last executing test programs:

16m47.404869907s ago: executing program 1 (id=2992):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(0x0, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x800000, 0x5, 0x0, 0xfffffe0000000001, 0xfa11}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="6c6f636b20696f2b6d656d06"], 0xc)
write$vga_arbiter(r5, &(0x7f00000001c0)=@unlock_all, 0xb)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r4, 0x0, 0x10000, 0x0, 0x1, 0x2ea473, 0x2eb80c})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x1000000, 0x3f})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x2, 0x0, &(0x7f00000002c0)="b800", 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x4091, r0, 0x9b71000)
mq_open(0x0, 0x80, 0xc, 0x0)
r6 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r6, 0x0)
sched_getattr(r6, &(0x7f0000000200)={0x38}, 0x38, 0x0)
lsm_get_self_attr(0x65, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
shutdown(0xffffffffffffffff, 0x0)

16m44.16811628s ago: executing program 1 (id=3003):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x80)
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000640), 0x1, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fd/3\x00')
preadv(r2, &(0x7f0000000080)=[{&(0x7f00000021c0)=""/138, 0x8a}], 0x1, 0x4, 0x0)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x4080, 0x0)
ioctl$FBIOPUTCMAP(r3, 0x4605, &(0x7f0000000480)={0xff, 0x0, &(0x7f0000000240), &(0x7f00000003c0)=[0xd, 0x5, 0x1, 0x3ff, 0x1ff], &(0x7f0000000400)=[0x2, 0x6], &(0x7f0000000440)=[0x3]})
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000280))
sched_setattr(0x0, &(0x7f00000004c0)={0x38, 0x0, 0x4, 0xe0, 0x0, 0xb49, 0x200000000002, 0x7, 0x18, 0x3}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000180))
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
io_setup(0x6, &(0x7f0000001380)=<r5=>0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$IPT_SO_GET_ENTRIES(r6, 0x0, 0x41, 0x0, &(0x7f0000000000))
openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x105004, 0x0)
io_submit(r5, 0x0, 0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
preadv(r8, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000500)=""/84, 0x54}], 0x2, 0x4, 0x8008)
ioctl$DRM_IOCTL_WAIT_VBLANK(r8, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x5, 0x3})
writev(0xffffffffffffffff, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff000000", 0x46}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)

16m41.767650028s ago: executing program 1 (id=3009):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
lseek(r3, 0x6, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x0)

16m39.244609887s ago: executing program 1 (id=3012):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
fsopen(0x0, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x800000, 0x5, 0x0, 0xfffffe0000000001, 0xfa11}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="6c6f636b20696f2b6d656d06"], 0xc)
write$vga_arbiter(r5, &(0x7f00000001c0)=@unlock_all, 0xb)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r4, 0x0, 0x10000, 0x0, 0x1, 0x2ea473, 0x2eb80c})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x1000000, 0x3f})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x2, 0x0, &(0x7f00000002c0)="b800", 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x4091, r0, 0x9b71000)
mq_open(0x0, 0x80, 0xc, 0x0)
r6 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r6, 0x0)
sched_getattr(r6, &(0x7f0000000200)={0x38}, 0x38, 0x0)
lsm_get_self_attr(0x65, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
shutdown(0xffffffffffffffff, 0x0)

16m35.898668053s ago: executing program 1 (id=3024):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r0, 0xe503, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x103)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x413, &(0x7f0000000080)=ANY=[@ANYBLOB="66649f55e74bf1515c07d480bd7ae33db26d5e9c450c0303a255cc984289f5f320992f815401eba8e40d5bc2ade1efa00173150903da60c3af7adc3f3bc41c32e5f8a3a1b1c06b346770dfac58b1d28250936e4bbb4bb473f4e56ea6660e8ed2ce1ff0bf4bab86cc14bcfd034933cc22f8d9cc669dee9b6be43ae3739f40ece91310b65be3b725f6a53d6a0ebec7ec4fb200000000dbd99db7c64ec54d19", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8)
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8)
dup3(r1, r2, 0x80000)

16m34.215657795s ago: executing program 1 (id=3026):
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000280)={0x0, 0x1c2e, 0x10000, 0x0, 0x0, 0x0, r3}, &(0x7f0000000080)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10002, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_DQBUF(r7, 0xc0585611, &(0x7f0000000380)=@mmap={0x401, 0x2, 0x4, 0x4, 0x4, {0x77359400}, {0x3, 0x2, 0xf, 0x6, 0x3, 0x1, "a91b63d9"}, 0x2, 0x1, {}, 0x101})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r8, 0x0, 0x0, 0x2090)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
r9 = gettid()
syz_open_procfs$userns(r9, &(0x7f0000000580))

16m18.91617928s ago: executing program 32 (id=3026):
socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000280)={0x0, 0x1c2e, 0x10000, 0x0, 0x0, 0x0, r3}, &(0x7f0000000080)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10002, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_DQBUF(r7, 0xc0585611, &(0x7f0000000380)=@mmap={0x401, 0x2, 0x4, 0x4, 0x4, {0x77359400}, {0x3, 0x2, 0xf, 0x6, 0x3, 0x1, "a91b63d9"}, 0x2, 0x1, {}, 0x101})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r8, 0x0, 0x0, 0x2090)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
r9 = gettid()
syz_open_procfs$userns(r9, &(0x7f0000000580))

10m42.652728598s ago: executing program 5 (id=4250):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x2, 0x80805, 0x0)
pipe(&(0x7f00000007c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x8, 0x920)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r3, 0x40045731, &(0x7f0000000340)=0x800)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000))

10m40.366080273s ago: executing program 5 (id=4258):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f00003af000/0x3000)=nil, 0x3000, 0x2, 0x12, r0, 0x0)
ftruncate(r0, 0xc17a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_setup(0x1694, &(0x7f0000000080)={0x0, 0xfac7})
r3 = syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1, 0x80)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r3, 0x4161, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x40044}}], 0x1, 0x4008014)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f00000002c0)=0x8001, 0x4)
splice(r4, 0x0, r6, 0x0, 0x39000, 0x0)

10m36.199953441s ago: executing program 5 (id=4267):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x2, 0x80805, 0x0)
pipe(&(0x7f00000007c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x8, 0x920)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r4, 0x40045731, &(0x7f0000000340)=0x800)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0)
modify_ldt$read_default(0x2, 0xffffffffffffffff, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x3804, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x69, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x26892}], 0xbb}}], 0x2, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000))

10m33.295563729s ago: executing program 5 (id=4273):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000600)={0xc8, 0x0, &(0x7f0000000b00)=[@increfs_done, @acquire={0x40046305, 0x1}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000400)={@flat=@binder={0x73622a85, 0x1114}, @fda={0x66646185, 0x4, 0x0, 0x29}, @ptr={0x70742a85, 0x1, &(0x7f0000000940)=""/229, 0xe5, 0x0, 0x36}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}}, @acquire={0x40046305, 0x2}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000580)={@fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/12, 0xc, 0x0, 0x2f}, @flat=@binder={0x73622a85, 0x1, 0x1}}, &(0x7f0000000340)={0x0, 0x18, 0x40}}}, @increfs_done], 0x91, 0x0, &(0x7f0000000c00)="47c1e8961fe691ae300011e83dff95f40f60e1cef8563a6458ec82d9a7c0df09c542f7cdc7d8788480f619bb2a319782a14591873380d3fe5dfbc9f25e177444719fd8c1cfea6509f8b4b00b66ce578548ee93316ee2768836a31e2f2772b88ab462cf33c3ee77285cdab3def79245eb5a9d5d155fe614cdd6a84a0ba4451b76f397d23dc74e2bb4eb5981cbd938b73e63"})
syz_usb_control_io(r1, 0x0, &(0x7f0000000480)={0x84, &(0x7f0000000380)={0x20, 0x15, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
unshare(0x4000000)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$uac2(r1, 0x0, &(0x7f0000000cc0)={0x44, &(0x7f0000000ac0)={0x0, 0x7, 0x6, "b4b8a218e9ff"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x20000, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r6, 0x541b, 0x0)
move_mount(r5, &(0x7f0000000140)='.\x00', r4, 0x0, 0x41)
keyctl$dh_compute(0x17, &(0x7f0000001200), 0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001340)={'hmac(streebog512)\x00'}})
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
syz_usb_control_io(r1, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000880)={0x84, &(0x7f0000000200)={0x40, 0xdebda7d818a07a1e, 0x4, "b36f539c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000700)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f0000000740)={0x40, 0x19, 0x2, "9a07"}, 0x0, &(0x7f00000007c0)={0x40, 0x1c, 0x1, 0xf7}, &(0x7f0000000800)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000840)={0x40, 0x21, 0x1, 0x3}})
r7 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x20, &(0x7f0000000740)={@remote, @dev={0xac, 0x14, 0x14, 0xf}}, 0xc)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
r9 = socket(0x2000000000000021, 0x2, 0x2)
shutdown(r9, 0x2)
shutdown(r9, 0x2)
close_range(r0, 0xffffffffffffffff, 0x0)

10m29.977421549s ago: executing program 5 (id=4284):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_mount_image$fuse(&(0x7f0000000680), &(0x7f00000006c0)='./file0\x00', 0x1000404, &(0x7f0000000700)=ANY=[], 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe2(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
splice(r1, 0x0, r3, 0x0, 0x6, 0x0)
pipe2(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000100), 0x10000, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00')
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000140)={@multicast2, @local, <r8=>0x0}, &(0x7f00000002c0)=0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x49, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20010840)
syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004d968119f68f58d94773b9ab884100003c"], 0x0)
r9 = socket$kcm(0x10, 0x1, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
setsockopt$inet_mreqn(r7, 0x0, 0x24, &(0x7f0000000300)={@multicast1, @broadcast, r8}, 0xc)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@local, @in=@initdev}}, {{@in6}, 0x0, @in6=@private0}}, &(0x7f0000000080)=0xe8)
splice(r2, 0x0, r5, 0x0, 0x6, 0xc)
vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)='/', 0x1}], 0x1, 0x6)
syz_emit_ethernet(0x5e, &(0x7f0000000540)=ANY=[@ANYBLOB="0180c2000001aaaaaaaaaa2a86dd6080000000283afffe8000000000000000000000000000bbfe800000000000000000000000290f000000907800000000ff02000000000000000000000000000100000000000010000000000000000001"], 0x0)
syz_open_dev$vivid(&(0x7f0000000000), 0x1, 0x2)
r10 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
lseek(r10, 0x4, 0x1)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000040)=ANY=[], 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10m29.27238359s ago: executing program 5 (id=4286):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x81}]})
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000140)={0x24, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000004000010bd28780000000000000109022400010000500009040002010300000009210000000122f8040905810300"], 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
syz_usbip_server_init(0x2)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad0012c6bfbc587fc3522670929d0b0b", 0x10)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000280)={@local, @random="6960dade3f48", @void, {@canfd={0xd, {{0x1}, 0x3e, 0x0, 0x0, 0x0, "d4515b6fb9b9323187794bcdda4dfb574f86ace807974bf099e7ee36cc3c39149cd445e41d5a55095b06464ef8fca9d59ac49f82ccd91aefc1b2119c38f09b75"}}}}, &(0x7f0000000080)={0x0, 0x3, [0x166, 0xf2b, 0x221, 0x5d4]})
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x81}]}) (async)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000140)={0x24, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108) (async)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000004000010bd28780000000000000109022400010000500009040002010300000009210000000122f8040905810300"], 0x0) (async)
socket$alg(0x26, 0x5, 0x0) (async)
syz_usbip_server_init(0x2) (async)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad0012c6bfbc587fc3522670929d0b0b", 0x10) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) (async)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_emit_ethernet(0x56, &(0x7f0000000280)={@local, @random="6960dade3f48", @void, {@canfd={0xd, {{0x1}, 0x3e, 0x0, 0x0, 0x0, "d4515b6fb9b9323187794bcdda4dfb574f86ace807974bf099e7ee36cc3c39149cd445e41d5a55095b06464ef8fca9d59ac49f82ccd91aefc1b2119c38f09b75"}}}}, &(0x7f0000000080)={0x0, 0x3, [0x166, 0xf2b, 0x221, 0x5d4]}) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) (async)

10m27.909756666s ago: executing program 33 (id=4286):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x81}]})
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000140)={0x24, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000004000010bd28780000000000000109022400010000500009040002010300000009210000000122f8040905810300"], 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
syz_usbip_server_init(0x2)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad0012c6bfbc587fc3522670929d0b0b", 0x10)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000280)={@local, @random="6960dade3f48", @void, {@canfd={0xd, {{0x1}, 0x3e, 0x0, 0x0, 0x0, "d4515b6fb9b9323187794bcdda4dfb574f86ace807974bf099e7ee36cc3c39149cd445e41d5a55095b06464ef8fca9d59ac49f82ccd91aefc1b2119c38f09b75"}}}}, &(0x7f0000000080)={0x0, 0x3, [0x166, 0xf2b, 0x221, 0x5d4]})
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x81}]}) (async)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000140)={0x24, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108) (async)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000004000010bd28780000000000000109022400010000500009040002010300000009210000000122f8040905810300"], 0x0) (async)
socket$alg(0x26, 0x5, 0x0) (async)
syz_usbip_server_init(0x2) (async)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad0012c6bfbc587fc3522670929d0b0b", 0x10) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) (async)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_emit_ethernet(0x56, &(0x7f0000000280)={@local, @random="6960dade3f48", @void, {@canfd={0xd, {{0x1}, 0x3e, 0x0, 0x0, 0x0, "d4515b6fb9b9323187794bcdda4dfb574f86ace807974bf099e7ee36cc3c39149cd445e41d5a55095b06464ef8fca9d59ac49f82ccd91aefc1b2119c38f09b75"}}}}, &(0x7f0000000080)={0x0, 0x3, [0x166, 0xf2b, 0x221, 0x5d4]}) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) (async)

22.001651058s ago: executing program 3 (id=6137):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
ioctl$TUNSETDEBUG(r3, 0x400454c9, &(0x7f00000001c0)=0x5)
write$cgroup_devices(r2, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a31000000000800a694fffffffc740000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100007d7239b067feebebcded1700004800038044000080080003400000000238000b80340001800a0001006c696d6974000100240002800c00024000000000000000030c000140000000000001000008000440000000011400007d55f046f107"], 0xd8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(r0)
r5 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$6lowpan_control(r5, &(0x7f0000000080)='connect aa:aa:aa:aa:aa:10 1', 0x19)
close_range(r5, r0, 0x0)

19.590285874s ago: executing program 0 (id=6143):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)}, 0x8000)
close(r0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000009c0)=@nat={'nat\x00', 0x670, 0x5, 0x470, 0x300, 0x300, 0xfeffffff, 0x218, 0xf0, 0x3d8, 0x3d8, 0xffffffff, 0x3d8, 0x3d8, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [0x0, 0x80], 0x0, 0x0, 0x8, 0x4}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@set={{0x40}}, @common=@set={{0x40}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @empty, 0x0, 0xff000000, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0xb0, 0xe8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}, {[0xff, 0xffffff00, 0x0, 0xff000000], 0xf8}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@remote, @broadcast, 0x0, 0xffffffff, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x90, 0xd8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4d0)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x1c, r6, 0x1, 0x4800, 0x0, {{0x8}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x7c, r6, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20001000}, 0x40000)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1, 0x9}]}, &(0x7f00000002c0)=0x10)
r9 = accept4$inet6(r8, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x1c, 0x0)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x162e02, 0x0)
r11 = dup(r10)
fallocate(r11, 0x0, 0x0, 0x72000)
mkdirat(r11, &(0x7f0000000400)='./file0\x00', 0x0)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r14, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000002, 0x0, 0xfff}]})
getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0x83, &(0x7f00000000c0)=@assoc_value, &(0x7f00000004c0)=0x6)
setsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000), 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000180)=[@in={0x2, 0x4e24, @private=0xa010102}, @in6={0xa, 0x4e23, 0x3, @local, 0x10}, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e24, 0xe8, @loopback, 0xfa4}, @in6={0xa, 0x4e21, 0xf300, @mcast2, 0x3c5000}], 0x74)

12.421011192s ago: executing program 6 (id=6153):
shutdown(0xffffffffffffffff, 0x0)
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000140)={&(0x7f00000001c0)=[{0x2, 0x0, 0x22, &(0x7f00000006c0)="0203204bdcc36cda8907f47563863d1428f47b34551c000bce0f6bc6584f11a7489c"}], 0x1})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

10.73197139s ago: executing program 3 (id=6154):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/74, 0x2a000, 0x1000}, 0x20)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_opts(r2, 0x0, 0x5, &(0x7f00000007c0)="dd", 0x1)
setsockopt$inet_opts(r2, 0x0, 0x5, 0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000600))
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r3 = epoll_create1(0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500001c000000000001907800010102ac1414aa080090785dc7"], 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x2})
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)="5c00000014006b030231a6080c000af32c00000000f800250502000f00e5aa000017d34460bc24eab556bd05251e6182949a2756f475ce36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1bdd700e6657594f1817d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x528, 0x0, 0x3b8, 0x0, 0x230, 0x230, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x1, 'unconfined\x00'}}}, {{@ip={@private=0xa010100, @broadcast, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {0xff}}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x20, 0x2}}}, {{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local, 0x4, 0x8, [0x3b, 0x21, 0x20, 0x15, 0xf, 0x31, 0x39, 0x25, 0x17, 0x16, 0x14, 0x29, 0x15, 0x7, 0x1b, 0x2f], 0x0, 0x1, 0x6}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 'dummy0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x4c}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}, {{0x3, [0x2, 0x0, 0x2, 0x3, 0x3, 0x3]}}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x0, 0x0, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x588)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x7f, 0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$packet_int(r7, 0x107, 0x17, &(0x7f0000000640)=0x1, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)

10.622001656s ago: executing program 0 (id=6156):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r2], 0x38}}, 0x10)
lseek(0xffffffffffffffff, 0x2000, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c0d000000ba090000160af3653c001a", 0x23}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x2000c090)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_open_dev$vim2m(0x0, 0x25, 0x2)
r4 = epoll_create1(0x80000)
syz_emit_ethernet(0x4e, &(0x7f0000000700)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x9, 0x2, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000, {[@cipso={0x86, 0x8, 0x0, [{0x0, 0x2}]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x10000014})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, &(0x7f0000000200))
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netlink\x00')
lseek(r6, 0x8001, 0x1)

9.273274676s ago: executing program 6 (id=6159):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x4)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'bond0\x00', &(0x7f0000000140)=@ethtool_drvinfo={0x3, "6ba0fa0bc6b6e0f6e1167c9ef745b5c75ea59d001717d0fa418441bb2e8b1786", "b3399ec6446c2e9859122a13748ce96f1e2da191f525a1246b5b4351c649fbcd", "06a2b60c81c31e1ee548fc88fd224d33796368e5a2a9dabf8badeb39845390bc", "56e425107381b383e347908669b3a5a96da100", "3b547de3848ab5999a48645efa7acedb34982f23f15d6a008c83584b9b75bf28", "76977785ec759fb9fbcacc4e", 0x4, 0x9, 0x40, 0x10001, 0x1ff}})
close(r1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r4, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
unshare(0x26020480)
read$FUSE(r5, &(0x7f0000002180)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_LSEEK(r5, &(0x7f0000000140)={0x18, 0x0, r6, {0x100000001}}, 0x18)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f0000000640)=ANY=[], 0x1, 0x0, 0x0)
umount2(&(0x7f0000000100)='./file0\x00', 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x6c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r8, {0x5}, {0x0, 0x4}, {0xa, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x3c, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0xa32, 0x6, 0x1, 0xc, 0x0, 0x4, 0x10, 0x52, 0x68d5, 0x5, 0x4, 0x3, 0x12, 0x6, 0xfffffffd, 0xfffffe01}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001240)=[{{&(0x7f0000000780)=@abs, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000340)=""/58, 0x3a}, {&(0x7f0000000800)=""/57, 0x39}, {&(0x7f00000041c0)=""/4096, 0x1000}, {&(0x7f0000000840)=""/14, 0xe}], 0x4, &(0x7f00000008c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xe0}}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000009c0)=""/29, 0x1d}, {&(0x7f0000000a00)=""/16, 0x10}, {&(0x7f0000000a40)=""/110, 0x6e}], 0x3, &(0x7f0000000b00)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}, {{0x0, 0x0, &(0x7f0000000ec0)=[{0xfffffffffffffffe}, {&(0x7f0000000bc0)=""/232, 0xe8}, {&(0x7f0000000cc0)=""/243, 0xf3}, {&(0x7f0000000dc0)=""/251, 0xfb}], 0x4, &(0x7f0000000f00)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}}, {{&(0x7f0000000f80), 0x6e, &(0x7f0000001100)=[{&(0x7f0000001000)=""/235, 0xeb}], 0x1}}], 0x4, 0x3, &(0x7f0000001140)={0x0, 0x989680})
socket(0x400000000010, 0x3, 0x0)
r9 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$VIDIOC_S_FMT(r9, 0xc0d05640, &(0x7f0000000440)={0x9, @sdr={0x34325258, 0x400}})

