last executing test programs:

24m1.927964796s ago: executing program 2 (id=531):
tkill(0x0, 0x38)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x833, &(0x7f00000002c0)={0x0, 0x2b94, 0x80, 0x4, 0x6c}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1a80027, 0x0)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x8, 0x0, 0x5d, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r6}})
io_uring_enter(r2, 0x3516, 0xd66e, 0x0, 0x0, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040))
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r9 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r9, 0xc06c4124, &(0x7f0000006500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

23m59.974674686s ago: executing program 2 (id=536):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x300, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r5, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x7b}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)

23m58.96317848s ago: executing program 2 (id=538):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e)
ioctl$FS_IOC_SETFLAGS(r1, 0x40046602, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r3, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)
recvmmsg(r3, &(0x7f000000e280), 0x58a, 0x42, 0x0)

23m57.552483881s ago: executing program 2 (id=541):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(r1, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
openat2(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x113cc1, 0x40, 0x10}, 0x18)

23m57.053714951s ago: executing program 2 (id=543):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00'})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x2070b921, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x3, 0x1, 0x594}}}}]}, 0x44}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

23m55.29655466s ago: executing program 2 (id=545):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmmsg(0xffffffffffffffff, &(0x7f00000049c0)=[{{0x0, 0x3f, 0x0}, 0x5}], 0x1, 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x21)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000400)={0x14, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x1330, &(0x7f00000001c0)={0x0, 0x8022, 0x4120, 0x0, 0x39})
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000480)={0x1c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
creat(&(0x7f00000002c0)='./file0\x00', 0x33)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001d00), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x80, 0x0, 0x1000000}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000017000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
flock(r5, 0x8)
close(r3)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r6, 0xffffffffffffffff, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x2f)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000600)={0x18, 0x0, &(0x7f0000000480)={0x0, 0xa, 0x1, 0xf}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x7}, 0x0, &(0x7f00000005c0)={0x20, 0x3, 0x1, 0x4}})
mkdir(0x0, 0x0)
madvise(&(0x7f0000b32000/0x3000)=nil, 0x3000, 0x11)
wait4(0x0, &(0x7f00000003c0), 0x40000000, 0x0)

23m54.829021696s ago: executing program 32 (id=545):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmmsg(0xffffffffffffffff, &(0x7f00000049c0)=[{{0x0, 0x3f, 0x0}, 0x5}], 0x1, 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x21)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000400)={0x14, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x1330, &(0x7f00000001c0)={0x0, 0x8022, 0x4120, 0x0, 0x39})
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000480)={0x1c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
creat(&(0x7f00000002c0)='./file0\x00', 0x33)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001d00), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x80, 0x0, 0x1000000}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000017000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
flock(r5, 0x8)
close(r3)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r6, 0xffffffffffffffff, 0x0)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x2f)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000600)={0x18, 0x0, &(0x7f0000000480)={0x0, 0xa, 0x1, 0xf}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x7}, 0x0, &(0x7f00000005c0)={0x20, 0x3, 0x1, 0x4}})
mkdir(0x0, 0x0)
madvise(&(0x7f0000b32000/0x3000)=nil, 0x3000, 0x11)
wait4(0x0, &(0x7f00000003c0), 0x40000000, 0x0)

23m15.511751604s ago: executing program 3 (id=611):
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {0xeeefb000, 0x0, 0xa, 0xfd}, {0x1}, {0xdddd1000, 0x0, 0x0, 0x0, 0x1}, {0xffff1000, 0x2, 0xb, 0x0, 0x0, 0x0, 0x0, 0xd}, {0x0, 0x0, 0xc, 0x0, 0x3e, 0x26, 0x0, 0x0, 0x0, 0xfd}, {0x0, 0xffff1000, 0x10}, {0x1}, {}, 0xddf8ffdb, 0x0, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x8080000, [0xffffffffffffffff, 0x0, 0x8]})
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xdf6, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb}, 0x18)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x1, 0x2000000000001]}})
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x58400, 0x0)
r3 = syz_io_uring_setup(0x909, &(0x7f0000000240)={0x0, 0x773, 0x1000, 0x0, 0x18d}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000380)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x10})
io_uring_enter(r3, 0xdc7, 0xe4bd, 0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
unlink(&(0x7f0000000000)='./file1\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000306000000000000000100000300", @ANYRES32=0x0, @ANYBLOB="000000001402010014001280090001007663616e0000000004000280080040"], 0x3c}}, 0x44010)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = syz_open_dev$loop(&(0x7f0000000600), 0xcc, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r11, &(0x7f0000000400)={'#! ', './file1/../file0', [{0x20, '\x86\xd7\xb5r\x03z\xf5\xe42\xad\xed\x122\x9db}\xd1\xff\xea\xf2\x812\xd4\xef\xcd.\x8b\xf4\xa71iQA\xb05\x8d\xaf\xe1\xd8\xae-\n\x95\x98\x96\xe8\x0e^\x80S\x9a\xca\xbf\x0e4C\'~_\xd0X\xb9\x94[\xf5,\xe0\xcd\x89\x1c\t\xd0\xf2\xfb\xf8\xfbe\xb2\r\xeeI\x866\xedpm\xccr\xd1\x16\xd7\xbd\x1b\x18\xe9+.6\xdc\x91\xb9\xbft\xfb\x98\xe2\x02!\xfeq'}, {0x20, 'cgroup.stat\x00'}, {0x20, '-,%\']\'\xb7'}, {0x20, '\x00x\xca)n\xd5\x01\x00\x00\x00\x00'}], 0xa, "0002783348b29e7bcaf3e29c2593b929f38db16e33ea96f57d49c226f35df5a073e47a165b0074fbf80de701b0728381f07c35183b8242af6ed8d42a819bf58c54c07408000c6cfa4ae3c32d5bf33639adc46109626b2ed71cd479ebddcbfda19e0e6ca9eb13d38b474591444d6d8cd2a19a6fac0ffe438fdc3ea98cb85e6c5efde436c765f41a756412d3e1313b12b8fe28392a16247bf698245c9a62a81049f9fb454ee5b079d185fb5fed191ccb57c7e6bc776ac44449b547d9638178ee672c8294fea94754c20d5f3a19cfd9b8c36883323e8b625e517fcb8b12db92727fd1580a5cf8d91d9709b1f2013689a9343cc0263cb8fe5ffaf52ed900f42ca67f45d28be3eb6acd21da49ad4ec4c7932c4b1c3c3bb43ec30c8bbcc8343bee4e5684298b9830"}, 0x1c9)
write$UHID_INPUT(r11, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r10, 0x4c0a, &(0x7f00000002c0)={r11, 0x0, {0x2a00, 0x80010000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300"}})
sendmsg$kcm(r9, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c35000000e8fe55a1190015000600142603600e120900270000000401a80016000a00044044000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x48880)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r12=>0x0})
bind$isdn(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x3, 0xee, 0x2, 0xf9}, 0x6)
sendmsg$NL80211_CMD_START_AP(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="6c0000d9cc6d47003dc474132673f5cd9a8b41c5bdd2674e6248e9fa2ab78b73328b5d1b7e09a3208298a22c402b1e9bd8bbdd3a99bb06f72d6b1e5af8e8784424663d6bf27ab60baaefc4690ee658774d7a8d496070de8125c96aa84037896cb87aac3e0ad738482f535d6a68e3e7d756f2538e35d5df4b5d343082c3936acdb45fcd4e89d067b8c6df60bed714cb734a4a25873bf397eb1c66632517437242f354f6da3d4503", @ANYRES16=r8, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r12, @ANYBLOB="38000e0080000000ffffffffffff080211000000c900000000000000000000000000000008003000060204002a01037107ffff05010209080500a2000600000008000c006400000008000d0000000000"], 0x6c}, 0x1, 0x0, 0x0, 0xc0c0}, 0x40)

23m14.959948352s ago: executing program 3 (id=612):
r0 = syz_open_procfs(0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x2e0000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000440)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000400)=@filename='./file0\x00', 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f00000000c0)=0x3, 0x4)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@mpls_getroute={0x28, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x0, 0x1c, 0x8}}]}, 0x28}}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e24, 0xed, @mcast1, 0xfffffeff}}, 0x2, 0x0, 0x3fc, 0x1, 0x32, 0xc7d}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{}, 0x0, &(0x7f00000006c0), 0x2000000}, 0x20)
r6 = socket(0x1, 0x803, 0x0)
connect$inet(r6, &(0x7f0000000180)={0x2, 0xfffd, @multicast1}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
link(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
unshare(0x6a040000)
syz_open_procfs(0xffffffffffffffff, 0x0)

23m12.446974273s ago: executing program 3 (id=617):
socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @multicast1}, @address_request}}}}, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000180)={0x200, 0xff, 0x2})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0xb, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000000, 0x12, r1, 0xb7181000)
r2 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

23m12.061872011s ago: executing program 3 (id=622):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(r1, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x20000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
openat2(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x113cc1, 0x40, 0x10}, 0x18)

23m11.150707404s ago: executing program 3 (id=626):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = io_uring_setup(0x7bf1, &(0x7f0000000300)={0x0, 0xcefd, 0x40, 0x1, 0x116})
syz_io_uring_setup(0x4b5, &(0x7f0000000100)={0x0, 0x86e1, 0x1, 0xc, 0x0, 0x0, r3}, &(0x7f0000000080), &(0x7f0000000000))
ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000280)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000003c0)='D', 0x1, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
socket$inet6(0x10, 0x6, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20040}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x4000084)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={r7, 0x0, 0x3}, 0x8)
syz_io_uring_submit(r5, r6, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r4, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r4, 0x6e2, 0x600, 0x1, 0x0, 0x0)

23m10.530643526s ago: executing program 3 (id=627):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a42a5ced3cbd8e2039fcaeb388a6381d1bded7ea6c52f2e26a42e4b932f30ec6fbee90b4430dfb069545b8b04b9376fcd1c", @ANYRESDEC, @ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRESDEC, @ANYRES32=0x0], 0x50)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8000)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000780)={'syztnl0\x00', &(0x7f00000006c0)={'tunl0\x00', 0x0, 0x80, 0x8000, 0x0, 0x5c8cff7d, {{0x12, 0x4, 0x3, 0x7, 0x48, 0x67, 0x0, 0x4, 0x29, 0x0, @private=0xa010102, @private=0xa010100, {[@timestamp_prespec={0x44, 0x4, 0x47, 0x3, 0x6}, @end, @ssrr={0x89, 0x17, 0x71, [@private=0xa010102, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @empty, @empty]}, @timestamp={0x44, 0x4, 0x5e, 0x0, 0x8}, @end, @ssrr={0x89, 0xf, 0xf6, [@broadcast, @empty, @local]}, @timestamp_prespec={0x44, 0x4, 0x5c, 0x3, 0x8}]}}}}})
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000180)={0x8, <r1=>0xffffffffffffffff, 0x80000})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0200000004000000080000000100000080f1ff00", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="000000000200000004000000000000000000"], 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x44008)
futex(&(0x7f0000000140)=0xfffffffc, 0x5, 0x0, 0x0, &(0x7f00000001c0), 0xfffdffff)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYRESDEC], 0x68}}, 0x800)
syz_usbip_server_init(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000010c0))
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'macvlan1\x00', &(0x7f0000000040)=@ethtool_ringparam={0x10, 0x7f, 0x20000a2e, 0x2000, 0x0, 0x3, 0x1ffffff, 0x0, 0x9}})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00)
syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016000800014003e00200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
pipe(0x0)
socket$nl_generic(0x10, 0x3, 0x10)

23m9.165948168s ago: executing program 33 (id=627):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a42a5ced3cbd8e2039fcaeb388a6381d1bded7ea6c52f2e26a42e4b932f30ec6fbee90b4430dfb069545b8b04b9376fcd1c", @ANYRESDEC, @ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRESDEC, @ANYRES32=0x0], 0x50)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8000)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000780)={'syztnl0\x00', &(0x7f00000006c0)={'tunl0\x00', 0x0, 0x80, 0x8000, 0x0, 0x5c8cff7d, {{0x12, 0x4, 0x3, 0x7, 0x48, 0x67, 0x0, 0x4, 0x29, 0x0, @private=0xa010102, @private=0xa010100, {[@timestamp_prespec={0x44, 0x4, 0x47, 0x3, 0x6}, @end, @ssrr={0x89, 0x17, 0x71, [@private=0xa010102, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @empty, @empty]}, @timestamp={0x44, 0x4, 0x5e, 0x0, 0x8}, @end, @ssrr={0x89, 0xf, 0xf6, [@broadcast, @empty, @local]}, @timestamp_prespec={0x44, 0x4, 0x5c, 0x3, 0x8}]}}}}})
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000180)={0x8, <r1=>0xffffffffffffffff, 0x80000})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0200000004000000080000000100000080f1ff00", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=r1, @ANYBLOB="000000000200000004000000000000000000"], 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x44008)
futex(&(0x7f0000000140)=0xfffffffc, 0x5, 0x0, 0x0, &(0x7f00000001c0), 0xfffdffff)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYRESDEC], 0x68}}, 0x800)
syz_usbip_server_init(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000010c0))
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000100)={'macvlan1\x00', &(0x7f0000000040)=@ethtool_ringparam={0x10, 0x7f, 0x20000a2e, 0x2000, 0x0, 0x3, 0x1ffffff, 0x0, 0x9}})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00)
syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015400100142603600e120800060000000401a80016000800014003e00200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
pipe(0x0)
socket$nl_generic(0x10, 0x3, 0x10)

18m56.604509046s ago: executing program 4 (id=1451):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000440)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

18m55.433598167s ago: executing program 4 (id=1458):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x38}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
recvmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40)

18m54.456818903s ago: executing program 4 (id=1465):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000001880)={0x53, 0xffffffffffffffff, 0x6, 0xf7, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000300)="b945c52f244e", 0x0, 0xff, 0x10016, 0x3, 0x0})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x11, 0xa, 0x80000000)
bind$packet(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r4, 0x0, 0xffffffdb)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x84, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r5, 0x25, 0x0, @void}, 0x10)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x200)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r6, 0xd000943d, &(0x7f000010b940)={0x4, [], 0x5, "1cd06e77880b14"})
write$binfmt_aout(r1, 0x0, 0xffffffdb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
migrate_pages(0x0, 0x3, &(0x7f0000000300)=0xffffffffffffffff, &(0x7f0000000040)=0x13e)

18m52.374673314s ago: executing program 4 (id=1468):
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = memfd_create(&(0x7f00000001c0)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xcc\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xaaw\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10\x04\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="8885556f75705686810000643d", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x40030, &(0x7f0000000480)=ANY=[@ANYBLOB="030000", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',\x00'], 0x1, 0x0, 0x0)

18m52.262956732s ago: executing program 4 (id=1469):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x4001, 0x800)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = eventfd2(0x8, 0x80001)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x7, 0x2, r4})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x5, 0x7, 0x7f, 0x0, 0xf, 0x4, 0x3, 0x41, 0x3, 0x58, 0x90, 0x5, 0xc0, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x5, 0x0, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0xf000)

18m52.00846309s ago: executing program 4 (id=1470):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x80000)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x38, 0xff, 0x4f, 0x40, 0x13d3, 0x3219, 0x7a67, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7a, 0x1, 0x0, 0x5e, 0x8b, 0x15}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
readv(r3, &(0x7f0000002940)=[{&(0x7f00000000c0)=""/121, 0x80}, {0x0}], 0x20000000000000d6)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='lp\x00', 0x3)
r5 = socket$key(0xf, 0x3, 0x2)
syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@empty, @in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0, 0x0, 0x6c}, 0x0, @in6=@empty, 0x3501, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
syz_usb_connect(0x3, 0x0, 0x0, 0x0)

18m36.756393043s ago: executing program 34 (id=1470):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x80000)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x38, 0xff, 0x4f, 0x40, 0x13d3, 0x3219, 0x7a67, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7a, 0x1, 0x0, 0x5e, 0x8b, 0x15}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
readv(r3, &(0x7f0000002940)=[{&(0x7f00000000c0)=""/121, 0x80}, {0x0}], 0x20000000000000d6)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='lp\x00', 0x3)
r5 = socket$key(0xf, 0x3, 0x2)
syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x32)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@empty, @in6=@dev={0xfe, 0x80, '\x00', 0x2f}, 0x20, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0, 0x0, 0x6c}, 0x0, @in6=@empty, 0x3501, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
syz_usb_connect(0x3, 0x0, 0x0, 0x0)

10.921727891s ago: executing program 6 (id=5941):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
socket$packet(0x11, 0x2, 0x300)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r4, &(0x7f0000000500)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x9, @mcast2, 0x15}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=[@pktinfo={{0x20, 0x29, 0x32, {@mcast2}}}], 0x20}}], 0x1, 0x1)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
r7 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x4661, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0xa, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r7, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(r5, r6, 0x0)
socket$inet6(0xa, 0x3, 0xff)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x200000c1)

7.806260782s ago: executing program 6 (id=5959):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
pipe(&(0x7f00000045c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000019c0)=[{&(0x7f0000000000)="ce", 0x1}], 0x1, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_CONFIG(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x14, 0x0, 0x3f8ca2c6d9cf1f99, 0x70bd2a, 0x25dfdbfe}, 0x14}}, 0x20008010)
splice(r1, 0x0, r4, 0x0, 0x2, 0xe)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)
setrlimit(0x8, &(0x7f0000000080))
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[], 0xffdd)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r7, &(0x7f0000000680)={0x0, 0x4c, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x40410)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x0)

5.303523692s ago: executing program 0 (id=5964):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x5e4, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x5b4, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x104, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xb4, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x484, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2ca8b8d7ec1784b0, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xb4, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x69, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e66d3b14a3b76"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x108, 0x1f, 0x0, 0x0, {{0xb}, {0x4}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0x88, 0x3, 0x0, 0x0, {{0xf}, {0x40, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @private=0xa010101}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x54, 0xffffffffffffffff, 0x10, 0xfffff001}, 0x2}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x80000000}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x19, 0x6, "6c73dc20ec0f1f62d72faf3465d04d6e1f1e4cf9b5"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0xfc, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xd2, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108a46a7eaf202777861df68712f67c7f83338caa73ec2f351fdbe40e46f5"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x5e4}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

4.427605338s ago: executing program 0 (id=5965):
r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x3232, 0x100, 0x0, 0x3de}, &(0x7f0000000040), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f00000001c0), 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000001880), 0x2, 0x0)
ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f00000018c0))
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
openat$ttyS3(0xffffff9c, &(0x7f0000000140), 0x410000, 0x0)
write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0x0, 0x700}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c)
syz_open_dev$video(&(0x7f0000000000), 0x6, 0x60000)

4.287372407s ago: executing program 6 (id=5969):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@ipv6_newrule={0x38, 0x20, 0x2d2c6d60ea1da725, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x0, 0xcd, 0xff, 0x0, 0x0, 0x1, 0x10002}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8}, @FIB_RULE_POLICY=@FRA_OIFNAME={0x14, 0x11, 'virt_wifi0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008081}, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x40041, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f00000000c0)=0x10)

4.121234498s ago: executing program 6 (id=5972):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000200)=@abs={0x1, 0x0, 0x5}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, 0x0) (async)
r4 = syz_open_dev$video(0x0, 0x8082007c, 0x121000)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r4, 0xc034564b, &(0x7f0000000040)={0x6, 0x35315258, 0x280, 0x1e0, 0x3, @discrete={0x5, 0x80080067}}) (async)
socket$packet(0x11, 0x2, 0x300)
r5 = socket$netlink(0x10, 0x3, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
keyctl$join(0x1, 0x0) (async)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') (async)
r7 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
setsockopt$inet_tcp_int(r6, 0x6, 0x9, &(0x7f0000000280)=0x8, 0x4) (async)
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) (async)
lseek(r6, 0x289e0cb5, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32=r6, @ANYBLOB="2b79d2bc20f5749f010254fe9db900000000301ff1595786000000000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20) (async)
io_setup(0x8, &(0x7f0000004200)) (async)
syz_clone(0x8142900, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000001c0)={'tunl0\x00'})

3.292885046s ago: executing program 6 (id=5974):
r0 = socket$inet6(0xa, 0x400000000001, 0x4004)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000000)={0x2e, 0x2, 0x2, 0x5, 0x0, [@mcast2]}, 0x18)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x20007, 0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000004a00010000000000000000000a0000", @ANYRES32=0x0, @ANYBLOB="00000000080002000000000011686df81ecc9762278dabf70c84808fe80c91f7e89e209896f7dc17b17ba9f40a8e9670714a6c159c580fbfbf5e84206d943f3e79c063dca9c012830e1a4220b836f706033a7fe7708807a28cbe33f9705c6a7127176f2277c693b69450fc9f9fa4ae188563a593fb62a85a4f7caa7d0b0efe96"], 0x24}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000facf89109904068255f4000000011a02"], 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = add_key$user(&(0x7f00000001c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000640)="4180ca1252cb291864d4812942e7fcd53a25e96ee36ab88c3fa483a3394cdcc666ffb236895ea024b0735a2650291416cdb68fc7a01d983d3428eb9827ab65f2c4c1adb3dd3d51d5bb5d89725bceb3419abeb0733195ffed7ccf6b3331dea551a3ed8b292c580e164370bd0f63899f886ee426ea95044222794f4507608f7a72ac9fccf82df3b84f33405f59ea00e70180ef533c2200d4ff7cb7fbc63dccd27f68fce2afca2262c660c363e714bd3e0a0a04b836fd1a43231e0a81bc5622b9b100b9722bbc55048f865875839dec9b398e862b52c1724f2fe9b6e69cd59d64b59a8750850566f8a29223636d2402bdeb7157ad21eddf5667c2f66f9e7d6f", 0xfe, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000000c0)={r5, r5, r5}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={'sha1\x00'}})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000001880)={'wg0\x00', <r6=>0x0})
r7 = add_key$user(&(0x7f0000000180), &(0x7f0000000240)={'syz', 0x3}, &(0x7f00000002c0)="d0bdffe510ce19383ad29f275f500bd4d08895a6e6ef3a2e2cf11af70ff0f0acb4c75df62d838a4ea8020a5080f91b6bb298a2e26e3239fec291c13842e7474d92e14972081a9ac8d4727098944aa378b9739f6c", 0x54, 0xfffffffffffffffd)
keyctl$describe(0x6, r7, &(0x7f0000000340)=""/18, 0x12)
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r8, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r6}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES64=r2, @ANYRESHEX=r2, @ANYRES16=r8, @ANYBLOB="c180428095280379b33c25f89a9673b38eb008eda4f4cab73bc3882a023e01877fe6a9d43cd2a8de4288be8b97e354b5e248425b3b3d9b5c9feb30e6d08c08ec8a01d24f5d60cc9a5d165d149ca05039816ca71893611d5ed79278d4d37f18d28314bb90d7e2569454d982d906c3605a98cb4feaa1611439e159c6594ca206777a92ce4e53eb5bdee45ec91f5c1a2b0b50008159b34321fe47828bc65bacd42f6f435ee75db1e7825a157e19b6f8093cb2114ae288a2b9fa0a7fa7abc5"], 0x40}, 0x1, 0x0, 0x0, 0x8c0}, 0x20000000)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x3d10, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @mcast2, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x4, 0x3, 0x3}}}}}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
exit(0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200028bd7000fcdbdf2503000000040001801c000980080001160800007922f81eba69d580200800020006000000"], 0x34}, 0x1, 0x0, 0x0, 0x2000800}, 0x5)

