last executing test programs:

10m5.609861911s ago: executing program 4 (id=1945):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000280)={{0x1009, 0xfffd, 0x0, 0xffff}, 'syz0\x00', 0x26})
ioctl$UI_DEV_CREATE(r2, 0x5501)
syz_open_dev$evdev(&(0x7f0000000340), 0xaa54, 0x0)
creat(&(0x7f00000007c0)='./file0\x00', 0x0)
socket(0x22, 0x2, 0x5)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$UI_DEV_DESTROY(r2, 0x5502)
gettid()
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000001040)={0x1, 0xe, 0x9})
write$UHID_INPUT(r1, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b3907376d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)

10m4.67392159s ago: executing program 4 (id=1950):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000240), 0x400, 0x2883)
ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f0000000480)={0x0, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000a80)=[@text64={0x40, 0x0}], 0x1, 0x70, 0x0, 0x0)
r3 = dup(0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_procfs(0xffffffffffffffff, 0x0)
exit(0x0)
preadv(r5, &(0x7f0000000080)=[{0x0}], 0x1, 0xffff, 0x0)
r6 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r6, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x20}}, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r8=>0x0})
bind$can_j1939(r7, &(0x7f0000000340)={0x1d, r8, 0x0, {0x0, 0x0, 0x6}, 0xff}, 0x18)
sendmsg$inet(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048081)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={@dev, @local}, &(0x7f0000000100)=0xc)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r6, 0x200, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})

10m3.619073343s ago: executing program 4 (id=1960):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x5, 0x0, 0x7, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
ioctl(0xffffffffffffffff, 0x8cad, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
writev(r3, &(0x7f0000001800)=[{&(0x7f0000000480)="ba569265155abe35b50112697802e76ecbf166360b54f71aaf72c0f33a265a66da80f455a7b65ff99e7aaf3923fb89ff9662af580b965fb1200dd76cddb96e6408cbbbddd3cf952b32f11c621815ae82714a1a040d9d42c393a0d43a36f2f5854d20c038cbf977eeb34d92ce88f07e06f45ad5f19f7c32c8afd1f29f40ba6077f97c5adaefa2b6af8937f1960edb70331a859e16c00050f0c08b73b1bfc2df62e250f39c02f273db0098abe1108036ad911867a5750687325db904f523f62a93d8c8a53ca49f1898942c8e0e4c39d15e1365d45b8c62617673393be13f7ef2c8505671f12af725bdfd6fd7fc298ab9", 0xef}, {&(0x7f0000000580)="3a77f64d2bef1df02230c9d618c3f2c90d6e411c5b713639743b9754df889b8d9b4369b6d2a52b00fc891c78725c565222bbd0bdd467ae0255f4a4e65811f4e96304c057ab32711453aad2ca924519d223b95c593254135a00b77ee5471bf6f7b6555e45291bd8f535ce2a4ee35fa44dacae78cf7811fa5ec0125d63653b1c2adabee6a10dc2ce1aeecc19248f68d2cf9b851b657f801e1e3576571530fcae0585e4c863472c246183de516802051e32d1fd8a7999ce31ddd3f000d991909f69db86eb398b1e8d37c452fb6c9476f81c4f9318686d1c8b8d36ead7546547b6ed0e2afdf1ab58826a22a8746d818b27466833154413648f724cca11ce49bec779e63198bc0015e95335991f8a482aabe119be24e83ae8a2fce29fe4d33cdc9f71c16912fc8c68e7c25242cef3684a0c20d5b10950050e79949104705ac016cdd62a1d0b1ccbc5516d4be4957e6cfed4803bab1b332256ee34309aac9d013bb56e77c4b02f0c42fa2f30ca08afd50172895dccaf1d7bde1cea5faed111bdae510a84b7026fea2783ba51fb39b7c940bc11808275469aac3c7e5412c8a32425ca8127a61c7a179f8ef68a1230c67a39c869e358b35d8e7a1d41c39bf4ffeb73503936de9bcd3c2d6f061709e3f55edfb05fa2a67f63283e6c1f054d427a7388d1cd0eef104b301dee7e2d77a437cc5ec411c7feccb4a0349074003184e4a09c11c55d29336634d3ef03230c8df1302b0eba16e9240c9801ad9535451a5637d94312868ec4ab1b97a2a6f105960e6714a544ad66092b95219476d19e7b9f527cafe07c62146ac77948b575d0836323116d3ec8551530d9c935286a746f4edab8040ff731f847223f471064fa70c460f305c3ddb8e10ca1427c6e6bc71fe837718f0dccc68282c3a7de19737b26436d130073c65474d6d6992ad8aef5e291c8be29201640d920780cc0902826dc5ae83ef8ed3b84004ecf2af98fad08f878e171317fbe419edc796670530fedead75f8fc0fce7aeae13de368b2f18756c48317a0a8b1d89478d25f6595aeb1f71d2e245586c5329558fcb4e3b23f5858dd5347b644af58f6114e0c4961353529a86eabfcee3c3e7a2cc3466b0c2f323e51e81d095e9400122af2a253872e731b2aecd30f693a69ff732c7a725d891c95afb561d01b36faa57b483188bb71f450cfd2b79c2181392a627ce56eb947f879fcc22ea8a537060111545c21d6bc28affb77985991dcd1b1a3330c43c29b048ceaca0ff64c62cefb56d748805ceb039bb8832449165bed51788903c3b701ee4d5e65a3ae92b90d171409c280775bd43744f8f9d3e64cb3174fb776640f12ad4c4de969eac6fb2ebb40d90c95a2a59b6b8ce7953fa8f4b6e5f1abb9651cf01e0ffa786b09a45b3ea1e993b62f1dd2b512c3588ed8c8a0d93cfe1396274ad6cb4c296f7adc77f136fa46c2f5945c636264b070ffce547a2a9edef8efd065aae475286fa3af804c25eb5dff9a46cc7ccd71943fe312f3890c0654bee96443ebf2aab25379ffd0482b7ea284fb625534f3501275a1b2ec9b23b5ef7e8138c8ce9a32aac993c3f204147f8dbfabe590fa00c78d0f831a4a03d956ca916f35852b0dce03691bc9820ac92c736cbd26b2e2f465735c04644112d351b4a8e09fed66d2cd90d04e2250ec7d240de01d8f1b041a148f8f8c879b180a5024a09d25171ea2d914f0794ad3696c479963bbf77a4ec9b9924d29c61892893f8554f0c38c5f2799eef3f0960c755cef022c19aafc54a27246dbb8723609a28c0f532663b9fd30de3f5f4b20da2cbe7b348eef9f29cd4490eaad4ef9b020413be749729e8f2ce2f9e2c78407ba48841866656fe501548991fb116bb37e0b37072931585d3853d381f4bbe08bc4dc2d74d8a4147f1305d31fc8e6a8f0b512ed847b6778bda1bd8dd0b35a2be652458134f3ebc7f27e0df832a156c67200208e3132c41aa814d33862bf9a08e1ae5a2604597cf4f653f83638aae66884f3fbfa3c48fddf0abfcf78942ad53c2fab3bc84ea9e621ac01e1c79290486c7fa39a06ef90e35ed6d7137e06e6ae2821cea1292bb470d263d13fce9e50bd4a1b17b52b1f7a95b78e827edbb473a2436628e79dd016cdd55dbe9ffad01d034d16e1f9c6d56815efc0bcdaa200e7ea8a4b2b4320b685d1d39dbf9e3475c73933217d9d43fe22aae2eeb1d719828a549805f4deeb8204f3df25342a886fd178073cfc712e85b41fca8cd51f64740a662b000ebcbd20aadf60763ffd7696ea8394a93cae091b986edb5f55de41fc7f43b310f1fc1d3447610bc51104123e41a32880508cd4603de3cc3d9d527310a2450646ce261bdc20dd0ae724d254dc9292bd0c6aaa507ab332d138d24692f88c24d648dd2f6aacc14450344fb32f9b09cc8828bacef1a7cd2b2efa6a9c14626c341c6e73b809849f4cd8ffc0d7db0b0669b8723597f7e3cd23b6578eeefdd2077c76dc25e0d19e7c37cc6a6176d44f1088069488fc494289076dc2b4915d8bb06b359df36f2dc4b585a50ac4c6ff21806472256335a3456712f6eabc626759664074069ad9e4dd51ee926d3d8b80abdfa41ab0a87e1e60e705b76b846bb46763d21e13a2595030a1ddcac6d18791ab5fb2e85109a138bc73d1431a7360cba5f625b47ed5eb194d9a780df52caa7f3ca9ce4d63413327f47dc9ff9ae2040df505d5bae2c8e4954ad59dc8cd8216e47e320df87452053d350d893a433af8644988832e81d8882f392ec7b1e44ea5666bdf35159b6bbaa3d60439f1f1e1cd83d2f535b2da6e4bf3f593951dacf862dec5c922b61c8ef1f93c48b9e4edc3094a9aa51f4b66cc5b9c4160b21a0a5fc517a8b87ff17ac8202d1a9c4b327c39ea1aff244cb7a1c0414ae338aaa36fa47c23fdd42ceae927fa4eceb8045c7c1e42ddd5dfb89630c68c5167c63976c81a7b00c806b06b9bbbb5e96f73196d24dc093ff45e230a43a8465e253ecc5375fb7f4bd17aa0e8f01d792ec856919e77a183887995ea0e03a42a57be9e476ef2a8a7e692ef2957220c19d94be88d66cfdc363cf98131d432422cc53ce85cef33b56a63ef7d0d02a763f76a595aa01aadece69afed45d0df7210f25d8146e0f6a30b19f5edd1d3c5b2fe1a3b797fa1707c28091d5af8246178778eefb47100f030603fbc5861dc6036742ac21d95fc2baff7b73711acf797442aade2a1953a119c027d5dd3d521bb6112cd64f8431eaec50f2cd93cd9ec8ce9a32ccee5efc8f822f597514cbac756260c1f9081e67a51e0bc8ee9021f08b6e91217eee0b90f42d53f95de44f983acbc8be701e8b7c9105b7185d08348d9c817c9d5455973f73deabb058508c54b7934fe188d73c9c8f1807590afc3ca03edc5f3b3de44dfbac633e90a518ee080f7149477fcec185322b6510015cd3633fe1fbf0f73b3a8aea944b5ce20cadabe27cb0508dac42afb8739f79d1d7b18b10a500c4381c272566fc258e91eab1bcbe17a859cb99a9578872cb0c578574818c0236392f4e3fa5ff43b241cd3b93fcf5975abf6d5cb536aae10713f8f1ab31008ef7fc8d81cfa22d54c1e3f9a58f0343cb897fdfeba343a6dc1224615e605bd3f43e3065f50736263991b75eacc8d32a24893e18d12850ee714fb32c7a5a7e86d3be64b78cad3c04ad70ea9ea7b2d81d1a509a5dc797f07ec7269e93f2f38aff0727550fd0d0a586e0daceb1057835f864a199a7e0a0d9bbadb8b6af7cad340677e48ad4c181d00c33943b46df19278956d69e09f5f8aa67cab61c7684d18438d5fd9abf3608485d5ca665d8080d3efefba7e5506a4497bfc6ad8b51302fa7ef8ab30e85bc68a615b3e2db5b4c88aa8b2e1e3f8c8eadb59d087fbdf837d4cfc05241f01869e1185a211aa19f46bedba3982c1f8517db9665cb79ef4b5e7d683f37b41fec55a9a47a505b7af3760eade864866255e821da501a4b5ce2ce028d0a64daaf47f459a2ade78da1734e7b9ca703e5e1f80def2e4df8ba239d0e3f1efab1ad68395fe12763f4754b88a2881081ee266a8690ec6fe70418f46ba9772c5c5fb53eb4772b391a4eeefc7bc1451f411033fda48412cb91d7d398527ea440f492977e8806ed305beb073ddb7b2912a67749ed92e33926ee080c72cb78df94862a78557c0586fcd7bbc403f0b61d0c5001946db93ab2994e0464f36e0c95a9b07b88fc4af7a9c8765b76f5dbdd94d74b2f7c4be5b258f7be2d0cfdd787ecb776da695c23da7a4a28dba924d6e63fe43109a9b1bed9ef1333bf312bfe62a9eecdaf89135abfa2b62ab1186bfbe8fa5fe4ef9831cc2ef5621819da3d52b5011f52e928ce7e8d0d88d68598dd47a48ab0a4a2cea648f14bd22578e3e536f7c007aeed4d152027a3de61f03a776f30fb24a645610ac4fe969c187b087e4d23e398af79eaa3ec563309b4a8f802a9eabcbaf7d5cf851a67cac2152c63505adc2d29038f4099e2abba48f5239f32352b51ce657dd0a04fa057cba19b9e33a835e9bff664dbf17a301f3dd46ef29b2a8e50ecbee6b4d61d140605c40e5a57f6f4411c137766944e89e0398a18d31608e6328e0e621520ecfbc155762f12266279119b5f3fba410d6792553b426843cce0af761e5d7863521c84e214dee81fb9a86a78ba2ea458f7b7124c6fea2519240ba1a8da6584e98d9f47528cc83c69ac2b90e9eaa7fe1dfe34d51b160af52579db5f8c4d7128b54d2c32aa91563381051c645b02f6a2d7002a09a5f3402a733bf5c3739fcb0cc22cfbbe19a9ebef85d5dca92a5c6a555d607e9300ec73e60be44bd1cc0d25dc408c0e208313fff5ead0ac77b72fd2850779641a78a9a2dde6aed678c43cf9613897d1da0831af573c30744a4c8002e609f030c7cbc016e716e630567b9e1ccf628256900641ed535e4491baad3c6415795d485d1044a2fac6294c03822c47750b18514572116db13594ad27372095d09d37ca2c2d308d6cfd918b8bc802991d4d34469e806d47c533ccac85359096a2f478e9095cadd8d2e8d5c6b4ba8a4e9c5d93ba506050d4ed9325c9b562146361cfd12767cdbe03ce08474102dc0966e3d3d0572c834812f8ccbd6682d656a6dd4c8fc7765b863a7b0a7744f0a564aca861b0ff4d4d65346c28e5d5e4911328de5771dfb1e8cab257db6ec03c8e19e4ac218c55d0bb1ac6a148b0e56b34b535f45acd99970718acdd3d8f6b5d1c69ee78cdf8c5363fe19d9804de6ede17b17a0e81504bb03bf87c26b66d3b98f081e11daaf886cce036c885244ac9d8f5e588b0bbb8c55054af39fffd38f14cb282fbf92fd1181a724cb8035592467517016ce167b6d29a3aa5b09ff650e67b9ca4f146203d9f95cdc8deb115338b3b723cee9a877d537462ef6fe2efc21d89441c557cc0088efedd5af820c9dd26d2c831e0d2dae773e3da7923faf6795847b3c429845ebba28cedecd02a207168dc620bb3a7f14b62bc67d5a066c5bd6cdca123df1a3f6914a98b3a6e5a24b2d1cdaac40905a028d33bbd378a4d9034878ecf06a8025bf6c9323eb0f72bf3f6ffaa17260802aa565170f6c60ffc1b141071a8a5ddeb31770034285d4c3de259f3b660031cc578f8027b39701c10c40aa1e26dd2be3c3b8d1e555a27e7f1fc830665f55ae73e7e299b97b9542cd479601c85d62bc1c94cb9e9587454a514d0a9b0b86c8518037283fb80c4151a9ea22c0b1aa20072a5793980dacbe9fcecd06aab32fbaf9afb4651055b65e4aff5974589f6d99efc412cde0d59c65042be27717ccab5a821cec", 0x1000}, {&(0x7f0000001580)="f337055be5a15d0b90f1fa6ebfb3c2cf605382a598f93a09f7859a4c6cc28e7cfbd6b59ddcbbc0d30eefb28f0dc37d9e319af9ae4236242927d37d6c38318726157540d473ffb679c57f96066995a89339c82151d6359e9f9932", 0x5a}, {&(0x7f0000001600)="3835e86f0427eff733509dbb38e19ebd2f182d4b919cedca981a6f6d85f832a7b08ed6bba62c856a5274a992b0cbb8e7668354fd07ddc34f6a9ef42f586a105be0b3ef7101c7fb350ccbf948fe9f718cad3fa56b28ff565956ecb413b0c101c96e640e0612121e2a43bf6dd224b0dd60c37ca2b6251bd2f7d10fa12cc1c1", 0x7e}, {&(0x7f0000001680)="4e9bcd34800a34a1bf39bc4ecbd35f3dd2de5823e69c430611e7fec625fb7f9f23e5208f0504ff718be3f4da19151afd212d7ebeb83bb50908ae7ca7bf10e92ddc667abb5d810ba761f4d4469afc4f45bcea5889c2c6f0156e78f6", 0x5b}, {&(0x7f0000001700)="06e3fbc4cd279827aa630eb86aed2a496dc12074fcc4f84d72456de3fce38dc4b4e1d4e63bcc07d0b96cba1adbdccb6b72386004c73d07c9f70dc116be777260b2745adfaba6970848a165e481aa779b2838fb2789628ccfd098", 0x5a}, {&(0x7f0000001780)="d24126bb759a3e2875abb6c798e28ae499d990cfc774d7da8073863ba5076d6ca87ec916f1c54f11cc27c1079a5d073f718f75183972a793dbd5f043c97f256d03f1086ce0ea2f39b8e62712a1ef367f58a584a811", 0x55}], 0x7)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0xc100}, 0x4040)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
r6 = dup(r5)
socket$nl_route(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001880)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0x168, 0x9, 0x0, 0xb, 0x258, 0x250, 0x250, 0x258, 0x250, 0x3, 0x0, {[{{@ipv6={@mcast1, @remote, [0x0, 0x0, 0xffffffff], [0xffffffff], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c, 0x0, 0x1}, 0x6000000, 0x108, 0x150, 0x0, {0x0, 0x28e}, [@common=@inet=@ipcomp={{0x30}}, @common=@inet=@ipcomp={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x20}, 'dvmrp0\x00'}}}, {{@uncond, 0x0, 0xd8, 0x108, 0x0, {}, [@common=@srh={{0x30}, {0x4, 0x6, 0x5, 0x6, 0x6, 0x80, 0x20}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x10002, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x4c, 0x0, 0x0)
ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f00000000c0)={0x6, 0x10001, 0x1})
ioctl$KVM_SET_NESTED_STATE(r9, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="65660fc736b9230200000f320fc5b0040000000f0f10970fe8fa640f01cfc4e21d4501c744240000000000c74424021c320000c744240600000000c4e17de69222ad2eec0fc76e04b8200fae82ef66bafc0c66b8004066ef66b8296c", 0x5c}], 0x1, 0x0, 0x0, 0x0)