8.508768811s ago: executing program 6 (id=6160):
r0 = socket(0x25, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8040)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0)
munmap(&(0x7f00006bb000/0x1000)=nil, 0x1000)
syz_usb_connect$cdc_ecm(0x1, 0x53, &(0x7f0000000240)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x41, 0x1, 0x1, 0x4, 0xf5ce2dfb7d58ee2d, 0x7, "", [{{0x9, 0x4, 0x0, 0x10, 0x3, 0x2, 0x6, 0x0, 0x7f, {{0xb, 0x24, 0x6, 0x0, 0x0, "924e328552ce"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x2fa6, 0x3423, 0x201, 0x1}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x1, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x0, 0x0, 0x8}}}}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="050f0f00010a10034dfe5daecb1735b23224f7a11cfe6e324c444cd01bfb70b0d95133966103817b7429dac07b1fd0fb52e399a2aa891d226643ef6a3b9f9a0427f16492dafc93"], 0x6, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x7d, &(0x7f00000000c0)=ANY=[@ANYBLOB="7d03155f563c1d2ffe9ac7c70c8e4b3fcbb0b7687d490075793579fe125547fb95944a27c8a569de7bc375a5f80d86b387d408050065a04b4604a6c791f09279e2d4a600fd1ec613b01a4faf54e2b6b7f8d088477ca07d11bb57e998495a65915cb503798d36f3ae6d9f18602b41e4c52974dc3e25a5b6bb4900"]}, {0xed, &(0x7f0000000440)=@string={0xed, 0x3, "af82d3926831699f789a0f7dec45e2372a9e99a34bdd2e484512a0c636d2328535e7712ef2cfbe9110f52d58ebde44dda0d5ea75abba000b8e934882ba9ca0c7b20dfab502e215488f04ac5a644d7646a519bf08022a6a5c488a7e28716a884a6278c828324b3e1b258d31e13a24b59e2f777df3785e5305958c8852b2a26cdf11413fd87f13a196940b15472e039f5b054cafd2a20b4bbc145bd2c56a375d70efe2799312ba5169a53d8b06d5880b7b50162f4de5a54f12859f759b7e14416470f640e9ae0620162f71d2ada3bee7dd60cb173c50e5dfcb48e6b638dd264195a4272028c7b360cf12b0f7"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x200a}}]})
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/mcfilter\x00')
lseek(r2, 0x200, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f01e, 0x1})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c0001800621060090390000100002"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000002"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r8, 0x0, 0x0)
r9 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r9, 0x0, 0x28, 0x0, 0x0)
mq_unlink(0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, 0x0)

8.396259696s ago: executing program 3 (id=6161):
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfe33)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r1 = fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x1c1f40, 0x0)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x9, 0xffffffff}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.controllers\x00', 0x300, 0x0)
read$eventfd(r6, 0x0, 0x0)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x6000, 0x1)
mknod$loop(&(0x7f0000000340)='./file0\x00', 0x6000, 0x0)
r7 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCG_STATS(r7, 0xc0109207, &(0x7f0000000180))

7.798222001s ago: executing program 0 (id=6163):
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x7)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4)
connect$unix(r0, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)
connect$unix(r0, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e)
syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f0000000200)=@default_ibss_ssid, 0x6, 0x2)

7.676290902s ago: executing program 4 (id=6164):
unshare(0x6a040000)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x940d, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000180)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff})
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010100, 0x15, 0x3, 'sh\x00', 0x28, 0x0, 0x70}, 0x2c)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x0, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x844)
r4 = socket$kcm(0xa, 0x2, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000100)={'veth0_to_team\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}})
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x9}}, 0x44)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x4, 0x0, 0xc, 0xa, 0x0, 0x0, 0xfffffffffffffffc}]}, &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x42}, 0x94)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0}, 0x0)
r6 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
ioctl$CEC_S_MODE(r6, 0x40046109, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x1022002, 0x0)
r8 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
sendfile(r7, r8, 0x0, 0x8000fffffffe)
close(r6)

7.513545854s ago: executing program 0 (id=6165):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x2, 0x80805, 0x0)
pipe(&(0x7f00000007c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x8, 0x920)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r4, 0x40045731, &(0x7f0000000340)=0x800)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r7 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0)
modify_ldt$read_default(0x2, 0xffffffffffffffff, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x2, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000))

6.194974858s ago: executing program 2 (id=6167):
r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x103702, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
io_setup(0x202, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f0000000300)={0x25, 0x0, 0x0, 0x1, 0x63bd, r5, 0x0, 0x0, 0x3ff}])
r7 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f0000000180))
ioctl$KVM_GET_MSRS_sys(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x40000020, 0x0, 0x7fffffff}, {0x487, 0x0, 0x4}]})
r8 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r9 = add_key$user(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x0}, &(0x7f00000001c0)="03", 0x1, r8)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000580)=@chain={'key_or_keyring:', r9})
keyctl$search(0xa, r8, 0x0, &(0x7f00000002c0)={'syz', 0x0}, r8)
ioctl$KVM_GET_CPUID2(0xffffffffffffffff, 0xc008ae91, &(0x7f0000000480))
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xc, 0x90, 0x9}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)

6.123396073s ago: executing program 4 (id=6168):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="8400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010007ef0000540012800c0001006d6163766c616e00440002800600020001000000080009000100000008000300030000000800070005000000080001001000000006000200", @ANYRES32=r1], 0x84}}, 0x20008040)

5.818881979s ago: executing program 3 (id=6169):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r3, 0x0, 0x10000, 0x0, 0x4, 0x2ea473, 0x9})
close_range(r0, 0xffffffffffffffff, 0x100000)

5.289132399s ago: executing program 4 (id=6170):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = syz_clone(0x8411, 0x0, 0x0, 0x0, 0x0, 0x0)
get_robust_list(r1, 0x0, 0x0)
ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f00000000c0)=""/50)
ioctl$TCSBRKP(r0, 0x5425, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r2, 0x3b87, &(0x7f0000000240)={0x18, 0x0, 0xdd703f61efd88e4, 0x0, 0x0, 0x8})
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2, 0x80805, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x28)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000040))

5.07310733s ago: executing program 3 (id=6171):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/74, 0x2a000, 0x1000}, 0x20)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_opts(r2, 0x0, 0x5, &(0x7f00000007c0)="dd", 0x1)
setsockopt$inet_opts(r2, 0x0, 0x5, 0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000600))
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r3 = epoll_create1(0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000400)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500001c000000000001907800010102ac1414aa080090785dc700"], 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x2})
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)="5c00000014006b030231a6080c000af32c00000000f800250502000f00e5aa000017d34460bc24eab556bd05251e6182949a2756f475ce36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1bdd700e6657594f1817d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x528, 0x0, 0x3b8, 0x0, 0x230, 0x230, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ip={@multicast1, @dev={0xac, 0x14, 0x14, 0x13}, 0xff, 0xff000000, 'pim6reg1\x00', 'bridge_slave_0\x00', {}, {0xff}, 0x88, 0x3}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x1, 'unconfined\x00'}}}, {{@ip={@private=0xa010100, @broadcast, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {}, {0xff}}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x20, 0x2}}}, {{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010102, @multicast1, 0x0, 0xffffff00, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local, 0x4, 0x8, [0x3b, 0x21, 0x20, 0x15, 0xf, 0x31, 0x39, 0x25, 0x17, 0x16, 0x14, 0x29, 0x15, 0x7, 0x1b, 0x2f], 0x0, 0x1, 0x6}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 'dummy0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x4c}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@set={{0x40}, {{0x3, [0x2, 0x0, 0x2, 0x3, 0x3, 0x3]}}}]}, @ECN={0x28, 'ECN\x00', 0x0, {0x0, 0x0, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x588)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x7f, 0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
socket$nl_netfilter(0x10, 0x3, 0xc)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$packet_int(r7, 0x107, 0x17, &(0x7f0000000640)=0x1, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)

4.587513186s ago: executing program 4 (id=6172):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x300}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x4004}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0xc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d0f9"}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

4.490827402s ago: executing program 0 (id=6173):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
fsopen(&(0x7f0000000080)='gfs2\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r2], 0x38}}, 0x10)
lseek(0xffffffffffffffff, 0x2000, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000080)="5c00000013006bec9e3be35c6e17aa31076b876c0d000000ba090000160af3653c001a", 0x23}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x2000c090)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_open_dev$vim2m(0x0, 0x25, 0x2)
r4 = epoll_create1(0x80000)
syz_emit_ethernet(0x4e, &(0x7f0000000700)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x9, 0x2, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000, {[@cipso={0x86, 0x8, 0x0, [{0x0, 0x2}]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)={0x10000014})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, &(0x7f0000000200))
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netlink\x00')
lseek(r6, 0x8001, 0x1)

4.276956069s ago: executing program 6 (id=6174):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
futex_waitv(&(0x7f0000004040)=[{0x0, &(0x7f0000000080), 0x82}, {0x3, 0x0, 0x82}], 0x2, 0x0, 0x0, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000021c0)=@delchain={0x18c, 0x65, 0x300, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0xffe0}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_route={{0xa}, {0x15c, 0x2, [@TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x150, 0x6, [@m_skbmod={0x88, 0xc, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0x4, 0x1, 0xe6f8, 0x4}, 0xb}}]}, {0x35, 0x6, "9aaad3a34a1adaa126f245a873aacd356f5a6069d77d6f57a142e1f271a2a4c3b0266fa657758ff8baa6653f14335d5dc2"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_skbedit={0x64, 0xe, 0x0, 0x0, {{0xc}, {0x14, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x8}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x4, 0x4d8b101a64a2eb8e}}]}, {0x28, 0x6, "abe20e18a85ce02f8e51764e0dc9a1f6f25d8c6e4841a10e97ed2b3ed2248db340857af9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbedit={0x60, 0x6, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x5}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x10, 0x3}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff3, 0xffff}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x10, 0x1}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x18c}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200), 0x109000, 0x0)
io_setup(0x3, &(0x7f00000003c0)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000001c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

4.157134937s ago: executing program 4 (id=6175):
socket$netlink(0x10, 0x3, 0x9)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f)
read$dsp(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x0, 0x0, 0xd, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x6, 0x9, 0x8000000000000000, 0xf4a, 0x100000000, 0xbdb], 0xffff1001, 0x4000})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f, 0x2, 0x1000000})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x186)

4.014448644s ago: executing program 2 (id=6176):
r0 = syz_open_dev$dri(0x0, 0x1, 0x26a002)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000002c0)={0x7ffe, 0x8, 0x100})
r1 = syz_open_dev$dri(0x0, 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000340)={0x5, 0x8166, 0x7})
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x300000b, 0x10, 0xffffffffffffffff, 0xf2c00000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
dup(r0)
r2 = open(&(0x7f00000000c0)='./file1\x00', 0x4a07e, 0xc6)
fallocate(r2, 0x0, 0x0, 0x8800000)

3.779667719s ago: executing program 6 (id=6177):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000080)=""/16)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0x1000, 0xc000000, 0xfffffffb, 0xaaf, 0x0, [{0x4, 0x6, 0x2, '\x00', 0xfe}, {0x4, 0xe7, 0x9, '\x00', 0x7}, {0xf7, 0x8, 0x0, '\x00', 0x1}, {0x1, 0x5, 0x6, '\x00', 0x1}, {0xd2, 0x2, 0x5, '\x00', 0x6}, {0xe, 0x50, 0x0, '\x00', 0x9}, {0x7, 0x6, 0x7c, '\x00', 0x3}, {0x81, 0x8, 0x8, '\x00', 0x2}, {0xb, 0x80, 0xa, '\x00', 0x7}, {0x2, 0x9, 0x8, '\x00', 0x7}, {0xe, 0x80, 0x0, '\x00', 0x3}, {0x6, 0x40, 0x3, '\x00', 0x5}, {0x81, 0x81, 0x6, '\x00', 0x6}, {0x3, 0x2, 0x6, '\x00', 0x8}, {0x4, 0x2, 0x81}, {0x5, 0x0, 0x9, '\x00', 0x4}, {0x2, 0x9, 0xc1, '\x00', 0x3}, {0x5, 0x7, 0x5, '\x00', 0x9}, {0x23, 0x6, 0xb6, '\x00', 0x2}, {0x88, 0x3, 0x3f, '\x00', 0x4}, {0x8, 0xc, 0x3, '\x00', 0x3}, {0x0, 0x8, 0x6, '\x00', 0x5}, {0x6, 0x0, 0x8, '\x00', 0x10}, {0x40, 0x5, 0x81, '\x00', 0x5}]}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0x24040000)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.909400971s ago: executing program 3 (id=6178):
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x8000000)
r2 = socket$packet(0x11, 0x3, 0x300)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000400)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000440))
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newqdisc={0x44, 0x24, 0xe0b, 0xfefffffc, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x44}}, 0x0)
sendto$packet(r2, &(0x7f00000002c0)="44c394f305916c4516999da288a8", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x17, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
semget$private(0x0, 0x4000, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000001c0)={0xa, {{0xa, 0x4e20, 0x6, @local}}}, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x15)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
open$dir(0x0, 0x2225c3, 0x0)
r8 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f0000000100)={0x3, 0x980900})
r9 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(r9, 0xc008561c, &(0x7f00000001c0)={0x980900, 0xfffffff2, @value=0x9})

2.529224414s ago: executing program 0 (id=6179):
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfe33)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
r1 = fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x1c1f40, 0x0)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x9, 0xffffffff}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.controllers\x00', 0x300, 0x0)
read$eventfd(r6, &(0x7f00000000c0), 0x8)
close(r0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x6000, 0x1)
mknod$loop(&(0x7f0000000340)='./file0\x00', 0x6000, 0x0)
r7 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCG_STATS(r7, 0xc0109207, &(0x7f0000000180))

2.015601538s ago: executing program 2 (id=6180):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x7f, 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)

