: config 0 descriptor??
[  657.903656][ T8661] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  657.966094][ T8661] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.7-1/input0
[  658.227477][ T8720] usb 8-1: USB disconnect, device number 29
[  658.379577][T15486] fido_id[15486]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[  658.757073][T15496] batadv_slave_0: entered promiscuous mode
[  658.768808][T15495] batadv_slave_0: left promiscuous mode
[  658.798377][T15498] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.805734][T15498] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.474263][T15533] netlink: 72 bytes leftover after parsing attributes in process `syz.7.2819'.
[  661.516546][T15559] netlink: 'syz.7.2827': attribute type 21 has an invalid length.
[  661.545941][T15559] netlink: 4452 bytes leftover after parsing attributes in process `syz.7.2827'.
[  661.804761][T15561] input: syz1 as /devices/virtual/input/input39
[  664.257008][T15613] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2848'.
[  666.398814][T15678] netlink: 20 bytes leftover after parsing attributes in process `syz.9.2868'.
[  666.840758][T15688] kvm: pic: non byte write
[  667.532748][T15705] warning: `syz.9.2876' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  668.267921][T15714] can: request_module (can-proto-0) failed.
[  669.111939][T15746] netlink: 72 bytes leftover after parsing attributes in process `syz.9.2888'.
[  669.194853][   T10] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  669.369599][   T10] usb 8-1: Using ep0 maxpacket: 16
[  669.380885][   T10] usb 8-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  669.415074][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.439796][   T10] usb 8-1: Product: syz
[  669.446746][   T10] usb 8-1: Manufacturer: syz
[  669.452735][   T10] usb 8-1: SerialNumber: syz
[  669.461396][   T10] usb 8-1: config 0 descriptor??
[  669.996800][   T10] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  670.006751][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  670.029744][   T10] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  670.029778][   T10] usb 8-1: media controller created
[  670.044700][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  670.197811][T15736] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2884'.
[  670.266382][   T10] zl10353_read_register: readreg error (reg=127, ret==0)
[  670.274683][T15765] ------------[ cut here ]------------
[  670.280324][T15765] usb 8-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType c0
[  670.288962][T15765] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x105c/0x18d0, CPU#1: syz.0.2891/15765
[  670.299543][T15765] Modules linked in:
[  670.303594][T15765] CPU: 1 UID: 0 PID: 15765 Comm: syz.0.2891 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  670.314731][T15765] Tainted: [L]=SOFTLOCKUP
[  670.319649][T15765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  670.329727][T15765] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[  670.335376][T15765] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[  670.355163][T15765] RSP: 0018:ffffc9000498f680 EFLAGS: 00010246
[  670.361220][T15765] RAX: 0000000000000000 RBX: ffff888028b6e300 RCX: 0000000080001e80
[  670.369334][T15765] RDX: ffff88802890c8e0 RSI: ffffffff8c140a20 RDI: ffffffff8f8ee5d0
[  670.377413][T15765] RBP: 1ffff110052f0400 R08: 00000000000000c0 R09: 0000000000000000
[  670.385404][T15765] R10: ffffc9000498f780 R11: fffff52000931efc R12: ffff88807d5d6100
[  670.393366][T15765] R13: ffff888029782000 R14: 0000000080001e80 R15: ffff88802890c8e0
[  670.401350][T15765] FS:  00007fcec889d6c0(0000) GS:ffff888125f1f000(0000) knlGS:0000000000000000