9m59.195100096s ago: executing program 4 (id=1971):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$NS_GET_OWNER_UID(r2, 0xb704, &(0x7f0000000200))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000300)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@appraise}, {@flag='rw'}]}}, 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x7, '\x00', 0x0, r5, 0x5, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r8, 0xc010640b, &(0x7f0000000180))
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@fallback=r7, 0x22, 0x1, 0x9, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r10 = dup(r9)
ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000070000040"])
syz_usb_connect(0x0, 0x36, &(0x7f00000017c0)=ANY=[@ANYBLOB="120100034c4d70201e04193f529b0102030109021e0001020530020904bd0b01ffb23b020a240105000702010209050d0dff03030564"], &(0x7f00000020c0)={0x0, 0x0, 0x0, 0x0})

9m57.354899414s ago: executing program 4 (id=1978):
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028008"], 0x44}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x2a0, 0x2c0, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x3, 0x77, 0x7, 0x2}, {0x6, 0x5d, 0x8, 0xf}, {0x0, 0x7, 0x4, 0x5}, {0x200, 0x10, 0x4, 0x401}, {0x2, 0x7, 0x9, 0x7}, {0x8, 0x2, 0x40, 0x80}, {0x7, 0x10, 0x4, 0xc27e}, {0x0, 0x8, 0x1, 0x9}, {0xa66, 0xf9, 0x2, 0x40}, {0xf207, 0x18, 0x1, 0x6}, {0x2, 0x8, 0x6, 0xb6}, {0x0, 0x5, 0x5, 0x4}, {0x9, 0x7f, 0x5, 0x2}, {0x5, 0x2, 0xf, 0xc00}, {0x1, 0x9, 0x2, 0x54}, {0x3, 0x2b, 0x2, 0x3}, {0xffff, 0x5, 0x6d, 0x7}, {0x6, 0xa, 0x5, 0x51d8}, {0x8, 0xe, 0x5}, {0x0, 0x40, 0x7, 0x88}, {0x7, 0x2, 0x6, 0x3}, {0x98d, 0x2, 0xff, 0x5}, {0x81, 0x1, 0x3, 0x7f}, {0x1, 0x2, 0xc0, 0x86f}, {0x8, 0x2, 0x9, 0x6}, {0x7, 0x75, 0x7, 0xd}, {0x6, 0x6, 0x6, 0x8001}, {0x120, 0x5, 0x2, 0x3dbd}, {0x5, 0x8, 0x9, 0x1}, {0x0, 0x3, 0x9, 0xff}, {0x0, 0x4, 0x0, 0xfffffff8}, {0x7, 0x1, 0x9, 0xd}, {0xfff, 0x7, 0x0, 0xbc}, {0x0, 0x4c, 0x8, 0xff}, {0x8, 0xc0, 0x80, 0x4}, {0x1, 0x1, 0x0, 0x508d}, {0x1ff, 0x5, 0x81, 0xd}, {0x0, 0x0, 0x2, 0x5}, {0x401, 0x3, 0x80, 0x9}, {0x9, 0x2, 0x0, 0x8}, {0x0, 0x1, 0xfb, 0x7}, {0xa, 0xff, 0x1, 0x7fffffff}, {0x7, 0x4, 0x7, 0x40}, {0xa, 0xc, 0x6, 0x5}, {0x9, 0x8, 0x7, 0x10000}, {0xe9, 0x6, 0x3, 0x3}, {0xb, 0x7, 0x7, 0x200}, {0xe, 0x5, 0x6, 0x2}, {0x9, 0x5, 0x0, 0x1}, {0x9, 0x1, 0x7, 0x1}, {0x1c0, 0x5, 0x2, 0x8e1}, {0x0, 0x5, 0x0, 0x7f07}, {0x6, 0x0, 0x1, 0x1ff}, {0x2, 0x28, 0xfc, 0x8}, {0x6, 0x3, 0x7, 0x2}, {0xa, 0xc5, 0x4, 0x3}, {0x3, 0x71, 0x8, 0x7}, {0x6e, 0x2, 0x0, 0x8}, {0x0, 0x7, 0x7, 0x10000}, {0x9, 0x7, 0x5, 0x7}, {0x100, 0x8, 0x3}, {0xd34, 0x7, 0x8}, {0x9, 0x9, 0x1, 0x80000001}, {0x6, 0xfe, 0x3, 0x3}], {0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x488) (async)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x2a0, 0x2c0, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x3, 0x77, 0x7, 0x2}, {0x6, 0x5d, 0x8, 0xf}, {0x0, 0x7, 0x4, 0x5}, {0x200, 0x10, 0x4, 0x401}, {0x2, 0x7, 0x9, 0x7}, {0x8, 0x2, 0x40, 0x80}, {0x7, 0x10, 0x4, 0xc27e}, {0x0, 0x8, 0x1, 0x9}, {0xa66, 0xf9, 0x2, 0x40}, {0xf207, 0x18, 0x1, 0x6}, {0x2, 0x8, 0x6, 0xb6}, {0x0, 0x5, 0x5, 0x4}, {0x9, 0x7f, 0x5, 0x2}, {0x5, 0x2, 0xf, 0xc00}, {0x1, 0x9, 0x2, 0x54}, {0x3, 0x2b, 0x2, 0x3}, {0xffff, 0x5, 0x6d, 0x7}, {0x6, 0xa, 0x5, 0x51d8}, {0x8, 0xe, 0x5}, {0x0, 0x40, 0x7, 0x88}, {0x7, 0x2, 0x6, 0x3}, {0x98d, 0x2, 0xff, 0x5}, {0x81, 0x1, 0x3, 0x7f}, {0x1, 0x2, 0xc0, 0x86f}, {0x8, 0x2, 0x9, 0x6}, {0x7, 0x75, 0x7, 0xd}, {0x6, 0x6, 0x6, 0x8001}, {0x120, 0x5, 0x2, 0x3dbd}, {0x5, 0x8, 0x9, 0x1}, {0x0, 0x3, 0x9, 0xff}, {0x0, 0x4, 0x0, 0xfffffff8}, {0x7, 0x1, 0x9, 0xd}, {0xfff, 0x7, 0x0, 0xbc}, {0x0, 0x4c, 0x8, 0xff}, {0x8, 0xc0, 0x80, 0x4}, {0x1, 0x1, 0x0, 0x508d}, {0x1ff, 0x5, 0x81, 0xd}, {0x0, 0x0, 0x2, 0x5}, {0x401, 0x3, 0x80, 0x9}, {0x9, 0x2, 0x0, 0x8}, {0x0, 0x1, 0xfb, 0x7}, {0xa, 0xff, 0x1, 0x7fffffff}, {0x7, 0x4, 0x7, 0x40}, {0xa, 0xc, 0x6, 0x5}, {0x9, 0x8, 0x7, 0x10000}, {0xe9, 0x6, 0x3, 0x3}, {0xb, 0x7, 0x7, 0x200}, {0xe, 0x5, 0x6, 0x2}, {0x9, 0x5, 0x0, 0x1}, {0x9, 0x1, 0x7, 0x1}, {0x1c0, 0x5, 0x2, 0x8e1}, {0x0, 0x5, 0x0, 0x7f07}, {0x6, 0x0, 0x1, 0x1ff}, {0x2, 0x28, 0xfc, 0x8}, {0x6, 0x3, 0x7, 0x2}, {0xa, 0xc5, 0x4, 0x3}, {0x3, 0x71, 0x8, 0x7}, {0x6e, 0x2, 0x0, 0x8}, {0x0, 0x7, 0x7, 0x10000}, {0x9, 0x7, 0x5, 0x7}, {0x100, 0x8, 0x3}, {0xd34, 0x7, 0x8}, {0x9, 0x9, 0x1, 0x80000001}, {0x6, 0xfe, 0x3, 0x3}], {0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x488)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xa, {"a2e3ad214fc752f91b2909004bf70e0dd038e7ff7fc6e5539b326c078b089b3b083844090890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b333b0d076c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0afc9397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6258742317662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab96b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e0088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76ccc2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c826467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb204466cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2e57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849d11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f9d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f0712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073da5b0000d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1ccced94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89234b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d876a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

9m55.799650139s ago: executing program 4 (id=1985):
socket$kcm(0x10, 0x2, 0x0) (async)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800"], 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) (async)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0x219) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x7a, 0xdd, 0x15, 0x20, 0x545, 0x8080, 0x301, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x62, 0x0, 0x0, 0xa1, 0xc3, 0x85}}]}}]}}, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
socket$inet6(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000000240)=ANY=[], 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8400, 0x0) (async)
pipe(&(0x7f0000000080)) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32=r3, @ANYRES64=r4, @ANYRES64=r2, @ANYBLOB="ed"], 0x20)

9m55.337976474s ago: executing program 32 (id=1985):
socket$kcm(0x10, 0x2, 0x0) (async)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800"], 0x0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) (async)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYRESDEC], 0x219) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x7a, 0xdd, 0x15, 0x20, 0x545, 0x8080, 0x301, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x62, 0x0, 0x0, 0xa1, 0xc3, 0x85}}]}}]}}, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
socket$inet6(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000000240)=ANY=[], 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8400, 0x0) (async)
pipe(&(0x7f0000000080)) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32=r3, @ANYRES64=r4, @ANYRES64=r2, @ANYBLOB="ed"], 0x20)

5m30.771470302s ago: executing program 3 (id=2841):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000003180), 0x1, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000100)=@echo=0xff94)
r2 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmsg$kcm(r2, &(0x7f0000000100)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x80, @mcast1={0xff, 0x2}}, 0x80, &(0x7f0000001500)=[{}], 0x1}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001600)=""/4117, 0x1015}], 0x1}, 0x40000040)
r3 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000003c0)='net/ip_vs\x00')
read$eventfd(r5, &(0x7f0000000340), 0x8)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r5, 0x7a9, &(0x7f0000000080)={{@my=0x0, 0x9}, 0x400, 0x6f43dde2, 0x3fffd, 0x3, 0x4, 0xff7ffffc, 0xa, 0xffffffffffffff01})
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x12, r3, 0x0)

5m30.363019948s ago: executing program 3 (id=2843):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000711086000000000006000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r0 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f00000000c0)={@hyper})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f00000010c0)={&(0x7f00000000c0), 0x1, 0x4})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9, 0x9d, 0xc3, 0x20, 0x12d1, 0x7ef3, 0x5468, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x10, [{{0x9, 0x4, 0x59, 0x0, 0x1, 0xff, 0x6, 0x3d, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0)