1.540895705s ago: executing program 4 (id=6181):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004340)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f7274"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20044080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
syz_open_dev$dri(&(0x7f00000000c0), 0x3, 0x484100)
recvmmsg(r1, &(0x7f0000004140)=[{{&(0x7f00000001c0)=@ethernet={0x0, @multicast}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000000400)=""/234, 0xea}, {&(0x7f0000001580)=""/183, 0xb7}, {&(0x7f0000000280)=""/61, 0x3d}], 0x4, &(0x7f0000001640)=""/191, 0xbf}, 0x7}, {{&(0x7f0000001700)=@pppol2tp={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000001a00)=[{&(0x7f0000001780)=""/20, 0x14}, {&(0x7f00000017c0)=""/89, 0x59}, {&(0x7f0000001840)=""/104, 0x68}, {&(0x7f00000018c0)=""/163, 0xa3}, {&(0x7f0000001980)}, {&(0x7f00000019c0)}], 0x6, &(0x7f0000001a80)=""/23, 0x17}, 0x6}, {{&(0x7f0000001ac0)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001b40)=""/227, 0xe3}, {&(0x7f0000001c40)=""/154, 0x9a}, {&(0x7f0000001d00)=""/5, 0x5}, {&(0x7f0000001d40)=""/136, 0x88}, {&(0x7f0000001e00)=""/184, 0xb8}, {&(0x7f0000001ec0)=""/171, 0xab}], 0x6, &(0x7f0000002000)=""/26, 0x1a}, 0x1}, {{&(0x7f0000002040)=@pptp={0x18, 0x2, {0x0, @private}}, 0x80, &(0x7f00000025c0)=[{&(0x7f00000020c0)=""/190, 0xbe}, {&(0x7f0000002180)=""/129, 0x81}, {&(0x7f0000002240)=""/232, 0xe8}, {&(0x7f0000002340)=""/251, 0xfb}, {&(0x7f0000002440)=""/41, 0x29}, {&(0x7f0000002480)=""/206, 0xce}, {&(0x7f0000002580)=""/50, 0x32}], 0x7, &(0x7f0000002640)=""/161, 0xa1}, 0x5}, {{&(0x7f0000002700)=@nfc_llcp, 0x80, &(0x7f0000003980)=[{&(0x7f0000002780)=""/212, 0xd4}, {&(0x7f0000002880)=""/4096, 0x1000}, {&(0x7f0000003880)=""/161, 0xa1}, {&(0x7f0000003940)=""/57, 0x39}], 0x4, &(0x7f00000039c0)=""/132, 0x84}, 0xb}, {{&(0x7f0000003a80)=@nfc_llcp, 0x80, &(0x7f0000003c40)=[{&(0x7f0000003b00)=""/32, 0x20}, {&(0x7f0000003b40)=""/131, 0x83}, {&(0x7f0000003c00)=""/59, 0x3b}], 0x3, &(0x7f0000003c80)=""/13, 0xd}, 0x401}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000003cc0)=""/161, 0xa1}, {&(0x7f0000003d80)=""/152, 0x98}, {&(0x7f0000003e40)=""/139, 0x8b}, {&(0x7f0000003f00)=""/170, 0xaa}, {&(0x7f0000003fc0)=""/175, 0xaf}], 0x5, &(0x7f0000004100)=""/22, 0x16}}], 0x7, 0x100, &(0x7f0000004300)={0x77359400})
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x200, 0xa500)
ioctl$EVIOCSKEYCODE_V2(r3, 0x40284504, &(0x7f0000000080)={0xdf, 0x8, 0x2, 0x2, "4e1b31a8597426d462e7339997900f37be342cb45247ef3e1cfac36958322132"})
sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000001980)={0x14, 0x6, 0x1, 0x3, 0x0, 0x0, {0x2, 0x0, 0x7}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x2404c054)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000019c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f00000043c0)={{0x14}, [@NFT_MSG_DELRULE={0x2c, 0x8, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELTABLE={0x2c, 0x2, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x3}}, @NFT_MSG_DELTABLE={0x98, 0x2, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0x51, 0x6, "f8fdafc9e2ebc1f4323f6c9404a6583fced15fa3a4949f3a3b444c7bcdeb0c96fb657d61d9525947c9b5640226fd73ca7fc1d7a02340801449f9caea301a4f0ff65559201fe322b9705022f9d3"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x12c0, 0xc, 0xa, 0x400, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x95c, 0x3, 0x0, 0x1, [{0x824, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x44, 0xb, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY={0x1b4, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0x1c, 0x1, "53300eb3110b420c293c428694dac05510ff17b819357364"}, @NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0xa2, 0x1, "b51f2ded432457975b87bb637532c6dba39d3f78cd2f48bff8423bbd3d92b66ddaa73993605fc77c0ce6a11d239316f65e9140d342c9f3e71bfbc0b68b0be82f0e7b5e83c84b89808869c0c342bca80b52656f18c5d7a869fa4d2b1fd50dd85586d16663401a340aec8629e47776a4305470bcbb4ef010ef1944f067c83ef0b787346000e9f81de9a5c1b55710aad0369e250bc24df86c7179f741352b69"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0x94, 0x1, "a3ae7b76f061c5ed16d32c3f88477956c046d78e13a479c90abb07796da6d49477c145bb48f83ba677ce3797fa7620f5f98edac9742ebfc25c2708413dcec2eaf226cca24d4e005a1c518b998b17a9858d1869d8e57a238e32bdfbd557d1f48bc1f2e97c97652de75f070ad10117e8e9bb46b83bdebb5ec09c978fecfe378f0c3cba5dd391fccdbd414164142b3f575c"}]}, @NFTA_SET_ELEM_EXPR={0x238, 0x7, 0x0, 0x1, @bitwise={{0xc}, @val={0x228, 0x2, 0x0, 0x1, [@NFTA_BITWISE_MASK={0x224, 0x4, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0xd8, 0x1, "aa0c6b891080a3c9b946635d4d7cc44dac61570f899c9a99c541b1ffaa29aaeaa3a9215423167a6fb6b4e2041b21beb34adf481f8cabf9e47bdefad4bb0bc0f106ddc6e42a0d9b42f3895fc9aad0dc54e18b09024657db555e5a4267458dce1f20f16adb9e178191ffb097f3065cb06f6dba411db00139b13d3b06cc3507b9d736a0a29d0eeb939cf5e1b9061cda67c01e763df70677b0563e603d0f5ce9f02d19524d082ea4df40e1474b64f5380de3c1cc4de17baecd6dd31ec984fa89a25fc2bbcf14394aa0a8fb3b85c46b0afbba4cc0e912"}, @NFTA_DATA_VERDICT={0x40, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0x8f, 0x1, "b4ddb5a8793d9ae1321f03aa0a4c40ff1f306b0bf2aeec575dd956a19617f81d73dbbc13263d1c8c9a3e3c6525ae8f407132d946afde4dacda64722eb87ebd473d1b4c7115938516159876b2b0b22c2b250ac8bb52fb80ca5644013202626b4931ece3b3d404cc012ff72c993078d860c15bb73ee10f5d173682086864c4a8c5ff56987d8f9af57408d69f"}]}]}}}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @connlimit={{0xe}, @void}}, @NFTA_SET_ELEM_KEY_END={0x3c0, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0xbe, 0x1, "47ac7615cc75285c07bcd81c535709324a58fca370b788a1ca8aa5a3b8225c69eb194cbf263225314618a8a31e2e346c4dbd372bf740f50ff43872baa694ed6823194f359df4cbfbfc3872149486d4fde156959fd4952b4cd47f5c460d091d8c0044b74b11bb6292ca01aa52171c3d628317e6ca365200e952ce872bd328582d78d0c30c28525c8c140c566b4642f137a6aac676a55259f9b79636932ba39b593bbb82b85419560c7ecc4b1b3f3e70b9bfbacad5c62c9ce2d9ed"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0xec, 0x1, "b2ebb2f9c18c0aaebba0fe245999ffc31d691494fa417a7f7df398890afb648166103afd99186b3e4004a9836ea187b2d748a3c15ae949840160111e3dc1c3f5f7bb1727a88750021b200dc7020799028ca94f76bc38227a6406720778927d9edb2b11f6399a9eb3d9c4adc92dbdbc6d4349f3b023f22d88803d9dc73681fdde1f8f4020bdcb6979967992f7b037d36a78379cdaacbc0ed06e6591255998b0aae5e50a5b4257d81573e4e129934aae60f4bff52b73ab8d081e23880e26d513fc9bbdce964816566bba2fe2a8dce2700a85d8bb59c359618252e0cd34c1274589b6207190bc69c417"}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x3a, 0x1, "5ec6176cf044896c02dd1970cbaf9349337fad0badf12caba818a351c54d5f0130677effcb1bcdaa8936966722768b7fd9789bedf41a"}, @NFTA_DATA_VALUE={0xd9, 0x1, "7ba2d2530ef29a2f11eb14abe020645f809734f701b226159d9d9481ee60d677f39cdd696c0ae944c7d96aac20f84884aa8e4c39cf033a5c9908fafda999a5840f9d513628c28a79ba6fd9301f1b5d8256db8b8cd5a187f3f87c35029396d83e013bced81a5258197a82cf5569f3d562050455f4e2271844c2e12afdea1f844699eaa78270bbb0edddb62b01e67cb72839297e13a364bc9e7ba5733db47298356c7a5da6f383f4a7a333fb6916af9e9bd510b3a41cf98ede2ee34b8b1358e437d88f54387ca406a70be88911ac783ce464259602d1"}, @NFTA_DATA_VALUE={0x9c, 0x1, "a2c30f5ce5bce6eed2b9ec3e67d582b759478af1911d9cc21835449d0b208aca29fa4e467e1f9156503de1855afdb858d578b66d27566454be0508b4263ac0a6b4a9047afd5f43b49e0b96ac67901c1b871a776bd1dc7402eea469a302b0061a6e56a367e90b5d6694dd905e24a61e0a5a0fc7d7674704940d4d4f6b11cabc8afa3de61d641c586734dc4b5dc01573e03b749a0f6bbb9f16"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffff8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @connlimit={{0xe}, @void}}]}, {0x134, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x124, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xb4, 0x1, "4fc64b80b8a7df4a4042e94936047399476d3a6b36026f14217fba4bd42a120613ec1dfe77a3b9f355551e546fab6fbe2b7b5b3471fc786ff7d1842b459d0f4349a9a72bec997da515d8d67199608e2e44ae752e594196f925d06a8b141dc3b03a26f83ebc0cd75ac6e4ff91b59ab3841c75a56bc42ca992c37545acf38ce71db8a15a58bdc8c39fbec8311f3b76325523696f1d7db0a3a5ec0b895f97dd3f0c797d533e687b6c7d7b9d53091a57a3ff"}, @NFTA_DATA_VALUE={0x6b, 0x1, "6b1aa1469dfc515069e60261fa5ea9f5cf9c4b12030799088305d35653cc22da7c8c4bb7cb226aac17a222efe4136c490b01413765a495ae32f94d0b32ea2f866bbff16084c98730765638710af5e14ea66fa719cc6bb5ef7a94086840cd500e10d320a248ed9f"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x5}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x330, 0x3, 0x0, 0x1, [{0x32c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}, @NFTA_SET_ELEM_KEY_END={0x28, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x6}, @NFTA_SET_ELEM_KEY_END={0x2e0, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8b, 0x1, "ef644e0366efb8efa9312c9bc546d45b2077dd1016104e914fe6cde153ac77f32e89f9e8a7aaf2eb6b2a1bb5e71a2191d37b0c973ef323eba2f3b75ed95dacb30fb93da3931170959fa6e1b0ef5c009369f21779300f46071cee770a87adeda8d60659e6903020f434c32988ff89a7014695021ec658d2d9a87e6a39a2fb81645ed5ef752ac452"}, @NFTA_DATA_VALUE={0xc0, 0x1, "0cc2b4f8867ed61dc2417e12d46c82afd98c20fb206e29e51243f3b3c1bb363e1279e6bdfd7b7dfecfa0e49fac91ae291a2c4631572020ce0d6862997a33e98833cce5f4754213807d8bb63813535eca9ce0588371058207a0f06f2cfae4eb99d7c3f5f78e135ce9f9776f99a87d24f153ad53d4dfa98480c20ea5b5feb7cf977597e8e224d54a7cd6e78973d477c9aa098f7d034c63768dbc252767c1802e6f82f025685de33a7ea1cfc255f63e3879985448891238186e99b907ea"}, @NFTA_DATA_VALUE={0x7e, 0x1, "22597a7d694c26d5e5da4c9a6e980c15a1edc2afdf3dd0cd0f383c29ee3dddd05618f484098a361d2b7d945a06c80b03255484fe7d8a44d4702cb199c2dda2e400e15bb457e04466997b52ce2d9ba20f24ae563073a5b90e53811a6e7505b4ade273c84248a6725dfabfd52b684de13468cad069c5880010d749"}, @NFTA_DATA_VALUE={0x6c, 0x1, "37781b87a78c8efec8e662016460de6b3df0ea5790baef24a483a3c942d95ea5499950c11492dac192b81a990fd2348a4f25132547497792df883e9bd4bfbf09ae1ea809220eb66d8d34fdd13a1e6bf061dfe3cc84fb67de14c6725c635a3d4080c9de73ba25baff"}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x68, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}]}]}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x5f4, 0x3, 0x0, 0x1, [{0x5f0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz0\x00'}, @NFTA_SET_ELEM_KEY_END={0x494, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe8, 0x1, "3b6288c70c6891b16cde6b5445c393bd71239363c46ec17453fb6e3779ef26781c657ea16a087aa726d5cd74537450d8214b1a474da1902317e95c318c19edc5efeb053b053ec8d72f7719060767e7596deb50e5d722f64c02871d17281ad026003b95c3f2ce607a5b152a2ccfb93980966eec37a2161ec0c206dd19d5e773c8de8034231524ef5ac8e064e56107def3d75767c88e5bf2faba408e89528fd0916944e96c817c41608214b2c8de76348d008bda3a5bc34c5bcd833f777e93d2c3da753127e8d9798bd629b519aa0d3723d09aacaf6e38884b6d3e35b551d9cb9bca9e3d24"}, @NFTA_DATA_VALUE={0x55, 0x1, "fbf9666be761d3f24875786dd5390a96f1e32717ee2637f51b38fffc4a7975f1cb066aef7659861f636923c1c071f6d278e6a714f12e60804741b9f5e1672e614ff051e7652b2dca47f269ad50201984cf"}, @NFTA_DATA_VALUE={0xbd, 0x1, "55b4e518b766192328c0a575cf59cee858237e578ce654662e3fff6809cc4738d82840d02eb3b13c262ba0bbf15daa85a6852f14b4e3f2551ca8e34769c90cb520be124ac75e673854e6665870bc3387e72e52cb1f47fe11356e98e23342fd5fc8b847ab5ae0ed62995455fbaef32bcea9c4b24af537671b82ea8816c634df843f9eddfc328bdcca4db0a9c7551ea5a429abac92c2e04b49058d0528076ff7a2b5043256ed1ce15183bc4dbc39397f0733d356ef0e8b959892"}, @NFTA_DATA_VALUE={0x86, 0x1, "16a5f12887549989b62c1e467d715a0f0fd4cbbc991c39bb27a46830ea7b6196e3dc131d88220829c1d0d8b743aad17aca97f95e0889566453ef8c91ea75dd871e8b4d30be1881c9e77f178c75a8aace949cd0b2b207e88475fde0165af2b49430701f30e6e83e5233d18385c3fcc73d6acb3cedae91a306adaa5ea590e16a790f03"}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0x73, 0x1, "ccd5f367646db781ab6f927d45afba425046ca4d717641f31af34ee2a76785913a1dfd25d84dc1d0811da92cadeaef0d07fb464e0a7d928e48e7d721df0c0edc8dcaa2c3f09f55d3316e0eaa4b5b4d683311e90df1df4cebd3b0660cf6a49dda4f34348541fcb49512a710e5ddbe13"}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x6}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x5c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0xb2, 0x1, "2529f6240b5cfcea0c83c10851822ca2c90ebff64d6da4e5532b18e018802ede9a46cd2250045a0f075128ec6e364971763507bdcfb8994c88a3ea4a0a98899094d371139c129629accedb7f77af7ab4bd9f6bf2f9f4d85e30ed8e77765ef01572e3e61aad1940e735c2e26f72f2bffa24454263cb8e4dcfed5dab42af422e1a2440e777e654ee566b8f881a361d09b77e1ee0affe74ddb6906b6eece9b9a902df71eec667672f17c8b26264fad0"}]}, @NFTA_SET_ELEM_USERDATA={0x22, 0x6, 0x1, 0x0, "b610157f38f54cc1f48d85256a7c2b249187b4ca1f5297f3a52425832603"}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x8}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x6}, @NFTA_SET_ELEM_USERDATA={0xb6, 0x6, 0x1, 0x0, "ca1a2e293aeda2460a7c92c5fe9e0f6323008e6746af4dd946865ee1ddcb11c66e66e83f21808f66f5b5cc5218369cf3c7d4c0293d8e052cf98c310887bcacd78ff5581b104797b000ec09bc98baca9350abc921f3a4d492c320fdba3f2595ba9c15cf3f4f15c25a676008a0edc2f673c592211b4231a60ff619b1abf2be10951f8a9e0061f1ed16f3684b65c7502b574a139e063321cf2d6e523e6f4230dcb1bdec797571a81b89cf61df35b87b5cca9d2a"}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xd}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x13}]}}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}, {0xc, 0x1, 0x0, 0x1, @osf={{0x8}, @void}}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x1434}, 0x1, 0x0, 0x0, 0x80}, 0x24000001)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=ANY=[@ANYBLOB="91109d0000fdffffffffffffff000008"], &(0x7f00000003c0)='syzkaller\x00'}, 0x94)
connect$netlink(r4, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfe, 0x80}, 0xc)

1.095665721s ago: executing program 2 (id=6182):
syz_io_uring_setup(0x24fd, &(0x7f0000000180)={0x0, 0x0, 0x20000, 0xfffffffb}, &(0x7f0000000400)=<r0=>0x0, &(0x7f0000000100)=<r1=>0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='1'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x8})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/cpuinfo\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000240))
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000140)=@ipv6_getaddr={0x2c, 0x16, 0x2, 0x0, 0x0, {}, [@IFA_CACHEINFO={0x14, 0x6, {0x2, 0x1, 0x2}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
io_uring_enter(r2, 0x2301, 0x0, 0x12, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000280)={<r5=>0x0, 0xabb, 0x3, [0x3ff, 0x77, 0x4bb]}, &(0x7f00000002c0)=0xe)
setsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000300)=@assoc_value={r5, 0x3}, 0x8)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)

1.04686972s ago: executing program 6 (id=6183):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x2, 0x80805, 0x0)
pipe(&(0x7f00000007c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x8, 0x920)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r4, 0x40045731, &(0x7f0000000340)=0x800)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r7 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0)
modify_ldt$read_default(0x2, 0xffffffffffffffff, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x2, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000))

658.138676ms ago: executing program 2 (id=6184):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r1)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
open$dir(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x121480, 0x3)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0x400000223)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x3f, 0x0, 0x0, 0x3, 0x10000, @value=r2}, 0x28)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r3, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfb, {0x60, 0x0, 0x0, r6, {}, {0xffe0, 0x4}, {0xfff3, 0xf}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x1c, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x1000}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x1000}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x6}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000d5}, 0xc010)
sendmsg$inet(r3, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

0s ago: executing program 2 (id=6185):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket(0x2, 0x80805, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
syz_open_dev$dmmidi(&(0x7f0000000300), 0x8, 0x920)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r5 = socket$inet6(0xa, 0x1, 0x8010000000000084)
connect$inet6(r5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x24, 0x11, 0x1, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10, 0xf}, {0x0, 0xc}, {0x4, 0x1}}}, 0x24}}, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x2, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