2.418910772s ago: executing program 1 (id=5982):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x100, 0x0)
close(r4)
sendmsg$alg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="60d97891", 0x4}], 0x1, 0x0, 0x0, 0x4004084}, 0x34000041) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x2, &(0x7f0000000000)=""/126, &(0x7f0000000080)=0x7e) (async, rerun: 64)
r6 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 64)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async)
sendmsg$nl_route_sched(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x2070b921, 0x80000, {0x0, 0x0, 0x0, r8, {0x0, 0xe}, {0x2, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x3, 0x1, 0x594}}}}]}, 0x44}}, 0x4000) (async, rerun: 64)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (rerun: 64)

2.193301476s ago: executing program 1 (id=5983):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x2d, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, &(0x7f0000000180)=0x10) (fail_nth: 23)

1.808941033s ago: executing program 1 (id=5984):
getpid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
io_uring_setup(0x3e45, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0x0, 0xcb})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_macvtap\x00'})
r2 = socket(0x23, 0x3, 0x3)
write(r2, &(0x7f0000000280)="140000004b4fbf0bbc983b381993b4ae7070e41a52b790ea14b5da2ce85d96b65998a67b7c004f032e789e006d97f1e0ab", 0x31)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, &(0x7f0000000300)={0x2, 0x12c, @ioapic={0x2000, 0x73, 0x2, 0x2a, 0x0, [{0x94, 0x4, 0x1, '\x00', 0x1}, {0x6, 0xe5, 0xff, '\x00', 0x5}, {0x4, 0x0, 0x8, '\x00', 0x2}, {0x97, 0xff, 0x8, '\x00', 0x4}, {0x0, 0x9, 0x6, '\x00', 0x7}, {0x0, 0x1, 0xb, '\x00', 0x2}, {0x7, 0x40, 0x4, '\x00', 0x7f}, {0x6, 0x6, 0x4, '\x00', 0x5}, {0x21, 0x80, 0x1, '\x00', 0x7}, {0x9, 0x40, 0xd8, '\x00', 0x9}, {0x41, 0x3, 0x3, '\x00', 0xff}, {0x7, 0x8, 0x78, '\x00', 0x8}, {0xe6, 0xf0, 0x6, '\x00', 0x6c}, {0xba, 0x8, 0x77, '\x00', 0x7}, {0xf9, 0x90, 0xf1, '\x00', 0x8}, {0x9, 0xff, 0x4, '\x00', 0xd7}, {0xcd, 0x1, 0x0, '\x00', 0x8}, {0x53, 0x6, 0x80, '\x00', 0x7}, {0x4, 0x2, 0x1, '\x00', 0x2}, {0x4, 0x7, 0xff, '\x00', 0x68}, {0x5, 0x4, 0x3, '\x00', 0x9}, {0x2, 0x3, 0x7f, '\x00', 0x1}, {0x8, 0x9, 0x64}, {0x8, 0x9}]}})
r6 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r6, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000880)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff05000100060e1208000f0100810401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace817bb341139fe3cd4032e8edb12d1d2eb0c0ed0bff02b7d51222df5ac918e0488dd45682d0226c63aa21a37d813c71fed5d82b08d980888d041851e77f0186817d77f14ec6393199c04ae30805ccbb99dcdde4db7c8cba1c0ad372347a3ff240c3531d185f405aa300aabf3f146e8ed714c5701cf33f63ccedc59425cddfadd4f64e15d6d4df562e258aee785fae6f505b607f3dadc22d66fbe16e08c505825d45ebdd63b8df4af4e07263990de649a0ea9d2bf31a231ebd7d2e33b5505936da61d91e800d097ffc09b920815d10449ea2ea682e25a411d3d20a8345cfc40483d568bd5148ece674ddefb2a7ae4564017cedc1c709", 0x1b9}, {&(0x7f0000000740)="bdefb2dfa39daea1f767ac2707d67415ca871582ed3d1ae1ddf2cec8c7e81f569dc3d91b99dd1ecb835ff0e1b779516082f619f2a5648f97fb956f323da527feb2365aa93d95881bba56c2dfa542835086b12ab3191c480ef0aef16a8377ff4438788532f6cdeec5f8aef40bac9ef0dca02263722d0b8a5c32c397a50386c88c52a0aad7efa1bb9eb7ded7ecbb2eb475756f8921475e0d8a919d71f19de5e0b6f068de3725a35099b574797602b22050e56b567c73b2d9bd58a35d65e0cbc1cf527ea51b4a2fcea9ec580042dc0cb6997035b0135aa2c35990af289c0af4b157cfc3ebd1c8e1b2af3a0b46525f15c6ad92e37c2a9d109097d73c64242e8406095d10139710e41288348d36142a2b284d4aea43978502e668e8b1a7f73b555597da52f1af2db1", 0x126}, {&(0x7f0000000380)="22f5f6c5906b7bb636109a2d516cf9947224ad5e30c6a256859e9aa1bf4ca1e8c7252b7927a9832d2431e7266a75cd235e4597a71f1716f8dbd10a4a1e214bb4aedadb5b0900aed8fe491cd2af53debf45fb0ed2e66c1c44614b633f0ec6eaeec95c5234ac51073d62b577eadfa82f6674bcd6db1eff18aad0ac8509a022de", 0x7f}, {&(0x7f0000000580)="32c92ac7222b8505de0c6c4a8883ae069198f2fded90531aa006c3e7dd46b4b5075549837977daf171b74bebb25b115c7ab18f2068b32f4b04e76b7b02308c999e1996b7fa4cc6620dfdb85de378a36fd3497e350d1c0960c9f266", 0x5b}], 0x4, 0x0, 0x0, 0x7400}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)

1.333027655s ago: executing program 0 (id=5985):
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000400)={<r0=>0x0, 0x80, 0x0, [0x3, 0x2, 0x308, 0x408, 0xffffffffffff7fff], [0x2, 0x2, 0x8, 0x1, 0x6, 0x25, 0x0, 0x5, 0x8, 0x0, 0x4b3, 0x4, 0x5a7e544a, 0xa69, 0x8, 0x9, 0xfffffffe00000000, 0x1, 0xffff, 0x7, 0x80000001, 0x3, 0x8000, 0x8, 0x0, 0x7, 0x0, 0x1, 0xd2, 0x1, 0x4, 0x1ff, 0xfff, 0x80, 0x100000001, 0x7, 0x1000, 0x0, 0xfffffffffffffffc, 0x6, 0x4, 0x5, 0x4, 0xf6, 0x7, 0x2, 0x0, 0x339, 0x1, 0x4, 0x3, 0x7e, 0x5, 0x5, 0x69, 0xfffffffffffffffa, 0x24, 0x5, 0x8001, 0x2, 0x654, 0x4, 0x39000000, 0x9, 0x3, 0x2, 0x8, 0x6, 0x1ff, 0x9, 0x7, 0x100000001, 0x81, 0x1, 0x0, 0x12, 0x401, 0x7, 0xff, 0x7, 0x3, 0x8, 0x5, 0x3, 0x7, 0x2, 0x80, 0x200, 0x6, 0x6, 0x5, 0x5, 0x3, 0x1, 0x66, 0xcf, 0xfffffffffffffffe, 0xffffffff00000001, 0x5, 0x8001, 0x2, 0x3, 0x4, 0x1ff, 0x8, 0x329, 0x7fffffffffffffff, 0x2, 0x180000000000000, 0x0, 0xfffffffffffffe00, 0x2, 0x7, 0x9, 0x9, 0xae, 0x50e, 0x8, 0x1, 0x4, 0x7ff]})
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000840)={r0, "b48ba0940676b58d73f490142bf16d21"})
r1 = syz_open_dev$sg(&(0x7f0000000000), 0xf9ba, 0x103800)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x41, &(0x7f0000000100)=r3, 0x8)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0c0000000104000048"])
r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000b00)=ANY=[], 0x1e0)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d87530100b22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be406c7f306003d80000000000000000000000000000000000000400"}})
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x124})

1.179560659s ago: executing program 5 (id=5986):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001280)="bb2d839f3bf337ccd0d8f3513ab30aba4b00b6f0ef506a60f4082ace5a8a10d80d8d595071f2ff529ff6996481ffc7e4de448343b85079722c4f1a1ce360836392283201a1a5ac0b6e24ccf9f075c64fe58b7a37d37019a49908876bc37c9f304eeefed8a6d8cae3ca0f81e900c8735b8b3063967b68a1567e30726f2c0edb6c85e78619700b0645b728a0c88b22d18366a6db2e391401feb630396bf42b987b102eb2d0a804e188648df6c8ddd79e0fde3893930e06e91c39cc01d239a1c20cb0cee84da924212382163c6638e798d66660c356195a56523456052c42aca7c8404e259561dfea5cbdc21a31b7e7eb73a710b68ba2ae2eff86d3d4fbda8b72014f5de839d48acbc9d217f7ac0b3362a66f3a", 0x112}], 0x1}}], 0x1, 0x40000d0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r1, &(0x7f00000003c0)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f1c859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c22724398b0d2b4dd1a538d8b2786020f6245fcc18be858cfb9512fa9ae8e528caf475e762e41eb3f17241bee178b740a401dc269bb0d61c2f1884e08031861d754232971a88e0049f83db1e89a4c561300ffacf739e4a4f148ddcc0154a377b0d8e2c76af15f29f5d713b1964f34abbb73aa7c22f4c677a", 0xdd, 0x800, 0x0, 0x34)

1.140673993s ago: executing program 7 (id=5987):
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7, 0x0, 0x5cb, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000600)="e2b13d2b8dfbd96663a042178a348604", 0x10}], 0x1}}], 0x1, 0x1)
read$alg(r1, &(0x7f00000012c0)=""/4109, 0x100d)
sendmmsg$alg(r1, &(0x7f0000007e40)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000340)="4ae4b5", 0x3}], 0x1, 0x0, 0x0, 0x20048091}], 0x1, 0x4080080)

1.06425112s ago: executing program 7 (id=5988):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x5f8, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x5c8, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x104, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xb4, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x498, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2ca8b8d7ec1784b0, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xb4, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x69, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e66d3b14a3b76"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x108, 0x1f, 0x0, 0x0, {{0xb}, {0x4}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0x9c, 0x3, 0x0, 0x0, {{0xf}, {0x54, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @private=0xa010101}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x54, 0xffffffffffffffff, 0x10, 0xfffff001}, 0x2}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0xffffffff, 0x10000000, 0x3, 0x3ff}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x19, 0x6, "6c73dc20ec0f1f62d72faf3465d04d6e1f1e4cf9b5"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0xfc, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xd2, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108a46a7eaf202777861df68712f67c7f83338caa73ec2f351fdbe40e46f5"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x5f8}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

1.019826072s ago: executing program 7 (id=5989):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x8, 0x10000)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f00000000c0)={0x1, 0x1})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume_offset', 0x22842, 0x1c8)
sendfile(r2, r2, 0x0, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="4da20000004000001c10000000000000a5000000001ed6e695000000000000004e936cda1a42ec65f700cda409e3a8a40f570b79c0c637be262ab9645a27bb950e439579a20436b419b9ff131411e7afda0e3a82dc01422f15a36daff1bcd50c91b26e0eff2abfaf898c107021377a6fc0cc528288e44402864b"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x22}]}}}]}, 0x3c}}, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x0, @private=0xa010101}}, 0x1e)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x1)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r4, 0x4018f50b, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0xb20, 0x1800}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000e3ff27000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31004000002c000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000014000000110001"], 0xc8}}, 0x0)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)={0x1258, 0x13, 0x400, 0x70bd25, 0x25dfdbfb, {0x25, 0xf7, 0x81, 0x2f, {0x4e20, 0x4e21, [0x4, 0xff, 0xfffffff9, 0x7], [0x8, 0x7, 0xc, 0x4], 0x0, [0x5, 0xffff]}, 0xe}, [@INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "f42532a4aaf84888048054a0fbdefa4095c80349f356e1a8bd5d83a4eca03aed9e6cd163a697cb6ea8236288f444fe6c2043d92b6fc171970f16e38028213548aa55ef44948c51666af8e0ce31334ed2dd06eedf040cfdbb419d77ced82d273c862cf91b749543b2b76de8100cb1555650fafe0a3c34fadcd767750b2e2e346c5993704db505967e9a2dbeca9744f24eb94258eecb565b9389fea94e40ddf7a6c13d982d9b47ab1a3f5b7445cc646f381bec9af1717873b0c57fccc936e17d76af65b1b16cdcb2dfcdf93a856293b9ae01a6c7f076f458a8796a26e6cbc4d90ca3548f6cd853a545ae0fceb61d3159382784163bba28120de4fb21edb5a02264137706664791f79cdfc186e81845d9282503fc1e2e4d57962e36aae1b8856d1477aa4d0acb67c494147dc32f530f8a3b5fddfb1cd0a0da615256eba98cff6ed2b5519e170d97c3f1d556da3186161112dddc027663cc8d07a90902d91652650003640b634df85ef0afd8b005063f3430f3130fc706ff734fe14f6cb28601fbeba678bf22f32743ac038806422bc2355b0efed3564ee1d824dd1283d8c8023d616ac97417484ff7ea9d09369ced732b8812a44f6bde567330a3bde0ca0a0a2dc833b77c6cc93e019f0e1d112ef60f5c52bfd8982986447118929074196d1d4fede6d9e930f756fb8fb574bb375b3efba4c70a2c4364c680d28e8740eea35333f32ff82eadc431605437773a364bfdcc064ce5e4dbcb94ba803e5cec2e7164400001dc090342c9e8b8f6840d217ab4853e779284bc8e219258b62a4de935170e27ba6f057116cfc3d952d38eae54f7275299e2048cb1b2780e8136fb11d8604105371081ad6eab549188feaafdb81192fbc907aeffba2ea11c4e327c9da5402cd29dc477b65ed16e1c7244d860f6856e1c2f7fa32ee364be53c3e7082f63610be0b0fe4368e39f47431cbee0b50b16d51b6859a87824460a388814d70fc915afb2b40bbfc40122092b9e8cceed7c5f607ec231c2b8a0c31bd8078429405d2b7bb6e52f254e2f1cc30c45515a0c5e606c082f3ec7b58752e9858d5ec3fc1453e4bde16038c88a10e0c02e03cc0d52128c4ee0c9e99f2538e225d403417018c9747c6cfd9650b87d73887a79e14ec22a1241a7c9cc80f79a7162231d6ad8e554c1289307ff5c0f3367406785e16b1b8e4f36acd1aabf9a29dda8d473c1444f765b3bcaa0494c1da84e57cf071f1357b2896609342eb0fac64183c833e0628325250aa5161179667ec3b5991262cfad2f7b8bb098e047563932c0725eed64606558236dcd97b1c5a75694a99e188f457573e9bdb274a63470a7f14d1f98f7077117d87f73bdf5708337b911381ade4ffd46a3c6c4d3c5c47571ea7b0a3e55ee774b07f68154b5dfe4701f610ec6540393868ab4b986732f0840a01fc929220e9bc1d7d2a35610047e3d868ec4fab16f40dbf76131cc171efe41847e0eced61880dac0065c36b3dd26d7f143e532377f751b335404271c952a960618ee934f6c1118f91b90f9c3d6f32a26d7de54c617e1f88833c04a63229006f6c7a87385bf4f827f2eda7e6ff1fa7d141f0faa0d411c7da720ae7c14e0d8298db3bc36917797b38b4212377079e37f3807d5555a1708649d9c29d2a09bf8d67ae0e7fc97e6bb5736fab509f61719128494000d425b87b8f106725948633db5d7cba5aff1f0877babf93e5fe352890230f0f81c5008996ce0df2d727724119f85ec8dd6bf1e7bd0e3673d7a31963291e42e536b35da5d947a879ab0381a9e373406693d2ab60e733788f8216913774b5d5fff7e3539e4b629307a1c7a560fb7c59b66d4c3c61ff2900220f5cd39272adf114cfb4a3679fe9df1c815d677f9ffdf756c258f62fa2b01637a5256385837dc5873fbf1afd81a4737e3468116c078b8849adb6819fc9ed9e86b88d573035134f993b5c6974b9d63481879a4a7d3205117607fc2d6b699e9a5b6ff34925361a306950bf8bc8ad95a540e932f0bea45a25571ae3aaed831f7a49b86e2d302383effc252182636f20308a574a31ff4c1e7f756455cb9b7c382924fbe77f1b29585dfeab807a379ed84e028ee5aa9940ccb63d05ba0762ea411f6f1a6d9f6e8c739984e5d83ef9a07817b4885d16ac8f303421cb8cb9a328101481e4b76df7132e0d21ef9839f2af730eafd9e56dabb69997cf7f785a650bc369dee708cfd8dc8c8feb54423c10dc2b854d5e6ba42aa12a6e94fa1eac28280f51f457ef4bbe71860ed3bc12822e985e0bbe9ee825e79f956a581950a8d71afeceb8df34a005446067c7f4b4aa8f4f3ff0ab482a7d3b488cf43c76ace47720ca4bf7fcb57ca7fc464374997ff37f2e9eeeecdd3955f285a79929ae5770ad483f5eb4dd2692235101d81aa37c61ba66164b7efffa973daf800e673471167a9b520dd8614659e9d08e0f6a1638779375fe3310e639e501a3f4841157c309f560430971899683d29cc14a0b82a72a9dacb413bc99141d1cd62a82094e5443f46d10236853f9cea7d4d8803505f135352248773a167afb39449fe85820fe90a1ad5f16f4ae0f1e0dceb5a919947001f12319c630f65959e9d13b456d475629e92f12af6ce077dedd38f41fa54857c4856fd0790cf7d9993f21c1eca2b65783796200dd8dc5302faaad6595624b6cfee439be06707084959b719e26c5142126a9b84f6200082bccefe939a1c3f12a147460ffe6dd5564250ca5e39d15dd9faf963f34d6840230ced9705b2ec8d8b9550241bbad831cfe9299bed95b75c1251c2ba804ad040c473adc40ff2949c3adf5d040cfe39572abb39bfee1f4175643a3d1221059a3043f6f2b1bd46dd4c0d38ba79b1583f2a47a45283cb22864ff3d94bdad170ddc1ac65440a0b626a72ac0c7a314ad9a7ab285f90ac6445de49ac18cb16d5b7d731195861491928e83e89b362f89fb61a5ea48a85eca74f2aec39bd2ec324278e0ae85c7d66d6ab03b35764fda6136d737b9f7246e0d6d25db2201fafc9574526db455d0ac6d3ee3cc3ae05a22fc60a0b77332dbd634453504da95c20aa7a38ced89306d722801798b074041f2d54d9cc06bbc466e1a47de9bd2ad423c73b2e44ecc9112a682b4c759285fce37f43ae3657c28285e7edab348297180600110748cb7ccf3d70a16a1403a7bb45b5b98aff52e79827359452b9fe6a815169a9cc7d04aff53afd232569d8749c2c27000fd26dc6a21e4c2b50e0c2c4170c3d6e9da612946ada63a04dccbd150f7fad3f895fdc6b1f403d0af2d5b28413b53052285fbb11c6fc998d5ae641d0254f2af906c53bcf6a72a0915b3d656e290a662936ceb3c6e2b352014808555fe398fa0460f1204cba29df0ef740e8f796abcea84af2b3178aef9368da22bcc67372d451cbe78d8bf9f153c459704cacb91f78213654eb68130aa8bed5ec984ec96f5147dd48346e32a3ead7d7ec0d13139711584aa8d384a897f6229fd26f3a722b21cfcbfec2855d034686f577db0bbd92048d1c8b8959bd2d5c4044cfea51855ca2e1780e5115d68757520ebb57151157caabd98b810fb696bbd0b092cba0b2c7616716a1d347ffc09837f58242d36eff20746950f579b33a24fe18dd6c58143c28f846cf75fcbd05c7f858a9df0fd7c900f70fc9234f18e44f2f9e8e1091e118c12e8b7f8a774a85ebb9ced04b7b0d38712f94370931c21b30e76fa84a9d29a2bbbf6961155818657f758798fb2eaabe696be2229e8690c435427969edf572c7f6a750f51a12a83654d84723ced59189478b29fd00e5ed420b7cad97faff0fb1be2e3b94f976ee00b2f8e8c226567c8c9379d5e83191eb987a96da8b437211b9aa7ecbc64746cb886dc88051f28eea3c8366f5a7431f9023d634c3b825e0aded590f9893beb7162171af919278477230d6dab051a257ecf9086febbf2f5c353faca378e0464575973b39ba6ebca0c4790390ab026be47168ebe4ad88083fb7ed43ceaac01378ff9b27cf329a74855e154d2f41124b443a2ea7320d5b519b548d838af762b0bc774e79a2e89df991e24ac28eac902e80b148a91022a645e7a83438800101fdac500e4780c7326c62aa671058657bf580327b06cd4245ae0aae57fdf3cabe8dbdc6cdce27172bee01aaa31a1e070b07e10f41c3aebf89f3f425bc834e5164cd6b588dd467b91206230976dbf5fcee5adb2a4101fb003e2109ee7791f46af534ebbacba771d7c383d91de062f5707fded2355ef148ea3c186601be8e4e4d82333d10e4e72fa50f65df00250e8f6484fcd1c1bfdf479b29e041b7c377b423e5bfd4fbd7d0df5bf8d343f34697f74b4b65eedd6cbada0c29a82fcbe549ce8e6d88c8e8b8efe05c8893c6d1bb7b5f5a3419d0a65bdb6c9e1decfae100f6c63e922722cb9181b6ed657163f31f395d1678716652331e2934b43dab5844b2d82f80d72e404a7f9e92657ab4e7c8a8a1d1f77bb1e6740d5f5e338a819ed3605727db78b386fa745e76215486d4af4f0dbcee0ea5a215fc6db527bccf196cd1a59e92835167fafa917f0b05012c96eb17865b968f868975430f04b02fc6c535445612467341aab68893fb6dccc757e27316097cc5b0f00d21dbc4b8f5a11387b2eb8b9186098a37386bb812aaef494ab74b4e68207f1c6095c7a00f7491be5449235dfbebd274b7c709c17f5dce4b3c4d9c5476ab6d766eaa6a9e6ae5fc9ec463bd939230774b343a2cfeb7926b4e4c3e76d28c18ebbeecb299826840b32bca13f319eb30f1180a6cfe17655e2ab8dba617e0ea141bd3016c761dc1a6a29fc3b13e5dbee7fe8e6cd898f05502255cd45ddb9a6449962b2f2d279ba431a22a975361e4707a4c0e433ffad2b8e997ec03a169731fb2e12d2c82bac8bda9135739466f6daa86f31bb7e50aaeb99f1adcfa7e35cd123599110a1d38c4f2ad356517ed198307e69dce0a3c757c675b97d61e9bc04b9279ef4777f8cd41061c24c54bad32a3c642937e17254cc9c66298bb328fbef26ca1c8cc38f7c15fad376673979c1c18b9c1ad53831aa7cdc419ea6cb450387e39252cd36fb8062bcb6dd4603fa743d13f317614e8466ded7888c55f9335e29b66c88f69931e774465b951f99d9ac1a90f9dfcd3ee92c2fe616966c1ba2e97f0ebadefd05fa696de581c22a26dfe8cd7b4e6ecebb35c644960b4ed39960ffda34c9c53b8687801411f21e76e2a63cb63624c01860c8bb5ba6176ec1d8af1887bb516d5287ae25de7cd9aea8db241349195eb4462e41ae72b2bb0c84db450bfe1d4fdb91144ec9a485a12e4ccb529fe0dfb528019b09d83b379d975de06e8e59435ed5baa2d687000fd052ef72d467638fe187363a6ee1a21c7dacb73d2079c4148695890eccd4d0999e0cf6a61d0214143d49bc35eb802c760dace528b1df7b2a8404b2397931e58fd8ade20b10a637ff17acfe35b03b473f793c5b7d455b0bf96ef218435c40a26e3199c4c117ec074216f52c6a2ffd789ef54029bb1e9e82ac98fb95c68b532d272f227ba0bde8c92dbbd21a7986968153b27675ff00a530282225d5b961dfbcf2e5d52b29d53a38fd3c3e788f29577b9d48b6f33ada136577c4e0bed38a50e1efa14a1b7307e0b74aba62ee09578f9c246f853c534ca211fa5b0bf45cf5a37a8d2ce4f8cfff2ad7ec8d28c25e9dddcef4a7f6eb82a90c46356927eaf46d73927e41b040c3268cd550f82fc9fea283a29e994f1329997b996eae046a0e660b6d7cadb3205ba427546c73c841075f77c06a8b3bcc9e9979e"}, @INET_DIAG_REQ_BYTECODE={0xe4, 0x1, "977df474963fe53fa4a1fe98450e55600d0f86b39461fdbb7156f6f8e0c247db2844ba8f1b58106407f87702296e39a9828dd0897cd5cedbd0702c15e93c8bbe645e85c055c89a38cd02a2eb77e33d771082f6eb5d5edc0b435cc5b8079091609e9433831088a60633db9234f93745a1040b7358f3bce6e77fee0957632d7ba669dadc7225850dcd6e4a45f57821f980fba36f8761d65ce5c86ef6219b778e872c5752de689ac1c4c0a2d606929b72a234a4985dbf07e69bfd95fa1a1c8af59eeb1efc1032ed991cf5f426b057188a3bfc919a9ed1388ffebae3826ce5ab7681"}, @INET_DIAG_REQ_BYTECODE={0x26, 0x1, "a473ce284f822e432bbacd8ce2889329e6557a234944804dc9fc103fd6188c7f71f3"}, @INET_DIAG_REQ_BYTECODE={0xfb, 0x1, "9544634af6ceea7546ce2539d6ecf3f03cbdd00d0c8be28c8f4332a9550f6c446835f64a0c955a8f2b18014841e05ab95b06f78b27b058e7369ffd11b400b0ad9b43c02bbf5f8fa853b82f7faae3369a7ad095698080ca7d0fe66ec24d4088ebeb9414128cc648c75cfcb7f37182557e6d09ac2aef8df440ce65a7f41078aa2acf7a7df2c93174c136f6b69814d5afd58aaeb3ce1661af1be13a725b4ab3434210f7ef41927a46c78bcb17c324f863ed32909d03d2f5b072a5393e8c69be01a47d8a16a4f28880659a3a524d7075bb45512f491a8caf3f88680e092f8e299ac540ee7b0a56001899576e95edce0041741285f2765eb0d7"}]}, 0x1258}, 0x1, 0x0, 0x0, 0x44010}, 0x0)