5m28.763063986s ago: executing program 3 (id=2855):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabaaaaaaaaabb86dd60cedd0000103afffee0000000000000020000000000008d5a650b37bbfe8000000000000000000000000000aa8900907800fc000000000024"], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r2 = socket(0x1e, 0x2, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r3, 0x47f6, 0x0, 0x5, 0x0, 0x0)
shutdown(r2, 0x2)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000001840)={{0x3, 0x700, 0x7, 0x0, 0xf3a7, 0x46f58f0d}, 0x1e9, [0x8, 0xfb, 0xbc, 0x10001, 0x2, 0x2, 0x8, 0x3, 0x5f2, 0xd410, 0x3, 0x8, 0x101, 0x10, 0x39, 0x4825, 0x4, 0x5, 0x3, 0xfffffffe, 0xd3b, 0x80000001, 0x101, 0x2, 0xb0, 0x8000, 0x9, 0x4, 0x7, 0x7, 0x0, 0x0, 0x2, 0xe9b, 0xfff, 0x25bf, 0x0, 0x80000000, 0xfffffff7, 0xd29d, 0x4, 0x5, 0x2, 0xbf5e, 0x3, 0x3, 0x290, 0x0, 0x1, 0x2, 0xfffffff8, 0x8, 0x2, 0x12c, 0xe6, 0x5, 0x8, 0x3, 0x10001, 0x4, 0x2, 0x0, 0x0, 0xd, 0xbfd, 0x1ff, 0x7, 0x9, 0x760, 0x5, 0x7, 0x9, 0x9b, 0x8001, 0x0, 0x1, 0x3, 0x1, 0x80000000, 0xed, 0x1, 0x6, 0x1130, 0x6, 0x40000000, 0x8, 0x3, 0x6, 0x2, 0x0, 0x4, 0x4, 0x7, 0x6, 0x3, 0x541, 0x200, 0x3, 0xe, 0x5, 0x863, 0x5, 0x3, 0x3, 0x3, 0x10000, 0x7, 0x3, 0x5, 0x100, 0x0, 0x1861, 0x7f, 0x7, 0x8001, 0x5cd, 0x1, 0x3, 0x7ff, 0x73, 0x3, 0xffffff6e, 0x800, 0x2ff, 0x2, 0x9, 0x1, 0xea6d, 0x3, 0x401, 0x0, 0x7, 0x3, 0x80000000, 0x5, 0x2, 0x2, 0x3a, 0x2, 0x4, 0x4, 0x2, 0x1ff, 0xfdc, 0x3c, 0x0, 0x8, 0x6, 0xba5c, 0xcad, 0x9, 0x3, 0x7f, 0x2, 0xb, 0x8, 0x0, 0x3, 0x7, 0x400, 0x2, 0x9, 0x10, 0x7, 0x6, 0x8001, 0x7a, 0x90, 0x6, 0x3, 0x1, 0xc, 0x401, 0xa7, 0x2, 0x1000, 0x10000, 0x400, 0x1, 0x9, 0x6, 0x4000, 0x9, 0xc, 0xa, 0x486, 0x3, 0x2, 0x0, 0xa8, 0x3ff, 0xb6d5, 0x792, 0xa, 0x5, 0xd467, 0xc44a, 0x9, 0x4, 0x17a78b89, 0xfffffffe, 0x0, 0xfffffff9, 0x6, 0x6, 0x3, 0x7, 0x101, 0x2, 0xdbfd, 0x8, 0x400, 0xf84, 0x3, 0xa991, 0x5, 0x4, 0x101, 0xf510, 0x8b2a0, 0x1, 0xfff, 0x100, 0x4, 0x6, 0x7, 0x7f, 0x7d4efb6d, 0xffffffff, 0x9, 0x7, 0x2, 0xffff, 0x6aa7, 0x101, 0x10001, 0x7ff, 0x7, 0x3, 0x7fffffff, 0x40, 0x3, 0x1, 0x5, 0x6, 0x1, 0x4, 0x5, 0x5, 0x2, 0x6, 0x7, 0x940d, 0x4, 0x6, 0xffff0000, 0x5, 0x1, 0x1ff, 0x7, 0x7, 0x8, 0xfb60, 0x0, 0x1, 0x7, 0x4, 0x80, 0x43c9, 0x6, 0x7, 0xbad4, 0x6, 0x58, 0x6, 0xfffffe01, 0x8d, 0x6, 0x7, 0x6, 0x1, 0xe, 0x9, 0x9, 0x7, 0x2, 0xc, 0x7, 0x200, 0x400, 0x0, 0xb, 0x5, 0x7fff, 0x2, 0x9, 0x7fff, 0x4, 0x5, 0x9, 0x95, 0xffffffff, 0x1, 0x5, 0x6, 0x3, 0xffff7fff, 0x2, 0xb99, 0xfff, 0x79bbf960, 0x9, 0x7, 0x68, 0x8, 0x6, 0x3, 0x800, 0x8, 0x9, 0x8, 0x10001, 0xd7, 0x0, 0x7, 0x2, 0x424ab94, 0x8, 0x3461, 0x2, 0xf231, 0xfffffff9, 0x6, 0x8, 0xffffdacb, 0x4, 0xf, 0xe9a8, 0x40, 0x10001, 0x7, 0x8, 0x12, 0xffffff6f, 0x8001, 0x1000, 0x2, 0xd40c, 0x4, 0x9, 0x5, 0xfe, 0x4, 0x5, 0x2, 0x6, 0x2, 0x10001, 0x1, 0x0, 0x3ff, 0x1, 0x8, 0x9, 0x2, 0x101, 0x0, 0x8, 0x80000001, 0x9, 0xe7c, 0x2, 0x8000, 0x6, 0x8, 0x1, 0x400, 0x3, 0x5, 0xfffffffa, 0x3, 0x5, 0x1, 0x9, 0x2, 0x8001, 0x4, 0x800, 0x0, 0x10000, 0x9f1, 0x7fffffff, 0x0, 0x47b6, 0x3, 0xd0, 0xfffffffa, 0x7, 0x4, 0xc4, 0x8, 0x2, 0x3, 0x8, 0x4, 0x401, 0x8001, 0x9, 0x7, 0x101, 0x8, 0x9, 0x7, 0x80000000, 0x1, 0xfffffffa, 0x1, 0x1000, 0x5, 0x3, 0x1, 0x5, 0x3, 0x5, 0xfffffff8, 0x2, 0xc1cb, 0x2, 0x80000001, 0x7fffffff, 0x71, 0x0, 0x701, 0xfffffffd, 0x3, 0x7, 0x4, 0x3, 0x7, 0xfff, 0x8001, 0x7, 0x3ff, 0x8, 0x3, 0xb, 0x6, 0x41c, 0x6, 0x400, 0x8, 0x10000, 0x6, 0xffff4a08, 0x6, 0x3, 0xc, 0x1, 0xfffffb1a, 0xfffffff8, 0x3, 0x4, 0x3, 0x1, 0xd06e, 0x0, 0x4, 0x5, 0x10001, 0x5, 0x56d2ff50, 0x95, 0xf, 0x0, 0x9, 0x40, 0x200, 0x8cff, 0x96d, 0x5, 0x7a, 0x6, 0x10, 0x30000, 0x1, 0x7fffffff, 0x5, 0x1, 0x8000, 0x7, 0x7a, 0x1, 0x3, 0x4dd, 0x1, 0x3, 0x5, 0x9, 0x10, 0x2, 0x8001, 0x8000, 0x5, 0xfffffffe, 0x1, 0x10, 0x9, 0x6, 0x1, 0x6, 0x1, 0xb, 0x4, 0x5, 0x400, 0x2, 0x7fff, 0x6, 0x1a, 0x9, 0x0, 0x1, 0x3, 0x4, 0x7fffffff, 0x1, 0x3ff, 0x8, 0x7, 0x5, 0x81, 0x2, 0x7, 0x3, 0x9, 0x500, 0xffff, 0xac2cfd9, 0x40, 0x4, 0x7, 0x3ff, 0x4, 0xfffffffc, 0x9, 0x2, 0x1, 0x4, 0x7ff, 0xc, 0x401, 0x3ff, 0xe, 0x4, 0x9, 0x1000, 0x3, 0xa, 0x8, 0x4, 0x4, 0x4, 0x1, 0x6, 0x8, 0xfec, 0x3, 0xfff, 0x9, 0x5, 0x7, 0x6, 0x575d, 0x0, 0xfffffff8, 0x4, 0xb, 0x4b5, 0x80000000, 0x2, 0x1, 0x5, 0x400, 0xa, 0x6, 0x6, 0xfffffff7, 0x10001, 0x1, 0x8, 0x8, 0x5ed, 0x4, 0x6, 0x0, 0x4, 0x6, 0x7fffffff, 0x28, 0x7, 0x10000, 0x656b, 0xae, 0x4, 0x4, 0x0, 0xa, 0x2205, 0x0, 0xf19, 0x4, 0x3, 0xffffff22, 0x1, 0x2, 0x3, 0x3, 0x46, 0xe, 0x1, 0x0, 0x3, 0x3, 0x4, 0x10c5, 0x6, 0x397, 0x2769, 0x8, 0x95, 0x100, 0x46ee, 0x0, 0xb, 0x0, 0x74d, 0x1, 0x9, 0x0, 0x8, 0x7, 0x7, 0x80, 0x6, 0x3, 0x8d, 0x7609, 0x80000000, 0x0, 0x4, 0x8, 0x19, 0x5e0, 0x7, 0x2803, 0x1, 0x1, 0x2, 0x89cd, 0xad65, 0x6, 0x9, 0x4, 0x8, 0x0, 0x5, 0x8, 0x8, 0x9, 0x6, 0x1, 0x7, 0x5, 0xff, 0x670, 0x5, 0x8, 0x2, 0x6, 0x8000, 0x1, 0xcd, 0x10, 0x4, 0x0, 0x7f, 0x9, 0x7, 0x4, 0x4, 0x9, 0x1, 0xe, 0x6, 0x400, 0x0, 0x2, 0x0, 0x0, 0x7, 0xb8, 0x4, 0x5, 0x4, 0x0, 0x6b, 0x2, 0xfffff801, 0x4, 0xfffffffe, 0x1a, 0x101, 0x1, 0xf, 0xfffffffb, 0x8, 0x1, 0xa96, 0x4, 0x11, 0x5d, 0x1, 0x4, 0x1, 0xffff, 0x4c91, 0xc6, 0x1, 0x0, 0x6, 0x7, 0x8, 0x0, 0xa0, 0x7ab, 0x80000001, 0x9, 0x9, 0x9, 0x5, 0x3ff, 0xfffffbff, 0x0, 0x0, 0x0, 0x2, 0x8, 0x80000000, 0x7fff, 0x0, 0x2, 0x3453, 0x1, 0x3, 0xff, 0x8, 0x0, 0x9, 0x101, 0x8, 0x2, 0x8, 0xfff, 0x0, 0x0, 0x1, 0x0, 0x7, 0x7fff, 0x6, 0xffffffff, 0x8, 0xff000000, 0x8, 0x1, 0x9, 0x4, 0x0, 0x0, 0x2, 0x8, 0x6, 0x404, 0x3, 0x3, 0x2, 0xd69, 0x0, 0xfffffff0, 0x7ff, 0x8001, 0x9, 0x3, 0x752, 0x0, 0x6, 0x4198, 0x4, 0x5, 0x9, 0x7, 0x6, 0x9, 0x23a1, 0x80000000, 0x100, 0x0, 0xffffc9f6, 0x6, 0x8, 0x18, 0x3, 0x0, 0x3, 0x2, 0x10, 0x101, 0x2, 0xffffffff, 0x4, 0x1, 0x0, 0xcad, 0x8, 0x6, 0xf14, 0x6, 0x4, 0xffffffff, 0x40, 0x1, 0x515c, 0x3, 0x9, 0xfffffff8, 0x5, 0x2, 0x0, 0x7, 0x95, 0x7, 0x7, 0x0, 0xfff, 0xa, 0x7, 0x4, 0xd251, 0xf4, 0x3, 0x6, 0xfefa, 0xfffffffa, 0x1, 0x100000, 0x7, 0x6, 0x3, 0x6, 0x10000, 0x2, 0x4, 0x6, 0x800, 0xb38b, 0xfffffffc, 0x0, 0x4, 0x81, 0x35, 0x3, 0x7f, 0x9, 0x63c, 0x2, 0x200c, 0x65, 0x7, 0x0, 0x5, 0x8, 0x8, 0x9, 0x8, 0x3, 0x6, 0x2c9d6915, 0x4, 0x7fffffff, 0x3, 0xfffffff8, 0x7, 0x3ff, 0x1, 0x9, 0x40, 0xe61, 0x7, 0x6, 0xa95, 0x7d, 0x4, 0x4, 0x7, 0x6, 0x5, 0xb6d1, 0x9, 0x0, 0xe9770ce, 0x0, 0x81, 0x9, 0x2, 0x8, 0x6, 0xb, 0x2, 0x7ff, 0x2, 0x3, 0xe, 0x6, 0x6, 0x5bf1, 0x0, 0x7, 0x4, 0xfff, 0x4, 0xffff, 0xfff, 0xfffffff4, 0x3, 0x4d1, 0x2, 0xfffffffe, 0xd48d, 0xb, 0x2, 0x7fff, 0x2, 0x8000, 0x9, 0x9, 0x1, 0x8, 0xf3ee, 0x0, 0xf92, 0x11, 0x2, 0x8, 0xb34a, 0x5, 0x4, 0x2, 0x5, 0x0, 0x6, 0x6, 0xfff, 0x81e, 0x9, 0xfff, 0x1ff, 0x9, 0x2, 0x7, 0x40000, 0x1, 0x7ff, 0xfffffc00, 0x0, 0x0, 0x0, 0x2, 0x1, 0x2, 0x80000000, 0x5, 0x5, 0x3e, 0x7, 0x3, 0x6, 0x7, 0x80, 0x10000, 0x1, 0x5, 0xffffffff, 0x1, 0x9, 0x3, 0x599, 0x8f00, 0x0, 0xfffffffc, 0x1, 0x2, 0xb040, 0x912, 0x2, 0xb9e, 0x2, 0x4, 0x1, 0xfffffff8, 0x0, 0x40, 0x9, 0x3, 0x170d, 0x6, 0x505c, 0x400, 0x5, 0x7, 0x3, 0x5, 0x7, 0x2, 0x2]})
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000100)=ANY=[])
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000001c0)=@mangle={'mangle\x00', 0x10, 0x6, 0x1568, 0xd0, 0x0, 0x12a0, 0x0, 0xd0, 0x1498, 0x1498, 0x1498, 0x1498, 0x1498, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28, 'HL\x00', 0x0, {0xfe}}}, {{@ipv6={@dev, @loopback, [0x0, 0x0, 0xff000000], [0x0, 0x0, 0xffffffff], 'pim6reg\x00', 'sit0\x00', {}, {0xff}}, 0x0, 0x10d8, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x1, './cgroup.cpu/syz0\x00', 0x40, {0x9faf}}}]}, @HL={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x36}, @private2={0xfc, 0x2, '\x00', 0x1}, [0x7f8000ff, 0xffffff00, 0xffffff00], [0xffffff00, 0xffffff00, 0xff000000, 0xffff00], 'wlan1\x00', 'macvtap0\x00', {}, {0xff}, 0x88, 0xb, 0x5, 0x4}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @local}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xffffff00, 0xffffff00, 0xff], [0xff, 0xff000000, 0xffffff00], 'veth1_to_batadv\x00', 'geneve0\x00', {}, {}, 0x73, 0xe, 0x6, 0x58}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@srh={{0x30}, {0x3b, 0xe, 0x0, 0xb5, 0x8, 0x280d}}, @common=@ipv6header={{0x28}, {0x30, 0x32}}]}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x3, 0x9}}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0x0, 0xffffffff, 0xff, 0xffffffff], [0xffffff00, 0xff, 0xffffffff, 0xffffff00], 'wg0\x00', 'pim6reg\x00', {0xff}, {0xff}, 0x2e, 0x2, 0x2, 0x5}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x15c8)
syz_io_uring_setup(0xd4, &(0x7f0000000480)={0x0, 0x0, 0x2, 0x0, 0x3}, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES8=r8, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="a9699b0ecf5b8a"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
syz_genetlink_get_family_id$team(&(0x7f0000000040), r8)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'dummy0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x3, {0x0, 0x0, 0x0, r11, {}, {0xfff1, 0xffff}}}, 0x24}}, 0x4800)
syz_genetlink_get_family_id$ethtool(&(0x7f00000017c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000001800))
r12 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0xa2)
read$FUSE(r12, 0x0, 0x0)

5m27.999827706s ago: executing program 3 (id=2861):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x8402)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000280)={0xa, 0x100, 0x2, {0x8003, 0x4001000, 0x85}})
r2 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', r2, &(0x7f0000000080)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000180)={0x100000011, @multicast2, 0x0, 0x0, 'wrr\x00', 0x35, 0x1000, 0x200062}, 0x2c)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000001140)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103", @ANYRESHEX], 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSABS20(r8, 0x401845e0, &(0x7f0000000080)={0x8, 0x0, 0x4, 0x5, 0xffff, 0x4})
pipe(&(0x7f0000000040))
r9 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_ifreq(r9, 0x8931, &(0x7f0000000000)={'dummy0\x00', @ifru_hwaddr})
close_range(r7, 0xffffffffffffffff, 0x0)
r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r3, 0x6, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000240)=[r10, r1, r1, r4, r4, r5, r6]}, 0x7)
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r11, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)

5m24.816995894s ago: executing program 3 (id=2869):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="c5bab9c6f1cb41f2240012800b0001006272696467650000140002800500180001000000050017"], 0x44}, 0x1, 0x0, 0x0, 0x20004850}, 0x10)
r1 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
ioctl$VHOST_VDPA_SET_GROUP_ASID(r1, 0x4008af7c, &(0x7f0000000000)={0x1, 0x230})
r2 = syz_open_pts(0xffffffffffffffff, 0x20c8c0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r3, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e')
socket(0x9, 0x80000, 0x86)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r1, 0xe)

5m23.873864871s ago: executing program 3 (id=2873):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'xfrm0\x00', <r1=>0x0})
r2 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000140)=@fd={0xb050, 0x6, 0x4, 0x10, 0x7, {0x0, 0xea60}, {0x2, 0x8, 0x3, 0x40, 0x2, 0x85, "797abeda"}, 0x9, 0x4, {}, 0x5})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r1, {0x2}}}, 0x24}}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @private2}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.self_freezing\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
connect$inet6(r4, &(0x7f0000000280)={0xa, 0x4e24, 0x3, @local, 0x7}, 0x1c)

5m23.00605804s ago: executing program 33 (id=2873):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'xfrm0\x00', <r1=>0x0})
r2 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000140)=@fd={0xb050, 0x6, 0x4, 0x10, 0x7, {0x0, 0xea60}, {0x2, 0x8, 0x3, 0x40, 0x2, 0x85, "797abeda"}, 0x9, 0x4, {}, 0x5})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r1, {0x2}}}, 0x24}}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x99f}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @private2}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71006000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.self_freezing\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
connect$inet6(r4, &(0x7f0000000280)={0xa, 0x4e24, 0x3, @local, 0x7}, 0x1c)

2m42.918864837s ago: executing program 1 (id=3343):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r1, 0xc01c64ae, &(0x7f00000002c0)={0x0, 0x400, 0x0, 0x7, 0x8, 0xffffffff, 0xfffffffc})
socket$igmp(0x2, 0x3, 0x2)
sendto$inet6(r0, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
shutdown(r0, 0x1)

2m42.583298286s ago: executing program 1 (id=3347):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x46303, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) (async, rerun: 32)
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58) (async, rerun: 32)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1, 0x5, 0x2000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async, rerun: 64)
r3 = dup(r2) (rerun: 64)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001}) (async)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0xeeef0000) (async)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x80000e6, 0x55e, 0xffffffff, 0x4, 0xffffffffffffffff, 0x7, 0x8000000000000001, 0xb, 0x4, 0x80, 0x6, 0x794, 0xffff, 0x40, 0xc976, 0x9], 0x2, 0x21600}) (async)
socket$inet6(0xa, 0x2, 0x0) (async)
syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x400000)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
openat$dir(0xffffffffffffff9c, 0x0, 0x404040, 0x105) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0xffffffff}, 0x0) (async)
sync()
getdents(r4, &(0x7f0000000140)=""/72, 0x48)
socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x28, 0x4, 0x4e}, 0x2c)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) (async)
setsockopt$IP_VS_SO_SET_FLUSH(r7, 0x0, 0x485, 0x0, 0x0) (async, rerun: 64)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r6, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x20040090) (rerun: 64)