2 compat=0 ip=0x7fcf56d9c799 code=0x7ffc0000
[ 1591.242442][T15523] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1591.265770][T15523] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1591.283273][T15523] usb 1-1: string descriptor 0 read error: -22
[ 1591.291688][T15523] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1591.301170][T15523] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1591.367851][   T30] audit: type=1326 audit(1774453280.044:4705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25734 comm="syz.3.5742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf56d9c799 code=0x7ffc0000
[ 1591.425790][   T30] audit: type=1326 audit(1774453280.044:4706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25734 comm="syz.3.5742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf56d9c799 code=0x7ffc0000
[ 1591.497167][T15523] usb 1-1: config 0 descriptor??
[ 1591.523962][T25743] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5744'.
[ 1591.535112][T15523] hub 1-1:0.0: bad descriptor, ignoring hub
[ 1591.541448][   T30] audit: type=1326 audit(1774453280.044:4707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25734 comm="syz.3.5742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf56d9c799 code=0x7ffc0000
[ 1591.553992][T25746] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5745'.
[ 1591.565137][T15523] hub 1-1:0.0: probe with driver hub failed with error -5
[ 1591.798897][T25746] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5745'.
[ 1592.306260][ T5915] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[ 1592.580381][ T5915] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[ 1592.608660][ T5915] usb 4-1: config 0 has no interface number 0
[ 1592.639089][ T5915] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1592.684006][ T5915] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[ 1592.704898][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[ 1592.770232][ T5915] usb 4-1: Manufacturer: syz
[ 1592.785754][ T5915] usb 4-1: SerialNumber: syz
[ 1592.809566][ T5915] usb 4-1: config 0 descriptor??
[ 1593.064062][ T5915] usbtouchscreen 4-1:0.214: Failed to read FW rev: 0
[ 1593.110364][ T5915] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -5
[ 1593.238325][T25764] netlink: 92 bytes leftover after parsing attributes in process `syz.2.5749'.
[ 1593.426059][ T5935] usb 1-1: USB disconnect, device number 24
[ 1593.982741][T25781] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1594.782106][T25792] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5756'.
[ 1594.996655][T25792] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5756'.
[ 1596.318649][T25808] FAULT_INJECTION: forcing a failure.
[ 1596.318649][T25808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1596.565865][T25808] CPU: 1 UID: 0 PID: 25808 Comm: syz.2.5760 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1596.565901][T25808] Tainted: [L]=SOFTLOCKUP
[ 1596.565909][T25808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1596.565921][T25808] Call Trace:
[ 1596.565932][T25808]  <TASK>
[ 1596.565941][T25808]  dump_stack_lvl+0xe8/0x150
[ 1596.565985][T25808]  should_fail_ex+0x412/0x560
[ 1596.566020][T25808]  _copy_from_user+0x2d/0xb0
[ 1596.566043][T25808]  __sys_bpf+0x229/0x950
[ 1596.566081][T25808]  ? __pfx___sys_bpf+0x10/0x10
[ 1596.566125][T25808]  ? ksys_write+0x242/0x270
[ 1596.566150][T25808]  ? __pfx_ksys_write+0x10/0x10
[ 1596.566180][T25808]  __x64_sys_bpf+0x7c/0x90
[ 1596.566210][T25808]  do_syscall_64+0x14d/0xf80
[ 1596.566232][T25808]  ? trace_irq_disable+0x3b/0x150
[ 1596.566262][T25808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1596.566283][T25808]  ? clear_bhb_loop+0x40/0x90
[ 1596.566310][T25808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1596.566331][T25808] RIP: 0033:0x7f2adcf9c799
[ 1596.566352][T25808] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1596.566369][T25808] RSP: 002b:00007f2addda8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1596.566392][T25808] RAX: ffffffffffffffda RBX: 00007f2add215fa0 RCX: 00007f2adcf9c799
[ 1596.566407][T25808] RDX: 0000000000000048 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1596.566419][T25808] RBP: 00007f2addda8090 R08: 0000000000000000 R09: 0000000000000000
[ 1596.566427][T25808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1596.566435][T25808] R13: 00007f2add216038 R14: 00007f2add215fa0 R15: 00007f2add33fa48
[ 1596.566454][T25808]  </TASK>
[ 1596.953363][T15523] usb 4-1: USB disconnect, device number 45
[ 1597.213830][T25814] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[ 1597.246581][T25814] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1597.922395][T25833] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5768'.
[ 1597.931699][T25833] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5768'.
[ 1597.948260][T25833] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5768'.
[ 1598.066140][T25833] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5768'.
[ 1598.119101][T25837] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.5769' resets device
[ 1598.228329][T25842] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5771'.
[ 1598.380002][ T5915] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1598.536273][ T5915] usb 4-1: Using ep0 maxpacket: 32
[ 1598.543318][ T5915] usb 4-1: config index 0 descriptor too short (expected 65535, got 36)
[ 1598.554095][ T5915] usb 4-1: config 127 has too many interfaces: 255, using maximum allowed: 32
[ 1598.564144][ T5915] usb 4-1: config 127 has 1 interface, different from the descriptor's value: 255
[ 1598.574175][ T5915] usb 4-1: config 127 has no interface number 0
[ 1598.616892][ T5915] usb 4-1: config 127 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[ 1598.632214][ T5915] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1598.646191][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1598.874581][ T5915] usb 4-1: string descriptor 0 read error: -71
[ 1598.892113][ T5915] hub 4-1:127.2: bad descriptor, ignoring hub
[ 1598.911975][ T5915] hub 4-1:127.2: probe with driver hub failed with error -5
[ 1598.986379][ T5915] usb 4-1: USB disconnect, device number 46
[ 1599.196165][T18338] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1599.219473][T25853] netlink: 'syz.2.5775': attribute type 1 has an invalid length.
[ 1599.250901][T25853] netlink: 'syz.2.5775': attribute type 2 has an invalid length.
[ 1599.336068][T18338] usb 5-1: device descriptor read/64, error -71
[ 1599.416295][ T5915] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1599.483183][T25857] FAULT_INJECTION: forcing a failure.
[ 1599.483183][T25857] name failslab, interval 1, probability 0, space 0, times 0
[ 1599.526273][T25857] CPU: 0 UID: 0 PID: 25857 Comm: syz.6.5777 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1599.526297][T25857] Tainted: [L]=SOFTLOCKUP
[ 1599.526302][T25857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1599.526310][T25857] Call Trace:
[ 1599.526315][T25857]  <TASK>
[ 1599.526321][T25857]  dump_stack_lvl+0xe8/0x150
[ 1599.526345][T25857]  should_fail_ex+0x412/0x560
[ 1599.526366][T25857]  should_failslab+0xa8/0x100
[ 1599.526383][T25857]  __kmalloc_cache_noprof+0x88/0x660
[ 1599.526397][T25857]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[ 1599.526416][T25857]  ? sctp_add_bind_addr+0x8c/0x370
[ 1599.526436][T25857]  sctp_add_bind_addr+0x8c/0x370
[ 1599.526457][T25857]  sctp_copy_local_addr_list+0x314/0x4f0
[ 1599.526477][T25857]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[ 1599.526495][T25857]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1599.526514][T25857]  ? sctp_v6_is_any+0x64/0x80
[ 1599.526533][T25857]  ? sctp_copy_one_addr+0x93/0x360
[ 1599.526552][T25857]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1599.526570][T25857]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1599.526588][T25857]  sctp_connect_new_asoc+0x2ff/0x6b0
[ 1599.526604][T25857]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1599.526621][T25857]  ? __local_bh_enable_ip+0xd0/0x130
[ 1599.526637][T25857]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1599.526652][T25857]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1599.526670][T25857]  sctp_sendmsg+0x1528/0x2c10
[ 1599.526692][T25857]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1599.526707][T25857]  ? aa_sk_perm+0x6d5/0x900
[ 1599.526728][T25857]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1599.526746][T25857]  ? sock_rps_record_flow+0x19/0x400
[ 1599.526761][T25857]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1599.526776][T25857]  ? inet_sendmsg+0x2f4/0x370
[ 1599.526790][T25857]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1599.526805][T25857]  __sys_sendto+0x5de/0x710
[ 1599.526820][T25857]  ? __pfx___sys_sendto+0x10/0x10
[ 1599.526831][T25857]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1599.526854][T25857]  ? __fget_files+0x3a0/0x420
[ 1599.526877][T25857]  ? ksys_write+0x242/0x270
[ 1599.526892][T25857]  ? __pfx_ksys_write+0x10/0x10
[ 1599.526909][T25857]  __x64_sys_sendto+0xde/0x100
[ 1599.526923][T25857]  do_syscall_64+0x14d/0xf80
[ 1599.526937][T25857]  ? trace_irq_disable+0x3b/0x150
[ 1599.526962][T25857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.526975][T25857]  ? clear_bhb_loop+0x40/0x90
[ 1599.526990][T25857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1599.527003][T25857] RIP: 0033:0x7fd7e699c799
[ 1599.527016][T25857] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1599.527027][T25857] RSP: 002b:00007fd7e78bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1599.527042][T25857] RAX: ffffffffffffffda RBX: 00007fd7e6c15fa0 RCX: 00007fd7e699c799
[ 1599.527051][T25857] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003
[ 1599.527064][T25857] RBP: 00007fd7e78bc090 R08: 0000200000000140 R09: 000000000000001c
[ 1599.527073][T25857] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002
[ 1599.527080][T25857] R13: 00007fd7e6c16038 R14: 00007fd7e6c15fa0 R15: 00007fd7e6d3fa48
[ 1599.527100][T25857]  </TASK>
[ 1599.864820][T18338] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1599.970752][ T5915] usb 4-1: config index 0 descriptor too short (expected 65535, got 36)
[ 1599.979708][ T5915] usb 4-1: config 127 has too many interfaces: 255, using maximum allowed: 32
[ 1599.989227][ T5915] usb 4-1: config 127 has 1 interface, different from the descriptor's value: 255
[ 1599.999005][ T5915] usb 4-1: config 127 has no interface number 0
[ 1600.005317][ T5915] usb 4-1: config 127 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[ 1600.017904][ T5915] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice= 0.40
[ 1600.027622][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1600.096256][T18338] usb 5-1: device descriptor read/64, error -71
[ 1600.110482][   T30] kauditd_printk_skb: 111 callbacks suppressed
[ 1600.110501][   T30] audit: type=1326 audit(1774453289.514:4819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.206905][T18338] usb usb5-port1: attempt power cycle
[ 1600.250921][ T5915] usb 4-1: string descriptor 0 read error: -71
[ 1600.274528][ T5915] ttusbir 4-1:127.2: cannot find expected altsetting
[ 1600.383636][ T5915] usb 4-1: USB disconnect, device number 47
[ 1600.447600][   T30] audit: type=1326 audit(1774453289.544:4820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.473314][T25871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5781'.
[ 1600.482523][T25871] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5781'.
[ 1600.506570][T25871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5781'.
[ 1600.526233][T25871] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5781'.
[ 1600.546171][T18338] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1600.567383][T18338] usb 5-1: device descriptor read/8, error -71
[ 1600.611748][   T30] audit: type=1326 audit(1774453289.544:4821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.680117][   T30] audit: type=1326 audit(1774453289.544:4822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.740675][   T30] audit: type=1326 audit(1774453289.544:4823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.796381][   T30] audit: type=1326 audit(1774453289.544:4824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.819453][T18338] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1600.846777][T18338] usb 5-1: device descriptor read/8, error -71
[ 1600.868597][   T30] audit: type=1326 audit(1774453289.544:4825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.936881][   T30] audit: type=1326 audit(1774453289.544:4826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1600.962923][T18338] usb usb5-port1: unable to enumerate USB device
[ 1600.997708][   T30] audit: type=1326 audit(1774453289.544:4827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1601.074454][   T30] audit: type=1326 audit(1774453289.544:4828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25865 comm="syz.6.5779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1602.042945][T25894] kvm: pic: level sensitive irq not supported
[ 1602.043028][T25894] kvm: pic: non byte read
[ 1602.058721][T25893] kvm: pic: level sensitive irq not supported
[ 1602.058793][T25893] kvm: pic: non byte read
[ 1602.069940][T25893] kvm: pic: level sensitive irq not supported
[ 1602.070004][T25893] kvm: pic: non byte read
[ 1602.091255][T25893] kvm: pic: level sensitive irq not supported
[ 1602.091320][T25893] kvm: pic: non byte read
[ 1602.102987][T25894] kvm: pic: level sensitive irq not supported
[ 1602.103051][T25894] kvm: pic: non byte read
[ 1602.132295][T25894] kvm: pic: level sensitive irq not supported
[ 1602.144430][T25894] kvm: pic: non byte read
[ 1602.289618][T25893] kvm: pic: level sensitive irq not supported
[ 1602.344932][T25893] kvm: pic: non byte read
[ 1602.416638][T25894] kvm: pic: level sensitive irq not supported
[ 1602.416715][T25894] kvm: pic: non byte read
[ 1602.440549][T25894] kvm: pic: level sensitive irq not supported
[ 1602.440612][T25894] kvm: pic: non byte read
[ 1602.459393][T25898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1602.489652][T25898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1602.499260][T25893] kvm: pic: level sensitive irq not supported
[ 1602.499324][T25893] kvm: pic: non byte read
[ 1602.537951][T25898] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1602.865467][T25900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5789'.
[ 1602.926191][T25900] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1603.129344][T25900] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1604.433448][T25932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5792'.
[ 1604.551704][T25932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5792'.
[ 1604.581632][T25932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5792'.
[ 1604.608214][T25932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5792'.
[ 1604.948813][ T5935] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 1605.295159][ T5935] usb 5-1: Using ep0 maxpacket: 8
[ 1605.305345][ T5935] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1605.500385][ T5935] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1605.534416][ T5935] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1605.652165][ T5935] usb 5-1: New USB device found, idVendor=1235, idProduct=8213, bcdDevice= 0.40
[ 1605.662863][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1605.680922][ T5935] usb 5-1: Product: syz
[ 1605.696237][ T5935] usb 5-1: Manufacturer: syz
[ 1605.708835][ T5935] usb 5-1: SerialNumber: syz
[ 1605.927961][T25939] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5799'.
[ 1606.032320][T25952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1606.052116][T25952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1606.400013][ T5886] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1606.575262][ T5886] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1606.598992][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1606.623864][ T5886] usb 3-1: Product: syz
[ 1606.637478][ T5886] usb 3-1: Manufacturer: syz
[ 1606.656289][ T5886] usb 3-1: SerialNumber: syz
[ 1606.687370][ T5886] usb 3-1: config 0 descriptor??
[ 1606.806230][T25960] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1606.969748][ T5886] usb 3-1: USB disconnect, device number 38
[ 1607.956543][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.962914][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.989929][ T5935] usb 5-1: USB disconnect, device number 17
[ 1608.057275][   T30] kauditd_printk_skb: 62 callbacks suppressed
[ 1608.057295][   T30] audit: type=1326 audit(1774453297.454:4891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.140522][   T30] audit: type=1326 audit(1774453297.454:4892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.180880][T25977] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1608.218525][   T30] audit: type=1326 audit(1774453297.454:4893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.291028][   T30] audit: type=1326 audit(1774453297.454:4894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.304264][T25979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5810'.
[ 1608.352560][T25979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5810'.
[ 1608.360405][   T30] audit: type=1326 audit(1774453297.454:4895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.385049][T25979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5810'.
[ 1608.421618][   T30] audit: type=1326 audit(1774453297.454:4896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.422807][T25979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5810'.
[ 1608.514771][   T30] audit: type=1326 audit(1774453297.454:4897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.564854][T25986] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5812'.
[ 1608.594758][   T30] audit: type=1326 audit(1774453297.454:4898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.599890][T25989] FAULT_INJECTION: forcing a failure.
[ 1608.599890][T25989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1608.661041][   T30] audit: type=1326 audit(1774453297.454:4899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1608.671239][T25989] CPU: 1 UID: 0 PID: 25989 Comm: syz.0.5813 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1608.671271][T25989] Tainted: [L]=SOFTLOCKUP
[ 1608.671279][T25989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1608.671289][T25989] Call Trace:
[ 1608.671298][T25989]  <TASK>
[ 1608.671306][T25989]  dump_stack_lvl+0xe8/0x150
[ 1608.671337][T25989]  should_fail_ex+0x412/0x560
[ 1608.671369][T25989]  _copy_from_user+0x2d/0xb0
[ 1608.671391][T25989]  ___sys_sendmsg+0x1c6/0x360
[ 1608.671418][T25989]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1608.671471][T25989]  ? __fget_files+0x2a/0x420
[ 1608.671497][T25989]  ? __fget_files+0x3a0/0x420
[ 1608.671532][T25989]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1608.671557][T25989]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1608.671587][T25989]  ? __pfx_ksys_write+0x10/0x10
[ 1608.671626][T25989]  do_syscall_64+0x14d/0xf80
[ 1608.671647][T25989]  ? trace_irq_disable+0x3b/0x150
[ 1608.671673][T25989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1608.671692][T25989]  ? clear_bhb_loop+0x40/0x90
[ 1608.671714][T25989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1608.671733][T25989] RIP: 0033:0x7f35bb19c799
[ 1608.671751][T25989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1608.671768][T25989] RSP: 002b:00007f35bc144028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1608.671790][T25989] RAX: ffffffffffffffda RBX: 00007f35bb415fa0 RCX: 00007f35bb19c799
[ 1608.671803][T25989] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[ 1608.671815][T25989] RBP: 00007f35bc144090 R08: 0000000000000000 R09: 0000000000000000
[ 1608.671827][T25989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1608.671838][T25989] R13: 00007f35bb416038 R14: 00007f35bb415fa0 R15: 00007f35bb53fa48
[ 1608.671866][T25989]  </TASK>
[ 1608.795716][ T5886] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[ 1608.835964][   T30] audit: type=1326 audit(1774453297.454:4900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25971 comm="syz.4.5808" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1609.158138][ T5886] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1609.189786][ T5886] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1609.240983][ T5886] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[ 1609.266998][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1609.314898][ T5886] usb 3-1: Product: syz
[ 1609.350380][ T5886] usb 3-1: Manufacturer: syz
[ 1609.355046][ T5886] usb 3-1: SerialNumber: syz
[ 1609.393138][ T5886] usb 3-1: config 0 descriptor??
[ 1609.412587][ T5886] ims_pcu 3-1:0.0: Missing CDC union descriptor
[ 1609.427624][ T5886] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[ 1609.440660][T26008] netlink: 'syz.4.5819': attribute type 1 has an invalid length.
[ 1609.472848][T26009] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5818'.
[ 1609.524829][T26012] bond2: (slave geneve2): making interface the new active one
[ 1609.595458][T26012] bond2: (slave geneve2): Enslaving as an active interface with an up link
[ 1609.677800][T17619] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1609.690935][T17619] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1609.714346][ T5886] usb 3-1: USB disconnect, device number 39
[ 1609.756418][T17619] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1610.605837][ T5935] usb 7-1: new high-speed USB device number 53 using dummy_hcd
[ 1610.642982][T26029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5824'.
[ 1610.775898][ T5935] usb 7-1: Using ep0 maxpacket: 32
[ 1610.783234][ T5935] usb 7-1: config 0 has an invalid interface number: 14 but max is 0
[ 1610.817382][ T5935] usb 7-1: config 0 has no interface number 0
[ 1610.823543][ T5935] usb 7-1: config 0 interface 14 has no altsetting 0
[ 1610.874666][ T5935] usb 7-1: New USB device found, idVendor=04b3, idProduct=4001, bcdDevice= 1.10
[ 1610.911550][ T5935] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1610.961418][ T5935] usb 7-1: Product: syz
[ 1610.981909][ T5935] usb 7-1: Manufacturer: syz
[ 1610.999511][ T5935] usb 7-1: SerialNumber: syz
[ 1611.041975][ T5935] usb 7-1: config 0 descriptor??
[ 1611.877960][ T5886] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1612.217412][ T5886] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1612.229172][ T5886] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1612.266860][ T5886] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1612.299358][T26050] x_tables: duplicate underflow at hook 2
[ 1612.307021][ T5886] usb 3-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[ 1612.340223][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1612.370481][ T5886] usb 3-1: Product: syz
[ 1612.374757][ T5886] usb 3-1: Manufacturer: syz