937.049132ms ago: executing program 5 (id=5990):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x1e8, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1bc, 0x4, 0x0, 0x1, [{0x1b8, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1a8, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x192, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772a8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37d651f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034"}, @NFTA_MATCH_NAME={0x8, 0x1, 'bpf\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x210}}, 0x4048010)

910.760966ms ago: executing program 0 (id=5991):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x8f}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_HASH_OFFSET={0x8, 0x6, 0x1, 0x0, 0xfffffff9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xec, 0x9, 0x6, 0x804, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}]}, @IPSET_ATTR_ADT={0x60, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7fffffff}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @random="381b4b665523"}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x800}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz0\x00'}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x1c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x5, 0x1a, '\x00'}}]}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x76}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xb0c9}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x4}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x2}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000044}, 0x80)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/53, 0x35}, {&(0x7f0000000180)=""/152, 0x98}], 0x2, &(0x7f0000000000)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x8f}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_HASH_OFFSET={0x8, 0x6, 0x1, 0x0, 0xfffffff9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) (async)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xec, 0x9, 0x6, 0x804, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}]}, @IPSET_ATTR_ADT={0x60, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CADT_FLAGS={0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7fffffff}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @random="381b4b665523"}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x800}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz0\x00'}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x1c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x5, 0x1a, '\x00'}}]}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x76}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xb0c9}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x4}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x2}]}, 0xec}, 0x1, 0x0, 0x0, 0x20000044}, 0x80) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
getpid() (async)
process_vm_readv(r1, &(0x7f0000000080)=[{&(0x7f0000000040)=""/53, 0x35}, {&(0x7f0000000180)=""/152, 0x98}], 0x2, &(0x7f0000000000)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1, 0x0) (async)

853.414712ms ago: executing program 7 (id=5992):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x638, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x608, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x104, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xb4, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x4d8, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2ca8b8d7ec1784b0, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xac, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x63, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x144, 0x1f, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x20, 0x2, {{0x3, 0xe1a3, 0x6, 0x3, 0x6}, 0x4}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x8000}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x236}]}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0xa4, 0x3, 0x0, 0x0, {{0xf}, {0x5c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @private=0xa010101}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x54, 0xffffffffffffffff, 0x10, 0xfffff001}, 0x2}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x80000000}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0xffffffff, 0x10000000, 0x3, 0x3ff}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x19, 0x6, "6c73dc20ec0f1f62d72faf3465d04d6e1f1e4cf9b5"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0x100, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xd6, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108a46a7eaf202777861df68712f67c7f83338caa73ec2f351fdbe40e46f577bf7a5b"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x638}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

816.13106ms ago: executing program 1 (id=5993):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x2002})
ioctl$int_in(r0, 0x5452, &(0x7f0000000080)=0x2)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000001c0)=0x2)
ioctl$PPPIOCSACTIVE(r2, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)={0x90000011})
pwrite64(r2, &(0x7f00000000c0)="7906", 0x2, 0x9)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000000)=0x2, 0x4)
r4 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r4, 0x73a0, 0x702, 0x5, 0x0, 0x0)

779.65557ms ago: executing program 5 (id=5994):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000001000)=[{{&(0x7f0000000a80)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000340)="023fcb3ffa374598ee170705892faf40785b8872cfe79ba3", 0x18}, {&(0x7f0000000b00)="9995991265b0dff12905350c0252d867a6c0ed86ba080f21316a4afa8e0c93ee7e2be261f2aa531f10c81113263c9c27e9b1593fbc78630644ca2c284dcf67fa07848bffcd4c4322a9e88b33530719f551b305aaac067b78247c278a494c1ef3168f91c592cc313844d3eb7fb3913ca1f9d749b412e901e85b2bc6ca438673579dbdbee7c60e446abe35c2", 0x8b}, {&(0x7f0000000bc0)="0fa550b483375a1de96f146928d5c2cf6289b94c9f38b8ebd433ee0c0e9ff3f5fe6235313431d9307c76d5a00158b3bfc628d077fd921d8d7199cd758c2e76e70bb1018ccd57af3bf1ef492e7079e0e85abb2d9d81b5e493714a25b3e47c592fcd6ab7c9c1b86f51f6fd240f705f88", 0x6f}, {&(0x7f0000000c40)="10f8ea25007a50fe3fb5e411f07a8bbc20ec7c70ad36082dc3e078e181456ce9fd967398a7411ca062416d762f8cfeda2b65cb47271e837b65cdd605e8ea39b26a705d4ee44d37d52339801aaeb7cf1fdcf3147f64505ebcd6caf41fdf506dee668b759a689f3e6a186283f5e668070c6b889d4a8389516f24020c83b1ed5cb11c280e205f1f7da658a088ca4c55b4d4f07fd18d07ba5235b3c11838f14678126d51c1e110711c0173899822ee3a2c2cb08806c2", 0xb4}, {&(0x7f0000000d00)="c8cccfc516b9bd6960230f9575", 0xd}, {&(0x7f0000000d40)="6cafc4bfe243c7660374529a67d2c13595754def", 0x14}], 0x6, 0x0, 0x0, 0x40050}}, {{0x0, 0x0, &(0x7f0000000fc0), 0x0, 0x0, 0x0, 0x4008000}}], 0x2, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(r1, r0, 0x0) (async)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000a40)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r5, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000580)=""/242, 0xf2}], 0x1, &(0x7f0000000200)=""/57, 0x39}, 0x26}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, &(0x7f0000000680)=""/152, 0x98}, 0x2}, {{&(0x7f00000009c0)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000740)=""/17, 0x11}, {&(0x7f0000000780)=""/93, 0x5d}], 0x2, &(0x7f0000000840)=""/174, 0xae}, 0x3}], 0x3, 0x2122, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @loopback, 0x5}, 0x1c)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0) (async)
r8 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r7, 0x4004af07, &(0x7f0000000240)=r8)
ioctl$VHOST_SET_VRING_KICK(r7, 0x4008af20, &(0x7f0000000040)={0x1, r8})
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) (async)
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000980))
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x1) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000300)={0x10004, 0x0, 0x1, 0x1000, &(0x7f00003e6000/0x1000)=nil})

651.892068ms ago: executing program 7 (id=5995):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xb0, 0x3ff, 0x34325241, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x3]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$tun(0xffffff9c, &(0x7f0000000000), 0x42880, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080), &(0x7f0000000180)=0x8)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x8, 0x1)
unshare(0x22000600)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000003c0)='ns/pid_for_children\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x7d, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x7, 0x800, 0x100, 0x0, 0x5700000000000000, 0x401, 0x6, 0xfffffffffffffff7, 0x0, 0x13f, 0x100000001, 0xba25, 0xfff, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x1c0080})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

540.848264ms ago: executing program 5 (id=5996):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004d80), 0xffffffffffffffff)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r2, 0x1, 0x0, 0x4000000, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x3f000000, 0x4b0, 0xbbba, 0x300000, 0x0, 0x0, {}, {0x2, 0x101}, {0x0, 0x3, 0x20}, {0x0, 0x8}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb})
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r8, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)
r9 = socket$kcm(0x10, 0x3, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

455.641549ms ago: executing program 1 (id=5997):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004d80), 0xffffffffffffffff)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0xffffff97}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r2, 0x1, 0x0, 0x4000000, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x3f000000, 0x4b0, 0xbbba, 0x300000, 0x0, 0x0, {}, {0x2, 0x101}, {0x0, 0x3, 0x20}, {0x0, 0x8}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb})
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r8, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0)
r9 = socket$kcm(0x10, 0x3, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)

360.750425ms ago: executing program 7 (id=5998):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
execve(0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$inet(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)="31ad81df3fb2ddf597267390417d0a0be391dae8d945c26057d449295d390d081b", 0x33fe0}], 0x1}, 0x14)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000001640)=ANY=[], 0x18)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c)
syz_usb_connect$uac1(0x6, 0xec, &(0x7f0000000140)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xda, 0x3, 0x1, 0xa, 0x10, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x1, 0x305, 0x4, 0x1, 0x4}, @selector_unit={0x6, 0x24, 0x5, 0x3, 0x3, "bb"}, @processing_unit={0xb, 0x24, 0x7, 0x1, 0x4, 0xd, "0a969ff6"}, @selector_unit={0x6, 0x24, 0x5, 0x1, 0x6a, "f5"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x80, 0xfe01, 0x3, "90981c60d3fa"}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x4, 0x4, 0x1, 0x96}, @as_header={0x7, 0x24, 0x1, 0x7f, 0x40, 0x3}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x8, 0x2, 0x40}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x3, 0x3, 0x3, 0xa8, "ef4851", "a11c"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x8, 0x6, 0x9, {0x7, 0x25, 0x1, 0x80, 0xb, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x4e7d, 0x5, 0x5, "2d20fd81a50e"}, @as_header={0x7, 0x24, 0x1, 0x0, 0xd, 0x5}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x1, 0x0, 0xf0, "511a2cf576cbbd27"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x3a, 0x10, 0x7, {0x7, 0x25, 0x1, 0x83, 0x9, 0xb}}}}}}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x3a, 0x3, 0x5, 0xff, 0x3}, 0x39, &(0x7f0000000480)={0x5, 0xf, 0x39, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x45, "acdf95f3e19d480aad3371643d4f2cf7"}, @ssp_cap={0x20, 0x10, 0xa, 0xf9, 0x5, 0x9, 0xd094256b0ac81082, 0x8, [0xffc0c0, 0xc000, 0x0, 0x3f28, 0xffc0]}]}, 0x1, [{0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xc1a}}]})
r7 = socket(0x2, 0x3, 0xff)
sendmmsg$inet(r7, &(0x7f0000000640)=[{{&(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000040)=[{&(0x7f00000006c0)="281e3162e61e5f8e22c14cebe48862dda7b2fddc249bd774480a07f7ea440013", 0x20}], 0x1}}, {{&(0x7f00000000c0)={0x2, 0x4e21, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@ip_retopts={{0x18, 0x0, 0x7, {[@rr={0x7, 0x7, 0x5, [@rand_addr=0x64010101]}]}}}], 0x18}}], 0x2, 0x4800)
writev(r6, 0x0, 0x0)
r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, 0x0)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue0\x00', 0x200000})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r8, 0x54a2)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r9, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0xe8030000}})

340.129045ms ago: executing program 5 (id=5999):
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7, 0x0, 0x5cb, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x0)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmmsg$sock(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000600)="e2b13d2b8dfbd96663a042178a348604", 0x10}], 0x1}}], 0x1, 0x1)
read$alg(r1, &(0x7f00000012c0)=""/4109, 0x100d)
sendmmsg$alg(r1, &(0x7f0000007e40)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000340)="4ae4b5", 0x3}], 0x1, 0x0, 0x0, 0x20048091}], 0x1, 0x4080080)

280.706563ms ago: executing program 0 (id=6000):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x5f8, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x5c8, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x104, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xb4, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x498, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2ca8b8d7ec1784b0, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xb4, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x69, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e66d3b14a3b76"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x108, 0x1f, 0x0, 0x0, {{0xb}, {0x4}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0x9c, 0x3, 0x0, 0x0, {{0xf}, {0x54, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @private=0xa010101}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x54, 0xffffffffffffffff, 0x10, 0xfffff001}, 0x2}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0xffffffff, 0x10000000, 0x3, 0x3ff}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x19, 0x6, "6c73dc20ec0f1f62d72faf3465d04d6e1f1e4cf9b5"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0xfc, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xd2, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108a46a7eaf202777861df68712f67c7f83338caa73ec2f351fdbe40e46f5"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x5f8}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

113.462223ms ago: executing program 5 (id=6001):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
socket$kcm(0x2, 0x5, 0x84)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000006c0)=ANY=[@ANYBLOB="0180c200000100000000009104bfc10000380000000000019078ac1e0001ac1414aa03009078030000ffffffff000000000000010000000000007f00000108000000000020002cd0d502cd26ae3a47954d3f3225fe52ff4019d152a36595a1e0f2a12ebef28a211ac13db430e458d737175ee45bd8a755bf09d1c8af2c7a6bf0553adc8995feb7ddb19448936da443437464d74b1977068d60fa33d03657910dba40cd6dad1130e658650adb00955317a1d8a203a3d01ab8460ab905d26a44afc42c591ae6cb5fe2a32fce285b5092ce0649a623a221ffda3a5f0b4a5a2ad1ee3fbf5814721439a2cc08ec0a84b564764958e8e4827bcc304da843c72f1c660000b35c0a1a9a344e10e4ed4ce0e5d32c284b53f7974b53b038f4e5ce804f44ae0552f4b73c1c4ad78953afc05be9d468ce5f9e83573143806d525d8280205d7d9f872c47851c34edb989a4442d8af1eb2adbb32c1cc274db37c4eb3d214a5ac48e61c2c1878699ac5acca72e036b10d98b689dcf6bd843c10d6a40fa5185a64b29b8790f5e6796135f4b1c148450e3ae346081e9f3f4c1672407566ec8bfdb66e4479a"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x0, 0x7, 0xfa11, 0xffffffff}, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
syz_open_procfs(0x0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000004340), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc0f8565c, &(0x7f0000000000)={0x0, 0x6, 0x0, {0xa, @pix_mp={0x0, 0x0, 0x41415270, 0x0, 0x0, [{}, {}, {0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x7}], 0x7}}, 0xfffffffc})
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
write$sndseq(r5, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000009c0), 0x0, 0xc001, 0x0, 0x0)
syz_usb_connect(0x0, 0x12, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

106.36823ms ago: executing program 6 (id=6002):
r0 = openat$ttynull(0xffffff9c, &(0x7f0000001e00), 0x40, 0x0)
ioctl$TCFLSH(r0, 0x540b, 0x1)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @win={{0x4, 0x6, 0x803, 0x5}, 0x6, 0x0, &(0x7f00000005c0)={{0x10, 0x6, 0x10, 0x3}, &(0x7f0000000580)={{0x316f, 0x3, 0x6, 0x3}, &(0x7f0000000540)={{0x824, 0x7038, 0x2, 0x5}}}}, 0x573, 0x0, 0x91}})
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x3f, 0x822f01)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x100)
fcntl$setstatus(r2, 0x4, 0x42400)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x918)

97.831846ms ago: executing program 1 (id=6003):
getpid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
io_uring_setup(0x3e45, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0x0, 0xcb})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_macvtap\x00'})
r2 = socket(0x23, 0x3, 0x3)
write(r2, &(0x7f0000000280)="140000004b4fbf0bbc983b381993b4ae7070e41a52b790ea14b5da2ce85d96b65998a67b7c004f032e789e006d97f1e0ab", 0x31)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, &(0x7f0000000300)={0x2, 0x12c, @ioapic={0x2000, 0x73, 0x2, 0x2a, 0x0, [{0x94, 0x4, 0x1, '\x00', 0x1}, {0x6, 0xe5, 0xff, '\x00', 0x5}, {0x4, 0x0, 0x8, '\x00', 0x2}, {0x97, 0xff, 0x8, '\x00', 0x4}, {0x0, 0x9, 0x6, '\x00', 0x7}, {0x0, 0x1, 0xb, '\x00', 0x2}, {0x7, 0x40, 0x4, '\x00', 0x7f}, {0x6, 0x6, 0x4, '\x00', 0x5}, {0x21, 0x80, 0x1, '\x00', 0x7}, {0x9, 0x40, 0xd8, '\x00', 0x9}, {0x41, 0x3, 0x3, '\x00', 0xff}, {0x7, 0x8, 0x78, '\x00', 0x8}, {0xe6, 0xf0, 0x6, '\x00', 0x6c}, {0xba, 0x8, 0x77, '\x00', 0x7}, {0xf9, 0x90, 0xf1, '\x00', 0x8}, {0x9, 0xff, 0x4, '\x00', 0xd7}, {0xcd, 0x1, 0x0, '\x00', 0x8}, {0x53, 0x6, 0x80, '\x00', 0x7}, {0x4, 0x2, 0x1, '\x00', 0x2}, {0x4, 0x7, 0xff, '\x00', 0x68}, {0x5, 0x4, 0x3, '\x00', 0x9}, {0x2, 0x3, 0x7f, '\x00', 0x1}, {0x8, 0x9, 0x64}, {0x8, 0x9}]}})
r6 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r6, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000880)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff05000100060e1208000f0100810401a80016ea1f000840042e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace817bb341139fe3cd4032e8edb12d1d2eb0c0ed0bff02b7d51222df5ac918e0488dd45682d0226c63aa21a37d813c71fed5d82b08d980888d041851e77f0186817d77f14ec6393199c04ae30805ccbb99dcdde4db7c8cba1c0ad372347a3ff240c3531d185f405aa300aabf3f146e8ed714c5701cf33f63ccedc59425cddfadd4f64e15d6d4df562e258aee785fae6f505b607f3dadc22d66fbe16e08c505825d45ebdd63b8df4af4e07263990de649a0ea9d2bf31a231ebd7d2e33b5505936da61d91e800d097ffc09b920815d10449ea2ea682e25a411d3d20a8345cfc40483d568bd5148ece674ddefb2a7ae4564017cedc1c709", 0x1b9}, {&(0x7f0000000740)="bdefb2dfa39daea1f767ac2707d67415ca871582ed3d1ae1ddf2cec8c7e81f569dc3d91b99dd1ecb835ff0e1b779516082f619f2a5648f97fb956f323da527feb2365aa93d95881bba56c2dfa542835086b12ab3191c480ef0aef16a8377ff4438788532f6cdeec5f8aef40bac9ef0dca02263722d0b8a5c32c397a50386c88c52a0aad7efa1bb9eb7ded7ecbb2eb475756f8921475e0d8a919d71f19de5e0b6f068de3725a35099b574797602b22050e56b567c73b2d9bd58a35d65e0cbc1cf527ea51b4a2fcea9ec580042dc0cb6997035b0135aa2c35990af289c0af4b157cfc3ebd1c8e1b2af3a0b46525f15c6ad92e37c2a9d109097d73c64242e8406095d10139710e41288348d36142a2b284d4aea43978502e668e8b1a7f73b555597da52f1af2db1", 0x126}, {&(0x7f0000000380)="22f5f6c5906b7bb636109a2d516cf9947224ad5e30c6a256859e9aa1bf4ca1e8c7252b7927a9832d2431e7266a75cd235e4597a71f1716f8dbd10a4a1e214bb4aedadb5b0900aed8fe491cd2af53debf45fb0ed2e66c1c44614b633f0ec6eaeec95c5234ac51073d62b577eadfa82f6674bcd6db1eff18aad0ac8509a022de", 0x7f}, {&(0x7f0000000580)="32c92ac7222b8505de0c6c4a8883ae069198f2fded90531aa006c3e7dd46b4b5075549837977daf171b74bebb25b115c7ab18f2068b32f4b04e76b7b02308c999e1996b7fa4cc6620dfdb85de378a36fd3497e350d1c0960c9f266", 0x5b}], 0x4, 0x0, 0x0, 0x7400}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)