2m42.197127764s ago: executing program 1 (id=3349):
r0 = userfaultfd(0x801)
getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, 0x0, &(0x7f0000000400))
ioctl$sock_ifreq(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'vlan1\x00', @ifru_addrs=@rc={0x1f, @none, 0x1}})
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000001200)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000ef0285b72eae795b11ad261777db75186baf0b2792ade1f10772662181fe046096c5df696334e2d8363970c8c3b029c88880576b08935b03795560230500ef286f21c974d520c247fd200851f90b2dd5e5f6b23909a23ee27007dae2a0fdf92809a931196df3be84781f7ecafa0a4bcf7e01a23999fdfb4b490f6cfe5edf3850576acb265f2ee288a85dfe7c79e969b738dbc61171dfd8f5e33fbf1ee05bc5bdeb164dc2458455e3ba438c9109dd001ad93df3fc235bed50ffce5ea79cfc8cf7d53a031691362ba21394bd614ec41f636ec0e299e370f5631acfab5a6519a36f963679457241bc05a307f8be0c828a43ed21ecdd1ee2b9b7ae315e5b515c71c39bf4b45f5e3f7cd3f6404fc93cf55949f0c3a7b87f86120153725784e98975c7617ffc7e8cc497f437853d9c04b195fa52848dd1555796b3cdf2527d7929631cca05e27c28566d2c47699bc6c3f5f76680c1db20c3089a3bdc5b44d224a0b3c2ca8087486aead1d034d94d32ad677b28b10ed58f8de2d5a8d25c7cae49ba35be16888ea8da622daf5f0f02d9c08752113ab1ec2bde50940e9bf33f91a6c5056aabc04eedfeb6535540e5c027ff4df6589cb47171bfbb564a2350564f4bdbcf4e048f2b34570d5ef2bb7939256325574c3bf96f022efde18e9274d5d40af19b0afe0c774b56ff010000bf8be42828b4cb3d6cf6930f5c4c71563e4eb0d341dc742bdb802b498fef8490b52ad16e131d8e3142ef3ffba81085ce4a028c7af46774b391e2124fcd93ff05c21ad0da384ff0017957481ee790b301e3e817c3b651bb99090189eed2862f89e6b5ca8e62a5f5ff0dc6ed83392fd551d0eedc491b3df83509d2fa1023eb77b8a13de09e22a7f19088bcbd8f47ad5a964ab6bbb94784d31b397229ae3fb66ffe0e9913d32301c844e58f000094f5766dc1ca5e8cfee332a28809591c14098f71a7bdcb88186bcd36a2ecce33a3048f6f97e14dac56e84a1fdfdee2bcd21132632905c060b3aca1d4446f456e2088e7257d575e8465d7ed767e415a616d1458a32e904a1ffaf090c2884d4a56958ab143cdb95b6c39e04010b888bd95b09d50d7e6c5c084aa8cdc21890b8ff3072ca215dde339bef126b07eb835d28f977ab43670412afe8361b60bf361aa4d351214801c57dad50ad6179a7507011e3060badbe396b3fb928c7e8b"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x185, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2, 0x0, &(0x7f0000000300)="1dc25645f4b230d1d8f005824c78ba746fd985a21b98b3e5e43365af3265c79d6c4ebbe9e141adc8175e5324bf3d689f7135bde2f706ee8025b986b0dcf5092de087fe86e34f9ec6f4b96b43cdd5dca80c626d7cba3c8fb772724a6221fde98137b0cf74b2ee3ebe28a1bfea19c38ee865b8a36e2b6246d04b36dfc8d05d1f30747c4b39e2b8391a66edd549000048bd110b093d9a764fc0c22a6bdc29ead4d876e6", 0x4}, 0x50)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
socket$tipc(0x1e, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x8e}]}}, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000300))
socket$inet6_tcp(0xa, 0x1, 0x0)

2m40.085185677s ago: executing program 1 (id=3357):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000900)=@abs={0x0, 0x0, 0x4e21}, 0x9d)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
mincore(&(0x7f00003ce000/0x2000)=nil, 0x2000, &(0x7f0000000080)=""/225) (async)
mincore(&(0x7f00003ce000/0x2000)=nil, 0x2000, &(0x7f0000000080)=""/225)
syz_usb_connect(0x0, 0x24, &(0x7f0000001080)=ANY=[@ANYBLOB="120100007882b740422c0917b7ca0102030109022a0001000000000904000000bf60e700"], 0x0)
setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f0000000180)=ANY=[@ANYBLOB="03020e00000008008fdc5334b8eb51201b2400497adcacc6bd7d822ec22b9fb2795ed7c7fb20da16ea058d368354bb42e240d7b10d8a7454c9353f5ba00a00b9bf046a71ffe37571e14268df90d54c5c2ba664361acd7d76783adfabd5a3970d7bf21b0d7e1c06eb56c455c040d425ff034f884c2f99ece2bc5a182fcbbb008cd118462c360735bb79c21177fbfd271cede4248678f575eee3509a9f9a8e70ce71d9255c7975c4b89d880bd3b4359af5140d7610c813b2ef53dc6822ca87c2cbcf47787ab0b825550dc0009d02322068a0e8783d1396a98dfbd0f0c729a80e71e34bf9232dd770093c654a6fe326e28389a0a95f31bb4beb226e3d41eadf835aa2369042aebbf46b2ef6ad17a42b4f45def7eb303912477dd64fb38375caf00f2b"], 0x98, 0x0) (async)
setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080), &(0x7f0000000180)=ANY=[@ANYBLOB="03020e00000008008fdc5334b8eb51201b2400497adcacc6bd7d822ec22b9fb2795ed7c7fb20da16ea058d368354bb42e240d7b10d8a7454c9353f5ba00a00b9bf046a71ffe37571e14268df90d54c5c2ba664361acd7d76783adfabd5a3970d7bf21b0d7e1c06eb56c455c040d425ff034f884c2f99ece2bc5a182fcbbb008cd118462c360735bb79c21177fbfd271cede4248678f575eee3509a9f9a8e70ce71d9255c7975c4b89d880bd3b4359af5140d7610c813b2ef53dc6822ca87c2cbcf47787ab0b825550dc0009d02322068a0e8783d1396a98dfbd0f0c729a80e71e34bf9232dd770093c654a6fe326e28389a0a95f31bb4beb226e3d41eadf835aa2369042aebbf46b2ef6ad17a42b4f45def7eb303912477dd64fb38375caf00f2b"], 0x98, 0x0)

2m38.038639761s ago: executing program 1 (id=3364):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
lchown(&(0x7f0000000280)='./file0\x00', 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000b40)={'#! ', './file0', [{0x20, '\xf9\x02g\x02,r\xf2sq\xaeSD\xa0\xc4\nA\xc3\xa8/\x9ev\xb7\x1br\x9bp\xf0z\xa2\xa4\x9b\xde\x8b\xca\xb4\xcam\xfa\x82\xbe\xd7\xdd\xef\x1f\xa1*\xea\x9e\xc5\xd2\xef\x8f\xa1`:\x1fG\xc8\xc8Sx\f\x00*\xafz\x81\xd9\x0e\xac\xd2\xd1\x1e\x8ds(\xa1\xf3\xec\xda\x1bs\x8b\x9b:\x02\x9a\x89s\x15V\x90o;\xfe4\xaf\xe1\xdb\xf0\xd6\xc4\x0eU\xed\xfa\x1e\xb4\x9a\x19\x01\xec,\x8fWF{u\\wE\xfc\xa3\xfdz\x1d\xb1\xb0\x9bp\xc2R3I}$\xf8\x85\x12\x16\xc8\v\x04\xd7\x90z>\x8f\x91`5\n\x1c\x12\'\xd9Y\x03\x1bV\xe9]\v\xfc\xbd\xe9\xa6& +\"\xdb.\xb3\xf4\x99R/5\x15\xc4\'\x17Z\\\x0e~\xd5\xb3\xa7[\x9d~\xc7\xfe\xa5\xdc\xe3\xbcy\xc1\xfc\xedRpGbN\x9c\xfa_T\x12bq\xf5h\xd9M\xf9E\xab\xa4\xe1\x90\xe6\xc4\xaa\x03\xb9\xcd\x1a\x17\x04\xf4\x9fr\x95s\x1cd\x81^9\xff\xab\x1c\x16\xe5P\xf0\xe4\x83\xe1ec=h\x84\xd0\xe6\xed\a\x14#D\x03\x16\xce\xb3c\xd6\x11\xb5D`\x80\x9e\x9ef\xe2<\xed\x1b:B\xd0^\xe90\xe8\x1b\xe1\xbc\x9f\xac\xf8\xac\x90D\xca\x1d\xae+_\xa7\xd5\xa73+\xaf;~\xa2d)\xc1\x1d\x01\xf67\x1d\xaf8\xe0\x9cF\xb9\xbbQ^\xe3P\x18\xdf\xe8\xfdh[\xca~\x19\xfa\xa8\x0f\xac\xdaw9\x8b\x9bO\x18!\x9c\xcf\r\xaf0\xa26\xdd\x80^U\xa8e\xf8g\x91;Da1w\xd3\x81\xc1\xb1\xac\x06\x96\'~/\x141\xf4.\xa9y\xaf\x1c\x99\xee\x02\xfb\xbd\xc5\x85\x00\x00\x00\x00\x00\x00\x00\x00'}, {0x20, ':@!^['}, {0x20, 'lo\x00\x81fb\xf6\xeb\x8e\xe10\xc0Ev\x82\x1eT-R\x8a\x88\xf2\x8e\x14{S\xf3`\xf0X_\x9f\xb0n?{\xc9/n\xb1\xe7J\\\xcf\xa7\xfeV\x81\x8e}N\xe8\x89\x9d\xc2\xa3\xae\xd1\xc7Ymbwf{E\xdd\xee\x878Q\xac\xe6/\x9d\x7f\xfc\xb7)\xb1Y\'\xc8\xc4\xbb\xde?\xf27\x12^\xca\x12D\x80\x92,6\x1aw\x0f\xd0\x1b\xbc,\x1e\x04\x15\x8e\x94\xce\xb8\v\x88\x85\xde\xfb\xb3\f\x18@=\xa0\xb5x@\xa1\x9f\x13\x87(\x84\x00\xa0\xe6\xdd\xff\x19\xd5\xa3\xbd7\xe4\xa8\xa6\xe5n:\x1aJ\xc6\xca\x0f\x96\xfe\xa7ZZ\xa3\x91,\x06\xd1\x82\x9a\x8c\x95\x19\xff\'|\x1b\xd5i\xad.\xcc\xec\n\xca\x8fn\a\x7f&\xfd\"\x88?G+\xcbW \xdc\xa5\x9bP\x16\xdc\xa2\x84\xf0\xe0\x82\xec\x14\x93o$\xbd\xcc\x06f\xc2\xa3\xa8+S\xbd\xc9l\xbf!\x880\xee\'t\t\xca\x0f\xe3wt^\xd2\xc0`\xdd\xb96zK\x9e.\xeass\x94\x04\xf8\xd8\xfd\xa9,~\x06\x15%Q\x05_\xfe\x9eby\xfc\xdb\xbem0\x8b\x84.;c\'2\xb9\xc5\xf0\xa5\xbd\xd2p\xb3\r\x00e\x00\x04\x00\x00\x00\x00\x00\x00\xce\f)ey\xcd\xf9r6(\xaa\x1a\xadj\xeb\x89J\xa6rD\xe8\xc3\xd9\xf4\xa3\x87!V\x11b\xbe\xeb4SW\x02\xb8\xabz\xf2\xb2\xaeO\xac\t\xf4\xads2\xa4\x13\xc6/!&n\xa1\x9f\x9a\xb8\xb43\x00\xb0;Y\xa7\xce/&\x95o\x10$\x05l\xfe[9\xd2\xde\x10\x0e\xadl\xed(\xc6C\x88\x85%\x9f\x89\xd3\x9a%\xa1\x8b\\\xa2!\x13\xb2?L\xbb)lxu\xe5$bM\v\xa9\xb6\t tL,w\xcc\\B/m\v\xce%d\xb2\v0k'}, {0x20, '\x05\x00'}, {0x20, 'smaps_rollup\x00'}, {0x20, '#+'}]}, 0x372)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$igmp6(0xa, 0x3, 0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001000000000000a027ce7c64c474f0000000060a0b040000000000000000020000002c00048028000180080001006c6f67001c000280060002402f00000006000440000100000600014000e400000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a282d1dec0ff55aaecc9dd2e562a81645130ce28b79419a4a422754cda25fa925e15361cc49bc43890d614ee350c188c4bd525a5988336e1a3327185c290404bb12e24c7e9f686f8e0f8340aa737e2b6849a1f7f2cd7bc906bb73f8bf672906d4d3dcb8a86205fd13180e44cd8a1a6fea672385d2601e2e05da75c4f2c289129fcccff19b31e2"], 0x80}}, 0x0)
syz_io_uring_setup(0x4e5, &(0x7f0000000100)={0x0, 0x70d5, 0x4, 0x2}, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}})
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
lseek(r4, 0x2000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="2b000000040000000400010004000000", @ANYRES32=r4, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000feffffff00"/28], 0x50)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x8)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x4, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m37.214829231s ago: executing program 1 (id=3370):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x18, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x18}}, 0xc000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000240)="ebd98a601398babe000000850800", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r6, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x56f92fd42a7baf74}}, 0x14)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r8, &(0x7f0000000b80)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r8, 0x1)
getsockopt$bt_hci(r8, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)

2m22.172126164s ago: executing program 34 (id=3370):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x18, 0x3c, 0x107, 0xfffffffc, 0x0, {0x4, 0x7c}, [@typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x18}}, 0xc000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000240)="ebd98a601398babe000000850800", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x0, r6, 0x1, 0x3, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x56f92fd42a7baf74}}, 0x14)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r8, &(0x7f0000000b80)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r8, 0x1)
getsockopt$bt_hci(r8, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)

12.946895806s ago: executing program 6 (id=3809):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xa0}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r2, 0x47f6, 0x0, 0x5, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2c, r6, 0x29, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4)

10.460773583s ago: executing program 6 (id=3815):
memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
socket$inet_udplite(0x2, 0x2, 0x88)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40), 0x4)

10.050575343s ago: executing program 2 (id=3816):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
r1 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x38)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TIOCMGET(0xffffffffffffffff, 0x541e, &(0x7f0000000040))
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
r5 = epoll_create(0x101)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)={0x40000014})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x1c, 0x3, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000043}, 0x4004)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x8417f, 0x0)
socket$inet(0x2, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0)
rt_sigqueueinfo(0x0, 0xd, &(0x7f0000000440)={0x14, 0x40000006, 0x7})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
fsopen(&(0x7f0000000000)='autofs\x00', 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)

10.008073987s ago: executing program 7 (id=3817):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r2=>0x0})
bind$can_raw(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r2}, 0x10)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
close(0xffffffffffffffff) (async)
syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2) (async)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/80, 0x50}], 0x1, &(0x7f0000000480)=""/4096, 0x1000}, 0x10001) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_ifreq(r3, 0x89f1, &(0x7f0000000280)={'bond0\x00', @ifru_names='bond_slave_0\x00'})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async)
mremap(&(0x7f0000041000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00004c3000/0x2000)=nil) (async)
r6 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000140)={'full'}, 0xfffffdef) (async)
sendmsg$kcm(r6, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000818)
setsockopt$sock_attach_bpf(r6, 0x1, 0x7, &(0x7f0000000340), 0x4) (async)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040)) (async)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xab}, {}, {0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}]}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x821, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2000], 0x0, 0x200306}) (async)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))