[ 1612.407434][ T5886] usb 3-1: SerialNumber: syz
[ 1612.459994][ T5886] usb 3-1: config 0 descriptor??
[ 1612.475681][ T5886] uvcvideo 3-1:0.0: probe with driver uvcvideo failed with error -22
[ 1612.678753][ T5886] usb 3-1: USB disconnect, device number 40
[ 1612.859080][T26054] pic_ioport_write: 194 callbacks suppressed
[ 1612.859102][T26054] kvm: pic: level sensitive irq not supported
[ 1612.879048][T26054] picdev_read: 194 callbacks suppressed
[ 1612.879071][T26054] kvm: pic: non byte read
[ 1612.899897][T26054] kvm: pic: level sensitive irq not supported
[ 1612.899989][T26054] kvm: pic: non byte read
[ 1612.938364][ T5935] usb-storage 7-1:0.14: USB Mass Storage device detected
[ 1612.966973][T26054] kvm: pic: level sensitive irq not supported
[ 1612.967060][T26054] kvm: pic: non byte read
[ 1613.001891][T26054] kvm: pic: level sensitive irq not supported
[ 1613.001956][T26054] kvm: pic: non byte read
[ 1613.017740][ T5935] usb-storage 7-1:0.14: Quirks match for vid 04b3 pid 4001: 2000
[ 1613.032059][T26063] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5832'.
[ 1613.044175][T26054] kvm: pic: level sensitive irq not supported
[ 1613.044264][T26054] kvm: pic: non byte read
[ 1613.060511][T26054] kvm: pic: level sensitive irq not supported
[ 1613.060607][T26054] kvm: pic: non byte read
[ 1613.079113][T26054] kvm: pic: level sensitive irq not supported
[ 1613.079206][T26054] kvm: pic: non byte read
[ 1613.099415][T26054] kvm: pic: level sensitive irq not supported
[ 1613.099478][T26054] kvm: pic: non byte read
[ 1613.115420][T26054] kvm: pic: level sensitive irq not supported
[ 1613.115512][T26054] kvm: pic: non byte read
[ 1613.182792][T26054] kvm: pic: level sensitive irq not supported
[ 1613.183051][T26054] kvm: pic: non byte read
[ 1613.200727][ T5935] usb 7-1: USB disconnect, device number 53
[ 1614.027537][T26086] trusted_key: encrypted_key: insufficient parameters specified
[ 1614.226791][T26079] hub 1-0:1.0: USB hub found
[ 1614.232318][T26079] hub 1-0:1.0: 1 port detected
[ 1614.288072][   T30] kauditd_printk_skb: 192 callbacks suppressed
[ 1614.288089][   T30] audit: type=1326 audit(1774453303.684:5093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1614.423727][   T30] audit: type=1326 audit(1774453303.684:5094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1614.505196][   T30] audit: type=1326 audit(1774453303.684:5095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1614.570266][   T30] audit: type=1326 audit(1774453303.684:5096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1614.678574][   T30] audit: type=1326 audit(1774453303.684:5097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1614.828055][   T30] audit: type=1326 audit(1774453303.684:5098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1614.982159][   T30] audit: type=1326 audit(1774453303.684:5099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1615.081346][   T30] audit: type=1326 audit(1774453303.684:5100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1615.316618][   T30] audit: type=1326 audit(1774453303.684:5101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1615.393939][   T30] audit: type=1326 audit(1774453303.684:5102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26087 comm="syz.6.5839" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd7e699c799 code=0x7ffc0000
[ 1615.452208][T26099] Invalid argument reading file caps for ./file0
[ 1615.963973][T26107] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1616.233597][T26114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5848'.
[ 1616.438609][T26122] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[ 1617.725186][T26137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5854'.
[ 1617.736175][T26137] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5854'.
[ 1618.067924][T26141] trusted_key: encrypted_key: insufficient parameters specified
[ 1618.170244][T10204] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[ 1618.447066][T26160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5858'.
[ 1618.745919][T26165] netlink: 'syz.6.5863': attribute type 9 has an invalid length.
[ 1618.977780][T26165] bond_slave_0: entered promiscuous mode
[ 1618.983930][T26165] bond_slave_1: entered promiscuous mode
[ 1619.069751][T26165] macvlan2: entered promiscuous mode
[ 1619.093238][T26165] bond0: entered promiscuous mode
[ 1619.134849][T26165] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1619.431813][T26171] FAULT_INJECTION: forcing a failure.
[ 1619.431813][T26171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1619.487232][T26171] CPU: 0 UID: 0 PID: 26171 Comm: syz.0.5864 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1619.487267][T26171] Tainted: [L]=SOFTLOCKUP
[ 1619.487276][T26171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1619.487288][T26171] Call Trace:
[ 1619.487297][T26171]  <TASK>
[ 1619.487306][T26171]  dump_stack_lvl+0xe8/0x150
[ 1619.487342][T26171]  should_fail_ex+0x412/0x560
[ 1619.487378][T26171]  _copy_to_user+0x31/0xb0
[ 1619.487404][T26171]  simple_read_from_buffer+0xe1/0x170
[ 1619.487439][T26171]  proc_fail_nth_read+0x1bb/0x230
[ 1619.487472][T26171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1619.487503][T26171]  ? rw_verify_area+0x2a6/0x4d0
[ 1619.487526][T26171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1619.487555][T26171]  vfs_read+0x20c/0xa70
[ 1619.487576][T26171]  ? fdget_pos+0x246/0x320
[ 1619.487592][T26171]  ? ksys_write+0x1e6/0x270
[ 1619.487618][T26171]  ? __pfx___mutex_lock+0x10/0x10
[ 1619.487645][T26171]  ? __pfx_vfs_read+0x10/0x10
[ 1619.487669][T26171]  ? __fget_files+0x2a/0x420
[ 1619.487704][T26171]  ? __fget_files+0x3a0/0x420
[ 1619.487732][T26171]  ? __fget_files+0x2a/0x420
[ 1619.487772][T26171]  ksys_read+0x150/0x270
[ 1619.487805][T26171]  ? __pfx_ksys_read+0x10/0x10
[ 1619.487840][T26171]  do_syscall_64+0x14d/0xf80
[ 1619.487863][T26171]  ? trace_irq_disable+0x3b/0x150
[ 1619.487898][T26171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1619.487920][T26171]  ? clear_bhb_loop+0x40/0x90
[ 1619.487946][T26171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1619.487966][T26171] RIP: 0033:0x7f35bb15cfce
[ 1619.487987][T26171] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1619.488004][T26171] RSP: 002b:00007f35bc143fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1619.488028][T26171] RAX: ffffffffffffffda RBX: 00007f35bc1446c0 RCX: 00007f35bb15cfce
[ 1619.488044][T26171] RDX: 000000000000000f RSI: 00007f35bc1440a0 RDI: 0000000000000008
[ 1619.488057][T26171] RBP: 00007f35bc144090 R08: 0000000000000000 R09: 0000000000000000
[ 1619.488070][T26171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1619.488082][T26171] R13: 00007f35bb416038 R14: 00007f35bb415fa0 R15: 00007f35bb53fa48
[ 1619.488116][T26171]  </TASK>
[ 1620.233184][   T30] kauditd_printk_skb: 49 callbacks suppressed
[ 1620.233199][   T30] audit: type=1326 audit(1774453309.634:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1620.431626][T26187] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1620.446263][   T30] audit: type=1326 audit(1774453309.634:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1620.486392][T26190] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5869'.
[ 1620.548079][   T30] audit: type=1326 audit(1774453309.634:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1620.581149][   T30] audit: type=1326 audit(1774453309.634:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1620.712563][   T30] audit: type=1326 audit(1774453309.634:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1621.139604][   T30] audit: type=1326 audit(1774453309.634:5157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1621.426651][   T30] audit: type=1326 audit(1774453309.634:5158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1621.756585][   T30] audit: type=1326 audit(1774453309.634:5159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1621.893748][   T30] audit: type=1326 audit(1774453309.634:5160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1622.009614][T26204] fuse: Unknown parameter ''
[ 1622.087011][   T30] audit: type=1326 audit(1774453309.634:5161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26178 comm="syz.2.5866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1622.417810][T26211] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1622.445186][T26211] netlink: 104 bytes leftover after parsing attributes in process `syz.2.5874'.
[ 1623.046027][T26217] netlink: 'syz.6.5877': attribute type 10 has an invalid length.
[ 1623.559679][T26229] trusted_key: encrypted_key: insufficient parameters specified
[ 1623.911664][T26221] lo: Caught tx_queue_len zero misconfig
[ 1623.917715][T26221] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1625.097919][T26243] FAULT_INJECTION: forcing a failure.
[ 1625.097919][T26243] name failslab, interval 1, probability 0, space 0, times 0
[ 1625.217208][T26243] CPU: 1 UID: 0 PID: 26243 Comm: syz.3.5883 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1625.217242][T26243] Tainted: [L]=SOFTLOCKUP
[ 1625.217250][T26243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1625.217262][T26243] Call Trace:
[ 1625.217271][T26243]  <TASK>
[ 1625.217281][T26243]  dump_stack_lvl+0xe8/0x150
[ 1625.217317][T26243]  should_fail_ex+0x412/0x560
[ 1625.217352][T26243]  should_failslab+0xa8/0x100
[ 1625.217379][T26243]  ? skb_clone+0x212/0x3a0
[ 1625.217404][T26243]  kmem_cache_alloc_noprof+0x87/0x650
[ 1625.217426][T26243]  ? __netlink_lookup+0xc6/0x8b0
[ 1625.217455][T26243]  skb_clone+0x212/0x3a0
[ 1625.217485][T26243]  __netlink_deliver_tap+0x404/0x850
[ 1625.217527][T26243]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1625.217559][T26243]  netlink_deliver_tap+0x19c/0x1b0
[ 1625.217591][T26243]  netlink_unicast+0x7e3/0x9b0
[ 1625.217627][T26243]  ? __pfx_netlink_unicast+0x10/0x10
[ 1625.217658][T26243]  ? netlink_sendmsg+0x650/0xb40
[ 1625.217676][T26243]  ? skb_put+0x11b/0x210
[ 1625.217701][T26243]  netlink_sendmsg+0x813/0xb40
[ 1625.217730][T26243]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1625.217763][T26243]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1625.217796][T26243]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1625.217822][T26243]  ____sys_sendmsg+0x972/0x9f0
[ 1625.217858][T26243]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1625.217890][T26243]  ? import_iovec+0x73/0xa0
[ 1625.217917][T26243]  ___sys_sendmsg+0x2a5/0x360
[ 1625.217948][T26243]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1625.218010][T26243]  ? __fget_files+0x2a/0x420
[ 1625.218039][T26243]  ? __fget_files+0x3a0/0x420
[ 1625.218079][T26243]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1625.218107][T26243]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1625.218140][T26243]  ? __pfx_ksys_write+0x10/0x10
[ 1625.218177][T26243]  do_syscall_64+0x14d/0xf80
[ 1625.218199][T26243]  ? trace_irq_disable+0x3b/0x150
[ 1625.218228][T26243]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1625.218250][T26243]  ? clear_bhb_loop+0x40/0x90
[ 1625.218275][T26243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1625.218296][T26243] RIP: 0033:0x7fcf56d9c799
[ 1625.218316][T26243] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1625.218334][T26243] RSP: 002b:00007fcf57c1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1625.218356][T26243] RAX: ffffffffffffffda RBX: 00007fcf57015fa0 RCX: 00007fcf56d9c799
[ 1625.218371][T26243] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000003
[ 1625.218385][T26243] RBP: 00007fcf57c1e090 R08: 0000000000000000 R09: 0000000000000000
[ 1625.218397][T26243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1625.218409][T26243] R13: 00007fcf57016038 R14: 00007fcf57015fa0 R15: 00007fcf5713fa48
[ 1625.218443][T26243]  </TASK>
[ 1626.156461][T26245] Invalid argument reading file caps for ./file0
[ 1626.426572][ T5915] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1626.600761][ T5915] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1626.612382][ T5915] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1626.639417][T26257] netlink: 'syz.0.5889': attribute type 16 has an invalid length.
[ 1626.651821][T26257] netlink: 27010 bytes leftover after parsing attributes in process `syz.0.5889'.
[ 1626.664937][ T5915] usb 4-1: New USB device found, idVendor=041e, idProduct=323b, bcdDevice= 0.40
[ 1626.676215][T18338] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1626.699567][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1626.722003][T26257] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1626.731493][ T5915] usb 4-1: Product: syz
[ 1626.737447][ T5915] usb 4-1: Manufacturer: syz
[ 1626.743371][ T5915] usb 4-1: SerialNumber: syz
[ 1626.836591][T18338] usb 3-1: Using ep0 maxpacket: 16
[ 1626.853080][T18338] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1626.869536][T18338] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1626.888631][T18338] usb 3-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1626.903352][T18338] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1626.930328][T18338] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[ 1626.946203][T18338] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1626.954282][T18338] usb 3-1: Product: syz
[ 1626.981244][T18338] usb 3-1: Manufacturer: syz
[ 1626.998203][T18338] usb 3-1: SerialNumber: syz
[ 1627.003652][ T5915] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[ 1627.018769][ T5915] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1627.041478][T18338] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input139
[ 1627.074083][   T30] kauditd_printk_skb: 67 callbacks suppressed
[ 1627.074105][   T30] audit: type=1326 audit(1774453316.474:5229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.126754][T26265] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1627.139912][ T5915] usb 4-1: USB disconnect, device number 49
[ 1627.147846][   T30] audit: type=1326 audit(1774453316.474:5230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.174306][   T30] audit: type=1326 audit(1774453316.514:5231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.204026][   T30] audit: type=1326 audit(1774453316.514:5232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.231780][   T30] audit: type=1326 audit(1774453316.514:5233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.236868][ T5179] bcm5974 3-1:1.0: could not read from device
[ 1627.257212][   T30] audit: type=1326 audit(1774453316.514:5234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.353082][   T30] audit: type=1326 audit(1774453316.524:5235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.411851][   T30] audit: type=1326 audit(1774453316.524:5236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.444166][ T5179] bcm5974 3-1:1.0: could not read from device
[ 1627.484884][T18338] usb 3-1: USB disconnect, device number 41
[ 1627.492131][   T30] audit: type=1326 audit(1774453316.524:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.523668][   T30] audit: type=1326 audit(1774453316.524:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26264 comm="syz.4.5892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1627.646225][T26277] macvlan2: left promiscuous mode
[ 1627.653946][T26277] bond0: left promiscuous mode
[ 1627.935071][T26281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5898'.
[ 1627.945291][T26281] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5898'.
[ 1628.065558][T26286] trusted_key: encrypted_key: insufficient parameters specified
[ 1628.913606][T26295] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5900'.
[ 1630.259174][T26307] pic_ioport_write: 129 callbacks suppressed
[ 1630.259198][T26307] kvm: pic: level sensitive irq not supported
[ 1630.265531][T26307] picdev_read: 129 callbacks suppressed
[ 1630.265553][T26307] kvm: pic: non byte read
[ 1630.285789][T10204] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1630.483656][T26315] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1630.536715][T10204] usb 4-1: config 0 has an invalid descriptor of length 221, skipping remainder of the config
[ 1630.547206][T10204] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1630.657885][T10204] usb 4-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[ 1630.667791][T10204] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1630.701594][T10204] usb 4-1: config 0 descriptor??
[ 1631.078197][T10204] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1631.583249][T26302] xt_l2tp: v2 doesn't support IP mode
[ 1631.589254][T26302] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5903'.
[ 1632.204642][T26328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5911'.
[ 1632.221471][T26329] tipc: Started in network mode
[ 1632.236219][T26329] tipc: Node identity 080211, cluster identity 4711
[ 1632.243022][T26329] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1632.296756][T26328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5911'.
[ 1632.316412][T26332] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode
[ 1632.331930][T26332] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[ 1632.367183][T26332] tipc: Resetting bearer <eth:syzkaller0>
[ 1632.374670][T25088] tipc: Resetting bearer <eth:syzkaller0>
[ 1632.695440][   T30] kauditd_printk_skb: 258 callbacks suppressed
[ 1632.695459][   T30] audit: type=1326 audit(1774453322.094:5497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1632.740283][   T30] audit: type=1326 audit(1774453322.094:5498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1632.812545][   T30] audit: type=1326 audit(1774453322.104:5499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1632.816160][T10221] usb 4-1: USB disconnect, device number 50
[ 1632.872566][   T30] audit: type=1326 audit(1774453322.104:5500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1632.900382][   T30] audit: type=1326 audit(1774453322.104:5501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1632.929709][   T30] audit: type=1326 audit(1774453322.104:5502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1632.953575][   T30] audit: type=1326 audit(1774453322.134:5503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1633.001540][T10204] usb 7-1: new full-speed USB device number 54 using dummy_hcd
[ 1633.064998][   T30] audit: type=1326 audit(1774453322.134:5504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1633.103767][   T30] audit: type=1326 audit(1774453322.134:5505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1633.225485][T10204] usb 7-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1633.263085][T10204] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1633.284885][   T30] audit: type=1326 audit(1774453322.134:5506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26337 comm="syz.0.5915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x0
[ 1633.307968][T10204] usb 7-1: Product: syz
[ 1633.314562][T10204] usb 7-1: Manufacturer: syz
[ 1633.348324][T10204] usb 7-1: SerialNumber: syz
[ 1633.356336][T10221] tipc: Node number set to 134353152
[ 1633.596358][T10204] usb 7-1: config 0 descriptor??
[ 1633.615337][T10204] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1634.076182][T26358] xt_cgroup: invalid path, errno=-2
[ 1634.375992][T10204] gspca_stk1135: reg_w 0x0 err -110
[ 1634.382519][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1634.392747][T10204] gspca_stk1135: Sensor write failed
[ 1634.403810][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1634.700001][T10204] gspca_stk1135: Sensor write failed
[ 1634.731847][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1634.773525][T10204] gspca_stk1135: Sensor read failed
[ 1634.790908][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1634.818774][T10204] gspca_stk1135: Sensor read failed
[ 1634.840817][T10204] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1634.868988][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1634.903257][T10204] gspca_stk1135: Sensor read failed
[ 1634.924318][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1634.965141][T10204] gspca_stk1135: Sensor read failed
[ 1634.980790][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.011247][T10204] gspca_stk1135: Sensor write failed
[ 1635.034818][T10204] gspca_stk1135: serial bus timeout: status=0x00
[ 1635.182189][T10204] gspca_stk1135: Sensor write failed
[ 1635.212769][T10204] stk1135 7-1:0.0: probe with driver stk1135 failed with error -110
[ 1635.585185][T26372] kvm: pic: level sensitive irq not supported
[ 1635.585292][T26372] kvm: pic: non byte read
[ 1635.865530][T10204] usb 7-1: USB disconnect, device number 54
[ 1635.956496][T26379] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1637.085904][T26386] tipc: Started in network mode
[ 1637.090862][T26386] tipc: Node identity 0a9fe3324e6b, cluster identity 4711
[ 1637.140984][T26386] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1637.212341][T26388] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5925'.
[ 1637.266814][T26384] tipc: Disabling bearer <eth:syzkaller0>
[ 1637.316714][T26388] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5925'.
[ 1637.855845][ T5886] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1638.006022][ T5886] usb 3-1: Using ep0 maxpacket: 8
[ 1638.015469][ T5886] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 15
[ 1638.043049][ T5886] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6
[ 1638.130115][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 255, changing to 11
[ 1638.174552][ T5886] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 41728, setting to 1024
[ 1638.212743][ T5886] usb 3-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[ 1638.245059][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1638.288087][ T5886] usb 3-1: Product: syz
[ 1638.302429][ T5886] usb 3-1: Manufacturer: syz
[ 1638.313028][ T5886] usb 3-1: SerialNumber: syz
[ 1638.490989][ T5886] usb 3-1: config 0 descriptor??
[ 1638.541584][T26406] program syz.4.5928 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1638.573223][T26406] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1638.593126][T26408] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1638.618399][ T5886] powermate 3-1:0.0: probe with driver powermate failed with error -5
[ 1638.836613][T26393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5927'.
[ 1639.244907][T26415] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5932'.
[ 1639.385910][T26415] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5932'.
[ 1639.434627][   T30] kauditd_printk_skb: 66 callbacks suppressed
[ 1639.434657][   T30] audit: type=1326 audit(1774453328.834:5573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26411 comm="syz.0.5932" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x0
[ 1639.547022][T10221] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[ 1639.584469][T18338] usb 3-1: USB disconnect, device number 42
[ 1639.716018][T10221] usb 7-1: Using ep0 maxpacket: 8