0s ago: executing program 0 (id=6004):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x1e8, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1bc, 0x4, 0x0, 0x1, [{0x1b8, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1a8, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x192, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772a8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37d651f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034"}, @NFTA_MATCH_NAME={0x8, 0x1, 'bpf\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x210}}, 0x4048010)

kernel console output (not intermixed with test programs):

ufficient power available to use all downstream ports
[ 1471.487245][  T983] usb 6-1: USB disconnect, device number 24
[ 1471.693476][T26052] random: crng reseeded on system resumption
[ 1472.179709][  T983] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1472.369592][  T983] usb 6-1: Using ep0 maxpacket: 16
[ 1472.422140][  T983] usb 6-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1472.444439][  T983] usb 6-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1472.723729][  T983] usb 6-1: config 0 descriptor has 1 excess byte, ignoring
[ 1472.734930][  T983] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1472.749594][  T983] usb 6-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1472.763326][  T983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1472.835700][  T983] usb 6-1: config 0 descriptor??
[ 1472.923602][T26069] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4994'.
[ 1475.022922][  T983] usb 6-1: USB disconnect, device number 25
[ 1476.302306][T11230] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1476.469784][T11230] usb 2-1: Using ep0 maxpacket: 16
[ 1476.479020][T11230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1476.495034][T11230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1476.518577][T11230] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1476.567840][T11230] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1476.609511][T11230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1476.663717][T11230] usb 2-1: config 0 descriptor??
[ 1476.673660][T26129] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5010'.
[ 1476.913307][T26131] random: crng reseeded on system resumption
[ 1476.918612][T11230] shield 0003:0955:7214.001F: unknown main item tag 0x0
[ 1476.935273][T11230] shield 0003:0955:7214.001F: unknown main item tag 0x0
[ 1476.949912][ T5966] usb 7-1: new high-speed USB device number 113 using dummy_hcd
[ 1476.973172][T11230] shield 0003:0955:7214.001F: unknown main item tag 0x0
[ 1477.011214][T11230] shield 0003:0955:7214.001F: unknown main item tag 0x0
[ 1477.099354][T11230] shield 0003:0955:7214.001F: unknown main item tag 0x0
[ 1477.132831][ T5966] usb 7-1: Using ep0 maxpacket: 32
[ 1477.162760][ T5966] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1477.171249][ T5966] usb 7-1: config 0 has no interface number 0
[ 1477.187793][ T5966] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1477.198462][T26135] random: crng reseeded on system resumption
[ 1477.207164][ T5966] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1477.220270][ T5966] usb 7-1: Product: syz
[ 1477.224548][ T5966] usb 7-1: Manufacturer: syz
[ 1477.232556][ T5966] usb 7-1: SerialNumber: syz
[ 1477.245018][ T5966] usb 7-1: config 0 descriptor??
[ 1477.272917][T11230] input: HID 0955:7214 Haptics as /devices/virtual/input/input76
[ 1477.281969][ T5966] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1477.478830][ T5966] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1477.494119][T11230] shield 0003:0955:7214.001F: Registered Thunderstrike controller
[ 1477.529390][ T5966] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1477.561583][T11230] shield 0003:0955:7214.001F: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0
[ 1477.694404][ T1596] shield 0003:0955:7214.001F: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1477.732255][T11230] usb 2-1: USB disconnect, device number 66
[ 1477.766743][ T1596] shield 0003:0955:7214.001F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1477.816798][ T1596] shield 0003:0955:7214.001F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1477.863941][ T1596] shield 0003:0955:7214.001F: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1477.920071][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1478.209629][T11230] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1478.371546][T11230] usb 2-1: Using ep0 maxpacket: 16
[ 1478.383835][T11230] usb 2-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1478.409116][T11230] usb 2-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1478.418375][T11230] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[ 1478.426671][T11230] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1478.448836][T11230] usb 2-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1478.458881][T11230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.485659][T11230] usb 2-1: config 0 descriptor??
[ 1479.301656][T26172] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5022'.
[ 1479.532480][T26172] vlan3: entered allmulticast mode
[ 1479.538594][T26172] bridge0: port 3(vlan3) entered blocking state
[ 1479.545408][T26172] bridge0: port 3(vlan3) entered disabled state
[ 1479.554098][T26172] vlan3: entered promiscuous mode
[ 1479.603341][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1479.612867][ T5966] usb 7-1: USB disconnect, device number 113
[ 1479.626390][ T5966] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1479.641116][ T5966] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1479.653268][ T5966] quatech2 7-1:0.51: device disconnected
[ 1479.788106][T26176] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1480.870509][ T5959] usb 2-1: USB disconnect, device number 67
[ 1482.451098][T26221] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5036'.
[ 1482.824993][T26234] random: crng reseeded on system resumption
[ 1482.849822][T11230] usb 7-1: new high-speed USB device number 114 using dummy_hcd
[ 1483.081575][T11230] usb 7-1: Using ep0 maxpacket: 32
[ 1483.089891][T11230] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1483.099571][T11230] usb 7-1: config 0 has no interface number 0
[ 1483.114489][T11230] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1483.123983][T11230] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1483.132830][T11230] usb 7-1: Product: syz
[ 1483.180874][T11230] usb 7-1: Manufacturer: syz
[ 1483.185579][T11230] usb 7-1: SerialNumber: syz
[ 1483.189575][ T5966] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1483.200647][T11230] usb 7-1: config 0 descriptor??
[ 1483.223923][T11230] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1483.350671][ T5966] usb 6-1: Using ep0 maxpacket: 16
[ 1483.358548][ T5966] usb 6-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1483.372353][ T5966] usb 6-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1483.395294][ T5966] usb 6-1: config 0 descriptor has 1 excess byte, ignoring
[ 1483.408134][ T5966] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1483.437784][ T5966] usb 6-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1483.461474][ T5966] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1483.475454][T11230] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1483.497825][ T5966] usb 6-1: config 0 descriptor??
[ 1483.520069][T11230] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1483.725878][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1483.935296][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1483.935788][ T5966] usb 7-1: USB disconnect, device number 114
[ 1484.020361][ T5966] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1484.071341][ T5966] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1484.087777][ T5966] quatech2 7-1:0.51: device disconnected
[ 1484.609709][ T5966] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1484.743254][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.749845][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.789578][ T5966] usb 2-1: Using ep0 maxpacket: 16
[ 1484.797300][ T5966] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[ 1484.816414][ T5966] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[ 1484.840548][ T5966] usb 2-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[ 1484.850033][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1484.858802][ T5966] usb 2-1: Product: syz
[ 1484.872147][ T5966] usb 2-1: Manufacturer: syz
[ 1484.884466][ T5966] usb 2-1: SerialNumber: syz
[ 1484.959294][ T5966] usb 2-1: config 0 descriptor??
[ 1485.798682][ T5959] usb 6-1: USB disconnect, device number 26
[ 1487.220973][ T5966] powermate 2-1:0.0: probe with driver powermate failed with error -5
[ 1487.252891][ T5966] usb 2-1: USB disconnect, device number 68
[ 1487.448587][T26276] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1487.587958][T26282] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1487.743934][T26287] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5057'.
[ 1487.843419][T26291] random: crng reseeded on system resumption
[ 1488.019722][ T5966] usb 7-1: new high-speed USB device number 115 using dummy_hcd
[ 1488.272083][ T5966] usb 7-1: Using ep0 maxpacket: 32
[ 1488.338672][ T5966] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1488.372354][ T5966] usb 7-1: config 0 has no interface number 0
[ 1488.511949][ T5966] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1488.521317][ T5966] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1488.529617][ T5966] usb 7-1: Product: syz
[ 1488.533954][ T5966] usb 7-1: Manufacturer: syz
[ 1488.538611][ T5966] usb 7-1: SerialNumber: syz
[ 1488.547038][ T5966] usb 7-1: config 0 descriptor??
[ 1488.707752][T26302] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1488.858911][ T5966] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1489.069254][ T5966] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1489.136359][ T5966] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1489.264316][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1489.485612][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1489.498142][ T5966] usb 7-1: USB disconnect, device number 115
[ 1489.514857][ T5966] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1489.538646][ T5966] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1489.563321][ T5966] quatech2 7-1:0.51: device disconnected
[ 1491.819845][  T983] usb 7-1: new high-speed USB device number 116 using dummy_hcd
[ 1491.938988][T26360] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5079'.
[ 1491.979549][  T983] usb 7-1: Using ep0 maxpacket: 32
[ 1493.735816][T26382] netlink: 337 bytes leftover after parsing attributes in process `syz.5.5084'.
[ 1494.493020][  T983] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1494.529987][  T983] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1494.554636][  T983] usb 7-1: can't read configurations, error -71
[ 1494.687730][T26402] ptrace attach of "./syz-executor exec"[21343] was attempted by "./syz-executor exec"[26402]
[ 1494.705059][T26402] trusted_key: encrypted_key: insufficient parameters specified
[ 1495.809965][  T983] usb 7-1: new high-speed USB device number 118 using dummy_hcd
[ 1495.862517][T26425] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1496.139688][  T983] usb 7-1: Using ep0 maxpacket: 16
[ 1496.146691][  T983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1496.215845][  T983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1496.229882][  T983] usb 7-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1496.240403][  T983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1496.252952][  T983] usb 7-1: config 0 descriptor??
[ 1497.058924][T22533] Bluetooth: hci1: command 0x0406 tx timeout
[ 1497.393007][  T983] usb 7-1: language id specifier not provided by device, defaulting to English
[ 1497.595493][T26422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1497.609645][T26422] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1497.675336][  T983] usb 7-1: Max retries (5) exceeded reading string descriptor 200
[ 1497.683687][  T983] letsketch 0003:6161:4D15.0020: probe with driver letsketch failed with error -71
[ 1497.756212][  T983] usb 7-1: USB disconnect, device number 118
[ 1497.981284][T26473] netlink: 337 bytes leftover after parsing attributes in process `syz.0.5113'.
[ 1499.489860][ T5959] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1499.652038][ T5959] usb 6-1: Using ep0 maxpacket: 32
[ 1499.668535][ T5959] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1499.684854][ T5959] usb 6-1: config 0 has no interfaces?
[ 1499.699316][ T5959] usb 6-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1499.716662][ T5959] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1499.801795][ T5959] usb 6-1: Product: syz
[ 1499.839491][ T5959] usb 6-1: Manufacturer: syz
[ 1499.857626][ T5959] usb 6-1: SerialNumber: syz
[ 1499.894030][ T5959] usb 6-1: config 0 descriptor??
[ 1500.125044][T26499] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5119'.
[ 1500.169708][ T5959] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1500.329838][ T5959] usb 2-1: Using ep0 maxpacket: 16
[ 1500.343547][ T5959] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1500.375760][ T5959] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1500.438996][ T5959] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1500.484537][ T5959] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1500.519849][ T5959] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1500.622973][ T5959] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1500.667861][ T5959] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1500.687879][ T5959] usb 2-1: Manufacturer: syz
[ 1500.723120][ T5959] usb 2-1: config 0 descriptor??
[ 1501.071636][ T5959] rc_core: IR keymap rc-hauppauge not found
[ 1501.081207][ T5959] Registered IR keymap rc-empty
[ 1501.086896][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.109697][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.133729][ T5959] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1501.152958][ T5959] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input77
[ 1501.183601][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.210259][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.231239][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.259619][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.279591][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.309666][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.329605][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.349707][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.389969][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.423142][ T5959] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1501.455978][ T5959] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 1501.476755][ T5959] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1501.512074][ T5959] usb 2-1: USB disconnect, device number 69
[ 1502.322862][T26535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5130'.
[ 1502.715631][T24748] usb 6-1: USB disconnect, device number 27
[ 1504.159533][T24748] usb 7-1: new high-speed USB device number 119 using dummy_hcd
[ 1504.337476][T24748] usb 7-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[ 1504.347845][T24748] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1504.356726][T24748] usb 7-1: Product: syz
[ 1504.359803][ T1596] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1504.361648][T24748] usb 7-1: Manufacturer: syz
[ 1504.386042][T24748] usb 7-1: SerialNumber: syz
[ 1504.420510][T24748] usb 7-1: config 0 descriptor??
[ 1504.593013][T26572] netlink: 132 bytes leftover after parsing attributes in process `syz.7.5139'.
[ 1504.645031][T24748] int51x1 7-1:0.0: probe with driver int51x1 failed with error -22
[ 1504.675337][ T1596] usb 6-1: Using ep0 maxpacket: 32
[ 1506.947400][ T5959] usb 7-1: USB disconnect, device number 119
[ 1507.619065][ T1596] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1507.646107][ T1596] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1507.707313][ T1596] usb 6-1: can't read configurations, error -71
[ 1507.852833][T26617] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5151'.
[ 1508.623798][T26635] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5155'.
[ 1508.661429][T26635] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5155'.
[ 1509.016835][T26641] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1509.057034][T26641] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5157'.
[ 1509.523091][T26650] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5159'.
[ 1509.530328][T24748] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1509.615583][T26650] vlan3: entered allmulticast mode
[ 1509.640027][T26650] bridge0: entered allmulticast mode
[ 1509.654887][T26650] bridge1: port 1(vlan3) entered blocking state
[ 1509.678317][T26650] bridge1: port 1(vlan3) entered disabled state
[ 1509.719863][T26650] vlan3: entered promiscuous mode
[ 1509.734101][T26650] bridge0: entered promiscuous mode
[ 1509.778385][T24748] usb 6-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[ 1509.834289][T24748] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1510.045092][T24748] usb 6-1: Product: syz
[ 1510.266263][T24748] usb 6-1: Manufacturer: syz
[ 1510.287724][T24748] usb 6-1: SerialNumber: syz
[ 1510.499672][T24748] usb 6-1: config 0 descriptor??
[ 1511.372325][T24748] mos7840 6-1:0.0: required endpoints missing
[ 1511.433196][T24748] usb 6-1: USB disconnect, device number 30
[ 1511.669595][T26678] fuse: Bad value for 'fd'
[ 1511.965614][T26685] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1512.129335][T26685] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5169'.
[ 1512.572476][T26695] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5171'.
[ 1512.896853][T26704] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5173'.
[ 1516.075511][T26737] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5181'.
[ 1517.689947][T11230] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1517.949533][T11230] usb 2-1: Using ep0 maxpacket: 32
[ 1517.975898][T11230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1518.069048][T11230] usb 2-1: config 0 has no interfaces?
[ 1518.129745][T11230] usb 2-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1518.139025][T11230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1518.175080][T11230] usb 2-1: Product: syz
[ 1518.179291][T11230] usb 2-1: Manufacturer: syz
[ 1518.240473][T11230] usb 2-1: SerialNumber: syz
[ 1518.276707][T11230] usb 2-1: config 0 descriptor??
[ 1518.449786][T26767] ptrace attach of "./syz-executor exec"[20593] was attempted by "./syz-executor exec"[26767]
[ 1518.467895][T26767] trusted_key: encrypted_key: insufficient parameters specified
[ 1518.741646][T26768] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5187'.
[ 1520.348176][ T1596] usb 2-1: USB disconnect, device number 70
[ 1521.377999][T26792] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5193'.
[ 1521.507771][   T30] audit: type=1326 audit(1754357602.956:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26794 comm="syz.7.5195" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0
[ 1521.869977][T26802] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5196'.
[ 1522.141785][ T1596] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 1522.172754][T26809] random: crng reseeded on system resumption
[ 1522.299632][ T1596] usb 2-1: Using ep0 maxpacket: 32
[ 1522.315276][ T1596] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[ 1522.342349][ T1596] usb 2-1: config 0 has no interface number 0
[ 1522.399663][ T1596] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1522.411038][ T1596] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1522.452515][ T1596] usb 2-1: Product: syz
[ 1522.478597][ T1596] usb 2-1: Manufacturer: syz
[ 1522.489211][ T1596] usb 2-1: SerialNumber: syz
[ 1522.508920][ T1596] usb 2-1: config 0 descriptor??
[ 1522.527868][ T1596] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1522.529548][ T5867] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1522.734436][ T1596] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1522.799834][ T5867] usb 6-1: Using ep0 maxpacket: 16
[ 1522.811214][ T1596] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1522.830489][ T5867] usb 6-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1522.879249][ T5867] usb 6-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1522.938376][ T5867] usb 6-1: config 0 descriptor has 1 excess byte, ignoring
[ 1522.940748][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1523.003618][ T5867] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1523.080287][ T5867] usb 6-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1523.143877][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1523.166303][ T5867] usb 6-1: config 0 descriptor??
[ 1523.212120][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1523.213752][ T5867] usb 2-1: USB disconnect, device number 71
[ 1523.250501][ T5867] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1523.354171][ T5867] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1523.385138][ T5867] quatech2 2-1:0.51: device disconnected
[ 1525.186251][T26837] syz.1.5205 (26837): drop_caches: 2
[ 1525.637646][ T5867] usb 6-1: USB disconnect, device number 31
[ 1526.212698][T26868] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1526.243301][T26868] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5215'.
[ 1526.504202][T26875] random: crng reseeded on system resumption
[ 1527.635795][ T5959] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 1527.822610][ T5959] usb 2-1: Using ep0 maxpacket: 32
[ 1527.840123][ T5959] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1527.859205][ T5959] usb 2-1: config 0 has no interfaces?
[ 1527.874389][ T5959] usb 2-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1527.883956][ T5959] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1527.912203][ T5959] usb 2-1: Product: syz
[ 1527.945111][ T5959] usb 2-1: Manufacturer: syz
[ 1527.959005][ T5959] usb 2-1: SerialNumber: syz
[ 1527.987191][ T5959] usb 2-1: config 0 descriptor??
[ 1528.300735][T26906] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5224'.
[ 1528.637883][T26910] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1528.686563][T26910] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5228'.
[ 1529.781694][T26949] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5237'.
[ 1530.573296][ T5959] usb 2-1: USB disconnect, device number 72
[ 1530.621544][T26952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5238'.
[ 1530.979091][T26958] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1531.037733][T26958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5241'.
[ 1531.114001][T26974] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5244'.
[ 1531.159235][T26967] netlink: 132 bytes leftover after parsing attributes in process `syz.6.5240'.
[ 1531.452302][T26982] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5246'.
[ 1531.684235][T26985] syz_tun: entered allmulticast mode
[ 1531.770065][  T983] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1532.082420][  T983] usb 2-1: Using ep0 maxpacket: 32
[ 1532.090912][  T983] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[ 1532.099340][  T983] usb 2-1: config 0 has no interface number 0
[ 1532.114991][  T983] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1532.126448][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1532.135620][  T983] usb 2-1: Product: syz
[ 1532.149086][  T983] usb 2-1: Manufacturer: syz
[ 1532.168797][  T983] usb 2-1: SerialNumber: syz
[ 1532.186502][  T983] usb 2-1: config 0 descriptor??
[ 1532.229728][  T983] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1532.578011][  T983] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1532.740794][  T983] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1532.794807][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1533.258376][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1533.266571][  T983] usb 2-1: USB disconnect, device number 73
[ 1533.278342][  T983] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1533.342958][  T983] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1533.369040][  T983] quatech2 2-1:0.51: device disconnected
[ 1533.943215][   T30] audit: type=1326 audit(1754357615.396:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27001 comm="syz.1.5253" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1534.447795][T27019] netlink: 132 bytes leftover after parsing attributes in process `syz.7.5254'.
[ 1535.286562][T27032] binder: BINDER_SET_CONTEXT_MGR already set
[ 1535.292713][T27032] binder: 27030:27032 ioctl 4018620d 80000040 returned -16
[ 1535.652376][T27048] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5264'.
[ 1536.534768][T27063] random: crng reseeded on system resumption
[ 1536.828610][T27070] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[ 1536.889544][  T983] usb 7-1: new high-speed USB device number 120 using dummy_hcd
[ 1537.039729][  T983] usb 7-1: Using ep0 maxpacket: 16
[ 1537.047482][  T983] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1537.056890][  T983] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1537.071884][  T983] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[ 1537.079125][  T983] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1537.109064][  T983] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1537.119576][  T983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1537.132095][  T983] usb 7-1: config 0 descriptor??
[ 1537.232493][T27086] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5274'.
[ 1538.158444][T27092] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5275'.
[ 1538.459577][T24748] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1538.649866][T24748] usb 6-1: Using ep0 maxpacket: 32
[ 1538.664599][T24748] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 1538.690694][T24748] usb 6-1: config 0 has no interface number 0
[ 1538.740145][T24748] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1538.766709][T24748] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1538.804516][T24748] usb 6-1: Product: syz
[ 1538.826140][T24748] usb 6-1: Manufacturer: syz
[ 1538.831940][T24748] usb 6-1: SerialNumber: syz
[ 1538.840640][T27104] netlink: 68 bytes leftover after parsing attributes in process `syz.7.5281'.
[ 1538.861959][T24748] usb 6-1: config 0 descriptor??
[ 1538.930181][T27108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1538.945148][T24748] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1538.952861][T27108] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1539.003529][T27112] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[ 1539.309652][ T5959] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 1539.392197][T24748] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1539.416766][T24748] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1539.469813][ T5959] usb 2-1: device descriptor read/64, error -71