9.261781819s ago: executing program 5 (id=3818):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0x1a, 0x803, 0x8)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x100400, 0x0)
r2 = syz_open_dev$admmidi(0x0, 0x2, 0x1a9882)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
lseek(r4, 0x4, 0x0)
readv(r4, &(0x7f0000000440)=[{&(0x7f0000000340)=""/144, 0x90}], 0x1)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
symlinkat(&(0x7f0000000100)='./file0\x00', r0, &(0x7f0000000140)='./file0\x00')
socket$nl_route(0x10, 0x3, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000481000/0x1000)=nil)
r6 = fsopen(&(0x7f0000004240)='fuseblk\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000004300)='allow_other', &(0x7f0000000380)="f2", 0x1)
setsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f00000004c0)={'ip_vti0\x00', <r7=>0x0, 0x10, 0x80, 0x6, 0xfffffffc, {{0x9, 0x4, 0x1, 0x7, 0x24, 0x68, 0x0, 0x1, 0x2f, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x1e}, {[@generic={0x88, 0x7, "981879e961"}, @ssrr={0x89, 0x7, 0xaf, [@rand_addr=0x64010101]}, @end]}}}}})
sendmmsg$inet6(r5, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="6f02668a5fd0033f3803ab2b7011c837c0082a4fc3ea0222b4754cafd33b4749af4c0dcf36d89db09d21720abb0b6716fd5bb93c122e230a4a5171dcdc97a3cff513b71b8750d0aae15f0b0dcb00e296f036ae852c979698bef531579bc8b5f6fffb56b983fa178c6ace0274097e4980e40b079dc1525df85b80c5f69cc6114400a1935514db622866f31fc9a2c0c355463e2847f4a9787dc7ac648fc3a43f67f10b338abef81bf4f0839b77", 0xac}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}, 0x1c, &(0x7f0000000480)=[{&(0x7f00000002c0)="222c3598c271d76caf12da58bc5698de7ed85115036dd5b271a5c194769f69034923e8d2c321a9a365daa9f87a01cdaf636c6ec4ffc85d446feb3606f2ef480544218afb06329829f1d26e49d43a422fc0a1312dd8e9171e2ac1bc5c13ba5f852d3ede2bdc6e1236326515a6b9a4d2443a543d8ba25fe1bcbfeb12315fd4054c7f82d0054e086f76c0", 0x89}, {&(0x7f0000000380)="bf0ff1bd0a2364d0c510bf64d24d89f6a646f471a008ebb8e70a90b5d5aae41925d1ed3d5db019ae4fe27188570d7607d1927e2e1c38fe99ca113beabdabe84f8af2d11046110e4eb25108d1bae4e9228718c1828bc99074569de592df4c74868b1ae3b0fba25add1fdb4c6745d1c6606024c717a8e9abdb488c439630c72695f955510bbb23989a", 0x88}, {&(0x7f0000000440)="43295ad730b3f067d6833075e3569985e91476cdeb7e961d8531d177053e63ca287bc86cb236869b81daa3dda95e908b58e8fb0032519c40e97f96cc678f1e59", 0x40}], 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="24000000000000002900000032000000fe8000000000000000000000000000aa", @ANYRES32=r7, @ANYBLOB="000000002400000000000000be0636aeb5ab45ab00000000000000000000bb227e1988da11ae14d05c846d5da08c2befd92cfa48b0e6217436dcaa0e65018d03ec5ddff4a0b1b10f561ae25a533ec1a58c0fdf3a0f25ee8843e914e63e931967c8128e2d285e9baec357f3c5a586997ffb10664f835f3b4e6158f0e93a915b367403783c95489c55160c702506bc766125d90df50385d516068ad6c5f23a94a1212199424c56eca328430a1a46e7d9242051c3934b42f62d2f917804cfc7b4c297f4e4625ff5bfed1c350f1215cd9c9fc72f145cd2ac86a77e02d96c89f21ad8bdc42370dc8097bf6915809caa423568356dffe01d1c2ec3179783cb9fb0d96ab351ca3221c6619964eaa17003c0008e5d0b", @ANYRES32=0x0, @ANYBLOB="00000000140000000000000029000000340000000100000000000000480000000000000029000000040000002c05000000000000c204000000060106000000000000040108c910ff01000000000000000000000000000100010000010004010000000000"], 0xb0}}], 0x2, 0x4001c00)

9.200999311s ago: executing program 0 (id=3819):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x4044004)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000600", [0x0, 0x2000000000001]}})

8.670769579s ago: executing program 0 (id=3820):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x100000008, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSWINSZ(r5, 0x5414, &(0x7f0000000040)={0x9, 0x0, 0x9, 0x5})
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
dup2(r2, r3)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, &(0x7f00000001c0)={0x0, 0x23, 0x77, {0x77, 0x4, "937b9e02acd75ac67434c93efbceeb4cf2cd0bfdc8954acd80278e565473df96de5c441dc35b5051bc60a55f464e4233a371ad4781b087bb6206ef3c51254795a4bf2e47aec1ecd4cfe4df4e4538db467f53537b48e2f14a54bd89e6365ba775bb5d0ebe750ad60bcf71a6aa03f8b05e542b00e459"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x444}}, &(0x7f0000000140)={0x0, 0x22, 0x11, {[@main=@item_012={0x1, 0x0, 0xc, ':'}, @main=@item_4={0x3, 0x0, 0xb, "78ed3f62"}, @main=@item_4={0x3, 0x0, 0xa, "312780b0"}, @global=@item_4={0x3, 0x1, 0x8, "2a8a138e"}]}}, &(0x7f0000000280)={0x0, 0x21, 0x9, {0x9, 0x21, 0xf82a, 0xb, 0x1, {0x22, 0x448}}}}, &(0x7f00000005c0)={0x2c, &(0x7f0000000380)={0x60, 0x0, 0xe4, "7890e8ba9ae39dbaf896a1b3c76abf246ed6b04d03c7ac1c8545382ed661e9df4a37bab085475bd1de86fdea202800aad199327729aa40d46d90d54716c65c780e58f7dd3456a19ef2a3e9c6a02af98eae646b5b4ba4ebe3fcba1440337adda4f99737725050c7ed59f420edb9f7ee49963eb08f3da7126e980ec21fc5f3bd9ba495016746e7558fd6cec505ad4004e8f3b7db6b1e95f74f5c026c9e795f6564ae3eb1f7a13730928fd8ae3101ad141970078c6d63b91030dc4280f47c7e0bf9b6b97cc241c16293d09321a421851b80499ba3e36b8aee15025b9fbc211a3a2c007e1d91"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x1}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000500)={0x20, 0x1, 0x50, "84b3f9c3e2fddcdcea9021057c1473979de9530c87374c7411fc38d35c3f59fb0060fc57a8adc97850ca6275cb618f3decc0409a33b417b7030a7f3442913d36739d10a56b9b5f46a8c02bb9c59687be"}, &(0x7f0000000580)={0x20, 0x3, 0x1, 0xff}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
socket$packet(0x11, 0x2, 0x300)
dup(0xffffffffffffffff)

7.12615104s ago: executing program 6 (id=3821):
mmap(&(0x7f0000a7d000/0x3000)=nil, 0x3000, 0x3, 0x8031, 0xffffffffffffffff, 0x43344000)
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0xc, 0xa, 0x1, 0x0, [{@multicast1}]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x5, 0x141101)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r3, 0x2)
close(r3)
close(0xffffffffffffffff)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921ff00010122b00b0905810310"], 0x0)
mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x14, 0x4, 0x8, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}}, 0x1080)
r5 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x1, 0x2400)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc0045540, &(0x7f0000000100)=0x2)
socket$kcm(0x2, 0x2, 0x0)

6.50507633s ago: executing program 7 (id=3822):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x798f, 0x10000, 0x8000, 0x40024b}, 0x0, &(0x7f0000000040)=<r1=>0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x1, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000100)={[0x3]}, 0x8, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffff1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x7, &(0x7f0000000100)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

5.874941131s ago: executing program 5 (id=3823):
r0 = io_uring_setup(0xf04, &(0x7f0000000080)={0x0, 0xe9ce, 0x400, 0x20001, 0x175})
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp\x00')
lseek(r2, 0x1000000, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x3, 0x3, 0x1}}, 0x28)
close_range(r1, 0xffffffffffffffff, 0x0)
io_uring_setup(0xf04, &(0x7f0000000080)={0x0, 0xe9ce, 0x400, 0x20001, 0x175}) (async)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) (async)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) (async)
syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp\x00') (async)
lseek(r2, 0x1000000, 0x0) (async)
write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x3, 0x3, 0x1}}, 0x28) (async)
close_range(r1, 0xffffffffffffffff, 0x0) (async)

5.392606996s ago: executing program 7 (id=3824):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x98, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x8, 0x3}, {}, {0x3, 0x10}}, [@filter_kind_options=@f_matchall={{0xd}, {0x64, 0x2, [@TCA_MATCHALL_ACT={0x60, 0x2, [@m_ife={0x5c, 0x1, 0x0, 0x0, {{0x8}, {0x34, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0xffffffffffffffff, 0xea, 0x100004}, 0x1}}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x9}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x0)

5.15811683s ago: executing program 0 (id=3825):
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) (async, rerun: 64)
r0 = openat2(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x2, 0x8, 0x7}, 0x18) (rerun: 64)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) (async, rerun: 64)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) (async, rerun: 64)
sendmsg$tipc(r1, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x6d47}], 0x1}, 0x0) (async, rerun: 32)
syz_emit_ethernet(0x42, 0x0, 0x0) (rerun: 32)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r0)
sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f00000004c0)={0xb8, r2, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x4}, @TIPC_NLA_LINK={0xa0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xfffffffc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x44090}, 0x80) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) (async)
sendto$inet6(r3, &(0x7f0000000340)="cf", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x397, @empty}, 0x1c) (async, rerun: 32)
socket$inet6_sctp(0xa, 0x1, 0x84) (async, rerun: 32)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) (async)
close(0x3)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="18006a9198f6267f8b4ceec900ed539eeb949c0c87acee7b"], 0x18}}, 0x4010)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000e00)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="a5fdad8800400000140012800b00010062617461647600000400028008001f0006000000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

4.98769313s ago: executing program 7 (id=3826):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd2d, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0x7, 0xfff1}, {0xfff1, 0xc}, {0xfff3, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0xb6}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x5}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x10)
syz_emit_ethernet(0x9a, &(0x7f0000000000)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x0, 0x4e21, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x2, "d7e60b99abe50e75e07bf056f2936dd93adb289b895bb1cb40cd08f76b4a59f4", "1655f8d9360db5a2b3d53b2c16221bb5", {"b6aff81ea1641811a3294978e016aca4", "e22819d68cc64d5c6a4ff56363718ef7"}}}}}}}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
socket$packet(0x11, 0x2, 0x300)

4.846993939s ago: executing program 0 (id=3827):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bind$qrtr(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120110011ce0fe20450c8f62b6080102030109022400010000000009049600"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40000000}, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x20c0}], 0x1, 0x0, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x22d81, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae09, &(0x7f0000000080)=""/1)

4.723674283s ago: executing program 2 (id=3828):
pipe2(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xa0}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r2, 0x47f6, 0x0, 0x5, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x5)

4.439808482s ago: executing program 7 (id=3829):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x2fe}}], 0x600, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793f10d105012000020000de010902120001000000000904"], 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="120100005124e4407c0500222946010203010902240001fc0000000904fe01"], 0x0)

3.186819633s ago: executing program 6 (id=3830):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x4044004)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000700", [0x0, 0x2000000000001]}})

2.777577478s ago: executing program 6 (id=3831):
memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
socket$inet_udplite(0x2, 0x2, 0x88)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40), 0x4)

2.390727252s ago: executing program 5 (id=3832):
timer_create(0x2, 0x0, &(0x7f0000000480)=<r0=>0x0)
clock_gettime(0x0, &(0x7f0000000080)) (async)
clock_gettime(0x0, &(0x7f0000000080))
timer_settime(r0, 0x1, &(0x7f0000000000)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000480)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb4}}, 0x20008844) (async)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb4}}, 0x20008844)
timer_delete(r1) (async)
timer_delete(r1)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
close(r4) (async)
close(r4)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x8000000}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x8000000})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x800)
r7 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r7, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io$hid(r7, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r7, 0x0, &(0x7f0000000880)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x20, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r7, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, &(0x7f0000000280)=""/222, 0x0, 0xde, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r8 = syz_open_dev$vbi(&(0x7f00000000c0), 0x1, 0x2)
ioctl$VIDIOC_S_PARM(r8, 0xc0cc5616, &(0x7f0000000280)={0x6, @output={0x0, 0x1, {0x4, 0x2}, 0x1, 0x2}})
syz_usb_control_io(r7, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r7, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)=ANY=[@ANYBLOB="150d05"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r7, &(0x7f0000000a00)={0x2c, 0x0, 0x0, &(0x7f0000000680)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@generic={0x3, 0x10, 0x4}]}}, 0x0, 0x0}, 0x0)
sendto$inet(r6, &(0x7f00000001c0)="bc918bffb3771c2bae5d0e57c3164d2be5a6e29714ee9964bd457144596cd563f4d14ed89f68b332eececd8ceb4cb7a21a1fe590ad0bf84f8309f629", 0x3c, 0x4000080, 0x0, 0x0)
accept4$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x0) (async)
r9 = accept4$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r9)

2.073961226s ago: executing program 2 (id=3833):
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b1c, 0xc10, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x6, [{{0x9, 0x4, 0x0, 0x10, 0x5, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x16, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x81, 0x8}}]}}}]}}]}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000fdffffff00000000", @ANYRES32=0x0, @ANYBLOB="0026eaff0420040008001b00000000001d1f8e5ea152dc4a6aa38f036246cb76e8311106c2392a5ce0f2098ef2378df62b04405927527781e53e3941c721a933e08f32cbcd63a643ecd3f57e8ce3236200f95c4618bed995e60acea258265d66f35b17bdfdb7c7bc1af3fe3cc6fefdfc326c68b1e076494cdcea8da1959e5352cf7f4433d1290c3683794a9a555618b14cb2b94ab2460958023726a8426e30ff0de27694eadc1112bf50bfa46644302552d5b093323cba6fcbaa021759757dcc5879df21989ea28b7fa55b45ba406331f31f65b33303e2db617d4c9c40980d8fc6b8044db34be12b0f78445f87ea95d00cd6d4c3"], 0x28}}, 0x0)

1.759033835s ago: executing program 5 (id=3834):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x798f, 0x10000, 0x8000, 0x40024b}, &(0x7f0000000340)=<r1=>0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x1, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000100)={[0x3]}, 0x8, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffff1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x7, &(0x7f0000000100)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

835.646441ms ago: executing program 7 (id=3835):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1})
r1 = syz_open_dev$sndpcmp(&(0x7f00000012c0), 0x0, 0xc0881)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r1, 0xc1004110, &(0x7f0000001700)={0x3, [0x7, 0x880, 0x8], [{0x5, 0x9, 0x1, 0x0, 0x1, 0x1}, {0x9, 0x100, 0x1, 0x1, 0x0, 0x1}, {0xf, 0x7}, {0xa, 0xfffffffb}, {0x4, 0xb, 0x0, 0x0, 0x0, 0x1}, {0xfffffffe, 0x200, 0x0, 0x0, 0x1}, {0xe, 0x80, 0x1, 0x1, 0x0, 0x1}, {0xa0e, 0x6, 0x0, 0x1}, {0x9, 0x200, 0x1, 0x0, 0x1}, {0x6, 0x30000000, 0x1, 0x1, 0x0, 0x1}, {0x1, 0x7, 0x1, 0x1, 0x1}, {0x10001, 0x9, 0x1, 0x1, 0x1, 0x1}], 0x2})
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1c4f, 0x59, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x4, 0x0, {0x9, 0x21, 0x105, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0xc, 0xa}}}}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000340)={0x2c, &(0x7f0000000080)={0x0, 0x6, 0x5, {0x5, 0x9, "46ff44"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
fcntl$lock(r0, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x8000, 0x5})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000098000040"])
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r7, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0)
getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = socket(0x10, 0x3, 0x0)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, &(0x7f0000000100)={{&(0x7f0000bda000/0x3000)=nil, 0x3000}, 0x1})
readv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000380)=""/108, 0x6c}, {&(0x7f0000000480)=""/122, 0x76}, {&(0x7f0000000000)=""/43, 0x34}, {&(0x7f0000000700)=""/266, 0xfa}], 0x4)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x20000000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r11=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x103, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r11}]}}}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x48}}, 0x440d4)

772.423101ms ago: executing program 5 (id=3836):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x98, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x8, 0x3}, {}, {0x3, 0x10}}, [@filter_kind_options=@f_matchall={{0xd}, {0x64, 0x2, [@TCA_MATCHALL_ACT={0x60, 0x2, [@m_ife={0x5c, 0x1, 0x0, 0x0, {{0x8}, {0x34, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x6, 0xffffffffffffffff, 0xea, 0x100004}, 0x1}}, @TCA_IFE_METALST={0x14, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x9}, @IFE_META_SKBMARK={0x4, 0x1, @void}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x0)