[ 1639.740184][T10221] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1639.763706][T10221] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1639.793436][T10221] usb 7-1: Product: syz
[ 1639.816995][T10221] usb 7-1: Manufacturer: syz
[ 1639.821611][T10221] usb 7-1: SerialNumber: syz
[ 1639.855928][T10221] usb 7-1: config 0 descriptor??
[ 1639.882463][T26422] tipc: Started in network mode
[ 1639.890044][T26422] tipc: Node identity 080211, cluster identity 4711
[ 1639.897723][T26422] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1640.273787][T10221] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1640.307121][T26429] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1640.559020][T26438] QAT: failed to copy from user.
[ 1640.729116][T14552] Bluetooth: hci4: command 0x0406 tx timeout
[ 1640.778546][   T10] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1640.820037][T10221] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1640.854614][T10221] usb 7-1: USB disconnect, device number 55
[ 1640.946169][   T10] usb 4-1: Using ep0 maxpacket: 32
[ 1640.953393][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1640.988121][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1641.016054][T18338] tipc: Node number set to 134353152
[ 1641.024697][   T10] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1641.052718][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1641.079511][   T10] usb 4-1: config 0 descriptor??
[ 1641.101459][   T10] hub 4-1:0.0: USB hub found
[ 1641.317730][   T10] hub 4-1:0.0: config failed, can't read hub descriptor (err -90)
[ 1641.339283][T26441] kvm: pic: level sensitive irq not supported
[ 1641.339370][T26441] kvm: pic: non byte read
[ 1641.386288][T26441] kvm: pic: level sensitive irq not supported
[ 1641.386378][T26441] kvm: pic: non byte read
[ 1641.436003][T26441] kvm: pic: level sensitive irq not supported
[ 1641.436091][T26441] kvm: pic: non byte read
[ 1641.489756][T26441] kvm: pic: level sensitive irq not supported
[ 1641.495987][T26441] kvm: pic: non byte read
[ 1641.516671][T26441] kvm: pic: level sensitive irq not supported
[ 1641.529436][T26441] kvm: pic: non byte read
[ 1641.547957][T26441] kvm: pic: level sensitive irq not supported
[ 1641.548045][T26441] kvm: pic: non byte read
[ 1641.670032][T26441] kvm: pic: level sensitive irq not supported
[ 1641.670123][T26441] kvm: pic: non byte read
[ 1641.701632][T26441] kvm: pic: level sensitive irq not supported
[ 1641.701715][T26441] kvm: pic: non byte read
[ 1641.925417][   T10] hid-generic 0003:046D:C31C.0033: item fetching failed at offset 0/1
[ 1641.945212][   T10] hid-generic 0003:046D:C31C.0033: probe with driver hid-generic failed with error -22
[ 1641.969118][T26441] kvm: pic: level sensitive irq not supported
[ 1641.969185][T26441] kvm: pic: non byte read
[ 1641.987310][   T10] usb 4-1: USB disconnect, device number 51
[ 1642.015565][T26441] kvm: pic: level sensitive irq not supported
[ 1642.016480][T26441] kvm: pic: non byte read
[ 1642.110451][T26446] FAULT_INJECTION: forcing a failure.
[ 1642.110451][T26446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1642.189252][T26446] CPU: 0 UID: 0 PID: 26446 Comm: syz.6.5942 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1642.189286][T26446] Tainted: [L]=SOFTLOCKUP
[ 1642.189294][T26446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1642.189307][T26446] Call Trace:
[ 1642.189316][T26446]  <TASK>
[ 1642.189326][T26446]  dump_stack_lvl+0xe8/0x150
[ 1642.189359][T26446]  should_fail_ex+0x412/0x560
[ 1642.189395][T26446]  _copy_from_iter+0x1d3/0x1670
[ 1642.189431][T26446]  ? rcu_is_watching+0x15/0xb0
[ 1642.189467][T26446]  ? __pfx__copy_from_iter+0x10/0x10
[ 1642.189507][T26446]  ? netlink_sendmsg+0x650/0xb40
[ 1642.189535][T26446]  ? skb_put+0x11b/0x210
[ 1642.189561][T26446]  netlink_sendmsg+0x6c0/0xb40
[ 1642.189589][T26446]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1642.189613][T26446]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1642.189644][T26446]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1642.189671][T26446]  ____sys_sendmsg+0x972/0x9f0
[ 1642.189705][T26446]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1642.189737][T26446]  ? import_iovec+0x73/0xa0
[ 1642.189763][T26446]  ___sys_sendmsg+0x2a5/0x360
[ 1642.189792][T26446]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1642.189846][T26446]  ? __fget_files+0x2a/0x420
[ 1642.189875][T26446]  ? __fget_files+0x3a0/0x420
[ 1642.189914][T26446]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1642.189940][T26446]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1642.189973][T26446]  ? __pfx_ksys_write+0x10/0x10
[ 1642.190007][T26446]  do_syscall_64+0x14d/0xf80
[ 1642.190029][T26446]  ? trace_irq_disable+0x3b/0x150
[ 1642.190055][T26446]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1642.190074][T26446]  ? clear_bhb_loop+0x40/0x90
[ 1642.190097][T26446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1642.190116][T26446] RIP: 0033:0x7fd7e699c799
[ 1642.190134][T26446] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1642.190152][T26446] RSP: 002b:00007fd7e78bc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1642.190175][T26446] RAX: ffffffffffffffda RBX: 00007fd7e6c15fa0 RCX: 00007fd7e699c799
[ 1642.190189][T26446] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1642.190202][T26446] RBP: 00007fd7e78bc090 R08: 0000000000000000 R09: 0000000000000000
[ 1642.190213][T26446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1642.190226][T26446] R13: 00007fd7e6c16038 R14: 00007fd7e6c15fa0 R15: 00007fd7e6d3fa48
[ 1642.190257][T26446]  </TASK>
[ 1643.161009][T26461] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1644.184192][T26473] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1645.183162][ T5886] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1645.451364][T26495] QAT: failed to copy from user.
[ 1645.499387][T26496] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1645.506448][ T5886] usb 3-1: Using ep0 maxpacket: 32
[ 1645.536810][ T5886] usb 3-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=52.85
[ 1645.546436][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[ 1645.560538][ T5886] usb 3-1: Manufacturer: syz
[ 1645.570441][T26498] syzkaller0: entered promiscuous mode
[ 1645.589194][ T5886] usb 3-1: config 0 descriptor??
[ 1645.596585][T26498] syzkaller0: entered allmulticast mode
[ 1645.670976][ T5886] usb_8dev 3-1:0.0 can0: sending command message failed
[ 1645.678767][T26494] tipc: Resetting bearer <eth:syzkaller0>
[ 1645.720492][ T5886] usb_8dev 3-1:0.0 can0: can't get firmware version
[ 1645.745931][T26494] tipc: Disabling bearer <eth:syzkaller0>
[ 1645.817509][T26483] netlink: 45 bytes leftover after parsing attributes in process `syz.2.5956'.
[ 1645.894175][ T5886] usb_8dev 3-1:0.0: probe with driver usb_8dev failed with error -22
[ 1645.936667][ T5886] usb 3-1: USB disconnect, device number 43
[ 1646.122254][T26505] delete_channel: no stack
[ 1646.316059][T26507] syz.4.5962 (26507) used obsolete PPPIOCDETACH ioctl
[ 1646.412092][T26507] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5962'.
[ 1646.745737][ T5886] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 1647.240020][ T5886] usb 5-1: Using ep0 maxpacket: 32
[ 1647.248945][ T5886] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1647.261208][ T5886] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1647.270736][ T5886] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[ 1647.286338][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1647.507395][ T5886] usb 5-1: config 0 descriptor??
[ 1648.309428][ T5935] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1648.481247][   T30] audit: type=1326 audit(1774453337.884:5574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1648.515059][ T5935] usb 4-1: Using ep0 maxpacket: 32
[ 1648.626975][   T30] audit: type=1326 audit(1774453337.884:5575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1648.688078][ T5935] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1648.707900][ T5935] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[ 1648.832510][ T5886] usbhid 5-1:0.0: can't add hid device: -71
[ 1648.852455][ T5886] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1649.030995][   T30] audit: type=1326 audit(1774453337.894:5576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.061455][ T5935] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1649.074150][ T5886] usb 5-1: USB disconnect, device number 18
[ 1649.097773][ T5935] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1649.162601][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1649.208401][   T30] audit: type=1326 audit(1774453337.894:5577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.252042][ T5935] usb 4-1: Product: syz
[ 1649.316251][ T5935] usb 4-1: Manufacturer: syz
[ 1649.321052][ T5935] usb 4-1: SerialNumber: syz
[ 1649.331543][ T5935] usb 4-1: config 0 descriptor??
[ 1649.346287][   T30] audit: type=1326 audit(1774453337.914:5578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.385816][   T30] audit: type=1326 audit(1774453337.914:5579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.409650][   T30] audit: type=1326 audit(1774453337.914:5580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.458189][   T30] audit: type=1326 audit(1774453337.914:5581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.588507][   T30] audit: type=1326 audit(1774453337.924:5582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.642328][   T30] audit: type=1326 audit(1774453337.924:5583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26528 comm="syz.0.5968" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f35bb19c799 code=0x7ffc0000
[ 1649.779373][ T5935] gs_usb 4-1:0.0: Configuring for 1 interfaces
[ 1649.909925][T26540] netlink: 196 bytes leftover after parsing attributes in process `syz.4.5970'.
[ 1650.136804][T26524] netlink: 56 bytes leftover after parsing attributes in process `syz.3.5966'.
[ 1650.174942][T26544] syzkaller0: entered promiscuous mode
[ 1650.181404][T26544] syzkaller0: entered allmulticast mode
[ 1650.394857][ T5935] gs_usb 4-1:0.0: Couldn't get extended bit timing const for channel 0 (-EREMOTEIO)
[ 1650.405066][ T5935] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -121
[ 1650.655454][ T5935] usb 4-1: USB disconnect, device number 52
[ 1650.673069][T26549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5972'.
[ 1651.427017][ T5935] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1651.600879][ T5935] usb 1-1: Using ep0 maxpacket: 8
[ 1651.630154][ T5935] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1651.655393][ T5935] usb 1-1: New USB device found, idVendor=17ef, idProduct=60fe, bcdDevice= 0.00
[ 1651.695748][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1651.752532][ T5935] usb 1-1: config 0 descriptor??
[ 1651.764181][ T5935] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1651.933746][T26562] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5977'.
[ 1653.039384][T26572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1653.049202][T26572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1653.276721][   T10] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[ 1653.491458][   T10] usb 7-1: Using ep0 maxpacket: 32
[ 1653.514460][   T10] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[ 1653.533409][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1653.597894][   T10] usb 7-1: config 0 has no interface number 0
[ 1653.618776][   T10] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x8 has invalid maxpacket 512, setting to 64
[ 1653.651755][   T10] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1653.695036][   T10] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1653.720743][T26576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5980'.
[ 1653.740082][   T10] usb 7-1: config 0 interface 85 altsetting 7 has 6 endpoint descriptors, different from the interface descriptor's value: 7
[ 1653.924825][   T10] usb 7-1: config 0 interface 85 has no altsetting 0
[ 1654.111089][   T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1654.134223][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1654.165342][   T10] usb 7-1: Product: syz
[ 1654.183448][   T10] usb 7-1: Manufacturer: syz
[ 1654.203771][   T10] usb 7-1: SerialNumber: syz
[ 1654.227578][   T10] usb 7-1: config 0 descriptor??
[ 1654.513286][   T10] appletouch 7-1:0.85: Failed to read mode from device.
[ 1654.538508][   T10] appletouch 7-1:0.85: probe with driver appletouch failed with error -5
[ 1654.558552][ T5935] usb 1-1: USB disconnect, device number 25
[ 1654.588892][   T10] usb 7-1: USB disconnect, device number 56
[ 1654.762925][T26583] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5982'.
[ 1654.783579][T26585] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1654.801630][T26585] syzkaller0: entered promiscuous mode
[ 1654.808005][T26585] syzkaller0: entered allmulticast mode
[ 1654.827615][T26584] tipc: Resetting bearer <eth:syzkaller0>
[ 1654.875364][T26584] tipc: Disabling bearer <eth:syzkaller0>
[ 1654.899633][T26589] FAULT_INJECTION: forcing a failure.
[ 1654.899633][T26589] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1654.937091][T26589] CPU: 0 UID: 0 PID: 26589 Comm: syz.3.5984 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1654.937127][T26589] Tainted: [L]=SOFTLOCKUP
[ 1654.937135][T26589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1654.937147][T26589] Call Trace:
[ 1654.937156][T26589]  <TASK>
[ 1654.937164][T26589]  dump_stack_lvl+0xe8/0x150
[ 1654.937198][T26589]  should_fail_ex+0x412/0x560
[ 1654.937232][T26589]  prepare_alloc_pages+0x22a/0x650
[ 1654.937266][T26589]  __alloc_frozen_pages_noprof+0x12f/0x380
[ 1654.937297][T26589]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1654.937326][T26589]  ? __pfx_policy_nodemask+0x10/0x10
[ 1654.937363][T26589]  alloc_pages_mpol+0x232/0x4a0
[ 1654.937397][T26589]  folio_alloc_mpol_noprof+0x39/0x70
[ 1654.937433][T26589]  shmem_alloc_and_add_folio+0x445/0xf80
[ 1654.937470][T26589]  ? filemap_get_entry+0xca/0x320
[ 1654.937490][T26589]  ? filemap_get_entry+0xca/0x320
[ 1654.937513][T26589]  ? filemap_get_entry+0x2ac/0x320
[ 1654.937535][T26589]  ? __pfx_filemap_get_entry+0x10/0x10
[ 1654.937558][T26589]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1654.937598][T26589]  shmem_get_folio_gfp+0x5a9/0x1670
[ 1654.937650][T26589]  shmem_fallocate+0x96f/0xec0
[ 1654.937695][T26589]  ? __pfx_shmem_fallocate+0x10/0x10
[ 1654.937745][T26589]  vfs_fallocate+0x669/0x7e0
[ 1654.937769][T26589]  ? __fget_files+0x2a/0x420
[ 1654.937804][T26589]  ? __pfx_vfs_fallocate+0x10/0x10
[ 1654.937827][T26589]  ? __fget_files+0x2a/0x420
[ 1654.937866][T26589]  __x64_sys_fallocate+0xc0/0x110
[ 1654.937896][T26589]  do_syscall_64+0x14d/0xf80
[ 1654.937920][T26589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1654.937942][T26589]  ? clear_bhb_loop+0x40/0x90
[ 1654.937968][T26589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1654.937989][T26589] RIP: 0033:0x7fcf56d9c799
[ 1654.938010][T26589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1654.938028][T26589] RSP: 002b:00007fcf57c1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[ 1654.938051][T26589] RAX: ffffffffffffffda RBX: 00007fcf57015fa0 RCX: 00007fcf56d9c799
[ 1654.938066][T26589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1654.938079][T26589] RBP: 00007fcf57c1e090 R08: 0000000000000000 R09: 0000000000000000
[ 1654.938092][T26589] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000001
[ 1654.938105][T26589] R13: 00007fcf57016038 R14: 00007fcf57015fa0 R15: 00007fcf5713fa48
[ 1654.938139][T26589]  </TASK>
[ 1655.625682][ T5935] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1655.657216][T26599] trusted_key: encrypted_key: insufficient parameters specified
[ 1655.906081][ T5935] usb 1-1: Using ep0 maxpacket: 8
[ 1655.917618][ T5935] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1655.946966][ T5935] usb 1-1: New USB device found, idVendor=17ef, idProduct=60fe, bcdDevice= 0.00
[ 1656.035781][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1656.080572][ T5935] usb 1-1: config 0 descriptor??
[ 1656.121101][ T5935] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1656.164421][T26608] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5989'.
[ 1656.741328][   T30] kauditd_printk_skb: 70 callbacks suppressed
[ 1656.741343][   T30] audit: type=1326 audit(1774453346.144:5654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1656.784916][T26613] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1656.837472][   T30] audit: type=1326 audit(1774453346.144:5655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1657.255581][   T30] audit: type=1326 audit(1774453346.154:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1657.422638][   T30] audit: type=1326 audit(1774453346.154:5657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1657.518898][   T30] audit: type=1326 audit(1774453346.154:5658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1657.627403][   T30] audit: type=1326 audit(1774453346.184:5659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1657.866148][   T30] audit: type=1326 audit(1774453346.184:5660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1658.221946][   T30] audit: type=1326 audit(1774453346.184:5661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1658.385154][   T30] audit: type=1326 audit(1774453346.184:5662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1658.529427][   T30] audit: type=1326 audit(1774453346.184:5663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26612 comm="syz.4.5990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fe78d39c799 code=0x7ffc0000
[ 1658.733992][T26631] loop5: detected capacity change from 0 to 7
[ 1658.791141][T26631] Dev loop5: unable to read RDB block 7
[ 1658.799872][T26631]  loop5: unable to read partition table
[ 1658.827720][T26631] loop5: partition table beyond EOD, truncated
[ 1658.864011][T26631] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[ 1658.937394][T26633] fuse: Unexpected value for 'allow_other'
[ 1658.967657][T26633] netlink: 'syz.2.5997': attribute type 1 has an invalid length.
[ 1659.044055][T26634] kvm: kvm [26632]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[ 1659.116483][T26634] kvm: kvm [26632]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[ 1659.175245][T26644] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5998'.
[ 1659.785113][ T5935] usb 1-1: USB disconnect, device number 26
[ 1659.901210][T26655] trusted_key: encrypted_key: insufficient parameters specified
[ 1660.058138][T26657] FAULT_INJECTION: forcing a failure.
[ 1660.058138][T26657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1660.081231][T26657] CPU: 1 UID: 0 PID: 26657 Comm: syz.0.6003 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1660.081267][T26657] Tainted: [L]=SOFTLOCKUP
[ 1660.081275][T26657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1660.081288][T26657] Call Trace:
[ 1660.081297][T26657]  <TASK>
[ 1660.081306][T26657]  dump_stack_lvl+0xe8/0x150
[ 1660.081341][T26657]  should_fail_ex+0x412/0x560
[ 1660.081377][T26657]  _copy_to_user+0x31/0xb0
[ 1660.081402][T26657]  simple_read_from_buffer+0xe1/0x170
[ 1660.081444][T26657]  proc_fail_nth_read+0x1bb/0x230
[ 1660.081476][T26657]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1660.081509][T26657]  ? rw_verify_area+0x2a6/0x4d0
[ 1660.081531][T26657]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1660.081561][T26657]  vfs_read+0x20c/0xa70
[ 1660.081582][T26657]  ? fdget_pos+0x246/0x320
[ 1660.081607][T26657]  ? __pfx___mutex_lock+0x10/0x10
[ 1660.081633][T26657]  ? __pfx_vfs_read+0x10/0x10
[ 1660.081657][T26657]  ? __fget_files+0x2a/0x420
[ 1660.081692][T26657]  ? __fget_files+0x3a0/0x420
[ 1660.081719][T26657]  ? __fget_files+0x2a/0x420
[ 1660.081759][T26657]  ksys_read+0x150/0x270
[ 1660.081782][T26657]  ? __pfx_ksys_read+0x10/0x10
[ 1660.081817][T26657]  do_syscall_64+0x14d/0xf80
[ 1660.081839][T26657]  ? trace_irq_disable+0x3b/0x150
[ 1660.081867][T26657]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1660.081888][T26657]  ? clear_bhb_loop+0x40/0x90
[ 1660.081914][T26657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1660.081934][T26657] RIP: 0033:0x7f35bb15cfce
[ 1660.081954][T26657] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1660.081972][T26657] RSP: 002b:00007f35bc143fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1660.081995][T26657] RAX: ffffffffffffffda RBX: 00007f35bc1446c0 RCX: 00007f35bb15cfce
[ 1660.082010][T26657] RDX: 000000000000000f RSI: 00007f35bc1440a0 RDI: 0000000000000004
[ 1660.082023][T26657] RBP: 00007f35bc144090 R08: 0000000000000000 R09: 0000000000000000
[ 1660.082036][T26657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1660.082049][T26657] R13: 00007f35bb416038 R14: 00007f35bb415fa0 R15: 00007f35bb53fa48
[ 1660.082082][T26657]  </TASK>
[ 1660.537498][T26658] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1661.070646][T26665] netlink: 'syz.4.6005': attribute type 13 has an invalid length.
[ 1661.091290][T26665] netlink: 'syz.4.6005': attribute type 27 has an invalid length.
[ 1661.177626][T26665] gretap0: refused to change device tx_queue_len
[ 1661.246693][T26665] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1661.645054][T26671] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6006'.
[ 1662.936033][   T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1663.106052][   T10] usb 1-1: Using ep0 maxpacket: 8
[ 1663.139510][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1663.166541][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=60fe, bcdDevice= 0.00
[ 1663.246185][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1663.328340][   T10] usb 1-1: config 0 descriptor??
[ 1663.431518][   T10] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1664.292362][T14552] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1664.304719][T14552] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1664.326834][T14552] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1664.332502][T26702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6017'.
[ 1664.352156][T26702] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6017'.
[ 1664.402236][T14552] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1664.418123][T14552] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1665.236076][T10221] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[ 1665.513120][T26719] pic_ioport_write: 99 callbacks suppressed
[ 1665.513145][T26719] kvm: pic: level sensitive irq not supported
[ 1665.520070][T26719] picdev_read: 99 callbacks suppressed
[ 1665.520092][T26719] kvm: pic: non byte read
[ 1665.537747][T26719] kvm: pic: level sensitive irq not supported
[ 1665.537831][T26719] kvm: pic: non byte read
[ 1665.549187][T26719] kvm: pic: level sensitive irq not supported
[ 1665.549269][T26719] kvm: pic: non byte read
[ 1665.561070][T26719] kvm: pic: level sensitive irq not supported