[ 1539.602224][T24748] usb 7-1: USB disconnect, device number 120
[ 1539.626104][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1539.730566][ T5959] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1539.855183][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1539.864971][ T1596] usb 6-1: USB disconnect, device number 32
[ 1539.877260][ T1596] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1539.899594][ T5959] usb 2-1: device descriptor read/64, error -71
[ 1539.998407][ T1596] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1540.010416][ T5959] usb usb2-port1: attempt power cycle
[ 1540.029308][ T1596] quatech2 6-1:0.51: device disconnected
[ 1540.369747][ T5959] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 1540.405557][ T5959] usb 2-1: device descriptor read/8, error -71
[ 1540.659524][ T5959] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1540.816347][T27137] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5289'.
[ 1540.862374][ T5959] usb 2-1: device descriptor read/8, error -71
[ 1540.980194][ T5959] usb usb2-port1: unable to enumerate USB device
[ 1541.178793][T27142] macvlan2: entered allmulticast mode
[ 1541.212405][T27142] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1541.229713][T27142] bridge0: port 4(macvlan2) entered blocking state
[ 1541.237158][T27142] bridge0: port 4(macvlan2) entered disabled state
[ 1541.250318][T27142] macvlan2: entered promiscuous mode
[ 1541.264642][T27142] bridge0: port 4(macvlan2) entered blocking state
[ 1541.271830][T27142] bridge0: port 4(macvlan2) entered forwarding state
[ 1541.801372][T27155] random: crng reseeded on system resumption
[ 1542.013099][T27161] delete_channel: no stack
[ 1542.119748][T24748] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1542.389472][T24748] usb 6-1: Using ep0 maxpacket: 16
[ 1542.779132][T24748] usb 6-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1542.787762][T24748] usb 6-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1542.799907][T24748] usb 6-1: config 0 descriptor has 1 excess byte, ignoring
[ 1542.807185][T24748] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1542.816914][T24748] usb 6-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1542.836481][T24748] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1542.903511][T24748] usb 6-1: config 0 descriptor??
[ 1543.356059][   T30] audit: type=1326 audit(1754357624.806:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27186 comm="syz.1.5308" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1543.835508][T27192] netlink: 132 bytes leftover after parsing attributes in process `syz.6.5306'.
[ 1544.536127][T27205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1544.545701][T27205] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1544.992463][T27210] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5311'.
[ 1545.006908][T27210] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5311'.
[ 1545.024673][T27210] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5311'.
[ 1545.035314][T27210] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5311'.
[ 1545.147006][ T5959] usb 6-1: USB disconnect, device number 33
[ 1545.276197][T27218] 8021q: VLANs not supported on vxcan0
[ 1545.305835][T27218] FAULT_INJECTION: forcing a failure.
[ 1545.305835][T27218] name failslab, interval 1, probability 0, space 0, times 0
[ 1545.355307][T27218] CPU: 0 UID: 0 PID: 27218 Comm: syz.5.5314 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1545.355341][T27218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1545.355354][T27218] Call Trace:
[ 1545.355362][T27218]  <TASK>
[ 1545.355372][T27218]  dump_stack_lvl+0x189/0x250
[ 1545.355400][T27218]  ? __pfx____ratelimit+0x10/0x10
[ 1545.355421][T27218]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1545.355444][T27218]  ? __pfx__printk+0x10/0x10
[ 1545.355476][T27218]  ? __pfx___might_resched+0x10/0x10
[ 1545.355500][T27218]  should_fail_ex+0x414/0x560
[ 1545.355535][T27218]  should_failslab+0xa8/0x100
[ 1545.355564][T27218]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1545.355591][T27218]  ? __alloc_skb+0x112/0x2d0
[ 1545.355617][T27218]  __alloc_skb+0x112/0x2d0
[ 1545.355643][T27218]  netlink_sendmsg+0x5c6/0xb30
[ 1545.355675][T27218]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1545.355697][T27218]  ? __import_iovec+0x5d4/0x7f0
[ 1545.355722][T27218]  ? aa_sock_msg_perm+0x94/0x160
[ 1545.355749][T27218]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1545.355772][T27218]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1545.355794][T27218]  __sock_sendmsg+0x21c/0x270
[ 1545.355827][T27218]  ____sys_sendmsg+0x505/0x830
[ 1545.355857][T27218]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1545.355897][T27218]  ___sys_sendmsg+0x21f/0x2a0
[ 1545.355924][T27218]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1545.355984][T27218]  ? __fget_files+0x2a/0x420
[ 1545.356012][T27218]  ? __fget_files+0x3a0/0x420
[ 1545.356051][T27218]  __sys_sendmsg+0x164/0x220
[ 1545.356078][T27218]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1545.356118][T27218]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1545.356142][T27218]  __do_fast_syscall_32+0xb6/0x2b0
[ 1545.356164][T27218]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1545.356188][T27218]  do_fast_syscall_32+0x34/0x80
[ 1545.356210][T27218]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1545.356240][T27218] RIP: 0023:0xf7fa2539
[ 1545.356257][T27218] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1545.356275][T27218] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1545.356297][T27218] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[ 1545.356311][T27218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1545.356323][T27218] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1545.356336][T27218] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1545.356348][T27218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1545.356377][T27218]  </TASK>
[ 1546.162908][   T30] audit: type=1326 audit(1754357627.616:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27235 comm="syz.1.5320" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1546.178808][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.178858][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.557218][T27251] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5321'.
[ 1547.019537][ T5959] usb 7-1: new high-speed USB device number 121 using dummy_hcd
[ 1547.414922][ T5959] usb 7-1: Using ep0 maxpacket: 32
[ 1547.454339][T27264] 8021q: VLANs not supported on vxcan0
[ 1547.579261][ T5959] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1547.596773][ T5959] usb 7-1: config 0 has no interface number 0
[ 1547.626744][ T5959] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1547.638994][ T5959] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1547.911412][T27275] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1548.159713][ T5959] usb 7-1: Product: syz
[ 1548.171541][ T5959] usb 7-1: Manufacturer: syz
[ 1548.181056][ T5959] usb 7-1: SerialNumber: syz
[ 1548.221242][ T5959] usb 7-1: config 0 descriptor??
[ 1548.229211][ T5959] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1548.442895][ T5959] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1548.573008][ T5959] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1548.672908][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1549.281083][   T30] audit: type=1326 audit(1754357630.736:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27303 comm="syz.1.5337" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1549.302701][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1549.339822][ T5959] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1549.677661][ T5959] usb 6-1: Using ep0 maxpacket: 32
[ 1549.779257][ T5959] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1549.789867][ T5959] usb 6-1: config 0 has no interfaces?
[ 1549.810486][ T5959] usb 6-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1549.820491][ T5959] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1549.832819][ T5959] usb 6-1: Product: syz
[ 1549.837873][ T5959] usb 6-1: Manufacturer: syz
[ 1549.843321][ T5959] usb 6-1: SerialNumber: syz
[ 1550.224419][ T5959] usb 6-1: config 0 descriptor??
[ 1550.316542][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1550.317074][ T5867] usb 7-1: USB disconnect, device number 121
[ 1550.380325][ T5867] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1550.449005][ T5867] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1550.490093][ T5867] quatech2 7-1:0.51: device disconnected
[ 1550.600442][T27320] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5333'.
[ 1550.660519][T27319] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1550.749552][ T5959] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 1550.909531][ T5959] usb 2-1: Using ep0 maxpacket: 8
[ 1550.924128][ T5959] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1550.943190][ T5959] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1550.987773][ T5959] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1551.044313][ T5959] usb 2-1: config 0 descriptor??
[ 1551.276205][T27316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1551.285811][T27316] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1551.546885][ T5959] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1551.788454][ T5959] usb 2-1: USB disconnect, device number 78
[ 1552.359678][ T5959] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[ 1552.409546][T24748] usb 6-1: USB disconnect, device number 34
[ 1552.552489][   T30] audit: type=1326 audit(1754357634.006:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27350 comm="syz.6.5350" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f32539 code=0x0
[ 1552.552963][ T5959] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1552.693813][ T5959] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 217
[ 1552.704074][ T5959] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1552.713494][ T5959] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1552.724660][ T5959] usb 2-1: config 0 descriptor??
[ 1552.730709][T27346] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1552.893966][T27360] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5351'.
[ 1553.048399][ T5959] ath6kl: Failed to submit usb control message: -71
[ 1553.056588][ T5959] ath6kl: unable to send the bmi data to the device: -71
[ 1553.063887][ T5959] ath6kl: Unable to send get target info: -71
[ 1553.071677][ T5959] ath6kl: Failed to init ath6kl core: -71
[ 1553.079966][ T5959] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 1553.096149][ T5959] usb 2-1: USB disconnect, device number 79
[ 1553.407649][T27370] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1554.123080][T27385] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1554.802280][T27394] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5362'.
[ 1555.084415][   T30] audit: type=1326 audit(1754357636.536:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27398 comm="syz.5.5365" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa2539 code=0x0
[ 1556.768011][T27425] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1557.400659][T27453] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1557.567662][ T5959] usb 7-1: new high-speed USB device number 122 using dummy_hcd
[ 1557.900915][ T5959] usb 7-1: Using ep0 maxpacket: 16
[ 1557.909332][ T5959] usb 7-1: config 0 has no interfaces?
[ 1557.915598][ T5959] usb 7-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1557.925035][ T5959] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1557.949109][ T5959] usb 7-1: config 0 descriptor??
[ 1558.241913][T27466] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5385'.
[ 1559.007644][T27475] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1560.167885][T24748] usb 7-1: USB disconnect, device number 122
[ 1561.063803][   T30] audit: type=1326 audit(1754357642.516:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27510 comm="syz.7.5402" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0
[ 1563.985053][T27548] FAULT_INJECTION: forcing a failure.
[ 1563.985053][T27548] name failslab, interval 1, probability 0, space 0, times 0
[ 1564.079623][T27548] CPU: 1 UID: 0 PID: 27548 Comm: syz.6.5411 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1564.079652][T27548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1564.079665][T27548] Call Trace:
[ 1564.079674][T27548]  <TASK>
[ 1564.079684][T27548]  dump_stack_lvl+0x189/0x250
[ 1564.079712][T27548]  ? __pfx____ratelimit+0x10/0x10
[ 1564.079733][T27548]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1564.079757][T27548]  ? __pfx__printk+0x10/0x10
[ 1564.079786][T27548]  ? __lock_acquire+0xab9/0xd20
[ 1564.079824][T27548]  should_fail_ex+0x414/0x560
[ 1564.079860][T27548]  should_failslab+0xa8/0x100
[ 1564.079890][T27548]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1564.079916][T27548]  ? skb_clone+0x212/0x3a0
[ 1564.079947][T27548]  skb_clone+0x212/0x3a0
[ 1564.079976][T27548]  __netlink_deliver_tap+0x404/0x850
[ 1564.080012][T27548]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1564.080035][T27548]  netlink_deliver_tap+0x19c/0x1b0
[ 1564.080058][T27548]  netlink_unicast+0x7fa/0x9e0
[ 1564.080097][T27548]  ? __pfx_netlink_unicast+0x10/0x10
[ 1564.080128][T27548]  ? netlink_sendmsg+0x642/0xb30
[ 1564.080148][T27548]  ? skb_put+0x11b/0x210
[ 1564.080174][T27548]  netlink_sendmsg+0x805/0xb30
[ 1564.080205][T27548]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1564.080230][T27548]  ? __import_iovec+0x5d4/0x7f0
[ 1564.080255][T27548]  ? aa_sock_msg_perm+0x94/0x160
[ 1564.080283][T27548]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1564.080305][T27548]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1564.080328][T27548]  __sock_sendmsg+0x21c/0x270
[ 1564.080360][T27548]  ____sys_sendmsg+0x505/0x830
[ 1564.080390][T27548]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1564.080434][T27548]  ___sys_sendmsg+0x21f/0x2a0
[ 1564.080461][T27548]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1564.080525][T27548]  ? __fget_files+0x2a/0x420
[ 1564.080552][T27548]  ? __fget_files+0x3a0/0x420
[ 1564.080596][T27548]  __sys_sendmsg+0x164/0x220
[ 1564.080628][T27548]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1564.080671][T27548]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1564.080695][T27548]  __do_fast_syscall_32+0xb6/0x2b0
[ 1564.080718][T27548]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1564.080742][T27548]  do_fast_syscall_32+0x34/0x80
[ 1564.080764][T27548]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1564.080788][T27548] RIP: 0023:0xf7f32539
[ 1564.080805][T27548] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1564.080823][T27548] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1564.080844][T27548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380
[ 1564.080858][T27548] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[ 1564.080871][T27548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1564.080883][T27548] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1564.080895][T27548] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1564.080924][T27548]  </TASK>
[ 1564.488100][   T30] audit: type=1326 audit(1754357645.926:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27553 comm="syz.1.5416" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1565.772741][T27601] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5432'.
[ 1566.039522][T24748] usb 7-1: new high-speed USB device number 123 using dummy_hcd
[ 1566.183634][T27612] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5437'.
[ 1566.201904][T24748] usb 7-1: config 48 has an invalid descriptor of length 143, skipping remainder of the config
[ 1566.217669][T24748] usb 7-1: too many endpoints for config 48 interface 0 altsetting 98: 216, using maximum allowed: 30
[ 1566.267045][T24748] usb 7-1: config 48 interface 0 altsetting 98 has 0 endpoint descriptors, different from the interface descriptor's value: 216
[ 1566.324349][   T30] audit: type=1326 audit(1754357647.776:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27613 comm="syz.1.5438" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1566.324825][T24748] usb 7-1: config 48 interface 0 has no altsetting 0
[ 1566.382835][T24748] usb 7-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f
[ 1566.397956][T24748] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1566.407775][T24748] usb 7-1: Product: syz
[ 1566.418913][T24748] usb 7-1: Manufacturer: syz
[ 1566.424323][T24748] usb 7-1: SerialNumber: syz
[ 1566.640732][T27621] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5432'.
[ 1566.653100][T27601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1566.681999][T27601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1566.734635][T24748] usb 7-1: USB disconnect, device number 123
[ 1566.976342][T27631] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1567.783375][T27645] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5446'.
[ 1568.104409][ T1596] usb 7-1: new high-speed USB device number 124 using dummy_hcd
[ 1568.156639][T27651] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5447'.
[ 1568.349791][ T1596] usb 7-1: Using ep0 maxpacket: 32
[ 1568.418699][ T1596] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1568.450289][ T1596] usb 7-1: config 0 has no interface number 0
[ 1568.476941][ T1596] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1568.486155][ T1596] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1568.494650][ T1596] usb 7-1: Product: syz
[ 1568.498897][ T1596] usb 7-1: Manufacturer: syz
[ 1568.517701][ T1596] usb 7-1: SerialNumber: syz
[ 1568.585964][T24748] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1568.755085][ T1596] usb 7-1: config 0 descriptor??
[ 1568.779299][T24748] usb 6-1: Using ep0 maxpacket: 32
[ 1568.814377][T24748] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 1568.824233][T24748] usb 6-1: config 0 has no interface number 0
[ 1568.826006][ T1596] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1568.893400][T24748] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1568.903938][T24748] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1568.928328][T24748] usb 6-1: Product: syz
[ 1568.944071][T24748] usb 6-1: Manufacturer: syz
[ 1568.977101][T24748] usb 6-1: SerialNumber: syz
[ 1569.014039][T24748] usb 6-1: config 0 descriptor??
[ 1569.113834][T24748] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1569.261946][ T1596] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1569.271998][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1569.328226][T24748] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB2
[ 1569.474019][ T1596] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1569.505044][    C1] quatech-serial ttyUSB2: qt2_process_read_urb - unsupported command 91
[ 1569.634593][T24748] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB3
[ 1571.729627][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1571.738504][T11230] usb 7-1: USB disconnect, device number 124
[ 1571.765731][T11230] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1571.839244][T11230] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1571.842647][T11230] quatech2 7-1:0.51: device disconnected
[ 1571.900877][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1571.902228][ T5867] usb 6-1: USB disconnect, device number 35
[ 1571.916649][ T5867] quatech-serial ttyUSB2: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB2
[ 1571.933666][ T5867] quatech-serial ttyUSB3: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB3
[ 1571.934525][ T5867] quatech2 6-1:0.51: device disconnected
[ 1572.071117][   T30] audit: type=1326 audit(1754357653.516:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27679 comm="syz.1.5455" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66539 code=0x0
[ 1572.414941][T27692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5459'.
[ 1573.102001][T11230] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[ 1573.444705][T11230] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1574.714194][T27729] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5472'.
[ 1575.619129][T27745] FAULT_INJECTION: forcing a failure.
[ 1575.619129][T27745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1575.680993][T27745] CPU: 0 UID: 0 PID: 27745 Comm: syz.5.5476 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1575.681023][T27745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1575.681037][T27745] Call Trace:
[ 1575.681046][T27745]  <TASK>
[ 1575.681055][T27745]  dump_stack_lvl+0x189/0x250
[ 1575.681084][T27745]  ? __pfx____ratelimit+0x10/0x10
[ 1575.681104][T27745]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1575.681128][T27745]  ? __pfx__printk+0x10/0x10
[ 1575.681174][T27745]  should_fail_ex+0x414/0x560
[ 1575.681209][T27745]  strncpy_from_user+0x36/0x290
[ 1575.681242][T27745]  getname_flags+0xf3/0x540
[ 1575.681266][T27745]  __ia32_sys_renameat2+0xad/0xe0
[ 1575.681298][T27745]  __do_fast_syscall_32+0xb6/0x2b0
[ 1575.681321][T27745]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1575.681345][T27745]  do_fast_syscall_32+0x34/0x80
[ 1575.681366][T27745]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1575.681391][T27745] RIP: 0023:0xf7fa2539
[ 1575.681408][T27745] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1575.681424][T27745] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000161
[ 1575.681446][T27745] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000400
[ 1575.681461][T27745] RDX: 00000000ffffff9c RSI: 0000000080000240 RDI: 0000000000000001
[ 1575.681474][T27745] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1575.681487][T27745] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1575.681499][T27745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1575.681527][T27745]  </TASK>
[ 1575.852697][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1576.341340][T27760] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1576.380348][T27766] netlink: 'syz.7.5485': attribute type 10 has an invalid length.
[ 1576.430679][T27766] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1576.470606][T27766] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1576.755552][T27763] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1576.762637][T27763] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1576.771347][T27763] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1576.788085][T27763] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1576.806541][T27763] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1576.823374][T27763] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1576.851955][T27763] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1576.868412][T27763] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1576.903211][T27763] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1576.916712][T27763] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1576.917100][T27766] bond0: entered promiscuous mode
[ 1576.939899][T27766] bond_slave_0: entered promiscuous mode
[ 1576.946763][T27766] bond_slave_1: entered promiscuous mode
[ 1576.957349][T27766] batadv0: entered promiscuous mode
[ 1577.101376][T27779] netlink: 396 bytes leftover after parsing attributes in process `syz.6.5488'.
[ 1577.266484][T27782] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5488'.
[ 1577.456278][T27790] random: crng reseeded on system resumption
[ 1577.879810][T27794] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3514397838 (14057591352 ns) > initial count (1428875600 ns). Using initial count to start timer.
[ 1578.146047][T27801] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1578.570898][ T5873] Bluetooth: hci2: command 0x0406 tx timeout
[ 1578.681329][T27815] FAULT_INJECTION: forcing a failure.
[ 1578.681329][T27815] name failslab, interval 1, probability 0, space 0, times 0
[ 1578.699993][T27815] CPU: 1 UID: 0 PID: 27815 Comm: syz.5.5501 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1578.700020][T27815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1578.700033][T27815] Call Trace:
[ 1578.700042][T27815]  <TASK>
[ 1578.700052][T27815]  dump_stack_lvl+0x189/0x250
[ 1578.700080][T27815]  ? __pfx____ratelimit+0x10/0x10
[ 1578.700099][T27815]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1578.700121][T27815]  ? __pfx__printk+0x10/0x10
[ 1578.700150][T27815]  ? __pfx___might_resched+0x10/0x10
[ 1578.700169][T27815]  ? fs_reclaim_acquire+0x7d/0x100
[ 1578.700202][T27815]  should_fail_ex+0x414/0x560
[ 1578.700236][T27815]  should_failslab+0xa8/0x100
[ 1578.700266][T27815]  __kmalloc_noprof+0xcb/0x4f0
[ 1578.700290][T27815]  ? tomoyo_encode+0x28b/0x550
[ 1578.700323][T27815]  tomoyo_encode+0x28b/0x550
[ 1578.700354][T27815]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1578.700382][T27815]  ? tomoyo_domain+0xd9/0x130
[ 1578.700413][T27815]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1578.700435][T27815]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1578.700457][T27815]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1578.700494][T27815]  ? __lock_acquire+0xab9/0xd20
[ 1578.700539][T27815]  ? __fget_files+0x2a/0x420
[ 1578.700570][T27815]  ? __fget_files+0x3a0/0x420
[ 1578.700593][T27815]  ? __fget_files+0x2a/0x420
[ 1578.700621][T27815]  security_file_ioctl_compat+0xcb/0x2d0
[ 1578.700644][T27815]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1578.700669][T27815]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1578.700691][T27815]  ? __fget_files+0x3a0/0x420
[ 1578.700723][T27815]  ? fput+0xa0/0xd0
[ 1578.700741][T27815]  ? ksys_write+0x22a/0x250
[ 1578.700782][T27815]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1578.700803][T27815]  __do_fast_syscall_32+0xb6/0x2b0
[ 1578.700824][T27815]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1578.700857][T27815]  do_fast_syscall_32+0x34/0x80
[ 1578.700877][T27815]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1578.700899][T27815] RIP: 0023:0xf7fa2539
[ 1578.700914][T27815] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1578.700932][T27815] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1578.700952][T27815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946
[ 1578.700965][T27815] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1578.700977][T27815] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1578.700989][T27815] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1578.700999][T27815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1578.701027][T27815]  </TASK>
[ 1578.701069][T27815] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1578.995594][ T5873] Bluetooth: hci3: command 0x0406 tx timeout