432.76507ms ago: executing program 5 (id=3837):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000300)={0x0, 0x4000000000000000, 0x0, 0x1}, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r3 = socket$caif_stream(0x25, 0x1, 0x4)
listen(r3, 0x9)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r4, &(0x7f00000004c0)='\x00', 0x1)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000240)={0x1, 0x1ff, 0x3, 0x8000000000a, 0xf2a, 0xfffc, 0xffffffffeb1cce61, 0x9, 0x0, 0x1000000000001, 0xfffffffd})
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r6, 0x7aa, &(0x7f0000000080)={{}, 0x3, 0xd})
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)

246.877601ms ago: executing program 2 (id=3838):
syz_emit_ethernet(0x100, &(0x7f00000001c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0xca, 0x3a, 0xff, @remote, @mcast2, {[], @dest_unreach={0x1, 0x2, 0x0, 0x7f, '\x00', {0x0, 0x6, "0423aa", 0x7, 0x21, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2e}}, [@routing={0x8, 0x10, 0x1, 0x8, 0x0, [@empty, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @empty, @private1, @mcast2, @local]}], "40e58bc3bff387d941e8d87532d6a9da732c"}}}}}}}, 0x0)

243.877692ms ago: executing program 0 (id=3839):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r1 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000100)=@filter={'filter\x00', 0xe, 0x6000000, 0x90, [0x0, 0x400000000040, 0x400000000070, 0x4000000000a0], 0x0, 0x0, &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108) (async)
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {0x0, 0x401, 0x2}, 0x10, [0x0, 0x101, 0x0, 0x0, 0x6, 0x2, 0xfffffffc, 0x3, 0x0, 0x0, 0xfffffffe, 0xc0, 0x5, 0x0, 0x1000, 0x0, 0x4000, 0x10, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5f1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xe, 0x0, 0x2, 0x20, 0xfffffffd, 0xeae2, 0x7, 0x0, 0xffffdffd, 0x0, 0x0, 0x400, 0x40000000, 0x80000, 0x0, 0xfffffffd, 0x0, 0x0, 0x2, 0x3, 0x7, 0x0, 0x0, 0x80000000, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0xfffffffd, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x80, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0xfff, 0x71f, 0x0, 0x0, 0xffffffff, 0x0, 0x8], [0x40000000, 0x4, 0x74e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0xc5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xcaa, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) (async)
ioctl$UI_DEV_CREATE(r0, 0x5501)

192.992241ms ago: executing program 6 (id=3840):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'bridge_slave_1\x00', {0x2}, 0x9})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r1=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, r1, 0x3, &(0x7f00000005c0))
syz_usb_connect(0x2, 0x52, &(0x7f0000000140)=ANY=[@ANYBLOB="120100036ffa680863070120ff2c0102030109024000021109400c0904080601ff8bbd020a240107000d020102052405039909"], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0xa, [{0x9a, &(0x7f0000000180)=@string={0x9a, 0x3, "2073249511227f10efeae8c6a1de8f4e277879496af1a50dba93def4e2c50ed1f3c521d7ac8a9550fa38be9e0b68f466a7ecf10ad78712c268d26cb97f0c5101428a8cdc9970135a8a8b4cd3b5a500847663986504c673a6bfb86b3add16b6db89e33b52e027d4605349431bbfa7a7c8ed8152bf5f94d157f9762c8dffe2859f20f9efca9f2f13f28e4130dcf36eaf1a9cb19d1d77fca424"}}, {0x4, &(0x7f0000000000)=@lang_id={0x4, 0x3, 0x1001}}, {0x1e, &(0x7f00000000c0)=@string={0x1e, 0x3, "f1457a06081bbee4fb6a0f56fefb04ebfa13979e063633c825b674d4"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x443}}, {0x87, &(0x7f0000000240)=@string={0x87, 0x3, "68fe9794cc1bbec33c37f93041716e6d94d32733ffb068801dfb9615cf96955dfdeb9b280cfc51b6c14c55410eb5ca84e03bf6403f821c1f5d1d93e373131dfa3246bfdda17188eb79deb6a84c205d570dc50f5828c14a9111ade7882a0b27d1120041ae3405c5f253345cc1be6bf7a34bbeb9d26e10eee1544b82add099e53d185ad07204"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x80c}}, {0x5, &(0x7f0000000340)=@string={0x5, 0x3, "a93f0e"}}, {0xd0, &(0x7f0000000380)=@string={0xd0, 0x3, "8b2b4ac0aab57aa1b9ed68d3dedfbcae211385aa164649ac7e163d08c77c8f75597c31481ccba65ff2654bfb1e76d1a22f81c303c41b63dbc80d6dd6f18856a7c65499a9cdb559ffe743d3ffe81135f8eb26a194714b64e8e2abf5e839c4d58b0f2ea815e4c16d12f4bfc6d933e60346ac3c0d3e33b1fdb617b5ff423fb28540e6013fe68d8cf7db5c283cdd7646b4bf3d44ef0c2c10b3654b5bb7c4510e60842697338b24d239371c9088e78b58437cc9d15a476114ced1162f835ca1ea120ac92d8f6fc71bab22a8317f239885"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xfcff}}]})

172.297092ms ago: executing program 2 (id=3841):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x4044004)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000900", [0x0, 0x2000000000001]}})

6.627095ms ago: executing program 0 (id=3842):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xa)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x2c, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r7, 0x0, 0x6}, 0xc)
dup(r5)
r8 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r8, 0x200004)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000082959d8b67c0223061cada40328866254305da836190bd76e231f357709a7a8f613f8f4c57092", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x48)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, &(0x7f0000000140)={0x8080000, 0x4, 0x44, 0x1, 0x80000003})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r9, @ANYBLOB, @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000008000000000000000007020000f8ffffffb70300f308000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084ea0000b700c700000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

0s ago: executing program 2 (id=3843):
openat$tun(0xffffffffffffff9c, 0x0, 0x40440, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x68040200)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
add_key(&(0x7f00000001c0)='dns_resolver\x00', 0x0, &(0x7f0000000480)="0008b15610c2", 0x6, 0xfffffffffffffffd)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@gettfilter={0x24, 0x2e, 0x2, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xc}, {0xe, 0xffff}, {0xffe0, 0x2}}}, 0x24}}, 0x4004880)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x34, 0x0, 0x100, 0xfffffffc, 0x0, {0xb}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x24044004}, 0x4000)
syz_open_procfs(0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000014000580080001"], 0x5c}}, 0x2f)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)

kernel console output (not intermixed with test programs):

85.217162][T20716] netlink: 7 bytes leftover after parsing attributes in process `syz.5.3414'.
[ 1085.234322][T20715] bond_slave_1: left promiscuous mode
[ 1085.699030][ T5882] usb 1-1: new full-speed USB device number 99 using dummy_hcd
[ 1085.870778][ T5882] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1085.882275][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1085.922624][ T5882] usb 1-1: config 0 descriptor??
[ 1085.950238][ T5882] cp210x 1-1:0.0: cp210x converter detected
[ 1086.371485][T20736] [U] V�3��Fپ"S��/��4:�XTZ�W�T��LW��=
[ 1086.378554][T20735] [U] J"�E:��"