[ 1665.561154][T26719] kvm: pic: non byte read
[ 1665.572797][T26719] kvm: pic: level sensitive irq not supported
[ 1665.572880][T26719] kvm: pic: non byte read
[ 1665.584396][T26719] kvm: pic: level sensitive irq not supported
[ 1665.584477][T26719] kvm: pic: non byte read
[ 1665.596578][T26719] kvm: pic: level sensitive irq not supported
[ 1665.596663][T26719] kvm: pic: non byte read
[ 1665.607966][T26719] kvm: pic: level sensitive irq not supported
[ 1665.608046][T26719] kvm: pic: non byte read
[ 1665.626548][T10221] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[ 1665.635012][T10221] usb 4-1: config 0 has no interface number 0
[ 1665.648838][T10221] usb 4-1: config 0 interface 41 has no altsetting 0
[ 1665.796453][T26719] kvm: pic: level sensitive irq not supported
[ 1665.796551][T26719] kvm: pic: non byte read
[ 1665.807607][T26719] kvm: pic: level sensitive irq not supported
[ 1665.808345][T26719] kvm: pic: non byte read
[ 1665.990744][T18338] usb 1-1: USB disconnect, device number 27
[ 1666.016630][T10221] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1666.044303][T10221] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1666.051155][T24672] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1666.084237][T10221] usb 4-1: Product: syz
[ 1666.095496][T24672] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1666.106248][T10221] usb 4-1: Manufacturer: syz
[ 1666.134206][T10221] usb 4-1: SerialNumber: syz
[ 1666.140370][T24672] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1666.389409][T10221] usb 4-1: config 0 descriptor??
[ 1666.566904][T14552] Bluetooth: hci5: command tx timeout
[ 1666.726438][T24672] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1666.738926][T24672] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1666.750865][T24672] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1667.137544][T24672] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1667.158124][T24672] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1667.198864][T24672] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[ 1667.726502][T26705] chnl_net:caif_netlink_parms(): no params data found
[ 1667.941025][T26736] trusted_key: encrypted_key: insufficient parameters specified
[ 1667.987926][T10221] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71
[ 1668.076306][T10221] usb 4-1: USB disconnect, device number 53
[ 1668.553667][T26705] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1668.623517][T26705] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1668.643571][T26705] bridge_slave_0: entered allmulticast mode
[ 1668.655262][T14552] Bluetooth: hci5: command tx timeout
[ 1668.678683][T26705] bridge_slave_0: entered promiscuous mode
[ 1668.718563][T26705] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1668.769975][T26705] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1668.796499][T26705] bridge_slave_1: entered allmulticast mode
[ 1668.837895][T26705] bridge_slave_1: entered promiscuous mode
[ 1668.871731][T24672] bridge_slave_1: left allmulticast mode
[ 1668.903452][T24672] bridge_slave_1: left promiscuous mode
[ 1668.942774][T24672] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1669.171482][T26760] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1669.195163][T26759] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6029'.
[ 1669.268628][T24672] bridge_slave_0: left allmulticast mode
[ 1669.305068][T24672] bridge_slave_0: left promiscuous mode
[ 1669.364949][T24672] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1669.378884][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.385318][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1670.634474][T24672] bond2 (unregistering): (slave geneve2): Releasing active interface
[ 1670.726094][T14552] Bluetooth: hci5: command tx timeout
[ 1670.833066][T24672] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1670.836274][T10221] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1670.871638][T24672] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1670.889528][T24672] bond0 (unregistering): Released all slaves
[ 1670.920467][T24672] bond1 (unregistering): Released all slaves
[ 1670.940972][T24672] bond2 (unregistering): Released all slaves
[ 1671.023342][T10221] usb 1-1: Using ep0 maxpacket: 32
[ 1671.046332][T10221] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1671.093939][T26705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1671.141015][T26705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1671.151147][T10221] usb 1-1: New USB device found, idVendor=2b73, idProduct=0029, bcdDevice= 0.40
[ 1671.166642][T10221] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1671.185483][T10221] usb 1-1: Product: syz
[ 1671.229418][T10221] usb 1-1: Manufacturer: syz
[ 1671.234172][T10221] usb 1-1: SerialNumber: syz
[ 1671.243778][T26767] random: crng reseeded on system resumption
[ 1671.271629][T24672] tipc: Disabling bearer <eth:syzkaller0>
[ 1671.296003][T24672] tipc: Left network mode
[ 1671.361055][T26705] team0: Port device team_slave_0 added
[ 1671.404522][T26705] team0: Port device team_slave_1 added
[ 1671.637750][T26777] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1672.681829][T26705] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1672.725805][T26705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1672.806265][T14552] Bluetooth: hci5: command tx timeout
[ 1672.847099][T10221] usb 1-1: 1:1: invalid format type 0x1001 is detected, processed as PCM
[ 1672.865654][T26705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1672.868756][T10221] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1672.928374][T26705] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1672.949241][T26705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1673.047566][T26705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1673.080300][T10221] usb 1-1: USB disconnect, device number 28
[ 1673.159934][T24672] hsr_slave_0: left promiscuous mode
[ 1673.204954][T24672] hsr_slave_1: left promiscuous mode
[ 1673.249979][T24672] veth1_macvtap: left promiscuous mode
[ 1673.265965][T24672] veth0_macvtap: left promiscuous mode
[ 1673.274120][T24672] veth1_vlan: left promiscuous mode
[ 1673.305277][T24672] veth0_vlan: left promiscuous mode
[ 1673.746848][T24672] team0 (unregistering): Port device batadv1 removed
[ 1673.767391][T26804] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1673.887473][T26807] trusted_key: encrypted_key: insufficient parameters specified
[ 1675.755419][T24672] team0 (unregistering): Port device team_slave_1 removed
[ 1675.843536][T26815] pic_ioport_write: 79 callbacks suppressed
[ 1675.843559][T26815] kvm: pic: level sensitive irq not supported
[ 1675.849864][T26815] picdev_read: 79 callbacks suppressed
[ 1675.849884][T26815] kvm: pic: non byte read
[ 1675.941961][T26815] kvm: pic: level sensitive irq not supported
[ 1675.942860][T26815] kvm: pic: non byte read
[ 1676.023808][T24672] team0 (unregistering): Port device team_slave_0 removed
[ 1676.056018][T26815] kvm: pic: level sensitive irq not supported
[ 1676.058260][T26815] kvm: pic: non byte read
[ 1676.115955][T26815] kvm: pic: level sensitive irq not supported
[ 1676.116049][T26815] kvm: pic: non byte read
[ 1676.145958][T26815] kvm: pic: level sensitive irq not supported
[ 1676.146098][T26815] kvm: pic: non byte read
[ 1676.197710][T26815] kvm: pic: level sensitive irq not supported
[ 1676.206070][T26815] kvm: pic: non byte read
[ 1676.251028][T26815] kvm: pic: level sensitive irq not supported
[ 1676.251312][T26815] kvm: pic: non byte read
[ 1676.262581][T26815] kvm: pic: level sensitive irq not supported
[ 1676.262667][T26815] kvm: pic: non byte read
[ 1676.315902][T26815] kvm: pic: level sensitive irq not supported
[ 1676.315999][T26815] kvm: pic: non byte read
[ 1676.327789][T26815] kvm: pic: level sensitive irq not supported
[ 1676.327875][T26815] kvm: pic: non byte read
[ 1676.961743][T26705] hsr_slave_0: entered promiscuous mode
[ 1676.977871][T26705] hsr_slave_1: entered promiscuous mode
[ 1676.984546][T26705] debugfs: 'hsr0' already exists in 'hsr'
[ 1677.046215][T26705] Cannot create hsr debugfs directory
[ 1677.510561][T26826] Cannot find del_set index 4 as target
[ 1677.567228][T26828] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1678.055771][T26829] netlink: 'syz.3.6046': attribute type 2 has an invalid length.
[ 1678.455459][T24672] IPVS: stop unused estimator thread 0...
[ 1678.530813][T26834] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.6044' resets device
[ 1678.810097][T26837] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6047'.
[ 1679.277660][T26705] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1679.321260][T26705] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1679.369289][T26705] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1679.407703][T26705] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1679.864443][T26705] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1680.174345][T26860] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1680.267564][T26705] 8021q: adding VLAN 0 to HW filter on device team0
[ 1680.327628][T17611] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1680.334830][T17611] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1680.439717][T17611] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1680.446867][T17611] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1681.584681][T26890] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1681.610853][T26705] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1681.708946][T26890] netlink: 104 bytes leftover after parsing attributes in process `syz.3.6054'.
[ 1681.998365][T26705] veth0_vlan: entered promiscuous mode
[ 1682.198773][T26705] veth1_vlan: entered promiscuous mode
[ 1683.113544][T26893] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6056'.
[ 1683.206646][T26893] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6056'.
[ 1683.207279][T26894] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6056'.
[ 1683.464901][T26894] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6056'.
[ 1683.500443][T26705] veth0_macvtap: entered promiscuous mode
[ 1683.567708][T26705] veth1_macvtap: entered promiscuous mode
[ 1683.732733][T26705] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1683.807644][T26705] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1683.869482][T26903] sctp: [Deprecated]: syz.2.6058 (pid 26903) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1683.869482][T26903] Use struct sctp_sack_info instead
[ 1683.911752][T25392] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1683.923197][T25392] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1683.965702][T25392] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1683.990563][T25392] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1684.313422][T10247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1684.341064][T10247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1684.523367][T17619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1684.554919][T17619] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1685.081012][T26918] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1685.142421][T26918] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1685.205100][T26923] QAT: failed to copy from user.
[ 1685.288428][T26922] syzkaller0: entered promiscuous mode
[ 1685.327451][T26924] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1685.443075][T26922] syzkaller0: entered allmulticast mode
[ 1686.063309][T26934] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1686.947515][T24919] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1686.979525][T24919] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1687.003356][T24919] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1687.026640][T24919] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1687.038104][T24919] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1688.095255][T26959] tipc: Resetting bearer <eth:syzkaller0>
[ 1688.899306][T17021] bond0: (slave syz_tun): Releasing backup interface
[ 1689.217780][T24919] Bluetooth: hci3: command tx timeout
[ 1690.443346][T26988] netlink: 'syz.4.6073': attribute type 4 has an invalid length.
[ 1690.690295][T26958] chnl_net:caif_netlink_parms(): no params data found
[ 1691.286980][T24919] Bluetooth: hci3: command tx timeout
[ 1691.454773][T27000] ipt_ECN: cannot use operation on non-tcp rule
[ 1691.624414][T26958] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1691.632332][T26958] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1691.640245][T26958] bridge_slave_0: entered allmulticast mode
[ 1691.648958][T26958] bridge_slave_0: entered promiscuous mode
[ 1691.897670][T26958] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1692.193060][T26958] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1692.219716][T26958] bridge_slave_1: entered allmulticast mode
[ 1692.269060][T26958] bridge_slave_1: entered promiscuous mode
[ 1692.696192][T27013] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 1692.711571][T27035] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6079'.
[ 1693.060301][T27036] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1��^!�l�1�*�$pOc�ɔ��r$�G����
[ 1693.344973][T26958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1693.366312][T24919] Bluetooth: hci3: command tx timeout
[ 1693.437538][T26958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1693.702771][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.704499][T26958] team0: Port device team_slave_0 added
[ 1693.731470][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.783386][T26958] team0: Port device team_slave_1 added
[ 1693.792258][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.827850][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.857478][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.886493][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.914456][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.944736][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1693.944972][T26958] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1693.978023][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1694.011506][T18338] hid-generic 0103:0004:0000.0034: unknown main item tag 0x0
[ 1694.027474][T26958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1694.087510][T18338] hid-generic 0103:0004:0000.0034: hidraw0: <UNKNOWN> HID v0.02 Device [syz0] on syz1
[ 1694.167557][T26958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1694.250325][T26958] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1694.264968][T26958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1694.453194][T26958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1694.479153][T27049] netlink: 'syz.6.6083': attribute type 3 has an invalid length.
[ 1694.501338][T27049] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6083'.
[ 1694.522812][T27052] netlink: 100 bytes leftover after parsing attributes in process `syz.0.6084'.
[ 1694.602397][T26958] hsr_slave_0: entered promiscuous mode
[ 1694.613965][T26958] hsr_slave_1: entered promiscuous mode
[ 1694.633717][T26958] debugfs: 'hsr0' already exists in 'hsr'
[ 1694.649403][T26958] Cannot create hsr debugfs directory
[ 1694.806162][T10204] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[ 1695.025722][T10204] usb 7-1: Using ep0 maxpacket: 8
[ 1695.036477][T10204] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[ 1695.065967][T10204] usb 7-1: config 0 has no interface number 0
[ 1695.072144][T10204] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1695.125732][T10204] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1695.163370][T10204] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1695.196328][T26958] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1695.218885][T10204] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1695.245743][T26958] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1695.275769][T10204] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1695.284961][T10204] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1695.343651][T10204] usb 7-1: config 0 descriptor??
[ 1695.394825][T10204] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1695.448198][T24919] Bluetooth: hci3: command tx timeout
[ 1695.511235][T27063] pic_ioport_write: 79 callbacks suppressed
[ 1695.511260][T27063] kvm: pic: level sensitive irq not supported
[ 1695.518076][T27063] picdev_read: 79 callbacks suppressed
[ 1695.518096][T27063] kvm: pic: non byte read
[ 1695.576717][T27063] kvm: pic: level sensitive irq not supported
[ 1695.576800][T27063] kvm: pic: non byte read
[ 1695.697246][T27063] kvm: pic: level sensitive irq not supported
[ 1695.697335][T27063] kvm: pic: non byte read
[ 1695.721149][T27063] kvm: pic: level sensitive irq not supported
[ 1695.721243][T27063] kvm: pic: non byte read
[ 1695.864322][T26958] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1695.887004][T27063] kvm: pic: level sensitive irq not supported
[ 1695.887224][T27063] kvm: pic: non byte read
[ 1695.906497][T26958] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1695.988206][T27063] kvm: pic: level sensitive irq not supported
[ 1695.989005][T27063] kvm: pic: non byte read
[ 1696.114079][T18338] usb 7-1: USB disconnect, device number 57
[ 1696.127901][T18338] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[ 1696.195266][T27063] kvm: pic: level sensitive irq not supported
[ 1696.195374][T27063] kvm: pic: non byte read
[ 1696.329909][T27063] kvm: pic: level sensitive irq not supported
[ 1696.329996][T27063] kvm: pic: non byte read
[ 1696.480565][T27063] kvm: pic: level sensitive irq not supported
[ 1696.480718][T27063] kvm: pic: non byte read
[ 1696.620514][T27076] kvm: pic: level sensitive irq not supported
[ 1696.620618][T27076] kvm: pic: non byte read
[ 1696.692881][T26958] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1696.800147][T26958] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1697.040545][T26958] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode
[ 1697.071903][T26958] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1697.119927][T26958] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1697.953005][T26958] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1697.993692][T26958] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1698.042994][T26958] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1698.093186][T26958] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1698.666055][T26958] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1698.907119][T26958] 8021q: adding VLAN 0 to HW filter on device team0
[ 1698.945109][T17613] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1698.952289][T17613] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1699.582177][T17611] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1699.589435][T17611] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1699.986142][T10221] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1700.028289][T26958] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1700.169177][T10221] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1700.211577][T10221] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1700.247715][T26958] veth0_vlan: entered promiscuous mode
[ 1700.298972][T10221] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1700.319326][T27108] netlink: 100 bytes leftover after parsing attributes in process `syz.6.6095'.
[ 1700.340605][T10221] usb 3-1: config 0 descriptor??
[ 1700.370719][T10221] pwc: Askey VC010 type 2 USB webcam detected.
[ 1700.375314][T26958] veth1_vlan: entered promiscuous mode
[ 1700.600099][T26958] veth0_macvtap: entered promiscuous mode
[ 1700.642619][T27112] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1700.654936][T27106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1700.676277][T27106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1700.708699][T26958] veth1_macvtap: entered promiscuous mode
[ 1700.829907][T26958] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1700.869368][T26958] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1700.926131][T17613] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1701.012503][T10221] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1701.049345][T17613] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1701.065903][T10221] pwc: recv_control_msg error -32 req 02 val 2700
[ 1701.084055][T10221] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1701.096286][T17613] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1701.148041][T17613] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1701.512398][T27125] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6100'.
[ 1701.756119][T25392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1701.764341][T25392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1702.171320][T17613] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1702.244764][T17613] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1702.291078][T10221] pwc: recv_control_msg error -71 req 04 val 1000
[ 1702.321986][T10221] pwc: recv_control_msg error -71 req 04 val 1300
[ 1702.349426][T10221] pwc: recv_control_msg error -71 req 04 val 1400
[ 1702.387163][T10221] pwc: recv_control_msg error -71 req 02 val 2000
[ 1702.408736][T10221] pwc: recv_control_msg error -71 req 02 val 2100
[ 1702.426722][T10221] pwc: recv_control_msg error -71 req 04 val 1500
[ 1702.554298][T10221] pwc: recv_control_msg error -71 req 02 val 2500
[ 1702.593439][T10221] pwc: recv_control_msg error -71 req 02 val 2400
[ 1702.612608][T10221] pwc: recv_control_msg error -71 req 02 val 2600
[ 1702.763511][T10221] pwc: recv_control_msg error -71 req 02 val 2900
[ 1702.830243][T10221] pwc: recv_control_msg error -71 req 02 val 2800
[ 1703.144331][T10221] pwc: recv_control_msg error -71 req 04 val 1100
[ 1703.230466][T10221] pwc: recv_control_msg error -71 req 04 val 1200
[ 1703.629389][T10221] pwc: Registered as video103.
[ 1703.701520][T10221] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input141
[ 1703.753428][T27148] netlink: 100 bytes leftover after parsing attributes in process `syz.6.6106'.
[ 1703.778160][T10221] usb 3-1: USB disconnect, device number 44
[ 1704.046069][T27152] ipt_ECN: cannot use operation on non-tcp rule
[ 1705.676089][T27174] kvm: user requested TSC rate below hardware speed
[ 1706.757025][T27187] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1706.984517][T10204] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[ 1707.119966][T27186] openvswitch: netlink: Key 4 has unexpected len 2 expected 12
[ 1707.154919][T10204] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1707.185744][T10204] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1707.238573][T10204] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1707.661033][T27194] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1707.898388][T10204] usb 3-1: config 0 descriptor??
[ 1707.910034][T10204] pwc: Askey VC010 type 2 USB webcam detected.