[  670.405191][    T9] kworker/0:0 (9) used greatest stack depth: 15288 bytes left
[  670.410303][T15765] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  670.424310][T15765] CR2: 00002000002e9030 CR3: 00000000592e0000 CR4: 00000000003526f0
[  670.432548][T15765] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000001
[  670.440542][T15765] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  670.448583][T15765] Call Trace:
[  670.451853][T15765]  <TASK>
[  670.454814][T15765]  ? __init_swait_queue_head+0xa9/0x150
[  670.460376][T15765]  usb_start_wait_urb+0x115/0x4f0
[  670.465436][T15765]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  670.471013][T15765]  usb_control_msg+0x232/0x3e0
[  670.475812][T15765]  dtv5100_i2c_msg+0x231/0x2f0
[  670.480578][T15765]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  670.485459][T15765]  __i2c_transfer+0x79a/0x1f00
[  670.490221][T15765]  __i2c_smbus_xfer+0xf5d/0x1e20
[  670.495178][T15765]  ? rt_mutex_slowlock+0x1c9/0x6b0
[  670.500288][T15765]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  670.505757][T15765]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  670.511129][T15765]  ? rt_mutex_lock_nested+0x172/0x1e0
[  670.516503][T15765]  ? do_vfs_ioctl+0xbe8/0x1430
[  670.521254][T15765]  i2c_smbus_xfer+0x1f4/0x310
[  670.525943][T15765]  i2cdev_ioctl_smbus+0x3db/0x750
[  670.530959][T15765]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  670.536565][T15765]  i2cdev_ioctl+0x5d3/0x820
[  670.541055][T15765]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  670.546097][T15765]  ? __fget_files+0x2a/0x420
[  670.550679][T15765]  ? __fget_files+0x3a0/0x420
[  670.555358][T15765]  ? bpf_lsm_file_ioctl+0x9/0x20
[  670.560280][T15765]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  670.565350][T15765]  __se_sys_ioctl+0xfc/0x170
[  670.569936][T15765]  do_syscall_64+0xec/0xf80
[  670.574426][T15765]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.580489][T15765]  ? trace_irq_disable+0x37/0x100
[  670.585526][T15765]  ? clear_bhb_loop+0x60/0xb0
[  670.590196][T15765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.596116][T15765] RIP: 0033:0x7fcec798f749
[  670.600528][T15765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  670.620459][T15765] RSP: 002b:00007fcec889d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  670.628966][T15765] RAX: ffffffffffffffda RBX: 00007fcec7be5fa0 RCX: 00007fcec798f749
[  670.636948][T15765] RDX: 0000200000000180 RSI: 0000000000000720 RDI: 0000000000000007
[  670.644928][T15765] RBP: 00007fcec7a13f91 R08: 0000000000000000 R09: 0000000000000000
[  670.652884][T15765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  670.660876][T15765] R13: 00007fcec7be6038 R14: 00007fcec7be5fa0 R15: 00007fcec7d0fa28
[  670.668858][T15765]  </TASK>
[  670.671866][T15765] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  670.679127][T15765] CPU: 1 UID: 0 PID: 15765 Comm: syz.0.2891 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  670.690040][T15765] Tainted: [L]=SOFTLOCKUP
[  670.694342][T15765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  670.704376][T15765] Call Trace:
[  670.707643][T15765]  <TASK>
[  670.710560][T15765]  vpanic+0x1e0/0x670
[  670.714538][T15765]  panic+0xb9/0xc0
[  670.718263][T15765]  ? __pfx_panic+0x10/0x10
[  670.722669][T15765]  __warn+0x317/0x4b0
[  670.726633][T15765]  ? usb_submit_urb+0x105c/0x18d0
[  670.731641][T15765]  ? usb_submit_urb+0x105c/0x18d0
[  670.736644][T15765]  __report_bug+0x288/0x500
[  670.741133][T15765]  ? usb_submit_urb+0x105c/0x18d0
[  670.746143][T15765]  ? __pfx___report_bug+0x10/0x10
[  670.751153][T15765]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  670.756945][T15765]  ? lockdep_hardirqs_on+0x7b/0x110