[ 1086.739780][T20746] vcan0: tx drop: invalid sa for name 0x0000000000000002
[ 1086.761457][T20746] netlink: 528 bytes leftover after parsing attributes in process `syz.6.3424'.
[ 1087.011939][T20751] kvm: pic: non byte write
[ 1087.383464][T18387] usb 6-1: new high-speed USB device number 122 using dummy_hcd
[ 1087.556308][T20335] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1087.559038][T18387] usb 6-1: Using ep0 maxpacket: 16
[ 1087.571705][T18387] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1087.601638][T20335] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1087.602408][T18387] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[ 1087.623691][T20335] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1087.628227][T18387] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1087.645746][T20335] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1087.657479][T20335] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1087.690399][T18387] usb 6-1: Product: syz
[ 1087.700552][T18387] usb 6-1: Manufacturer: syz
[ 1087.716111][T18387] usb 6-1: SerialNumber: syz
[ 1087.741951][T18387] usb 6-1: config 0 descriptor??
[ 1087.768481][T18387] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[ 1087.806448][T18387] gspca_stv06xx: st6422 sensor detected
[ 1088.427884][ T5882] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[ 1088.435749][ T5882] cp210x 1-1:0.0: GPIO initialisation failed: -71
[ 1088.463572][ T5882] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1088.535023][ T5882] usb 1-1: USB disconnect, device number 99
[ 1088.553798][T20762] chnl_net:caif_netlink_parms(): no params data found
[ 1088.599191][ T5882] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1088.621274][T20767] loop2: detected capacity change from 0 to 524287999
[ 1088.629532][ T5882] cp210x 1-1:0.0: device disconnected
[ 1088.716875][T20767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3428'.
[ 1088.817767][T20768] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3428'.
[ 1089.079758][T20762] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1089.087027][T20762] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1089.094928][T20762] bridge_slave_0: entered allmulticast mode
[ 1089.103380][T20762] bridge_slave_0: entered promiscuous mode
[ 1089.113782][T20762] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1089.121442][T20762] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1089.128683][T20762] bridge_slave_1: entered allmulticast mode
[ 1089.136970][T20762] bridge_slave_1: entered promiscuous mode
[ 1089.168871][ T5889] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1089.213251][T20762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1089.226470][T20762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1089.308124][T20762] team0: Port device team_slave_0 added
[ 1089.322849][T20762] team0: Port device team_slave_1 added
[ 1089.333949][ T5889] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[ 1089.347240][ T5889] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1089.358117][ T5889] usb 1-1: config 0 has no interface number 0
[ 1089.373078][ T5889] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[ 1089.382774][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1089.391307][ T5889] usb 1-1: Product: syz
[ 1089.395503][ T5889] usb 1-1: Manufacturer: syz
[ 1089.400318][ T5889] usb 1-1: SerialNumber: syz
[ 1089.408125][ T5889] usb 1-1: config 0 descriptor??
[ 1089.417101][T20762] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1089.424359][T20762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1089.479178][ T5889] usb 1-1: Found UVC 0.00 device syz (046d:0823)
[ 1089.485614][ T5889] usb 1-1: No valid video chain found.
[ 1089.511539][T20762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1089.544808][T20762] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1089.561068][T20762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1089.594877][T20762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1089.686507][T10185] usb 1-1: USB disconnect, device number 100
[ 1089.693043][T10297] Bluetooth: hci2: command tx timeout
[ 1089.785946][T20762] hsr_slave_0: entered promiscuous mode
[ 1089.802723][   T30] kauditd_printk_skb: 34 callbacks suppressed
[ 1089.802769][   T30] audit: type=1800 audit(1747753875.434:2733): pid=20781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3430" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[ 1089.817537][T20762] hsr_slave_1: entered promiscuous mode
[ 1089.829604][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1089.853670][T20781] fuse: Unknown parameter '[�oup_id'
[ 1089.889096][T18387] STV06xx 6-1:0.0: probe with driver STV06xx failed with error -71
[ 1089.911098][T18387] usb 6-1: USB disconnect, device number 122
[ 1089.935003][T20762] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1089.996428][T20762] Cannot create hsr debugfs directory
[ 1090.553149][T20783] syzkaller1: tun_chr_ioctl cmd 1074025677
[ 1090.582863][T20783] syzkaller1: linktype set to 776
[ 1091.689638][T20804] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1091.769474][T10297] Bluetooth: hci2: command tx timeout
[ 1091.781254][T20762] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1091.842781][T20762] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1091.883225][T20762] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1091.959576][T20762] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1092.359905][T20762] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1092.407715][T20762] 8021q: adding VLAN 0 to HW filter on device team0
[ 1092.606610][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1092.613866][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1092.697609][T20811] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1092.749296][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1092.756464][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1092.879508][T10185] usb 6-1: new high-speed USB device number 123 using dummy_hcd
[ 1093.349555][T10185] usb 6-1: Using ep0 maxpacket: 16
[ 1093.376661][T20762] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1093.388098][T10185] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1093.429278][T10185] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1093.499105][T10185] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1093.512484][T20762] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1093.539147][T10185] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1093.547218][T10185] usb 6-1: Product: syz
[ 1093.593534][T10185] usb 6-1: Manufacturer: syz
[ 1093.598196][T10185] usb 6-1: SerialNumber: syz
[ 1093.744817][T20762] veth0_vlan: entered promiscuous mode
[ 1093.807639][T20762] veth1_vlan: entered promiscuous mode
[ 1093.859926][T10297] Bluetooth: hci2: command tx timeout
[ 1093.871185][T10185] usb 6-1: 0:2 : does not exist
[ 1093.910785][T10185] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1093.963479][T20762] veth0_macvtap: entered promiscuous mode
[ 1093.970436][T10185] usb 6-1: USB disconnect, device number 123
[ 1094.000830][T20762] veth1_macvtap: entered promiscuous mode
[ 1094.084240][T20762] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1094.096435][T15536] udevd[15536]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1094.146918][T20762] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1094.194653][T20762] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1094.218386][T20762] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1094.256787][T20762] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1094.283395][T20762] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1094.320075][ T5882] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1094.475272][ T5882] usb 7-1: device descriptor read/64, error -71
[ 1094.556802][   T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1094.589143][   T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1094.698277][T16253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1094.726279][T20834] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3441'.
[ 1094.746672][T20834] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1094.798945][ T5882] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1094.838878][T16253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1094.929673][T16915] usb 6-1: new high-speed USB device number 124 using dummy_hcd
[ 1094.949024][ T5882] usb 7-1: device descriptor read/64, error -71
[ 1095.060028][ T5882] usb usb7-port1: attempt power cycle
[ 1095.101570][T16915] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1095.112102][T16915] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1095.147303][T16915] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1095.169701][T16915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1095.445801][ T5882] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 1095.509289][ T5882] usb 7-1: device descriptor read/8, error -71
[ 1095.613250][T20831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1095.645211][T20831] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1095.779249][ T5882] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 1095.826121][ T5882] usb 7-1: device descriptor read/8, error -71
[ 1095.932421][T10297] Bluetooth: hci2: command tx timeout
[ 1096.022472][ T5882] usb usb7-port1: unable to enumerate USB device
[ 1096.078923][T16915] usb 3-1: new full-speed USB device number 71 using dummy_hcd
[ 1096.230851][T16915] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1096.263469][T16915] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1096.294261][T16915] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1096.324215][T16915] usb 3-1: Product: syz
[ 1096.337146][T16915] usb 3-1: Manufacturer: syz
[ 1096.357347][T16915] usb 3-1: SerialNumber: syz
[ 1096.387428][T16915] usb 3-1: config 0 descriptor??
[ 1096.484088][T16915] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 1096.583946][T15536] udevd[15536]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1096.624514][ T5889] usb 3-1: USB disconnect, device number 71
[ 1096.825995][T20846] veth0: entered promiscuous mode
[ 1096.835443][T20846] veth0: left promiscuous mode
[ 1096.999718][T20850] fuse: Bad value for 'user_id'
[ 1097.004599][T20850] fuse: Bad value for 'user_id'
[ 1097.508848][   T48] usb 7-1: new low-speed USB device number 51 using dummy_hcd
[ 1097.568143][T16915] usb 6-1: USB disconnect, device number 124
[ 1097.618978][ T5882] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[ 1097.671832][   T48] usb 7-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1097.718996][   T48] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[ 1097.749405][   T48] usb 7-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1097.779357][   T48] usb 7-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[ 1097.794652][ T5882] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1097.796573][   T48] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1097.841149][ T5882] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1097.858213][ T5882] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1097.871337][ T5882] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1097.883139][ T5882] usb 3-1: config 1 has no interface number 0
[ 1097.891635][ T5882] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1097.910163][T20864] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1097.941275][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1098.100989][ T5882] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1098.148625][   T48] usb 7-1: string descriptor 0 read error: -71
[ 1098.302447][ T5882] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1098.311406][ T5882] snd_usb_pod 3-1:1.1: invalid control EP
[ 1098.317294][ T5882] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1098.324917][ T5882] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1098.341017][ T5882] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1098.354002][   T48] usb 7-1: USB disconnect, device number 51
[ 1098.453377][T15536] udevd[15536]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:32.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[ 1099.033789][   T48] usb 3-1: USB disconnect, device number 72
[ 1099.049204][ T5882] usb 6-1: new high-speed USB device number 125 using dummy_hcd
[ 1099.159132][T16915] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 1099.212846][ T5882] usb 6-1: Using ep0 maxpacket: 16
[ 1099.219071][ T5882] usb 6-1: too many configurations: 176, using maximum allowed: 8
[ 1099.233292][ T5882] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1099.244632][ T5882] usb 6-1: can't read configurations, error -61
[ 1099.370706][T16915] usb 7-1: config 0 has no interfaces?
[ 1099.409775][T20890] dns_resolver: Unsupported content type (8)
[ 1099.431895][T20890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3455'.
[ 1099.443186][ T5882] usb 6-1: new high-speed USB device number 126 using dummy_hcd
[ 1099.468493][T20890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3455'.
[ 1099.547240][T16915] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1099.557209][T16915] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1099.648994][ T5882] usb 6-1: Using ep0 maxpacket: 16
[ 1099.655597][ T5882] usb 6-1: too many configurations: 176, using maximum allowed: 8
[ 1099.700142][ T5882] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1099.708135][ T5882] usb 6-1: can't read configurations, error -61
[ 1099.845620][ T5882] usb usb6-port1: attempt power cycle
[ 1099.862350][T16915] usb 7-1: Product: syz
[ 1099.954352][T16915] usb 7-1: Manufacturer: syz
[ 1099.967340][T16915] usb 7-1: SerialNumber: syz
[ 1100.079015][T16915] usb 7-1: config 0 descriptor??
[ 1100.308956][ T5882] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[ 1100.330095][ T5882] usb 6-1: Using ep0 maxpacket: 16
[ 1100.339804][ T5882] usb 6-1: too many configurations: 176, using maximum allowed: 8
[ 1100.457180][ T5882] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1100.485366][   T48] usb 7-1: USB disconnect, device number 52
[ 1100.495728][ T5882] usb 6-1: can't read configurations, error -61
[ 1100.648981][ T5882] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1100.683415][ T5882] usb 6-1: Using ep0 maxpacket: 16
[ 1100.695355][ T5882] usb 6-1: too many configurations: 176, using maximum allowed: 8
[ 1100.709255][ T5882] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1100.720301][ T5882] usb 6-1: can't read configurations, error -61
[ 1100.767516][ T5882] usb usb6-port1: unable to enumerate USB device
[ 1100.897608][T20900] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3458'.
[ 1101.844877][T20923] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1102.293169][T20932] netlink: 112 bytes leftover after parsing attributes in process `syz.5.3465'.
[ 1102.690857][T20936] binder: 20934:20936 ioctl c018620b 0 returned -14
[ 1103.766115][T20954] loop2: detected capacity change from 0 to 7
[ 1103.779076][T20954]  loop2:
[ 1103.783076][T20954] loop2: partition table partially beyond EOD, truncated
[ 1104.233719][T20936] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1104.759282][T20974] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3474'.
[ 1104.822306][T20973] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3474'.
[ 1104.890551][T20973] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1105.164124][   T48] usb 7-1: new full-speed USB device number 53 using dummy_hcd
[ 1105.330660][   T48] usb 7-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1105.347450][   T48] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.390059][   T48] usb 7-1: config 0 descriptor??
[ 1105.529018][T20993] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1105.629983][ T5889] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1105.739608][T17196] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1105.880950][ T5889] usb 3-1: Using ep0 maxpacket: 32
[ 1105.906367][ T5889] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1105.915286][T17196] usb 6-1: Using ep0 maxpacket: 32
[ 1105.925238][ T5889] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1105.984572][T17196] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1106.009788][ T5889] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1106.024956][T17196] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.043643][ T5889] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1106.062658][T17196] usb 6-1: Product: syz
[ 1106.076016][T17196] usb 6-1: Manufacturer: syz
[ 1106.085383][T17196] usb 6-1: SerialNumber: syz
[ 1106.099404][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1106.108673][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.118204][T17196] usb 6-1: config 0 descriptor??
[ 1106.123251][ T5889] usb 3-1: Product: syz
[ 1106.127461][ T5889] usb 3-1: Manufacturer: syz
[ 1106.133080][ T5889] usb 3-1: SerialNumber: syz
[ 1106.140892][T17196] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1106.392703][ T5889] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[ 1106.403146][ T5889] usb 3-1: 2:1 : invalid channels 0
[ 1106.458640][ T5889] usb 3-1: USB disconnect, device number 73
[ 1106.520675][T20103] udevd[20103]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1106.651227][T17196] gspca_ov534_9: reg_w failed -71
[ 1106.839492][T21004] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3482'.
[ 1106.978816][T17196] gspca_ov534_9: Unknown sensor 0000
[ 1106.978914][T17196] ov534_9 6-1:0.0: probe with driver ov534_9 failed with error -22
[ 1107.046495][T17196] usb 6-1: USB disconnect, device number 3
[ 1107.187298][   T48] pegasus 7-1:0.0: setup Pegasus II specific registers
[ 1107.322018][   T48] pegasus 7-1:0.0: can't locate MII phy, using default
[ 1107.388640][   T48] pegasus 7-1:0.0: eth5, ELECOM USB Ethernet LD-USB20, 0e:4b:be:8a:6f:0e
[ 1107.433888][   T48] usb 7-1: USB disconnect, device number 53
[ 1107.702553][T21026] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1107.885455][   T30] audit: type=1326 audit(1747753893.514:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1107.949599][   T30] audit: type=1326 audit(1747753893.514:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.017668][   T30] audit: type=1326 audit(1747753893.514:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.096402][   T30] audit: type=1326 audit(1747753893.514:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.157216][   T30] audit: type=1326 audit(1747753893.514:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.179684][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1108.409761][   T30] audit: type=1326 audit(1747753893.514:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.550182][   T30] audit: type=1326 audit(1747753893.514:2740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.683491][   T30] audit: type=1326 audit(1747753893.514:2741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.794091][   T30] audit: type=1326 audit(1747753893.514:2742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1108.978845][   T30] audit: type=1326 audit(1747753893.514:2743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21031 comm="syz.6.3490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1109.662188][T21068] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1110.206615][T21076] netlink: 23 bytes leftover after parsing attributes in process `syz.0.3497'.
[ 1110.629752][T17196] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1110.839438][T17196] usb 1-1: Using ep0 maxpacket: 32
[ 1110.872238][T17196] usb 1-1: config 0 has no interfaces?
[ 1110.939381][T17196] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[ 1110.948960][T17196] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 1110.956994][T17196] usb 1-1: Product: syz
[ 1111.014024][T17196] usb 1-1: Manufacturer: syz
[ 1111.066991][T17196] usb 1-1: config 0 descriptor??
[ 1111.352947][T17196] usb 1-1: USB disconnect, device number 101
[ 1113.508913][   T48] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[ 1113.677594][T21128] ptrace attach of "./syz-executor exec"[19458] was attempted by "./syz-executor exec"[21128]
[ 1113.711245][T21128] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3506'.
[ 1113.972863][T21133] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1114.032951][T21128] netlink: 'syz.0.3506': attribute type 21 has an invalid length.
[ 1114.059616][T21128] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3506'.
[ 1114.097735][T21128] netlink: 'syz.0.3506': attribute type 4 has an invalid length.
[ 1114.120115][T21128] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3506'.
[ 1114.231042][   T48] usb 7-1: config 0 has no interfaces?
[ 1114.421957][   T48] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1114.448241][   T48] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1114.483063][   T48] usb 7-1: Product: syz
[ 1114.605089][   T48] usb 7-1: Manufacturer: syz
[ 1114.615227][   T48] usb 7-1: SerialNumber: syz
[ 1114.624356][   T48] usb 7-1: config 0 descriptor??
[ 1115.855758][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.861804][ T5889] usb 7-1: USB disconnect, device number 54
[ 1115.862334][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.149881][ T5882] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[ 1116.280735][ T5882] usb 6-1: device descriptor read/64, error -71
[ 1116.339995][T21146] netlink: 48 bytes leftover after parsing attributes in process `syz.7.3513'.
[ 1116.659044][ T5882] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[ 1116.791045][ T5882] usb 6-1: device descriptor read/64, error -71
[ 1116.899594][ T5882] usb usb6-port1: attempt power cycle
[ 1117.288960][ T5882] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1117.323032][ T5882] usb 6-1: device descriptor read/8, error -71
[ 1117.569113][ T5882] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[ 1117.635880][ T5882] usb 6-1: device descriptor read/8, error -71
[ 1117.658967][T16915] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1117.749775][ T5882] usb usb6-port1: unable to enumerate USB device
[ 1117.837315][T16915] usb 1-1: device descriptor read/64, error -71
[ 1118.046984][T21184] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1118.119950][T16915] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1118.478965][T16915] usb 1-1: device descriptor read/64, error -71
[ 1118.589985][T16915] usb usb1-port1: attempt power cycle
[ 1118.928827][T10185] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1118.939093][T16915] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1118.961711][T16915] usb 1-1: device descriptor read/8, error -71
[ 1119.082109][T10185] usb 3-1: config 8 has an invalid interface number: 246 but max is 3
[ 1119.098828][T10185] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1119.178434][T10185] usb 3-1: config 8 has 1 interface, different from the descriptor's value: 4
[ 1119.233500][T10185] usb 3-1: config 8 has no interface number 0
[ 1119.241757][T10185] usb 3-1: config 8 interface 246 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1119.278919][T16915] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1119.315997][T10185] usb 3-1: config 8 interface 246 has no altsetting 0
[ 1119.326289][T16915] usb 1-1: device descriptor read/8, error -71
[ 1119.341896][T10185] usb 3-1: New USB device found, idVendor=1784, idProduct=0011, bcdDevice=4d.d6
[ 1119.361763][T10185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.379908][T10185] usb 3-1: Product: 詽ⷄ较绵饓늢䭲蕎꘎㵓崋詤켧纶Ⴅ쿈⬁䠳賽膀
[ 1119.399002][T10547] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1119.406675][T10185] usb 3-1: Manufacturer: 鈕尃ꨆ颸㲩꽻즇淪⽗䀙৉쓶솚ɢ逋隵ꥼ඾婣㖗풚᭠죌칎컌渭㬢
[ 1119.432518][T10185] usb 3-1: SerialNumber: 뇥镩窲਀懾헕ధﱓ棫౨
[ 1119.440395][T16915] usb usb1-port1: unable to enumerate USB device
[ 1119.548898][T10547] usb 6-1: Using ep0 maxpacket: 8
[ 1119.555742][T10547] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1119.566897][   T30] kauditd_printk_skb: 774 callbacks suppressed
[ 1119.566915][   T30] audit: type=1326 audit(1747753905.194:3518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91cb38e969 code=0x0
[ 1119.595373][T10547] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1119.623421][T10547] usb 6-1: config 0 descriptor??
[ 1119.683718][T10185] usb 3-1: USB disconnect, device number 74
[ 1119.748111][   T30] audit: type=1326 audit(1747753905.374:3519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.749278][   T30] audit: type=1326 audit(1747753905.374:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.752306][   T30] audit: type=1326 audit(1747753905.374:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.752359][   T30] audit: type=1326 audit(1747753905.384:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.752405][   T30] audit: type=1326 audit(1747753905.384:3523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.754054][   T30] audit: type=1326 audit(1747753905.384:3524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.845144][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1119.910158][   T30] audit: type=1326 audit(1747753905.384:3525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.910214][   T30] audit: type=1326 audit(1747753905.414:3526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21195 comm="syz.6.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91cb38e969 code=0x7ffc0000