[ 1708.223930][T27183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1708.234136][T27183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1708.498743][T10204] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1708.506973][T10204] pwc: recv_control_msg error -32 req 02 val 2700
[ 1708.514287][T10204] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1709.205029][T10204] pwc: recv_control_msg error -71 req 04 val 1000
[ 1709.303807][T10204] pwc: recv_control_msg error -71 req 04 val 1300
[ 1709.330702][T10204] pwc: recv_control_msg error -71 req 04 val 1400
[ 1709.347036][T10204] pwc: recv_control_msg error -71 req 02 val 2000
[ 1709.364253][T10204] pwc: recv_control_msg error -71 req 02 val 2100
[ 1709.450850][T10204] pwc: recv_control_msg error -71 req 04 val 1500
[ 1709.460726][T27210] netlink: 100 bytes leftover after parsing attributes in process `syz.4.6119'.
[ 1709.496744][T10204] pwc: recv_control_msg error -71 req 02 val 2500
[ 1709.525322][T10204] pwc: recv_control_msg error -71 req 02 val 2400
[ 1709.563788][T10204] pwc: recv_control_msg error -71 req 02 val 2600
[ 1709.586113][T10204] pwc: recv_control_msg error -71 req 02 val 2900
[ 1709.593384][T10204] pwc: recv_control_msg error -71 req 02 val 2800
[ 1709.616372][T10204] pwc: recv_control_msg error -71 req 04 val 1100
[ 1709.648986][T10204] pwc: recv_control_msg error -71 req 04 val 1200
[ 1709.706860][T10204] pwc: Registered as video103.
[ 1709.732235][T10204] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input142
[ 1709.749175][T10204] usb 3-1: USB disconnect, device number 45
[ 1710.155940][T10204] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1710.175465][T27221] ipt_ECN: cannot use operation on non-tcp rule
[ 1710.327837][T10204] usb 3-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1710.349517][T10204] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1710.449915][T10204] usb 3-1: New USB device found, idVendor=05ac, idProduct=0236, bcdDevice= 0.40
[ 1710.500730][T10204] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1710.544353][T10204] usb 3-1: Product: syz
[ 1710.557176][T10204] usb 3-1: Manufacturer: syz
[ 1710.577358][T10204] usb 3-1: SerialNumber: syz
[ 1710.699990][T27233] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6126'.
[ 1711.709962][T27244] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1712.516588][T27251] netlink: 84 bytes leftover after parsing attributes in process `syz.3.6129'.
[ 1712.776411][T10204] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input143
[ 1712.889339][ T5179] bcm5974 3-1:1.0: could not read from device
[ 1713.021267][ T5179] bcm5974 3-1:1.0: could not read from device
[ 1713.145810][T10204] usb 3-1: USB disconnect, device number 46
[ 1713.153022][ T5179] bcm5974 3-1:1.0: could not read from device
[ 1713.503903][T27273] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6131'.
[ 1713.556307][T27273] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6131'.
[ 1713.645746][T10204] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[ 1713.800454][T27277] pic_ioport_write: 133 callbacks suppressed
[ 1713.800478][T27277] kvm: pic: level sensitive irq not supported
[ 1713.838821][T27277] picdev_read: 132 callbacks suppressed
[ 1713.838848][T27277] kvm: pic: non byte read
[ 1713.952526][T27277] kvm: pic: level sensitive irq not supported
[ 1713.952651][T27277] kvm: pic: non byte read
[ 1714.356347][T10204] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1714.946900][T27277] kvm: pic: level sensitive irq not supported
[ 1714.946984][T27277] kvm: pic: non byte read
[ 1714.990494][T10204] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1715.003535][T10204] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1715.015086][T10204] usb 3-1: config 0 descriptor??
[ 1715.024938][T10204] pwc: Askey VC010 type 2 USB webcam detected.
[ 1715.081849][T27277] kvm: pic: level sensitive irq not supported
[ 1715.081936][T27277] kvm: pic: non byte read
[ 1715.210096][T27277] kvm: pic: level sensitive irq not supported
[ 1715.210214][T27277] kvm: pic: non byte read
[ 1715.551422][T27270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1715.594973][T27270] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1715.825762][T10206] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1715.851815][T10204] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1715.881417][T10204] pwc: recv_control_msg error -32 req 02 val 2700
[ 1715.926644][T10204] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1716.020317][T10206] usb 1-1: device descriptor read/64, error -71
[ 1716.307617][T10206] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1716.472089][T10206] usb 1-1: device descriptor read/64, error -71
[ 1716.538874][T10204] pwc: recv_control_msg error -71 req 04 val 1000
[ 1716.577715][T10204] pwc: recv_control_msg error -71 req 04 val 1300
[ 1716.598431][T10204] pwc: recv_control_msg error -71 req 04 val 1400
[ 1716.616485][T10206] usb usb1-port1: attempt power cycle
[ 1716.622497][T10204] pwc: recv_control_msg error -71 req 02 val 2000
[ 1716.643695][T10204] pwc: recv_control_msg error -71 req 02 val 2100
[ 1716.662639][T10204] pwc: recv_control_msg error -71 req 04 val 1500
[ 1716.679859][T10204] pwc: recv_control_msg error -71 req 02 val 2500
[ 1716.718380][T10204] pwc: recv_control_msg error -71 req 02 val 2400
[ 1716.738446][T10204] pwc: recv_control_msg error -71 req 02 val 2600
[ 1716.752219][T10204] pwc: recv_control_msg error -71 req 02 val 2900
[ 1716.774356][T10204] pwc: recv_control_msg error -71 req 02 val 2800
[ 1716.837471][T10204] pwc: recv_control_msg error -71 req 04 val 1100
[ 1716.847507][T10204] pwc: recv_control_msg error -71 req 04 val 1200
[ 1716.866697][T10204] pwc: Registered as video103.
[ 1716.882395][T10204] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input144
[ 1716.929434][T27299] syzkaller0: delete flow: hash 1850274158 index 1
[ 1716.967746][T10204] usb 3-1: USB disconnect, device number 47
[ 1716.987686][T10206] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1717.031365][T10206] usb 1-1: device descriptor read/8, error -71
[ 1717.070658][T27308] ipt_ECN: cannot use operation on non-tcp rule
[ 1717.285717][T10206] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1717.401503][T10206] usb 1-1: device descriptor read/8, error -71
[ 1717.523968][T10206] usb usb1-port1: unable to enumerate USB device
[ 1718.727106][T27328] xt_TCPMSS: Only works on TCP SYN packets
[ 1718.992661][T27333] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6144'.
[ 1718.993466][T27330] sctp: [Deprecated]: syz.0.6143 (pid 27330) Use of int in max_burst socket option deprecated.
[ 1718.993466][T27330] Use struct sctp_assoc_value instead
[ 1719.040203][T27333] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6144'.
[ 1719.765917][T10204] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[ 1719.956292][T10204] usb 5-1: Using ep0 maxpacket: 16
[ 1719.987113][T10204] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[ 1720.019774][T10204] usb 5-1: config 0 has no interface number 0
[ 1720.059714][T10204] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1720.103631][T10204] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1720.135762][T10204] usb 5-1: config 0 interface 41 has no altsetting 0
[ 1720.171285][T10204] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[ 1720.207946][T10204] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1720.234867][T10204] usb 5-1: Product: syz
[ 1720.245671][T10204] usb 5-1: Manufacturer: syz
[ 1720.289234][T10204] usb 5-1: SerialNumber: syz
[ 1720.335482][T10204] usb 5-1: config 0 descriptor??
[ 1720.341572][T27341] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1720.349071][T27341] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1720.596749][T27341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1720.608739][T27341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1720.643109][T10204] sr9700 5-1:0.41: probe with driver sr9700 failed with error -71
[ 1720.664985][T10204] usb 5-1: USB disconnect, device number 19
[ 1721.076132][T18338] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[ 1721.232641][T18338] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1721.248309][T18338] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1721.277862][T18338] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1721.326562][T18338] usb 3-1: config 0 descriptor??
[ 1721.353357][T18338] pwc: Askey VC010 type 2 USB webcam detected.
[ 1721.644445][T27354] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1721.660441][T27354] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1721.899210][T18338] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1721.937716][T18338] pwc: recv_control_msg error -32 req 02 val 2700
[ 1721.964897][T27365] kvm: pic: level sensitive irq not supported
[ 1721.965007][T27365] kvm: pic: non byte read
[ 1722.007230][T18338] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1724.231972][T27373] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1724.266909][T27373] netlink: 104 bytes leftover after parsing attributes in process `syz.6.6152'.
[ 1726.056248][T10221] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[ 1726.196230][T10221] usb 7-1: device descriptor read/64, error -71
[ 1726.436307][T10221] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[ 1726.590970][T10221] usb 7-1: device descriptor read/64, error -71
[ 1726.719581][T10221] usb usb7-port1: attempt power cycle
[ 1727.046433][T18338] pwc: recv_control_msg error -110 req 04 val 1000
[ 1727.054540][T18338] pwc: recv_control_msg error -32 req 04 val 1300
[ 1727.069151][T18338] pwc: recv_control_msg error -32 req 04 val 1400
[ 1727.076381][T10221] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[ 1727.095051][T18338] pwc: recv_control_msg error -32 req 02 val 2000
[ 1727.106963][T10221] usb 7-1: device descriptor read/8, error -71
[ 1727.116202][T18338] pwc: recv_control_msg error -32 req 02 val 2100
[ 1727.135059][T18338] pwc: recv_control_msg error -32 req 04 val 1500
[ 1727.157396][T18338] pwc: recv_control_msg error -32 req 02 val 2500
[ 1727.167259][T18338] pwc: recv_control_msg error -32 req 02 val 2400
[ 1727.186255][T18338] pwc: recv_control_msg error -32 req 02 val 2600
[ 1727.198392][T18338] pwc: recv_control_msg error -32 req 02 val 2900
[ 1727.215916][T18338] pwc: recv_control_msg error -32 req 02 val 2800
[ 1727.223384][T18338] pwc: recv_control_msg error -32 req 04 val 1100
[ 1727.254280][T18338] pwc: recv_control_msg error -32 req 04 val 1200
[ 1727.268599][T18338] pwc: Registered as video103.
[ 1727.287129][T18338] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input145
[ 1727.356265][T10221] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[ 1727.414820][T10221] usb 7-1: device descriptor read/8, error -71
[ 1727.538859][T10221] usb usb7-port1: unable to enumerate USB device
[ 1727.589298][T27377] ipt_ECN: cannot use operation on non-tcp rule
[ 1727.597375][T10221] usb 3-1: USB disconnect, device number 48
[ 1727.636806][T27379] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6155'.
[ 1727.676446][T27379] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6155'.
[ 1728.314047][T27394] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6158'.
[ 1729.281867][T27397] syzkaller0: entered promiscuous mode
[ 1729.298551][T27397] syzkaller0: entered allmulticast mode
[ 1730.365305][T27411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1730.378549][T10206] usb 7-1: new low-speed USB device number 62 using dummy_hcd
[ 1730.520287][T27411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1730.575101][T10206] usb 7-1: config 1 interface 0 altsetting 16 endpoint 0x82 is Bulk; changing to Interrupt
[ 1730.620152][T27411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1730.636138][T10206] usb 7-1: config 1 interface 0 altsetting 16 endpoint 0x3 is Bulk; changing to Interrupt
[ 1730.648689][T10206] usb 7-1: config 1 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1730.683743][T10206] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1730.852374][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.872800][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1730.939310][T10206] usb 7-1: string descriptor 0 read error: -22
[ 1730.946233][T10206] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1730.955313][T10206] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1731.045368][T27406] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1731.284945][T27406] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1731.346377][ T5886] IPVS: starting estimator thread 0...
[ 1731.436089][T10206] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[ 1731.486414][T27428] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1731.682003][T27406] netlink: 'syz.6.6160': attribute type 2 has an invalid length.
[ 1731.721408][T27406] !: entered promiscuous mode
[ 1731.740748][T27406] netlink: 'syz.6.6160': attribute type 2 has an invalid length.
[ 1731.758973][T27406] !: left promiscuous mode
[ 1732.376639][ T5915] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[ 1732.563935][ T5915] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1732.600683][ T5915] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1732.627117][T27439] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6168'.
[ 1732.658994][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1732.677783][T27439] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6168'.
[ 1732.740810][ T5915] usb 3-1: config 0 descriptor??
[ 1732.777046][ T5915] pwc: Askey VC010 type 2 USB webcam detected.
[ 1733.021578][T27434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1733.058231][T27434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1733.282342][T27445] ipt_ECN: cannot use operation on non-tcp rule
[ 1733.312867][ T5915] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1733.330892][ T5915] pwc: recv_control_msg error -32 req 02 val 2700
[ 1733.383926][ T5915] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1733.450972][ T5915] pwc: recv_control_msg error -71 req 04 val 1000
[ 1733.476612][ T5915] pwc: recv_control_msg error -71 req 04 val 1300
[ 1733.504129][ T5915] pwc: recv_control_msg error -71 req 04 val 1400
[ 1733.546250][ T5915] pwc: recv_control_msg error -71 req 02 val 2000
[ 1733.598282][ T5915] pwc: recv_control_msg error -71 req 02 val 2100
[ 1733.643607][ T5915] pwc: recv_control_msg error -71 req 04 val 1500
[ 1733.694868][ T5915] pwc: recv_control_msg error -71 req 02 val 2500
[ 1733.720102][ T5915] pwc: recv_control_msg error -71 req 02 val 2400
[ 1733.761584][ T5915] pwc: recv_control_msg error -71 req 02 val 2600
[ 1733.793002][ T5915] pwc: recv_control_msg error -71 req 02 val 2900
[ 1733.802030][T10221] usb 7-1: USB disconnect, device number 62
[ 1733.894936][ T5915] pwc: recv_control_msg error -71 req 02 val 2800
[ 1733.934234][ T5915] pwc: recv_control_msg error -71 req 04 val 1100
[ 1733.984877][ T5915] pwc: recv_control_msg error -71 req 04 val 1200
[ 1734.044531][ T5915] pwc: Registered as video103.
[ 1734.073817][ T5915] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input146
[ 1734.130586][ T5915] usb 3-1: USB disconnect, device number 49
[ 1735.511191][T27474] netlink: 56 bytes leftover after parsing attributes in process `syz.3.6178'.
[ 1737.865705][   T30] kauditd_printk_skb: 52 callbacks suppressed
[ 1737.865734][   T30] audit: type=1326 audit(1774453427.264:5716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.040518][   T30] audit: type=1326 audit(1774453427.264:5717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.206506][   T30] audit: type=1326 audit(1774453427.294:5718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.321374][   T30] audit: type=1326 audit(1774453427.294:5719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.452525][   T30] audit: type=1326 audit(1774453427.294:5720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.574401][   T30] audit: type=1326 audit(1774453427.304:5721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.668024][   T30] audit: type=1326 audit(1774453427.304:5722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27493 comm="syz.2.6184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f2adcf9c799 code=0x7ffc0000
[ 1738.782509][T24672] ------------[ cut here ]------------
[ 1738.788181][T24672] conntrack cleanup blocked for 60s
[ 1738.788193][T24672] WARNING: net/netfilter/nf_conntrack_core.c:2512 at nf_conntrack_cleanup_net_list+0x234/0x340, CPU#1: kworker/u8:6/24672
[ 1738.806678][T24672] Modules linked in:
[ 1738.810917][T24672] CPU: 1 UID: 0 PID: 24672 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1738.823107][T24672] Tainted: [L]=SOFTLOCKUP
[ 1738.827837][T24672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1738.838257][T24672] Workqueue: netns cleanup_net
[ 1738.843037][T24672] RIP: 0010:nf_conntrack_cleanup_net_list+0x234/0x340
[ 1738.850502][T24672] Code: 08 48 89 df e8 7d 57 65 f8 4c 8b 3b 49 39 df 74 69 e8 d0 0e fb f7 45 31 e4 e9 8e fe ff ff e8 c3 0e fb f7 48 8d 3d ac 4c 56 06 <67> 48 0f b9 3a eb c0 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fe ff
[ 1738.871467][T24672] RSP: 0018:ffffc900046178b0 EFLAGS: 00010293
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1738.877895][T24672] RAX: ffffffff89ca936d RBX: ffffc90004617a50 RCX: ffff888026f0bd00
[ 1738.886293][T24672] RDX: 0000000000000000 RSI: fffffffffffffffd RDI: ffffffff9020e020
[ 1738.894293][T24672] RBP: 0000000000000001 R08: ffff88807f137003 R09: 1ffff1100fe26e00
[ 1738.902612][T24672] R10: dffffc0000000000 R11: ffffed100fe26e01 R12: 0000000000000001
[ 1738.910850][T24672] R13: dffffc0000000000 R14: 000000010002311a R15: 000000010002311d
[ 1738.919040][T24672] FS:  0000000000000000(0000) GS:ffff88812555d000(0000) knlGS:0000000000000000
[ 1738.932144][T24672] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1738.939190][T24672] CR2: 000000110c35d52c CR3: 0000000029530000 CR4: 00000000003526f0
[ 1738.947623][T24672] Call Trace:
[ 1738.950931][T24672]  <TASK>
[ 1738.953955][T24672]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[ 1738.960548][T24672]  ops_undo_list+0x52b/0x940
[ 1738.965273][T24672]  ? __pfx_ops_undo_list+0x10/0x10
[ 1738.970632][T24672]  ? idr_destroy+0x218/0x290
[ 1738.975234][T24672]  ? do_raw_spin_unlock+0xf5/0x210
[ 1738.980537][T24672]  cleanup_net+0x56b/0x800
[ 1738.984963][T24672]  ? __pfx_cleanup_net+0x10/0x10
[ 1738.990079][T24672]  ? process_scheduled_works+0xa8d/0x18c0
[ 1738.995986][T24672]  ? process_scheduled_works+0xa8d/0x18c0
[ 1739.001726][T24672]  process_scheduled_works+0xb6e/0x18c0
[ 1739.010316][T24672]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1739.016497][T24672]  ? assign_work+0x3d5/0x5e0
[ 1739.021176][T24672]  worker_thread+0xa53/0xfc0
[ 1739.026141][T24672]  kthread+0x388/0x470
[ 1739.030322][T24672]  ? __pfx_worker_thread+0x10/0x10
[ 1739.035441][T24672]  ? __pfx_kthread+0x10/0x10
[ 1739.040238][T24672]  ret_from_fork+0x51e/0xb90
[ 1739.044837][T24672]  ? __pfx_ret_from_fork+0x10/0x10
[ 1739.050314][T24672]  ? __switch_to+0xc7d/0x1450
[ 1739.055024][T24672]  ? __pfx_kthread+0x10/0x10
[ 1739.059824][T24672]  ret_from_fork_asm+0x1a/0x30
[ 1739.064693][T24672]  </TASK>
[ 1739.067880][T24672] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1739.075161][T24672] CPU: 1 UID: 0 PID: 24672 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1739.086284][T24672] Tainted: [L]=SOFTLOCKUP
[ 1739.090601][T24672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1739.100652][T24672] Workqueue: netns cleanup_net
[ 1739.105419][T24672] Call Trace:
[ 1739.108708][T24672]  <TASK>
[ 1739.111723][T24672]  vpanic+0x56c/0xa60
[ 1739.115801][T24672]  ? __pfx__printk+0x10/0x10
[ 1739.120421][T24672]  ? __pfx_vpanic+0x10/0x10
[ 1739.124944][T24672]  ? is_bpf_text_address+0x292/0x2b0
[ 1739.130251][T24672]  ? is_bpf_text_address+0x26/0x2b0
[ 1739.135468][T24672]  panic+0xc5/0xd0
[ 1739.139200][T24672]  ? __pfx_panic+0x10/0x10
[ 1739.143627][T24672]  ? ret_from_fork_asm+0x1a/0x30
[ 1739.148573][T24672]  __warn+0x315/0x4f0
[ 1739.152580][T24672]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[ 1739.158758][T24672]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[ 1739.165034][T24672]  __report_bug+0x29a/0x540
[ 1739.169561][T24672]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[ 1739.175828][T24672]  ? __pfx___report_bug+0x10/0x10
[ 1739.180982][T24672]  ? nf_conntrack_cleanup_net_list+0x13e/0x340
[ 1739.187241][T24672]  report_bug_entry+0x19a/0x290
[ 1739.192102][T24672]  ? nf_conntrack_cleanup_net_list+0x234/0x340
[ 1739.198345][T24672]  ? nf_conntrack_cleanup_net_list+0x239/0x340
[ 1739.204507][T24672]  handle_bug+0xce/0x200
[ 1739.208755][T24672]  exc_invalid_op+0x1a/0x50
[ 1739.213261][T24672]  asm_exc_invalid_op+0x1a/0x20
[ 1739.218115][T24672] RIP: 0010:nf_conntrack_cleanup_net_list+0x234/0x340
[ 1739.224890][T24672] Code: 08 48 89 df e8 7d 57 65 f8 4c 8b 3b 49 39 df 74 69 e8 d0 0e fb f7 45 31 e4 e9 8e fe ff ff e8 c3 0e fb f7 48 8d 3d ac 4c 56 06 <67> 48 0f b9 3a eb c0 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c cd fe ff
[ 1739.244511][T24672] RSP: 0018:ffffc900046178b0 EFLAGS: 00010293
[ 1739.250583][T24672] RAX: ffffffff89ca936d RBX: ffffc90004617a50 RCX: ffff888026f0bd00
[ 1739.258562][T24672] RDX: 0000000000000000 RSI: fffffffffffffffd RDI: ffffffff9020e020
[ 1739.266631][T24672] RBP: 0000000000000001 R08: ffff88807f137003 R09: 1ffff1100fe26e00
[ 1739.274712][T24672] R10: dffffc0000000000 R11: ffffed100fe26e01 R12: 0000000000000001
[ 1739.282787][T24672] R13: dffffc0000000000 R14: 000000010002311a R15: 000000010002311d
[ 1739.290907][T24672]  ? nf_conntrack_cleanup_net_list+0x22d/0x340
[ 1739.297083][T24672]  ? __pfx_nf_conntrack_pernet_exit+0x10/0x10
[ 1739.303157][T24672]  ops_undo_list+0x52b/0x940
[ 1739.307745][T24672]  ? __pfx_ops_undo_list+0x10/0x10
[ 1739.312956][T24672]  ? idr_destroy+0x218/0x290
[ 1739.317547][T24672]  ? do_raw_spin_unlock+0xf5/0x210
[ 1739.322659][T24672]  cleanup_net+0x56b/0x800
[ 1739.327070][T24672]  ? __pfx_cleanup_net+0x10/0x10
[ 1739.332011][T24672]  ? process_scheduled_works+0xa8d/0x18c0
[ 1739.337732][T24672]  ? process_scheduled_works+0xa8d/0x18c0
[ 1739.343453][T24672]  process_scheduled_works+0xb6e/0x18c0
[ 1739.349018][T24672]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1739.355002][T24672]  ? assign_work+0x3d5/0x5e0
[ 1739.359596][T24672]  worker_thread+0xa53/0xfc0
[ 1739.364206][T24672]  kthread+0x388/0x470
[ 1739.368275][T24672]  ? __pfx_worker_thread+0x10/0x10
[ 1739.373383][T24672]  ? __pfx_kthread+0x10/0x10
[ 1739.377979][T24672]  ret_from_fork+0x51e/0xb90
[ 1739.382602][T24672]  ? __pfx_ret_from_fork+0x10/0x10
[ 1739.387821][T24672]  ? __switch_to+0xc7d/0x1450
[ 1739.392507][T24672]  ? __pfx_kthread+0x10/0x10
[ 1739.397181][T24672]  ret_from_fork_asm+0x1a/0x30
[ 1739.401957][T24672]  </TASK>
[ 1739.405376][T24672] Kernel Offset: disabled
[ 1739.409701][T24672] Rebooting in 86400 seconds..