[ 1579.002958][ T5873] Bluetooth: hci0: command 0x0406 tx timeout
[ 1579.009146][ T5873] Bluetooth: hci4: command 0x0406 tx timeout
[ 1579.020368][ T5873] Bluetooth: hci1: command 0x0406 tx timeout
[ 1580.623543][T27844] dlm: no locking on control device
[ 1580.659698][T27817] Bluetooth: hci2: command 0x0406 tx timeout
[ 1580.936222][T27849] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1581.055153][T22533] Bluetooth: hci4: command 0x0406 tx timeout
[ 1581.061935][ T5873] Bluetooth: hci0: command 0x0406 tx timeout
[ 1581.062001][ T5873] Bluetooth: hci3: command 0x0406 tx timeout
[ 1581.069030][T27817] Bluetooth: hci1: command 0x0406 tx timeout
[ 1582.003996][T27874] random: crng reseeded on system resumption
[ 1582.676985][T27888] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1583.075932][   T30] audit: type=1326 audit(1754357664.526:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.166456][   T30] audit: type=1326 audit(1754357664.566:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.198454][   T30] audit: type=1326 audit(1754357664.566:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.237886][   T30] audit: type=1326 audit(1754357664.566:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.260998][   T30] audit: type=1326 audit(1754357664.566:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.285622][   T30] audit: type=1326 audit(1754357664.566:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.309181][   T30] audit: type=1326 audit(1754357664.566:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.338155][   T30] audit: type=1326 audit(1754357664.566:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.361879][   T30] audit: type=1326 audit(1754357664.566:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.384499][   T30] audit: type=1326 audit(1754357664.566:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27890 comm="syz.6.5524" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000
[ 1583.745728][T27902] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1583.797278][T27904] syzkaller0: entered promiscuous mode
[ 1583.811774][T27904] syzkaller0: entered allmulticast mode
[ 1583.917821][T27904] syzkaller0: mtu less than device minimum
[ 1584.115646][T27910] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5531'.
[ 1584.418563][T27916] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1586.616149][T27971] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1586.697890][T27975] netlink: 'syz.0.5551': attribute type 10 has an invalid length.
[ 1586.720802][T27975] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1586.738767][T27975] batadv0: entered promiscuous mode
[ 1586.758024][T27975] batadv0: entered allmulticast mode
[ 1586.785000][T27975] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1586.875904][T27979] random: crng reseeded on system resumption
[ 1587.169493][ T1596] usb 7-1: new high-speed USB device number 125 using dummy_hcd
[ 1587.320505][ T1596] usb 7-1: Using ep0 maxpacket: 16
[ 1587.337959][ T1596] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1587.347401][ T1596] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1587.359538][ T1596] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[ 1587.377910][ T1596] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1587.389869][ T1596] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1587.419662][ T1596] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1587.436190][T27992] netlink: 'syz.1.5556': attribute type 13 has an invalid length.
[ 1587.436245][ T1596] usb 7-1: config 0 descriptor??
[ 1587.510116][T27992] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5556'.
[ 1587.538059][T27995] FAULT_INJECTION: forcing a failure.
[ 1587.538059][T27995] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1587.567592][T27992] net veth1_virt_wifi virt_wifi0: refused to change device tx_queue_len
[ 1587.582888][T27995] CPU: 0 UID: 0 PID: 27995 Comm: syz.5.5557 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1587.582919][T27995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1587.582932][T27995] Call Trace:
[ 1587.582941][T27995]  <TASK>
[ 1587.582950][T27995]  dump_stack_lvl+0x189/0x250
[ 1587.582978][T27995]  ? __pfx____ratelimit+0x10/0x10
[ 1587.582999][T27995]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1587.583023][T27995]  ? __pfx__printk+0x10/0x10
[ 1587.583063][T27995]  should_fail_ex+0x414/0x560
[ 1587.583099][T27995]  _copy_to_user+0x31/0xb0
[ 1587.583130][T27995]  simple_read_from_buffer+0xe1/0x170
[ 1587.583164][T27995]  proc_fail_nth_read+0x1b3/0x220
[ 1587.583190][T27995]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1587.583223][T27995]  ? rw_verify_area+0x2a6/0x4d0
[ 1587.583246][T27995]  ? __lock_acquire+0xab9/0xd20
[ 1587.583273][T27995]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1587.583297][T27995]  vfs_read+0x1fd/0x980
[ 1587.583320][T27995]  ? fdget_pos+0x247/0x320
[ 1587.583342][T27995]  ? __pfx___mutex_lock+0x10/0x10
[ 1587.583364][T27995]  ? __pfx_vfs_read+0x10/0x10
[ 1587.583391][T27995]  ? __fget_files+0x2a/0x420
[ 1587.583423][T27995]  ? __fget_files+0x3a0/0x420
[ 1587.583450][T27995]  ? __fget_files+0x2a/0x420
[ 1587.583487][T27995]  ksys_read+0x145/0x250
[ 1587.583515][T27995]  ? __pfx_ksys_read+0x10/0x10
[ 1587.583544][T27995]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1587.583568][T27995]  __do_fast_syscall_32+0xb6/0x2b0
[ 1587.583590][T27995]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1587.583615][T27995]  do_fast_syscall_32+0x34/0x80
[ 1587.583637][T27995]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1587.583661][T27995] RIP: 0023:0xf7fa2539
[ 1587.583678][T27995] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1587.583696][T27995] RSP: 002b:00000000f50c6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1587.583718][T27995] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50c6620
[ 1587.583733][T27995] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000
[ 1587.583747][T27995] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1587.583759][T27995] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1587.583771][T27995] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1587.583801][T27995]  </TASK>
[ 1587.820069][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1588.661020][T28007] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5559'.
[ 1588.785526][T28009] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5560'.
[ 1589.159613][T24748] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1589.349657][T24748] usb 6-1: Using ep0 maxpacket: 32
[ 1589.369634][T24748] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 1589.377752][T24748] usb 6-1: config 0 has no interface number 0
[ 1589.543472][T24748] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1589.555489][T24748] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1589.567694][T24748] usb 6-1: Product: syz
[ 1589.572629][T24748] usb 6-1: Manufacturer: syz
[ 1589.577665][T24748] usb 6-1: SerialNumber: syz
[ 1589.589586][T24748] usb 6-1: config 0 descriptor??
[ 1589.604219][T24748] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1589.823679][T24748] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1589.872665][T24748] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1590.041239][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1590.045986][T11230] usb 7-1: USB disconnect, device number 125
[ 1591.817399][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1591.899357][T24748] usb 6-1: USB disconnect, device number 36
[ 1591.922003][T24748] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1592.002637][T28057] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1592.049233][T24748] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1592.064196][T28060] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5573'.
[ 1592.087783][T24748] quatech2 6-1:0.51: device disconnected
[ 1592.189774][T28057] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5572'.
[ 1592.304751][T28066] netlink: 'syz.5.5575': attribute type 10 has an invalid length.
[ 1592.467466][T28066] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1592.577993][T28066] batadv0: entered promiscuous mode
[ 1592.715903][T28066] batadv0: entered allmulticast mode
[ 1592.810644][T28066] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1593.780421][T28089] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5581'.
[ 1594.021617][T28102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5586'.
[ 1594.370822][T28107] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5584'.
[ 1594.445522][T28111] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1594.521146][T28109] netlink: 48 bytes leftover after parsing attributes in process `syz.1.5588'.
[ 1594.680055][  T983] usb 7-1: new high-speed USB device number 126 using dummy_hcd
[ 1594.860495][  T983] usb 7-1: Using ep0 maxpacket: 32
[ 1594.903970][  T983] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1594.939076][  T983] usb 7-1: config 0 has no interface number 0
[ 1595.041492][  T983] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1595.065323][  T983] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1595.076276][  T983] usb 7-1: Product: syz
[ 1595.086335][  T983] usb 7-1: Manufacturer: syz
[ 1595.092521][  T983] usb 7-1: SerialNumber: syz
[ 1595.106838][  T983] usb 7-1: config 0 descriptor??
[ 1595.122431][  T983] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1595.337047][  T983] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1595.397475][  T983] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1595.548423][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1595.566231][T28138] netlink: 31 bytes leftover after parsing attributes in process `syz.1.5599'.
[ 1595.649687][ T5960] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1595.831417][ T5960] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1595.840342][ T5960] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1595.936872][ T5960] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1595.989886][ T5960] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1596.017000][ T5960] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1596.041900][ T5960] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1596.051294][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1596.062757][ T5960] usb 6-1: Product: syz
[ 1596.073292][ T5960] usb 6-1: Manufacturer: syz
[ 1596.110106][ T5960] cdc_wdm 6-1:1.0: skipping garbage
[ 1596.118574][ T5960] cdc_wdm 6-1:1.0: skipping garbage
[ 1596.132052][ T5960] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1596.145371][ T5960] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1596.448849][ T5867] usb 6-1: USB disconnect, device number 37
[ 1597.093156][T28159] FAULT_INJECTION: forcing a failure.
[ 1597.093156][T28159] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1597.107347][T28159] CPU: 1 UID: 0 PID: 28159 Comm: syz.0.5602 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1597.107373][T28159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1597.107385][T28159] Call Trace:
[ 1597.107393][T28159]  <TASK>
[ 1597.107401][T28159]  dump_stack_lvl+0x189/0x250
[ 1597.107426][T28159]  ? __pfx____ratelimit+0x10/0x10
[ 1597.107447][T28159]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1597.107466][T28159]  ? __pfx__printk+0x10/0x10
[ 1597.107489][T28159]  ? __might_fault+0xb0/0x130
[ 1597.107520][T28159]  should_fail_ex+0x414/0x560
[ 1597.107550][T28159]  _copy_from_user+0x2d/0xb0
[ 1597.107573][T28159]  sctp_setsockopt+0x19f/0x1200
[ 1597.107592][T28159]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1597.107611][T28159]  do_sock_setsockopt+0x17c/0x1b0
[ 1597.107636][T28159]  __ia32_sys_setsockopt+0x13f/0x1b0
[ 1597.107660][T28159]  __do_fast_syscall_32+0xb6/0x2b0
[ 1597.107679][T28159]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1597.107700][T28159]  do_fast_syscall_32+0x34/0x80
[ 1597.107718][T28159]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1597.107738][T28159] RIP: 0023:0xf70ae539
[ 1597.107753][T28159] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1597.107768][T28159] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 1597.107785][T28159] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[ 1597.107797][T28159] RDX: 0000000000000018 RSI: 0000000080000300 RDI: 0000000000000008
[ 1597.107808][T28159] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1597.107818][T28159] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1597.107828][T28159] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1597.107851][T28159]  </TASK>
[ 1597.288071][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1597.664446][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1597.671861][ T5960] usb 7-1: USB disconnect, device number 126
[ 1597.712172][ T5960] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1597.763224][ T5960] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1597.770834][ T5960] quatech2 7-1:0.51: device disconnected
[ 1598.006805][T28182] usb usb1: usbfs: process 28182 (syz.1.5605) did not claim interface 0 before use
[ 1598.078063][T28185] random: crng reseeded on system resumption
[ 1598.129850][T28184] CIFS: VFS: Malformed UNC in devname
[ 1598.460024][ T5867] usb 7-1: new high-speed USB device number 127 using dummy_hcd
[ 1598.679758][ T5867] usb 7-1: Using ep0 maxpacket: 16
[ 1598.705994][T28190] block device autoloading is deprecated and will be removed.
[ 1598.725357][ T5867] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1598.737597][T28190] syz.7.5612: attempt to access beyond end of device
[ 1598.737597][T28190] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1598.826001][ T5867] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1598.868472][ T5867] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[ 1598.892154][ T5867] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1598.912408][ T5867] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1598.952949][ T5867] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1599.019235][ T5867] usb 7-1: config 0 descriptor??
[ 1600.299684][T28218] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5619'.
[ 1600.628005][ T5867] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1600.809837][ T5867] usb 6-1: Using ep0 maxpacket: 32
[ 1600.826099][ T5867] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 1600.834438][ T5867] usb 6-1: config 0 has no interface number 0
[ 1600.944759][ T5867] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1600.954371][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1601.023845][ T5867] usb 6-1: Product: syz
[ 1601.031407][ T5867] usb 6-1: Manufacturer: syz
[ 1601.049593][ T5867] usb 6-1: SerialNumber: syz
[ 1601.057233][ T5867] usb 6-1: config 0 descriptor??
[ 1601.146297][ T5867] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1601.377287][ T5867] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1601.394867][  T983] usb 7-1: USB disconnect, device number 127
[ 1601.441032][ T5867] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1601.558903][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 91
[ 1602.551167][T28239] netlink: 'syz.0.5626': attribute type 8 has an invalid length.
[ 1603.043841][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1603.074496][  T983] usb 6-1: USB disconnect, device number 38
[ 1603.112340][  T983] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1603.147835][  T983] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1603.160423][  T983] quatech2 6-1:0.51: device disconnected
[ 1603.330836][T28258] FAULT_INJECTION: forcing a failure.
[ 1603.330836][T28258] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1603.344577][   T30] kauditd_printk_skb: 69 callbacks suppressed
[ 1603.344594][   T30] audit: type=1326 audit(1754357684.786:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28259 comm="syz.0.5633" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70ae539 code=0x0
[ 1603.382480][T28258] CPU: 1 UID: 0 PID: 28258 Comm: syz.1.5632 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1603.382513][T28258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1603.382526][T28258] Call Trace:
[ 1603.382534][T28258]  <TASK>
[ 1603.382542][T28258]  dump_stack_lvl+0x189/0x250
[ 1603.382569][T28258]  ? __pfx____ratelimit+0x10/0x10
[ 1603.382590][T28258]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1603.382613][T28258]  ? __pfx__printk+0x10/0x10
[ 1603.382648][T28258]  ? __might_fault+0xb0/0x130
[ 1603.382685][T28258]  should_fail_ex+0x414/0x560
[ 1603.382720][T28258]  _copy_from_user+0x2d/0xb0
[ 1603.382747][T28258]  get_compat_msghdr+0xad/0x4a0
[ 1603.382777][T28258]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1603.382809][T28258]  ___sys_recvmsg+0x17f/0x510
[ 1603.382836][T28258]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1603.382880][T28258]  ? __pfx_set_normalized_timespec64+0x10/0x10
[ 1603.382919][T28258]  do_recvmmsg+0x36a/0x770
[ 1603.382953][T28258]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1603.382994][T28258]  ? _copy_from_user+0x94/0xb0
[ 1603.383036][T28258]  __sys_recvmmsg+0x127/0x280
[ 1603.383064][T28258]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1603.383086][T28258]  ? ksys_write+0x22a/0x250
[ 1603.383119][T28258]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1603.383145][T28258]  __do_fast_syscall_32+0xb6/0x2b0
[ 1603.383168][T28258]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1603.383191][T28258]  do_fast_syscall_32+0x34/0x80
[ 1603.383212][T28258]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1603.383236][T28258] RIP: 0023:0xf7f66539
[ 1603.383252][T28258] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1603.383268][T28258] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1603.383287][T28258] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[ 1603.383300][T28258] RDX: 00000000000003b4 RSI: 0000000002040000 RDI: 0000000080003700
[ 1603.383311][T28258] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1603.383323][T28258] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1603.383333][T28258] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1603.383358][T28258]  </TASK>
[ 1603.609156][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1603.686752][T28269] random: crng reseeded on system resumption
[ 1603.988652][  T983] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1604.169705][  T983] usb 6-1: Using ep0 maxpacket: 16
[ 1604.191134][  T983] usb 6-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1604.217069][  T983] usb 6-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1604.349904][  T983] usb 6-1: config 0 descriptor has 1 excess byte, ignoring
[ 1604.408737][  T983] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1604.475400][T28286] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5641'.
[ 1604.489607][  T983] usb 6-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1604.499344][  T983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.559707][ T5960] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1604.597279][  T983] usb 6-1: config 0 descriptor??
[ 1604.793358][ T5960] usb 7-1: Using ep0 maxpacket: 32
[ 1604.803411][ T5960] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1604.825767][ T5960] usb 7-1: config 0 has no interfaces?
[ 1604.848393][ T5960] usb 7-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1604.862666][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1604.879730][ T5960] usb 7-1: Product: syz
[ 1604.905532][ T5960] usb 7-1: Manufacturer: syz
[ 1605.068638][ T5960] usb 7-1: SerialNumber: syz
[ 1605.094187][ T5960] usb 7-1: config 0 descriptor??
[ 1605.411221][T28296] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5640'.
[ 1606.655400][  T983] usb 6-1: USB disconnect, device number 39
[ 1607.334247][ T5960] usb 7-1: USB disconnect, device number 2
[ 1607.659942][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.666470][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.942509][T28313] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1608.015719][T28313] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5648'.
[ 1608.941352][T28347] random: crng reseeded on system resumption
[ 1609.647259][T28353] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1609.676415][T28353] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5659'.
[ 1610.607848][T28376] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5666'.
[ 1611.937045][T28388] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1612.022099][T28388] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5671'.
[ 1613.704006][T28428] Invalid logical block size (18)
[ 1614.638639][T28436] random: crng reseeded on system resumption
[ 1614.687760][T28434] tipc: Started in network mode
[ 1614.697139][T28434] tipc: Node identity aaaaaaaaaa33, cluster identity 4711
[ 1614.713501][T28434] tipc: Enabled bearer <eth:vlan1>, priority 10
[ 1614.925709][T28442] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1614.948996][T28442] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5688'.
[ 1615.829591][ T5960] tipc: Node number set to 10070698
[ 1616.554551][T28472] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5697'.
[ 1617.265591][  T983] IPVS: starting estimator thread 0...
[ 1617.370597][T28481] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1617.825796][T28491] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1617.874749][T28491] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5702'.
[ 1618.135429][   T30] audit: type=1326 audit(1754357699.586:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28499 comm="syz.5.5706" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa2539 code=0x0
[ 1619.261215][T28526] random: crng reseeded on system resumption
[ 1619.307631][T28524] netlink: 132 bytes leftover after parsing attributes in process `syz.5.5713'.
[ 1619.532355][  T983] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1619.553380][T28529] fuse: Bad value for 'fd'
[ 1619.689835][  T983] usb 7-1: Using ep0 maxpacket: 16
[ 1619.705803][  T983] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1619.717805][  T983] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1619.730656][T28531] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1619.759517][  T983] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[ 1619.806588][T28534] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5716'.
[ 1619.836007][  T983] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1619.878470][  T983] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1619.897141][  T983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1619.988725][  T983] usb 7-1: config 0 descriptor??
[ 1620.191192][T28538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5718'.
[ 1620.213764][T28538] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5718'.
[ 1620.229197][T28538] FAULT_INJECTION: forcing a failure.
[ 1620.229197][T28538] name failslab, interval 1, probability 0, space 0, times 0
[ 1620.271850][T28538] CPU: 0 UID: 0 PID: 28538 Comm: syz.0.5718 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1620.271874][T28538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1620.271881][T28538] Call Trace:
[ 1620.271886][T28538]  <TASK>
[ 1620.271892][T28538]  dump_stack_lvl+0x189/0x250
[ 1620.271909][T28538]  ? __pfx____ratelimit+0x10/0x10
[ 1620.271921][T28538]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1620.271933][T28538]  ? __pfx__printk+0x10/0x10
[ 1620.271950][T28538]  ? __pfx___might_resched+0x10/0x10
[ 1620.271963][T28538]  should_fail_ex+0x414/0x560
[ 1620.271982][T28538]  should_failslab+0xa8/0x100
[ 1620.271999][T28538]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1620.272014][T28538]  ? __alloc_skb+0x112/0x2d0
[ 1620.272029][T28538]  __alloc_skb+0x112/0x2d0
[ 1620.272042][T28538]  netlink_sendmsg+0x5c6/0xb30
[ 1620.272072][T28538]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1620.272085][T28538]  ? __import_iovec+0x5d4/0x7f0
[ 1620.272098][T28538]  ? aa_sock_msg_perm+0x94/0x160
[ 1620.272113][T28538]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1620.272125][T28538]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1620.272137][T28538]  __sock_sendmsg+0x21c/0x270
[ 1620.272155][T28538]  ____sys_sendmsg+0x505/0x830
[ 1620.272171][T28538]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1620.272192][T28538]  ___sys_sendmsg+0x21f/0x2a0
[ 1620.272207][T28538]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1620.272237][T28538]  ? __fget_files+0x2a/0x420
[ 1620.272252][T28538]  ? __fget_files+0x3a0/0x420
[ 1620.272273][T28538]  __sys_sendmsg+0x164/0x220
[ 1620.272287][T28538]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1620.272308][T28538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1620.272320][T28538]  __do_fast_syscall_32+0xb6/0x2b0
[ 1620.272336][T28538]  do_fast_syscall_32+0x34/0x80
[ 1620.272347][T28538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1620.272361][T28538] RIP: 0023:0xf70ae539
[ 1620.272370][T28538] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1620.272380][T28538] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1620.272393][T28538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400
[ 1620.272401][T28538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1620.272407][T28538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1620.272413][T28538] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1620.272420][T28538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1620.272435][T28538]  </TASK>
[ 1620.526614][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1622.011965][T28568] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1622.253242][ T5960] usb 7-1: USB disconnect, device number 3
[ 1622.961247][T28584] netlink: 132 bytes leftover after parsing attributes in process `syz.6.5732'.
[ 1623.379534][T11230] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1623.415821][T28599] @: renamed from vlan0 (while UP)
[ 1623.729887][T11230] usb 6-1: Using ep0 maxpacket: 32
[ 1623.841264][T11230] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1623.855939][T11230] usb 6-1: config 0 has no interfaces?
[ 1623.874119][T11230] usb 6-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1623.883451][T11230] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.008649][T11230] usb 6-1: Product: syz
[ 1624.028745][T11230] usb 6-1: Manufacturer: syz
[ 1624.109227][T11230] usb 6-1: SerialNumber: syz
[ 1624.186356][T11230] usb 6-1: config 0 descriptor??
[ 1624.330158][T28610] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1624.692470][T28613] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5741'.
[ 1624.815923][T28615] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5735'.
[ 1625.246185][T28621] random: crng reseeded on system resumption
[ 1625.560241][  T983] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1625.760947][T28635] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5747'.
[ 1625.881538][  T983] usb 7-1: Using ep0 maxpacket: 16