[  670.762123][T15765]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  670.767917][T15765]  ? stack_depot_save_flags+0x3f3/0x810
[  670.773468][T15765]  report_bug_entry+0x19a/0x290
[  670.778300][T15765]  ? usb_submit_urb+0x111c/0x18d0
[  670.783302][T15765]  ? usb_submit_urb+0x1121/0x18d0
[  670.788305][T15765]  handle_bug+0xca/0x200
[  670.792544][T15765]  exc_invalid_op+0x1a/0x50
[  670.797029][T15765]  asm_exc_invalid_op+0x1a/0x20
[  670.801861][T15765] RIP: 0010:usb_submit_urb+0x111c/0x18d0
[  670.807478][T15765] Code: b8 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 a7 05 00 00 45 0f b6 45 00 48 8b 3c 24 48 8b 74 24 20 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 b7 f2 ff ff 89 e9
[  670.827065][T15765] RSP: 0018:ffffc9000498f680 EFLAGS: 00010246
[  670.833116][T15765] RAX: 0000000000000000 RBX: ffff888028b6e300 RCX: 0000000080001e80
[  670.841069][T15765] RDX: ffff88802890c8e0 RSI: ffffffff8c140a20 RDI: ffffffff8f8ee5d0
[  670.849024][T15765] RBP: 1ffff110052f0400 R08: 00000000000000c0 R09: 0000000000000000
[  670.856978][T15765] R10: ffffc9000498f780 R11: fffff52000931efc R12: ffff88807d5d6100
[  670.864933][T15765] R13: ffff888029782000 R14: 0000000080001e80 R15: ffff88802890c8e0
[  670.872900][T15765]  ? __init_swait_queue_head+0xa9/0x150
[  670.878441][T15765]  usb_start_wait_urb+0x115/0x4f0
[  670.883454][T15765]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  670.888991][T15765]  usb_control_msg+0x232/0x3e0
[  670.893740][T15765]  dtv5100_i2c_msg+0x231/0x2f0
[  670.898488][T15765]  dtv5100_i2c_xfer+0x1a4/0x3c0
[  670.903323][T15765]  __i2c_transfer+0x79a/0x1f00
[  670.908074][T15765]  __i2c_smbus_xfer+0xf5d/0x1e20
[  670.912997][T15765]  ? rt_mutex_slowlock+0x1c9/0x6b0
[  670.918092][T15765]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  670.923533][T15765]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  670.928898][T15765]  ? rt_mutex_lock_nested+0x172/0x1e0
[  670.934251][T15765]  ? do_vfs_ioctl+0xbe8/0x1430
[  670.938994][T15765]  i2c_smbus_xfer+0x1f4/0x310
[  670.943655][T15765]  i2cdev_ioctl_smbus+0x3db/0x750
[  670.948662][T15765]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  670.954195][T15765]  i2cdev_ioctl+0x5d3/0x820
[  670.958679][T15765]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  670.963682][T15765]  ? __fget_files+0x2a/0x420
[  670.968253][T15765]  ? __fget_files+0x3a0/0x420
[  670.972911][T15765]  ? bpf_lsm_file_ioctl+0x9/0x20
[  670.977827][T15765]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  670.982832][T15765]  __se_sys_ioctl+0xfc/0x170
[  670.987409][T15765]  do_syscall_64+0xec/0xf80
[  670.991894][T15765]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.997940][T15765]  ? trace_irq_disable+0x37/0x100
[  671.002946][T15765]  ? clear_bhb_loop+0x60/0xb0
[  671.007603][T15765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.013475][T15765] RIP: 0033:0x7fcec798f749
[  671.017868][T15765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.037452][T15765] RSP: 002b:00007fcec889d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  671.045848][T15765] RAX: ffffffffffffffda RBX: 00007fcec7be5fa0 RCX: 00007fcec798f749
[  671.053799][T15765] RDX: 0000200000000180 RSI: 0000000000000720 RDI: 0000000000000007
[  671.061753][T15765] RBP: 00007fcec7a13f91 R08: 0000000000000000 R09: 0000000000000000
[  671.069714][T15765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  671.077676][T15765] R13: 00007fcec7be6038 R14: 00007fcec7be5fa0 R15: 00007fcec7d0fa28
[  671.085645][T15765]  </TASK>
[  671.088996][T15765] Kernel Offset: disabled
[  671.093308][T15765] Rebooting in 86400 seconds..