[ 1625.898516][  T983] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1625.909320][  T983] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1625.945478][  T983] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[ 1625.975605][  T983] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1626.015190][  T983] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1626.037413][  T983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1626.083398][  T983] usb 7-1: config 0 descriptor??
[ 1626.344968][T11230] usb 6-1: USB disconnect, device number 40
[ 1626.536303][T28648] syz_tun: entered allmulticast mode
[ 1626.571213][T28647] syz_tun: left allmulticast mode
[ 1626.633215][T28650] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1626.800707][T28655] ALSA: mixer_oss: invalid index 40000
[ 1627.574235][T28675] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5759'.
[ 1628.051264][T28670] futex_wake_op: syz.0.5758 tries to shift op by -1; fix this program
[ 1628.199330][ T5960] usb 7-1: USB disconnect, device number 4
[ 1628.699494][ T5960] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1628.858204][ T5960] usb 7-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55
[ 1628.868096][ T5960] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1628.882136][ T5960] usb 7-1: Product: syz
[ 1628.886380][ T5960] usb 7-1: Manufacturer: syz
[ 1628.893096][ T5960] usb 7-1: SerialNumber: syz
[ 1628.906555][ T5960] usb 7-1: config 0 descriptor??
[ 1628.919030][ T5960] gspca_main: sonixb-2.14.0 probing 0c45:608f
[ 1629.304560][T28706] FAULT_INJECTION: forcing a failure.
[ 1629.304560][T28706] name failslab, interval 1, probability 0, space 0, times 0
[ 1629.317689][T28706] CPU: 1 UID: 0 PID: 28706 Comm: syz.5.5766 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1629.317711][T28706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1629.317718][T28706] Call Trace:
[ 1629.317724][T28706]  <TASK>
[ 1629.317730][T28706]  dump_stack_lvl+0x189/0x250
[ 1629.317748][T28706]  ? __pfx____ratelimit+0x10/0x10
[ 1629.317760][T28706]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1629.317772][T28706]  ? __pfx__printk+0x10/0x10
[ 1629.317788][T28706]  ? __pfx___might_resched+0x10/0x10
[ 1629.317799][T28706]  ? fs_reclaim_acquire+0x7d/0x100
[ 1629.317818][T28706]  should_fail_ex+0x414/0x560
[ 1629.317838][T28706]  should_failslab+0xa8/0x100
[ 1629.317855][T28706]  __kmalloc_noprof+0xcb/0x4f0
[ 1629.317869][T28706]  ? tomoyo_encode+0x28b/0x550
[ 1629.317887][T28706]  tomoyo_encode+0x28b/0x550
[ 1629.317913][T28706]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1629.317943][T28706]  tomoyo_path_perm+0x213/0x4b0
[ 1629.317956][T28706]  ? tomoyo_path_perm+0x1e3/0x4b0
[ 1629.317967][T28706]  ? __pfx_tomoyo_path_perm+0x10/0x10
[ 1629.317984][T28706]  ? filemap_check_errors+0xd2/0x120
[ 1629.318013][T28706]  ? bdev_mark_dead+0x9f/0x170
[ 1629.318030][T28706]  security_inode_getattr+0x12f/0x330
[ 1629.318041][T28706]  vfs_getattr+0x23/0x70
[ 1629.318053][T28706]  loop_assign_backing_file+0x222/0x400
[ 1629.318072][T28706]  ? __pfx_loop_assign_backing_file+0x10/0x10
[ 1629.318095][T28706]  ? bd_prepare_to_claim+0x3f1/0x490
[ 1629.318134][T28706]  ? __asan_memcpy+0x40/0x70
[ 1629.318164][T28706]  ? loop_set_status_from_info+0x185/0x250
[ 1629.318182][T28706]  loop_configure+0x7cf/0xf90
[ 1629.318198][T28706]  ? kasan_save_stack+0x4d/0x60
[ 1629.318210][T28706]  ? kasan_save_stack+0x3e/0x60
[ 1629.318229][T28706]  ? __pfx_loop_configure+0x10/0x10
[ 1629.318262][T28706]  lo_ioctl+0x7cc/0x1d00
[ 1629.318280][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318298][T28706]  ? __pfx_lo_ioctl+0x10/0x10
[ 1629.318316][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318337][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318363][T28706]  ? is_bpf_text_address+0x26/0x2b0
[ 1629.318382][T28706]  ? is_bpf_text_address+0x292/0x2b0
[ 1629.318396][T28706]  ? is_bpf_text_address+0x26/0x2b0
[ 1629.318430][T28706]  ? kernel_text_address+0xa5/0xe0
[ 1629.318447][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318474][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318492][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318514][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318534][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318560][T28706]  ? is_bpf_text_address+0x26/0x2b0
[ 1629.318577][T28706]  ? is_bpf_text_address+0x292/0x2b0
[ 1629.318592][T28706]  ? is_bpf_text_address+0x26/0x2b0
[ 1629.318608][T28706]  ? kernel_text_address+0xa5/0xe0
[ 1629.318622][T28706]  ? __kernel_text_address+0xd/0x40
[ 1629.318636][T28706]  ? unwind_get_return_address+0x4d/0x90
[ 1629.318647][T28706]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1629.318660][T28706]  ? arch_stack_walk+0xfc/0x150
[ 1629.318680][T28706]  ? stack_trace_save+0x9c/0xe0
[ 1629.318691][T28706]  ? __pfx_stack_trace_save+0x10/0x10
[ 1629.318704][T28706]  ? stack_depot_save_flags+0x40/0x860
[ 1629.318747][T28706]  ? __asan_memset+0x22/0x50
[ 1629.318759][T28706]  ? blk_get_meta_cap+0x140/0x710
[ 1629.318772][T28706]  lo_compat_ioctl+0x298/0x330
[ 1629.318789][T28706]  ? __pfx_lo_compat_ioctl+0x10/0x10
[ 1629.318804][T28706]  ? kasan_quarantine_put+0xdd/0x220
[ 1629.318819][T28706]  ? blkdev_common_ioctl+0xff7/0x2550
[ 1629.318833][T28706]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1629.318846][T28706]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 1629.318856][T28706]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1629.318870][T28706]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1629.318884][T28706]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1629.318907][T28706]  ? __lock_acquire+0xab9/0xd20
[ 1629.318929][T28706]  ? __pfx_lo_compat_ioctl+0x10/0x10
[ 1629.318946][T28706]  compat_blkdev_ioctl+0x5ce/0x780
[ 1629.318958][T28706]  ? __fget_files+0x2a/0x420
[ 1629.318976][T28706]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[ 1629.318987][T28706]  ? __fget_files+0x2a/0x420
[ 1629.319004][T28706]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1629.319020][T28706]  __ia32_compat_sys_ioctl+0x540/0x840
[ 1629.319035][T28706]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1629.319048][T28706]  ? __fget_files+0x3a0/0x420
[ 1629.319067][T28706]  ? fput+0xa0/0xd0
[ 1629.319078][T28706]  ? ksys_write+0x22a/0x250
[ 1629.319097][T28706]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1629.319109][T28706]  __do_fast_syscall_32+0xb6/0x2b0
[ 1629.319122][T28706]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1629.319134][T28706]  do_fast_syscall_32+0x34/0x80
[ 1629.319150][T28706]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1629.319163][T28706] RIP: 0023:0xf7fa2539
[ 1629.319173][T28706] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1629.319183][T28706] RSP: 002b:00000000f50c655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1629.319195][T28706] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000004c0a
[ 1629.319202][T28706] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1629.319209][T28706] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1629.319215][T28706] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1629.319222][T28706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1629.319245][T28706]  </TASK>
[ 1629.319277][T28706] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1629.844077][T28706] loop6: detected capacity change from 0 to 7
[ 1629.879650][T28706] Dev loop6: unable to read RDB block 7
[ 1629.885459][T28706]  loop6: unable to read partition table
[ 1629.892119][T28706] loop6: partition table beyond EOD, truncated
[ 1629.929885][T28706] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1630.075194][T28709] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5765'.
[ 1630.352028][T28713] netlink: 'syz.6.5764': attribute type 4 has an invalid length.
[ 1631.250489][T28740] random: crng reseeded on system resumption
[ 1631.427237][  T983] usb 7-1: USB disconnect, device number 5
[ 1632.507211][   T30] audit: type=1326 audit(1754357713.956:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28752 comm="syz.6.5777" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f32539 code=0x0
[ 1633.561549][ T5960] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[ 1633.731179][ T5960] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1633.745941][ T5960] usb 6-1: config 0 has no interface number 0
[ 1633.756410][ T5960] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1633.773543][ T5960] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1633.825653][ T5960] usb 6-1: config 0 descriptor??
[ 1633.850326][ T5960] usb 6-1: selecting invalid altsetting 1
[ 1633.891833][ T5960] dvb_ttusb_budget: ttusb_init_controller: error
[ 1633.913740][ T5960] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1633.919986][  T983] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1634.016357][ T5960] DVB: Unable to find symbol cx22700_attach()
[ 1634.050840][T28758] loop6: detected capacity change from 0 to 7
[ 1634.068186][T28758] Dev loop6: unable to read RDB block 7
[ 1634.089693][  T983] usb 7-1: Using ep0 maxpacket: 32
[ 1634.102524][  T983] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1634.112793][T28758]  loop6: unable to read partition table
[ 1634.113019][T28758] loop6: partition table beyond EOD, truncated
[ 1634.162828][  T983] usb 7-1: config 0 has no interfaces?
[ 1634.187243][ T5960] DVB: Unable to find symbol tda10046_attach()
[ 1634.197300][  T983] usb 7-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1634.207343][T28758] loop_reread_partitions: partition scan of loop6 (þË– ) failed (rc=-5)
[ 1634.220053][ T5960] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1634.228261][  T983] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1634.268123][  T983] usb 7-1: Product: syz
[ 1634.293216][  T983] usb 7-1: Manufacturer: syz
[ 1634.297988][T24748] usb 6-1: USB disconnect, device number 41
[ 1634.329344][  T983] usb 7-1: SerialNumber: syz
[ 1634.356771][  T983] usb 7-1: config 0 descriptor??
[ 1634.492251][T28780] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5785'.
[ 1634.516532][T28780] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5785'.
[ 1634.909724][T28790] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5782'.
[ 1635.691961][T28804] netlink: 'syz.5.5789': attribute type 10 has an invalid length.
[ 1635.770232][T28807] netlink: 'syz.5.5789': attribute type 10 has an invalid length.
[ 1635.835089][T28804] bridge0: port 4(macsec0) entered blocking state
[ 1635.860251][T28804] bridge0: port 4(macsec0) entered disabled state
[ 1635.904720][T28804] macsec0: entered allmulticast mode
[ 1636.035585][T28804] veth1_macvtap: entered allmulticast mode
[ 1636.247976][T28804] macsec0: entered promiscuous mode
[ 1636.282182][T28804] bridge0: port 4(macsec0) entered blocking state
[ 1636.288929][T28804] bridge0: port 4(macsec0) entered forwarding state
[ 1636.504223][T28819] netlink: 'syz.5.5792': attribute type 5 has an invalid length.
[ 1637.228893][T11230] usb 7-1: USB disconnect, device number 6
[ 1637.278923][T28831] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.5796'.
[ 1637.467569][T28841] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5799'.
[ 1637.699602][ T5966] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[ 1638.009604][ T5966] usb 6-1: device descriptor read/64, error -71
[ 1638.320612][ T5966] usb 6-1: new full-speed USB device number 43 using dummy_hcd
[ 1638.464136][ T5966] usb 6-1: device descriptor read/64, error -71
[ 1638.506342][T28862] netlink: 132 bytes leftover after parsing attributes in process `syz.6.5806'.
[ 1638.602367][ T5966] usb usb6-port1: attempt power cycle
[ 1638.960369][ T5966] usb 6-1: new full-speed USB device number 44 using dummy_hcd
[ 1639.070366][ T5966] usb 6-1: device descriptor read/8, error -71
[ 1639.529963][ T5966] usb 6-1: new full-speed USB device number 45 using dummy_hcd
[ 1639.713135][ T5966] usb 6-1: device descriptor read/8, error -71
[ 1639.730991][T28883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1639.773699][T28883] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1639.830028][ T5966] usb usb6-port1: unable to enumerate USB device
[ 1639.905252][T28884] trusted_key: encrypted_key: insufficient parameters specified
[ 1639.939060][T28883] vivid-007: kernel_thread() failed
[ 1639.989648][ T1596] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1641.311542][T28922] random: crng reseeded on system resumption
[ 1641.399555][T24748] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1641.561718][T24748] usb 7-1: Using ep0 maxpacket: 32
[ 1641.596569][T24748] usb 7-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[ 1641.608698][T24748] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1641.632558][T24748] usb 7-1: Product: syz
[ 1641.638949][T24748] usb 7-1: Manufacturer: syz
[ 1641.653156][T24748] usb 7-1: SerialNumber: syz
[ 1641.886269][T24748] visor 7-1:1.0: Handspring Visor / Palm OS converter detected
[ 1641.953277][T24748] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[ 1642.026937][T24748] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[ 1642.107465][T28919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1642.142828][T28919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1642.164940][T11230] usb 7-1: USB disconnect, device number 8
[ 1642.255292][T11230] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[ 1642.304859][T11230] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[ 1642.305432][T11230] visor 7-1:1.0: device disconnected
[ 1642.988562][T28937] loop6: detected capacity change from 0 to 524287999
[ 1643.060726][T24748] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1644.508505][T28966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5838'.
[ 1644.735578][T22533] Bluetooth: hci2: SCO packet for unknown connection handle 200
[ 1644.808365][   T30] audit: type=1326 audit(1754357726.236:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1644.949707][   T30] audit: type=1326 audit(1754357726.236:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1644.981983][   T30] audit: type=1326 audit(1754357726.236:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.004892][   T30] audit: type=1326 audit(1754357726.236:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.177435][   T30] audit: type=1326 audit(1754357726.236:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.200114][ T5966] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1645.227822][   T30] audit: type=1326 audit(1754357726.236:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.253353][   T30] audit: type=1326 audit(1754357726.246:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.442770][   T30] audit: type=1326 audit(1754357726.246:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.478725][ T5966] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1645.669535][ T5960] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1645.719489][   T30] audit: type=1326 audit(1754357726.246:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.755926][   T30] audit: type=1326 audit(1754357726.246:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28968 comm="syz.5.5839" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa2539 code=0x7ffc0000
[ 1645.778620][ T5966] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1645.844469][ T5966] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1645.844507][ T5966] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1645.871150][ T5960] usb 7-1: Using ep0 maxpacket: 8
[ 1645.879522][ T5960] usb 7-1: too many configurations: 210, using maximum allowed: 8
[ 1645.891768][T28975] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1645.895704][ T5960] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1645.895742][ T5960] usb 7-1: can't read configurations, error -61
[ 1645.919069][ T5966] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1646.029888][ T5960] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1646.179500][ T5960] usb 7-1: Using ep0 maxpacket: 8
[ 1646.188810][ T5960] usb 7-1: too many configurations: 210, using maximum allowed: 8
[ 1646.202757][ T5960] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1646.215724][ T5960] usb 7-1: can't read configurations, error -61
[ 1646.264855][ T5960] usb usb7-port1: attempt power cycle
[ 1646.736775][T29002] random: crng reseeded on system resumption
[ 1646.869509][ T5960] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1646.890550][ T5960] usb 7-1: Using ep0 maxpacket: 8
[ 1646.898863][ T5960] usb 7-1: too many configurations: 210, using maximum allowed: 8
[ 1646.920762][ T5960] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1646.928816][ T5960] usb 7-1: can't read configurations, error -61
[ 1647.119594][ T5960] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1647.157428][ T5960] usb 7-1: Using ep0 maxpacket: 8
[ 1647.183938][ T5960] usb 7-1: too many configurations: 210, using maximum allowed: 8
[ 1647.196100][ T5960] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1647.204571][ T5960] usb 7-1: can't read configurations, error -61
[ 1647.213203][ T5960] usb usb7-port1: unable to enumerate USB device
[ 1647.939896][T29013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5851'.
[ 1648.066873][T29020] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5853'.
[ 1648.252797][T29023] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5853'.
[ 1648.273469][T29023] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1648.423851][T29023] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1648.637095][T29033] input: syz1 as /devices/virtual/input/input79
[ 1648.678859][T29033] fuse: Bad value for 'rootmode'
[ 1649.476884][ T5966] usb 6-1: USB disconnect, device number 46
[ 1650.249121][T29073] netlink: 132 bytes leftover after parsing attributes in process `syz.7.5866'.
[ 1650.735125][T29086] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1650.900792][T29095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5872'.
[ 1650.914728][T29095] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5872'.
[ 1651.112073][T29101] random: crng reseeded on system resumption
[ 1654.764660][T11230] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[ 1654.780745][T11230] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1656.113268][T29186] FAULT_INJECTION: forcing a failure.
[ 1656.113268][T29186] name failslab, interval 1, probability 0, space 0, times 0
[ 1656.136738][T29186] CPU: 0 UID: 0 PID: 29186 Comm: syz.1.5901 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1656.136768][T29186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1656.136781][T29186] Call Trace:
[ 1656.136790][T29186]  <TASK>
[ 1656.136799][T29186]  dump_stack_lvl+0x189/0x250
[ 1656.136827][T29186]  ? __pfx____ratelimit+0x10/0x10
[ 1656.136848][T29186]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1656.136871][T29186]  ? __pfx__printk+0x10/0x10
[ 1656.136902][T29186]  ? __pfx___might_resched+0x10/0x10
[ 1656.136925][T29186]  should_fail_ex+0x414/0x560
[ 1656.136959][T29186]  should_failslab+0xa8/0x100
[ 1656.136989][T29186]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1656.137015][T29186]  ? getname_flags+0xb8/0x540
[ 1656.137037][T29186]  getname_flags+0xb8/0x540
[ 1656.137060][T29186]  __ia32_sys_mkdirat+0x7a/0xa0
[ 1656.137096][T29186]  __do_fast_syscall_32+0xb6/0x2b0
[ 1656.137128][T29186]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1656.137151][T29186]  do_fast_syscall_32+0x34/0x80
[ 1656.137172][T29186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1656.137193][T29186] RIP: 0023:0xf7f66539
[ 1656.137210][T29186] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1656.137227][T29186] RSP: 002b:00000000f50863c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000128
[ 1656.137247][T29186] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000280
[ 1656.137259][T29186] RDX: 00000000000001ff RSI: 0000000080000480 RDI: 0000000000000001
[ 1656.137269][T29186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1656.137279][T29186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1656.137290][T29186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1656.137317][T29186]  </TASK>
[ 1656.318684][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1656.679839][ T5966] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1656.879465][ T5966] usb 6-1: Using ep0 maxpacket: 16
[ 1656.896523][ T5966] usb 6-1: config 0 has an invalid interface number: 68 but max is 0
[ 1656.912355][ T5966] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1656.923754][ T5966] usb 6-1: config 0 has no interface number 0
[ 1656.934577][ T5966] usb 6-1: config 0 interface 68 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1657.127632][ T5966] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[ 1657.336206][ T5966] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1657.344841][ T5966] usb 6-1: Product: syz
[ 1657.349119][ T5966] usb 6-1: Manufacturer: syz
[ 1657.354762][ T5966] usb 6-1: SerialNumber: syz
[ 1657.363902][ T5966] usb 6-1: config 0 descriptor??
[ 1657.403008][ T5966] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1657.825238][  T983] usb 6-1: USB disconnect, device number 47
[ 1657.836332][ T6589] usb 6-1: Failed to submit usb control message: -71
[ 1657.844208][ T6589] usb 6-1: unable to send the bmi data to the device: -71
[ 1657.858841][ T6589] usb 6-1: unable to get target info from device
[ 1657.893056][ T6589] usb 6-1: could not get target info (-71)
[ 1657.899074][ T6589] usb 6-1: could not probe fw (-71)
[ 1658.053613][T29231] binder_alloc: binder_alloc_mmap_handler: 29227 80ffd000-81000000 already mapped failed -16
[ 1658.321131][T29231] binder: 29227:29231 ioctl 540f 80000140 returned -22
[ 1660.011462][  T983] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1660.179507][  T983] usb 6-1: Using ep0 maxpacket: 8
[ 1660.202395][  T983] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[ 1660.213728][  T983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1660.243873][  T983] usb 6-1: Product: syz
[ 1660.254142][  T983] usb 6-1: Manufacturer: syz
[ 1660.275618][  T983] usb 6-1: SerialNumber: syz
[ 1660.292461][  T983] usb 6-1: config 0 descriptor??
[ 1661.035828][T29264] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5918'.
[ 1661.123575][  T983] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in cold state
[ 1661.134788][  T983] usb 6-1: Direct firmware load for dvb-usb-terratec-h7-az6007.fw failed with error -2
[ 1661.172895][T29268] loop6: detected capacity change from 0 to 63
[ 1661.209196][ T7683] buffer_io_error: 5 callbacks suppressed
[ 1661.209216][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1661.209646][  T983] usb 6-1: Falling back to sysfs fallback for: dvb-usb-terratec-h7-az6007.fw
[ 1661.236203][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1661.270074][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1661.348777][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1661.445323][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1661.614644][T29275] fuse: Bad value for 'user_id'
[ 1661.619786][T29275] fuse: Bad value for 'user_id'
[ 1661.628269][T29245] tipc: Started in network mode
[ 1661.635990][T29245] tipc: Node identity 080211, cluster identity 4711
[ 1661.690556][T29245] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1661.707712][T29246] bridge0: port 4(macsec0) entered disabled state
[ 1661.714396][T29246] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1661.721681][T29246] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1661.830104][T29246] bridge0: entered allmulticast mode
[ 1661.847153][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1661.967171][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1662.059416][T29283] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5923'.
[ 1662.107383][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1662.130254][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1662.224609][ T7683] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1662.789440][ T5966] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1662.789501][ T5960] tipc: Node number set to 134353152
[ 1663.061458][ T5966] usb 7-1: Using ep0 maxpacket: 32
[ 1663.198606][ T5966] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1663.234835][ T5966] usb 7-1: config 0 has no interfaces?
[ 1663.450754][ T5966] usb 7-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[ 1663.593803][ T5966] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1663.640605][ T5966] usb 7-1: Product: syz
[ 1663.669981][ T5966] usb 7-1: Manufacturer: syz
[ 1663.675229][ T5966] usb 7-1: SerialNumber: syz
[ 1663.693355][ T5966] usb 7-1: config 0 descriptor??
[ 1664.100277][T29306] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5924'.
[ 1664.769169][T29317] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5931'.
[ 1665.893671][   T30] kauditd_printk_skb: 47 callbacks suppressed
[ 1665.893689][   T30] audit: type=1326 audit(1754357747.346:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29329 comm="syz.7.5935" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0
[ 1666.155177][T29341] netlink: 'syz.7.5935': attribute type 3 has an invalid length.
[ 1666.167689][T29341] netlink: 199836 bytes leftover after parsing attributes in process `syz.7.5935'.
[ 1666.623205][ T5966] usb 7-1: USB disconnect, device number 14
[ 1667.097363][T29360] binder: 29359:29360 ioctl c0306201 80000240 returned -11
[ 1667.113820][T29360] binder: 29359:29360 ioctl c0306201 80000280 returned -14
[ 1667.265157][T29364] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5946'.
[ 1667.275497][T29364] openvswitch: netlink: Flow key attr not present in new flow.
[ 1667.364281][T29366] tipc: Started in network mode
[ 1667.369222][T29366] tipc: Node identity 0ab2bfebbc39, cluster identity 4711
[ 1667.382962][T29366] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1667.392305][T29366] syzkaller0: entered promiscuous mode
[ 1667.397840][T29366] syzkaller0: entered allmulticast mode
[ 1667.428771][T29366] tipc: Resetting bearer <eth:syzkaller0>
[ 1667.445006][T29365] tipc: Resetting bearer <eth:syzkaller0>
[ 1667.474301][T29365] tipc: Disabling bearer <eth:syzkaller0>
[ 1668.963747][T29383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5953'.
[ 1668.977910][T29383] netlink: 'syz.0.5953': attribute type 2 has an invalid length.
[ 1668.987953][T29383] netlink: 100 bytes leftover after parsing attributes in process `syz.0.5953'.
[ 1668.999624][T29383] netlink: 'syz.0.5953': attribute type 2 has an invalid length.
[ 1669.007639][T29383] netlink: 100 bytes leftover after parsing attributes in process `syz.0.5953'.
[ 1669.057171][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.063683][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.081330][T29385] netlink: 'syz.0.5954': attribute type 237 has an invalid length.
[ 1669.242588][T29391] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1669.253371][T29391] mac80211_hwsim hwsim32 syzkaller0: entered promiscuous mode
[ 1669.261312][T29391] mac80211_hwsim hwsim32 syzkaller0: entered allmulticast mode
[ 1669.274871][T29392] random: crng reseeded on system resumption
[ 1669.594400][T29397] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5958'.
[ 1669.618103][T29397] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5958'.
[ 1671.073664][T29406] netlink: 72 bytes leftover after parsing attributes in process `syz.7.5961'.
[ 1671.118818][T29405] netlink: 72 bytes leftover after parsing attributes in process `syz.7.5961'.
[ 1673.351078][T29428] input: syz1 as /devices/virtual/input/input80
[ 1674.074433][   T30] audit: type=1326 audit(1754357755.526:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29445 comm="syz.1.5973" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f66539 code=0x0
[ 1674.386997][T29451] random: crng reseeded on system resumption
[ 1674.739577][ T5867] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1674.889897][ T5867] usb 7-1: Using ep0 maxpacket: 16
[ 1674.903212][ T5867] usb 7-1: config index 0 descriptor too short (expected 65038, got 27)
[ 1674.945029][ T5867] usb 7-1: config 0 has too many interfaces: 150, using maximum allowed: 32
[ 1674.964222][ T5867] usb 7-1: config 0 descriptor has 1 excess byte, ignoring
[ 1674.984484][ T5867] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 150
[ 1675.028876][ T5867] usb 7-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[ 1675.046817][ T5867] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1675.058184][ T5867] usb 7-1: config 0 descriptor??
[ 1675.183352][T29469] tipc: Started in network mode
[ 1675.188283][T29469] tipc: Node identity ba3c642f57d7, cluster identity 4711
[ 1675.196513][T29469] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1675.203908][T29469] syzkaller0: entered promiscuous mode
[ 1675.213858][T29469] syzkaller0: entered allmulticast mode
[ 1675.243357][T29468] tipc: Resetting bearer <eth:syzkaller0>
[ 1675.284147][T29468] tipc: Disabling bearer <eth:syzkaller0>
[ 1675.373413][T29474] FAULT_INJECTION: forcing a failure.
[ 1675.373413][T29474] name failslab, interval 1, probability 0, space 0, times 0
[ 1675.397693][T29474] CPU: 0 UID: 0 PID: 29474 Comm: syz.1.5983 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1675.397724][T29474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1675.397737][T29474] Call Trace:
[ 1675.397746][T29474]  <TASK>
[ 1675.397756][T29474]  dump_stack_lvl+0x189/0x250
[ 1675.397785][T29474]  ? __pfx____ratelimit+0x10/0x10
[ 1675.397806][T29474]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1675.397831][T29474]  ? __pfx__printk+0x10/0x10
[ 1675.397874][T29474]  should_fail_ex+0x414/0x560
[ 1675.397911][T29474]  should_failslab+0xa8/0x100
[ 1675.397942][T29474]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1675.397969][T29474]  ? sctp_add_bind_addr+0x8c/0x370
[ 1675.398005][T29474]  sctp_add_bind_addr+0x8c/0x370
[ 1675.398040][T29474]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1675.398075][T29474]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1675.398106][T29474]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1675.398139][T29474]  ? sctp_v6_is_any+0x64/0x80
[ 1675.398162][T29474]  ? sctp_copy_one_addr+0x93/0x360
[ 1675.398196][T29474]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1675.398228][T29474]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1675.398260][T29474]  sctp_connect_new_asoc+0x2e0/0x690
[ 1675.398286][T29474]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1675.398317][T29474]  ? sctp_get_af_specific+0x29/0x80
[ 1675.398346][T29474]  ? sctp_inet6_send_verify+0x80/0x300
[ 1675.398364][T29474]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[ 1675.398392][T29474]  __sctp_connect+0x5ba/0xd50
[ 1675.398430][T29474]  ? __pfx___sctp_connect+0x10/0x10
[ 1675.398457][T29474]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1675.398480][T29474]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1675.398508][T29474]  sctp_getsockopt_connectx3+0x2c4/0x440
[ 1675.398550][T29474]  ? __pfx_sctp_getsockopt_connectx3+0x10/0x10
[ 1675.398579][T29474]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1675.398610][T29474]  sctp_getsockopt+0x98a/0xb60
[ 1675.398632][T29474]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1675.398656][T29474]  do_sock_getsockopt+0x36f/0x450
[ 1675.398682][T29474]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1675.398705][T29474]  ? lockdep_hardirqs_on+0x90/0x150
[ 1675.398724][T29474]  ? __fget_files+0x2a/0x420
[ 1675.398752][T29474]  ? __fget_files+0x3a0/0x420
[ 1675.398779][T29474]  ? __fget_files+0x2a/0x420
[ 1675.398816][T29474]  __ia32_sys_getsockopt+0x1a5/0x250
[ 1675.398841][T29474]  ? lockdep_hardirqs_on+0x90/0x150
[ 1675.398862][T29474]  ? lockdep_hardirqs_on+0x90/0x150
[ 1675.398886][T29474]  __do_fast_syscall_32+0xb6/0x2b0
[ 1675.398910][T29474]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1675.398935][T29474]  do_fast_syscall_32+0x34/0x80
[ 1675.398958][T29474]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1675.398982][T29474] RIP: 0023:0xf7f66539
[ 1675.399000][T29474] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1675.399019][T29474] RSP: 002b:00000000f508655c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[ 1675.399041][T29474] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[ 1675.399055][T29474] RDX: 000000000000006f RSI: 0000000080000000 RDI: 0000000080000180
[ 1675.399069][T29474] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1675.399081][T29474] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1675.399094][T29474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1675.399125][T29474]  </TASK>
[ 1675.729052][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1675.955928][T29479] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5984'.
[ 1676.354292][T29484] program syz.0.5985 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1676.441813][T29483] loop9: detected capacity change from 0 to 7
[ 1676.604213][T29492] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (34)
[ 1676.621228][T29492] netlink: 19 bytes leftover after parsing attributes in process `syz.7.5989'.
[ 1677.389471][ T5867] usb 7-1: USB disconnect, device number 15
[ 1677.612411][T29528] 
[ 1677.614825][T29528] =====================================================
[ 1677.621767][T29528] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1677.629242][T29528] 6.16.0-syzkaller-11489-gd2eedaa3909b #0 Not tainted
[ 1677.635995][T29528] -----------------------------------------------------
[ 1677.643097][T29528] syz.6.6002/29528 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1677.651178][T29528] ffff8880774214b0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0
[ 1677.659910][T29528] 
[ 1677.659910][T29528] and this task is already holding:
[ 1677.667367][T29528] ffff888029559230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[ 1677.677067][T29528] which would create a new lock dependency:
[ 1677.682969][T29528]  (&dev->event_lock#2){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 1677.690937][T29528] 
[ 1677.690937][T29528] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1677.700476][T29528]  (&dev->event_lock#2){..-.}-{3:3}
[ 1677.700518][T29528] 
[ 1677.700518][T29528] ... which became SOFTIRQ-irq-safe at:
[ 1677.713406][T29528]   lock_acquire+0x120/0x360
[ 1677.718274][T29528]   _raw_spin_lock_irqsave+0xa7/0xf0
[ 1677.723744][T29528]   input_inject_event+0xa5/0x340
[ 1677.728788][T29528]   led_trigger_event+0x138/0x210
[ 1677.733827][T29528]   kbd_bh+0x1c6/0x2e0
[ 1677.738022][T29528]   tasklet_action_common+0x369/0x580
[ 1677.743482][T29528]   handle_softirqs+0x286/0x870
[ 1677.748347][T29528]   run_ksoftirqd+0x9b/0x100
[ 1677.752977][T29528]   smpboot_thread_fn+0x542/0xa60
[ 1677.758012][T29528]   kthread+0x711/0x8a0
[ 1677.762181][T29528]   ret_from_fork+0x3f9/0x770
[ 1677.766864][T29528]   ret_from_fork_asm+0x1a/0x30
[ 1677.771818][T29528] 
[ 1677.771818][T29528] to a SOFTIRQ-irq-unsafe lock:
[ 1677.778838][T29528]  (tasklist_lock){.+.+}-{3:3}
[ 1677.778874][T29528] 
[ 1677.778874][T29528] ... which became SOFTIRQ-irq-unsafe at:
[ 1677.791589][T29528] ...
[ 1677.791598][T29528]   lock_acquire+0x120/0x360
[ 1677.798868][T29528]   _raw_read_lock+0x36/0x50
[ 1677.803629][T29528]   __do_wait+0xde/0x740
[ 1677.807867][T29528]   do_wait+0x1f8/0x520
[ 1677.812227][T29528]   kernel_wait+0xab/0x170
[ 1677.816821][T29528]   call_usermodehelper_exec_work+0xbe/0x230
[ 1677.822900][T29528]   process_scheduled_works+0xade/0x17b0
[ 1677.828526][T29528]   worker_thread+0x8a0/0xda0
[ 1677.833221][T29528]   kthread+0x711/0x8a0
[ 1677.837363][T29528]   ret_from_fork+0x3f9/0x770
[ 1677.842024][T29528]   ret_from_fork_asm+0x1a/0x30
[ 1677.846902][T29528] 
[ 1677.846902][T29528] other info that might help us debug this:
[ 1677.846902][T29528] 
[ 1677.857122][T29528] Chain exists of:
[ 1677.857122][T29528]   &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock
[ 1677.857122][T29528] 
[ 1677.870168][T29528]  Possible interrupt unsafe locking scenario:
[ 1677.870168][T29528] 
[ 1677.878566][T29528]        CPU0                    CPU1
[ 1677.883947][T29528]        ----                    ----
[ 1677.889322][T29528]   lock(tasklist_lock);
[ 1677.893591][T29528]                                local_irq_disable();
[ 1677.900428][T29528]                                lock(&dev->event_lock#2);
[ 1677.907647][T29528]                                lock(&new->fa_lock);
[ 1677.914410][T29528]   <Interrupt>
[ 1677.917846][T29528]     lock(&dev->event_lock#2);
[ 1677.922776][T29528] 
[ 1677.922776][T29528]  *** DEADLOCK ***
[ 1677.922776][T29528] 
[ 1677.931084][T29528] 6 locks held by syz.6.6002/29528:
[ 1677.936267][T29528]  #0: ffff88802955b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480
[ 1677.945572][T29528]  #1: ffff888029559230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[ 1677.955664][T29528]  #2: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[ 1677.965400][T29528]  #3: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[ 1677.975147][T29528]  #4: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: mousedev_notify_readers+0x2c/0xc00
[ 1677.985251][T29528]  #5: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[ 1677.994483][T29528] 
[ 1677.994483][T29528] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1678.004880][T29528] -> (&dev->event_lock#2){..-.}-{3:3} {
[ 1678.010540][T29528]    IN-SOFTIRQ-W at:
[ 1678.014533][T29528]                     lock_acquire+0x120/0x360
[ 1678.020784][T29528]                     _raw_spin_lock_irqsave+0xa7/0xf0
[ 1678.027726][T29528]                     input_inject_event+0xa5/0x340
[ 1678.034303][T29528]                     led_trigger_event+0x138/0x210
[ 1678.040895][T29528]                     kbd_bh+0x1c6/0x2e0
[ 1678.046521][T29528]                     tasklet_action_common+0x369/0x580
[ 1678.053480][T29528]                     handle_softirqs+0x286/0x870
[ 1678.060050][T29528]                     run_ksoftirqd+0x9b/0x100
[ 1678.066210][T29528]                     smpboot_thread_fn+0x542/0xa60
[ 1678.072807][T29528]                     kthread+0x711/0x8a0
[ 1678.078522][T29528]                     ret_from_fork+0x3f9/0x770
[ 1678.084753][T29528]                     ret_from_fork_asm+0x1a/0x30
[ 1678.091261][T29528]    INITIAL USE at:
[ 1678.095156][T29528]                    lock_acquire+0x120/0x360
[ 1678.101417][T29528]                    _raw_spin_lock_irqsave+0xa7/0xf0
[ 1678.108182][T29528]                    input_inject_event+0xa5/0x340
[ 1678.114674][T29528]                    kbd_led_trigger_activate+0xbc/0x100
[ 1678.121687][T29528]                    led_trigger_set+0x52d/0x950
[ 1678.128041][T29528]                    led_trigger_set_default+0x260/0x2a0
[ 1678.135051][T29528]                    led_classdev_register_ext+0x73d/0x930
[ 1678.142418][T29528]                    input_leds_connect+0x517/0x790
[ 1678.149047][T29528]                    input_register_device+0xd0e/0x1140
[ 1678.155982][T29528]                    atkbd_connect+0x72e/0xa00
[ 1678.162205][T29528]                    serio_driver_probe+0x82/0xd0
[ 1678.168795][T29528]                    really_probe+0x26a/0x9e0
[ 1678.174948][T29528]                    __driver_probe_device+0x18c/0x2f0
[ 1678.181796][T29528]                    driver_probe_device+0x4f/0x430
[ 1678.188378][T29528]                    __driver_attach+0x452/0x700
[ 1678.194703][T29528]                    bus_for_each_dev+0x230/0x2b0
[ 1678.201103][T29528]                    serio_handle_event+0x1f9/0x8d0
[ 1678.207676][T29528]                    process_scheduled_works+0xade/0x17b0
[ 1678.214787][T29528]                    worker_thread+0x8a0/0xda0
[ 1678.220928][T29528]                    kthread+0x711/0x8a0
[ 1678.226548][T29528]                    ret_from_fork+0x3f9/0x770
[ 1678.232682][T29528]                    ret_from_fork_asm+0x1a/0x30
[ 1678.238999][T29528]  }
[ 1678.241484][T29528]  ... key      at: [<ffffffff99e1e060>] input_allocate_device.__key.5+0x0/0x20
[ 1678.250500][T29528] 
[ 1678.250500][T29528] the dependencies between the lock to be acquired
[ 1678.250510][T29528]  and SOFTIRQ-irq-unsafe lock:
[ 1678.264204][T29528]   -> (tasklist_lock){.+.+}-{3:3} {
[ 1678.269507][T29528]      HARDIRQ-ON-R at:
[ 1678.273663][T29528]                         lock_acquire+0x120/0x360
[ 1678.280152][T29528]                         _raw_read_lock+0x36/0x50
[ 1678.286648][T29528]                         __do_wait+0xde/0x740
[ 1678.292798][T29528]                         do_wait+0x1f8/0x520
[ 1678.298946][T29528]                         kernel_wait+0xab/0x170
[ 1678.305284][T29528]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1678.313197][T29528]                         process_scheduled_works+0xade/0x17b0
[ 1678.320831][T29528]                         worker_thread+0x8a0/0xda0
[ 1678.327410][T29528]                         kthread+0x711/0x8a0
[ 1678.333474][T29528]                         ret_from_fork+0x3f9/0x770
[ 1678.340049][T29528]                         ret_from_fork_asm+0x1a/0x30
[ 1678.346804][T29528]      SOFTIRQ-ON-R at:
[ 1678.350955][T29528]                         lock_acquire+0x120/0x360
[ 1678.357513][T29528]                         _raw_read_lock+0x36/0x50
[ 1678.364028][T29528]                         __do_wait+0xde/0x740
[ 1678.370201][T29528]                         do_wait+0x1f8/0x520
[ 1678.376264][T29528]                         kernel_wait+0xab/0x170
[ 1678.382602][T29528]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1678.390492][T29528]                         process_scheduled_works+0xade/0x17b0
[ 1678.398049][T29528]                         worker_thread+0x8a0/0xda0
[ 1678.404651][T29528]                         kthread+0x711/0x8a0
[ 1678.410709][T29528]                         ret_from_fork+0x3f9/0x770
[ 1678.417288][T29528]                         ret_from_fork_asm+0x1a/0x30
[ 1678.424057][T29528]      INITIAL USE at:
[ 1678.428196][T29528]                        lock_acquire+0x120/0x360
[ 1678.434709][T29528]                        _raw_write_lock_irq+0xa2/0xf0
[ 1678.441630][T29528]                        copy_process+0x224f/0x3c00
[ 1678.448384][T29528]                        kernel_clone+0x21e/0x840
[ 1678.454800][T29528]                        user_mode_thread+0xdd/0x140
[ 1678.461468][T29528]                        rest_init+0x23/0x300
[ 1678.467636][T29528]                        start_kernel+0x3a9/0x410
[ 1678.474040][T29528]                        x86_64_start_reservations+0x24/0x30
[ 1678.481671][T29528]                        x86_64_start_kernel+0x143/0x1c0
[ 1678.488685][T29528]                        common_startup_64+0x13e/0x147
[ 1678.495545][T29528]      INITIAL READ USE at:
[ 1678.500031][T29528]                             lock_acquire+0x120/0x360
[ 1678.506994][T29528]                             _raw_read_lock+0x36/0x50
[ 1678.513831][T29528]                             __do_wait+0xde/0x740
[ 1678.520319][T29528]                             do_wait+0x1f8/0x520
[ 1678.526822][T29528]                             kernel_wait+0xab/0x170
[ 1678.533495][T29528]                             call_usermodehelper_exec_work+0xbe/0x230
[ 1678.541825][T29528]                             process_scheduled_works+0xade/0x17b0
[ 1678.549717][T29528]                             worker_thread+0x8a0/0xda0
[ 1678.556635][T29528]                             kthread+0x711/0x8a0
[ 1678.563040][T29528]                             ret_from_fork+0x3f9/0x770
[ 1678.570152][T29528]                             ret_from_fork_asm+0x1a/0x30
[ 1678.577266][T29528]    }
[ 1678.579939][T29528]    ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[ 1678.587834][T29528]    ... acquired at:
[ 1678.591793][T29528]    lock_acquire+0x120/0x360
[ 1678.596480][T29528]    _raw_read_lock+0x36/0x50
[ 1678.601145][T29528]    send_sigurg+0x12b/0x420
[ 1678.605730][T29528]    sk_send_sigurg+0x6c/0x2e0
[ 1678.610503][T29528]    queue_oob+0x420/0x4f0
[ 1678.614945][T29528]    unix_stream_sendmsg+0xc3f/0xdf0
[ 1678.620230][T29528]    __sock_sendmsg+0x21c/0x270
[ 1678.625158][T29528]    ____sys_sendmsg+0x505/0x830
[ 1678.630084][T29528]    ___sys_sendmsg+0x21f/0x2a0
[ 1678.635004][T29528]    __sys_sendmsg+0x164/0x220
[ 1678.639765][T29528]    __do_fast_syscall_32+0xb6/0x2b0
[ 1678.645206][T29528]    do_fast_syscall_32+0x34/0x80
[ 1678.650252][T29528]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1678.656743][T29528] 
[ 1678.659071][T29528]  -> (&f_owner->lock){....}-{3:3} {
[ 1678.664357][T29528]     INITIAL USE at:
[ 1678.668327][T29528]                      lock_acquire+0x120/0x360
[ 1678.674554][T29528]                      _raw_write_lock_irq+0xa2/0xf0
[ 1678.681208][T29528]                      __f_setown+0x67/0x370
[ 1678.687199][T29528]                      do_fcntl+0x15ff/0x1910
[ 1678.693270][T29528]                      do_compat_fcntl64+0x477/0x720
[ 1678.699936][T29528]                      __do_fast_syscall_32+0xb6/0x2b0
[ 1678.706779][T29528]                      do_fast_syscall_32+0x34/0x80
[ 1678.713358][T29528]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1678.721426][T29528]     INITIAL READ USE at:
[ 1678.725925][T29528]                           lock_acquire+0x120/0x360
[ 1678.732613][T29528]                           _raw_read_lock_irqsave+0xaf/0x100
[ 1678.740069][T29528]                           send_sigurg+0x55/0x420
[ 1678.746563][T29528]                           sk_send_sigurg+0x6c/0x2e0
[ 1678.753410][T29528]                           queue_oob+0x420/0x4f0
[ 1678.759818][T29528]                           unix_stream_sendmsg+0xc3f/0xdf0
[ 1678.767093][T29528]                           __sock_sendmsg+0x21c/0x270
[ 1678.774043][T29528]                           ____sys_sendmsg+0x505/0x830
[ 1678.781154][T29528]                           ___sys_sendmsg+0x21f/0x2a0
[ 1678.787997][T29528]                           __sys_sendmsg+0x164/0x220
[ 1678.794756][T29528]                           __do_fast_syscall_32+0xb6/0x2b0
[ 1678.802343][T29528]                           do_fast_syscall_32+0x34/0x80
[ 1678.809450][T29528]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1678.818050][T29528]   }
[ 1678.820649][T29528]   ... key      at: [<ffffffff99b1ef60>] file_f_owner_allocate.__key+0x0/0x20
[ 1678.829576][T29528]   ... acquired at:
[ 1678.833454][T29528]    lock_acquire+0x120/0x360
[ 1678.838140][T29528]    _raw_read_lock_irqsave+0xaf/0x100
[ 1678.843615][T29528]    send_sigio+0x38/0x370
[ 1678.848042][T29528]    kill_fasync+0x24d/0x4d0
[ 1678.852797][T29528]    sock_wake_async+0x137/0x160
[ 1678.857816][T29528]    sk_wake_async+0x184/0x280
[ 1678.862573][T29528]    unix_release_sock+0x768/0xd30
[ 1678.867672][T29528]    unix_release+0x92/0xd0
[ 1678.872171][T29528]    sock_close+0xc0/0x240
[ 1678.876574][T29528]    __fput+0x44c/0xa70
[ 1678.880711][T29528]    task_work_run+0x1d1/0x260
[ 1678.885462][T29528]    get_signal+0x11ed/0x1340
[ 1678.890138][T29528]    arch_do_signal_or_restart+0x9a/0x750
[ 1678.895883][T29528]    exit_to_user_mode_loop+0x75/0x110
[ 1678.901334][T29528]    __do_fast_syscall_32+0x1f4/0x2b0
[ 1678.906697][T29528]    do_fast_syscall_32+0x34/0x80
[ 1678.911704][T29528]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1678.918193][T29528] 
[ 1678.920503][T29528] -> (&new->fa_lock){....}-{3:3} {
[ 1678.925644][T29528]    INITIAL USE at:
[ 1678.929526][T29528]                    lock_acquire+0x120/0x360
[ 1678.935580][T29528]                    _raw_write_lock_irq+0xa2/0xf0
[ 1678.942154][T29528]                    fasync_remove_entry+0xf1/0x1c0
[ 1678.948850][T29528]                    sock_fasync+0x85/0xf0
[ 1678.954660][T29528]                    __fput+0x89f/0xa70
[ 1678.960473][T29528]                    task_work_run+0x1d1/0x260
[ 1678.966727][T29528]                    do_exit+0x6b5/0x2300
[ 1678.972652][T29528]                    do_group_exit+0x21c/0x2d0
[ 1678.978796][T29528]                    get_signal+0x1286/0x1340
[ 1678.984853][T29528]                    arch_do_signal_or_restart+0x9a/0x750
[ 1678.992045][T29528]                    exit_to_user_mode_loop+0x75/0x110
[ 1678.998889][T29528]                    __do_fast_syscall_32+0x1f4/0x2b0
[ 1679.005642][T29528]                    do_fast_syscall_32+0x34/0x80
[ 1679.012087][T29528]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1679.020230][T29528]    INITIAL READ USE at:
[ 1679.024632][T29528]                         lock_acquire+0x120/0x360
[ 1679.031309][T29528]                         _raw_read_lock_irqsave+0xaf/0x100
[ 1679.038776][T29528]                         kill_fasync+0x199/0x4d0
[ 1679.045181][T29528]                         sock_wake_async+0x137/0x160
[ 1679.051948][T29528]                         sk_wake_async+0x184/0x280
[ 1679.058616][T29528]                         unix_release_sock+0x768/0xd30
[ 1679.065539][T29528]                         unix_release+0x92/0xd0
[ 1679.071857][T29528]                         sock_close+0xc0/0x240
[ 1679.078096][T29528]                         __fput+0x44c/0xa70
[ 1679.084067][T29528]                         task_work_run+0x1d1/0x260
[ 1679.090672][T29528]                         get_signal+0x11ed/0x1340
[ 1679.097167][T29528]                         arch_do_signal_or_restart+0x9a/0x750
[ 1679.104936][T29528]                         exit_to_user_mode_loop+0x75/0x110
[ 1679.112386][T29528]                         __do_fast_syscall_32+0x1f4/0x2b0
[ 1679.119582][T29528]                         do_fast_syscall_32+0x34/0x80
[ 1679.126438][T29528]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1679.134766][T29528]  }
[ 1679.137257][T29528]  ... key      at: [<ffffffff99b1ef80>] fasync_insert_entry.__key+0x0/0x20
[ 1679.145948][T29528]  ... acquired at:
[ 1679.149737][T29528]    lock_acquire+0x120/0x360
[ 1679.154404][T29528]    _raw_read_lock_irqsave+0xaf/0x100
[ 1679.159884][T29528]    kill_fasync+0x199/0x4d0
[ 1679.164656][T29528]    mousedev_notify_readers+0x6f1/0xc00
[ 1679.170278][T29528]    mousedev_event+0x602/0x1320
[ 1679.175207][T29528]    input_handle_events_default+0xd1/0x1a0
[ 1679.181111][T29528]    input_pass_values+0x288/0x890
[ 1679.186226][T29528]    input_event_dispose+0x330/0x6b0
[ 1679.191502][T29528]    input_inject_event+0x1dd/0x340
[ 1679.196688][T29528]    evdev_write+0x2fc/0x480
[ 1679.201282][T29528]    vfs_write+0x27b/0xa90
[ 1679.205684][T29528]    ksys_write+0x145/0x250
[ 1679.210172][T29528]    __do_fast_syscall_32+0xb6/0x2b0
[ 1679.215440][T29528]    do_fast_syscall_32+0x34/0x80
[ 1679.220459][T29528]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1679.226950][T29528] 
[ 1679.229264][T29528] 
[ 1679.229264][T29528] stack backtrace:
[ 1679.235215][T29528] CPU: 0 UID: 0 PID: 29528 Comm: syz.6.6002 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full) 
[ 1679.235236][T29528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1679.235244][T29528] Call Trace:
[ 1679.235254][T29528]  <TASK>
[ 1679.235260][T29528]  dump_stack_lvl+0x189/0x250
[ 1679.235277][T29528]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1679.235290][T29528]  ? __pfx__printk+0x10/0x10
[ 1679.235306][T29528]  validate_chain+0x1f05/0x2140
[ 1679.235321][T29528]  __lock_acquire+0xab9/0xd20
[ 1679.235338][T29528]  ? kill_fasync+0x199/0x4d0
[ 1679.235349][T29528]  lock_acquire+0x120/0x360
[ 1679.235363][T29528]  ? kill_fasync+0x199/0x4d0
[ 1679.235376][T29528]  _raw_read_lock_irqsave+0xaf/0x100
[ 1679.235393][T29528]  ? kill_fasync+0x199/0x4d0
[ 1679.235404][T29528]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[ 1679.235421][T29528]  kill_fasync+0x199/0x4d0
[ 1679.235431][T29528]  ? kill_fasync+0x53/0x4d0
[ 1679.235447][T29528]  mousedev_notify_readers+0x6f1/0xc00
[ 1679.235469][T29528]  ? mousedev_notify_readers+0x2c/0xc00
[ 1679.235485][T29528]  mousedev_event+0x602/0x1320
[ 1679.235512][T29528]  input_handle_events_default+0xd1/0x1a0
[ 1679.235535][T29528]  ? input_pass_values+0x8d/0x890
[ 1679.235554][T29528]  input_pass_values+0x288/0x890
[ 1679.235570][T29528]  ? input_handle_event+0x70c/0xf30
[ 1679.235585][T29528]  input_event_dispose+0x330/0x6b0
[ 1679.235600][T29528]  input_inject_event+0x1dd/0x340
[ 1679.235615][T29528]  ? input_inject_event+0xb6/0x340
[ 1679.235629][T29528]  evdev_write+0x2fc/0x480
[ 1679.235640][T29528]  ? __pfx_evdev_write+0x10/0x10
[ 1679.235651][T29528]  ? bpf_lsm_file_permission+0x9/0x20
[ 1679.235664][T29528]  ? security_file_permission+0x75/0x290
[ 1679.235675][T29528]  ? rw_verify_area+0x255/0x4d0
[ 1679.235688][T29528]  ? __lock_acquire+0xab9/0xd20
[ 1679.235702][T29528]  ? __pfx_evdev_write+0x10/0x10
[ 1679.235712][T29528]  vfs_write+0x27b/0xa90
[ 1679.235733][T29528]  ? __pfx_vfs_write+0x10/0x10
[ 1679.235745][T29528]  ? __fget_files+0x2a/0x420
[ 1679.235761][T29528]  ? __fget_files+0x2a/0x420
[ 1679.235775][T29528]  ? __fget_files+0x3a0/0x420
[ 1679.235792][T29528]  ? __fget_files+0x2a/0x420
[ 1679.235808][T29528]  ksys_write+0x145/0x250
[ 1679.235822][T29528]  ? __pfx_ksys_write+0x10/0x10
[ 1679.235866][T29528]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1679.235878][T29528]  __do_fast_syscall_32+0xb6/0x2b0
[ 1679.235892][T29528]  do_fast_syscall_32+0x34/0x80
[ 1679.235903][T29528]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1679.235916][T29528] RIP: 0023:0xf7f32539
[ 1679.235927][T29528] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1679.235937][T29528] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1679.235950][T29528] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[ 1679.235958][T29528] RDX: 0000000000000918 RSI: 0000000000000000 RDI: 0000000000000000
[ 1679.235965][T29528] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1679.235971][T29528] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1679.235977][T29528] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1679.235992][T29528]  </TASK>
[ 1679.546265][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1680.080923][T29538] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6003'.