[ 1119.910485][T10547] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1120.127999][T21192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1120.137074][T21192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1120.658132][   T30] audit: type=1326 audit(1747753906.224:3527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21204 comm="syz.0.3526" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c08d8e969 code=0x7ffc0000
[ 1120.680584][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1120.690423][T18387] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1120.868833][T18387] usb 3-1: Using ep0 maxpacket: 16
[ 1120.876355][T18387] usb 3-1: config 0 has an invalid interface number: 115 but max is 0
[ 1120.885962][T18387] usb 3-1: config 0 has no interface number 0
[ 1120.890986][   T48] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1121.308984][T18387] usb 3-1: config 0 interface 115 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[ 1121.482692][   T48] usb 1-1: Using ep0 maxpacket: 16
[ 1121.587076][T18387] usb 3-1: config 0 interface 115 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[ 1121.652233][T18387] usb 3-1: New USB device found, idVendor=eb1a, idProduct=2875, bcdDevice=6f.3f
[ 1121.678589][T18387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1121.713727][T18387] usb 3-1: Product: syz
[ 1121.724821][T18387] usb 3-1: Manufacturer: syz
[ 1121.742062][ T5889] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[ 1121.759008][T18387] usb 3-1: SerialNumber: syz
[ 1121.828270][T18387] usb 3-1: config 0 descriptor??
[ 1121.908960][ T5889] usb 7-1: Using ep0 maxpacket: 32
[ 1121.923186][ T5889] usb 7-1: config 0 has an invalid interface number: 9 but max is 0
[ 1121.932147][ T5889] usb 7-1: config 0 has no interface number 0
[ 1122.022015][ T5889] usb 7-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1122.031337][ T5889] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1122.039431][ T5889] usb 7-1: Product: syz
[ 1122.044066][ T5889] usb 7-1: Manufacturer: syz
[ 1122.093694][ T5889] usb 7-1: SerialNumber: syz
[ 1122.121980][ T5889] usb 7-1: config 0 descriptor??
[ 1122.131827][T10185] usb 3-1: USB disconnect, device number 75
[ 1122.233617][T10547] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1122.341854][T10547] asix 6-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 1122.365721][ T5889] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1122.388985][T10547] asix 6-1:0.0: probe with driver asix failed with error -71
[ 1122.505005][T10547] usb 6-1: USB disconnect, device number 8
[ 1123.270025][T21232] x_tables: ip_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[ 1123.667346][ T5889] gspca_topro: reg_w err -110
[ 1123.701249][ T5889] gspca_topro: Sensor soi763a
[ 1124.473512][T10185] usb 7-1: USB disconnect, device number 55
[ 1124.576961][   T48] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1124.586036][   T48] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1124.629533][   T48] usb 1-1: can't read configurations, error -71
[ 1125.024991][T21246] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1125.210661][T21247] dns_resolver: Unsupported content type (8)
[ 1125.330308][   T48] usb 1-1: new full-speed USB device number 107 using dummy_hcd
[ 1125.523073][   T48] usb 1-1: config 214 has an invalid descriptor of length 0, skipping remainder of the config
[ 1125.535017][   T48] usb 1-1: config 214 has 0 interfaces, different from the descriptor's value: 1
[ 1125.556008][   T48] usb 1-1: New USB device found, idVendor=054c, idProduct=002b, bcdDevice= 1.0c
[ 1125.566592][   T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1125.575867][   T48] usb 1-1: Product: syz
[ 1125.675281][T21255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1125.711045][   T48] usb 1-1: Manufacturer: syz
[ 1125.715709][   T48] usb 1-1: SerialNumber: syz
[ 1125.754146][T21247] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3536'.
[ 1126.601614][   T48] usb 1-1: USB disconnect, device number 107
[ 1128.543200][T21303] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1129.486247][T21319] loop6: detected capacity change from 0 to 524287999
[ 1129.538295][T21320] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 25 prio class 0
[ 1130.163497][T21322] VFS: Lookup of 'file0' in fuse fuse would have caused loop
[ 1131.175229][   T30] kauditd_printk_skb: 49 callbacks suppressed
[ 1131.175250][   T30] audit: type=1326 audit(1747753916.804:3577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21338 comm="syz.7.3559" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x0
[ 1131.400805][T21342] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1132.383130][T21353] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1133.131626][T21361] dns_resolver: Unsupported content type (8)
[ 1133.170429][T21361] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3563'.
[ 1133.182411][T21361] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3563'.
[ 1134.555676][T21370] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.3566'.
[ 1134.782854][T21377] loop2: detected capacity change from 0 to 7
[ 1134.789350][T10547] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[ 1134.825120][T15536]  loop2:
[ 1134.828268][T15536] loop2: partition table partially beyond EOD, truncated
[ 1134.848396][T21377]  loop2:
[ 1134.853270][T21377] loop2: partition table partially beyond EOD, truncated
[ 1134.986526][T10547] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1134.997211][T10547] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1135.047919][T10547] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1135.170177][T21381] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1135.215908][T10547] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1136.058915][T10185] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1136.304031][T10185] usb 3-1: config 0 has no interfaces?
[ 1136.316257][T10185] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1136.378949][T10185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1136.394951][T10185] usb 3-1: Product: syz
[ 1136.401111][T10185] usb 3-1: Manufacturer: syz
[ 1136.405823][T10185] usb 3-1: SerialNumber: syz
[ 1136.421073][T10185] usb 3-1: config 0 descriptor??
[ 1137.489121][T18387] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[ 1137.649548][T18387] usb 7-1: Using ep0 maxpacket: 16
[ 1138.418989][ T5889] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1138.566126][T10185] usb 3-1: USB disconnect, device number 76
[ 1138.726528][ T5889] usb 6-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1138.753410][ T5889] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1138.774828][ T5889] usb 6-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[ 1138.824635][ T5889] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1138.900671][ T5889] usb 6-1: config 0 descriptor??
[ 1139.053810][T21425] loop6: detected capacity change from 0 to 524287999
[ 1139.295534][T10547] usb 1-1: USB disconnect, device number 108
[ 1139.361053][ T5889] ntrig 0003:1B96:0009.0039: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.5-1/input0
[ 1139.475526][T21431] x_tables: duplicate underflow at hook 1
[ 1139.504023][T21431] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3582'.
[ 1139.547012][ T5889] ntrig 0003:1B96:0009.0039: Firmware version: 0.0.0.0.0 (0000 0000)
[ 1139.983184][ T5889] usb 6-1: USB disconnect, device number 9
[ 1140.029541][T18387] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1140.099205][T18387] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1140.121516][T18387] usb 7-1: can't read configurations, error -71
[ 1140.181907][T21438] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1140.667281][T21443] syzkaller1: entered promiscuous mode
[ 1140.676391][T21443] syzkaller1: entered allmulticast mode
[ 1140.687382][T21443] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1140.745382][T10297] Bluetooth: hci4: unexpected event for opcode 0x1408
[ 1140.920159][T21451] FAULT_INJECTION: forcing a failure.
[ 1140.920159][T21451] name failslab, interval 1, probability 0, space 0, times 0
[ 1140.938185][T21451] CPU: 0 UID: 0 PID: 21451 Comm: syz.5.3587 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1140.938213][T21451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1140.938227][T21451] Call Trace:
[ 1140.938235][T21451]  <TASK>
[ 1140.938244][T21451]  dump_stack_lvl+0x189/0x250
[ 1140.938281][T21451]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1140.938309][T21451]  ? __pfx__printk+0x10/0x10
[ 1140.938336][T21451]  ? __pfx___might_resched+0x10/0x10
[ 1140.938356][T21451]  ? fs_reclaim_acquire+0x7d/0x100
[ 1140.938390][T21451]  should_fail_ex+0x414/0x560
[ 1140.938418][T21451]  should_failslab+0xa8/0x100
[ 1140.938448][T21451]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1140.938473][T21451]  ? nf_tables_commit+0x866/0x8e70
[ 1140.938502][T21451]  nf_tables_commit+0x866/0x8e70
[ 1140.938525][T21451]  ? do_raw_spin_unlock+0x122/0x240
[ 1140.938553][T21451]  ? __free_frozen_pages+0x69a/0xcd0
[ 1140.938597][T21451]  ? __pfx___folio_put+0x10/0x10
[ 1140.938617][T21451]  ? __pfx_nf_tables_commit+0x10/0x10
[ 1140.938645][T21451]  ? free_large_kmalloc+0xeb/0x200
[ 1140.938676][T21451]  ? free_large_kmalloc+0x145/0x200
[ 1140.938710][T21451]  ? nf_tables_newrule+0x23bc/0x2890
[ 1140.938750][T21451]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1140.938808][T21451]  nfnetlink_rcv+0x1a5b/0x2530
[ 1140.938872][T21451]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1140.938955][T21451]  ? skb_clone+0x246/0x3a0
[ 1140.939001][T21451]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1140.939026][T21451]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1140.939057][T21451]  netlink_unicast+0x758/0x8d0
[ 1140.939090][T21451]  netlink_sendmsg+0x805/0xb30
[ 1140.939124][T21451]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1140.939152][T21451]  ? aa_sock_msg_perm+0x94/0x160
[ 1140.939177][T21451]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1140.939201][T21451]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1140.939226][T21451]  __sock_sendmsg+0x219/0x270
[ 1140.939270][T21451]  ____sys_sendmsg+0x505/0x830
[ 1140.939303][T21451]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1140.939343][T21451]  ? import_iovec+0x74/0xa0
[ 1140.939378][T21451]  ___sys_sendmsg+0x21f/0x2a0
[ 1140.939411][T21451]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1140.939480][T21451]  ? __fget_files+0x2a/0x420
[ 1140.939509][T21451]  ? __fget_files+0x3a0/0x420
[ 1140.939548][T21451]  __x64_sys_sendmsg+0x19b/0x260
[ 1140.939592][T21451]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1140.939635][T21451]  ? do_syscall_64+0xba/0x210
[ 1140.939666][T21451]  do_syscall_64+0xf6/0x210
[ 1140.939694][T21451]  ? clear_bhb_loop+0x60/0xb0
[ 1140.939719][T21451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1140.939738][T21451] RIP: 0033:0x7f20f1d8e969
[ 1140.939757][T21451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1140.939774][T21451] RSP: 002b:00007f20f2c30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1140.939804][T21451] RAX: ffffffffffffffda RBX: 00007f20f1fb6080 RCX: 00007f20f1d8e969
[ 1140.939819][T21451] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1140.939832][T21451] RBP: 00007f20f2c30090 R08: 0000000000000000 R09: 0000000000000000
[ 1140.939845][T21451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1140.939857][T21451] R13: 0000000000000000 R14: 00007f20f1fb6080 R15: 00007f20f20dfa28
[ 1140.939889][T21451]  </TASK>
[ 1141.256901][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1141.311406][   T30] audit: type=1326 audit(1747753926.934:3578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21452 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7ffc0000
[ 1141.441911][   T30] audit: type=1326 audit(1747753926.934:3579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21452 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fcde878e969 code=0x7ffc0000
[ 1141.630162][   T30] audit: type=1326 audit(1747753926.934:3580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21452 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7ffc0000
[ 1141.654324][   T30] audit: type=1326 audit(1747753926.934:3581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21452 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fcde878e969 code=0x7ffc0000
[ 1141.678902][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1141.709471][T21462] sctp: [Deprecated]: syz.6.3591 (pid 21462) Use of int in max_burst socket option.
[ 1141.709471][T21462] Use struct sctp_assoc_value instead
[ 1141.724531][   T30] audit: type=1326 audit(1747753927.044:3582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21452 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7ffc0000
[ 1141.798221][   T30] audit: type=1326 audit(1747753927.054:3583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21452 comm="syz.2.3588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7ffc0000
[ 1142.010882][T18387] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1142.188912][T16915] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[ 1142.209117][T18387] usb 3-1: Using ep0 maxpacket: 16
[ 1142.215773][T18387] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1142.274495][T18387] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1142.290774][T18387] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1142.311149][T18387] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1142.325963][T18387] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1142.352857][T16915] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1142.366228][T18387] usb 3-1: Product: syz
[ 1142.372945][T16915] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1142.383821][T18387] usb 3-1: Manufacturer: syz
[ 1142.398314][T18387] usb 3-1: SerialNumber: syz
[ 1142.403203][T16915] usb 7-1: Product: syz
[ 1142.432655][T16915] usb 7-1: Manufacturer: syz
[ 1142.472136][T16915] usb 7-1: SerialNumber: syz
[ 1142.500376][T16915] usb 7-1: config 0 descriptor??
[ 1142.520538][T16915] gspca_main: sunplus-2.14.0 probing 055f:c230
[ 1142.538980][ T5889] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 1142.644685][T18387] usb 3-1: 0:2 : does not exist
[ 1142.698933][ T5889] usb 1-1: Using ep0 maxpacket: 32
[ 1142.751016][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1142.766597][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1142.878442][ T5889] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1142.907865][T21486] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1142.942499][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1142.979888][ T5889] usb 1-1: config 0 descriptor??
[ 1143.026899][ T5889] hub 1-1:0.0: USB hub found
[ 1143.032077][T18387] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1)
[ 1143.167548][T16915] gspca_sunplus: reg_r err -32
[ 1143.185990][T16915] sunplus 7-1:0.0: probe with driver sunplus failed with error -32
[ 1143.220646][ T5889] hub 1-1:0.0: 26 ports detected
[ 1143.245910][T18387] usb 3-1: USB disconnect, device number 77
[ 1143.260900][ T5889] hub 1-1:0.0: insufficient power available to use all downstream ports
[ 1143.344052][T15536] udevd[15536]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1143.510853][ T5889] hub 1-1:0.0: hub_hub_status failed (err = -71)
[ 1143.522115][T21494] input: syz1 as /devices/virtual/input/input109
[ 1143.705424][ T5889] hub 1-1:0.0: config failed, can't get hub status (err -71)
[ 1143.770357][ T5889] usbhid 1-1:0.0: can't add hid device: -71
[ 1143.784294][ T5889] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1143.856007][ T5889] usb 1-1: USB disconnect, device number 109
[ 1143.878300][T21500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1143.894874][T21500] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1144.099983][ T5889] usb 7-1: USB disconnect, device number 58
[ 1144.408355][T21512] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[ 1144.578925][ T5889] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[ 1144.743149][ T5889] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1144.793733][ T5889] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1144.834906][T10297] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[ 1144.845014][ T5889] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1144.845105][T10297] Bluetooth: hci4: Injecting HCI hardware error event
[ 1144.864136][ T5889] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1144.866995][T10297] Bluetooth: hci4: hardware error 0x00
[ 1144.988312][ T5889] usb 7-1: config 0 descriptor??
[ 1145.148918][T10185] usb 1-1: new high-speed USB device number 110 using dummy_hcd
[ 1145.329940][T10185] usb 1-1: config 0 has no interfaces?
[ 1145.352723][T10185] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1145.383578][T10185] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1145.414854][T10185] usb 1-1: Product: syz
[ 1145.424647][T10185] usb 1-1: Manufacturer: syz
[ 1145.436317][T10185] usb 1-1: SerialNumber: syz
[ 1145.464261][T10185] usb 1-1: config 0 descriptor??
[ 1145.560986][ T5889] keytouch 0003:0926:3333.003A: fixing up Keytouch IEC report descriptor
[ 1145.652275][ T5889] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0926:3333.003A/input/input110
[ 1145.774459][T21508] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3603'.
[ 1145.795411][T21508] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3603'.
[ 1145.903590][T21532] FAULT_INJECTION: forcing a failure.
[ 1145.903590][T21532] name failslab, interval 1, probability 0, space 0, times 0
[ 1145.989142][T21532] CPU: 0 UID: 0 PID: 21532 Comm: syz.2.3607 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1145.989172][T21532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1145.989186][T21532] Call Trace:
[ 1145.989194][T21532]  <TASK>
[ 1145.989204][T21532]  dump_stack_lvl+0x189/0x250
[ 1145.989241][T21532]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1145.989270][T21532]  ? __pfx__printk+0x10/0x10
[ 1145.989294][T21532]  ? __pfx___might_resched+0x10/0x10
[ 1145.989315][T21532]  ? fs_reclaim_acquire+0x7d/0x100
[ 1145.989351][T21532]  should_fail_ex+0x414/0x560
[ 1145.989378][T21532]  should_failslab+0xa8/0x100
[ 1145.989408][T21532]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1145.989436][T21532]  ? __alloc_skb+0x112/0x2d0
[ 1145.989467][T21532]  __alloc_skb+0x112/0x2d0
[ 1145.989497][T21532]  nf_tables_rule_notify+0xc0/0x570
[ 1145.989534][T21532]  nf_tables_commit+0x1d28/0x8e70
[ 1145.989558][T21532]  ? do_raw_spin_unlock+0x122/0x240
[ 1145.989609][T21532]  ? __pfx_nf_tables_commit+0x10/0x10
[ 1145.989636][T21532]  ? free_large_kmalloc+0xeb/0x200
[ 1145.989667][T21532]  ? free_large_kmalloc+0x145/0x200
[ 1145.989696][T21532]  ? nf_tables_newrule+0x23bc/0x2890
[ 1145.989738][T21532]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1145.989808][T21532]  nfnetlink_rcv+0x1a5b/0x2530
[ 1145.989875][T21532]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1145.989902][T21532]  ? stack_depot_save_flags+0x40/0x910
[ 1145.990000][T21532]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1145.990025][T21532]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1145.990056][T21532]  netlink_unicast+0x758/0x8d0
[ 1145.990091][T21532]  netlink_sendmsg+0x805/0xb30
[ 1145.990128][T21532]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1145.990168][T21532]  ? aa_sock_msg_perm+0x94/0x160
[ 1145.990195][T21532]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1145.990219][T21532]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1145.990250][T21532]  __sock_sendmsg+0x219/0x270
[ 1145.990277][T21532]  ____sys_sendmsg+0x505/0x830
[ 1145.990313][T21532]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1145.990353][T21532]  ? import_iovec+0x74/0xa0
[ 1145.990387][T21532]  ___sys_sendmsg+0x21f/0x2a0
[ 1145.990420][T21532]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1145.990490][T21532]  ? __fget_files+0x2a/0x420
[ 1145.990518][T21532]  ? __fget_files+0x3a0/0x420
[ 1145.990557][T21532]  __x64_sys_sendmsg+0x19b/0x260
[ 1145.990587][T21532]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1145.990635][T21532]  ? do_syscall_64+0xba/0x210
[ 1145.990668][T21532]  do_syscall_64+0xf6/0x210
[ 1145.990697][T21532]  ? clear_bhb_loop+0x60/0xb0
[ 1145.990724][T21532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1145.990745][T21532] RIP: 0033:0x7fcde878e969
[ 1145.990764][T21532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1145.990783][T21532] RSP: 002b:00007fcde95bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1145.990806][T21532] RAX: ffffffffffffffda RBX: 00007fcde89b6080 RCX: 00007fcde878e969
[ 1145.990822][T21532] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1145.990836][T21532] RBP: 00007fcde95bc090 R08: 0000000000000000 R09: 0000000000000000
[ 1145.990850][T21532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1145.990863][T21532] R13: 0000000000000000 R14: 00007fcde89b6080 R15: 00007fcde8adfa28
[ 1145.990896][T21532]  </TASK>
[ 1146.315887][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1146.331226][ T5889] keytouch 0003:0926:3333.003A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0
[ 1146.713433][T21542] netlink: 'syz.5.3610': attribute type 15 has an invalid length.
[ 1146.799208][T21542] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3610'.
[ 1146.888990][T10297] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1146.928806][ T3590] usb 7-1: reset high-speed USB device number 59 using dummy_hcd
[ 1147.129280][ T3590] usb 7-1: device descriptor read/64, error -32
[ 1147.372794][ T3590] usb 7-1: reset high-speed USB device number 59 using dummy_hcd
[ 1147.648857][ T3590] usb 7-1: device descriptor read/64, error -32
[ 1147.710889][T10547] usb 1-1: USB disconnect, device number 110
[ 1147.847685][T21560] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3611'.
[ 1147.864835][T21560] loop8: detected capacity change from 0 to 8
[ 1147.877109][T21560] Dev loop8: unable to read RDB block 8
[ 1147.883032][T21560]  loop8: unable to read partition table
[ 1147.890960][T21560] loop8: partition table beyond EOD, truncated
[ 1147.897265][T21560] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1147.920033][T21560] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1148.130237][T21554] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1148.829037][   T48] usb 7-1: USB disconnect, device number 59
[ 1151.151249][T18387] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0
[ 1151.208021][T18387] hid-generic 0000:0000:0000.003B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1152.999689][T21623] support for cryptoloop has been removed.  Use dm-crypt instead.
[ 1153.279060][T10185] usb 1-1: new full-speed USB device number 112 using dummy_hcd
[ 1153.322821][   T30] audit: type=1326 audit(1747753938.954:3584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1153.345262][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.626957][T21636] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1153.649035][   T30] audit: type=1326 audit(1747753938.954:3585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1153.672195][   T30] audit: type=1326 audit(1747753938.954:3586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1153.694529][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.701921][   T30] audit: type=1326 audit(1747753938.954:3587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1153.724257][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.730611][   T30] audit: type=1326 audit(1747753938.954:3588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1153.754255][   T30] audit: type=1326 audit(1747753938.954:3589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1153.776613][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.785625][   T30] audit: type=1326 audit(1747753938.954:3590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1153.807987][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1154.049931][   T30] audit: type=1326 audit(1747753938.954:3591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1154.104502][T21640] ALSA: mixer_oss: invalid OSS volume ''
[ 1154.314286][   T30] audit: type=1326 audit(1747753938.954:3592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1154.337314][   T30] audit: type=1326 audit(1747753938.954:3593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21630 comm="syz.7.3630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f607492ab39 code=0x7ffc0000
[ 1154.359672][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1154.389237][T21640] ALSA: mixer_oss: invalid OSS volume '��+]OؓOG��e��c���9
bx'�ĮC�'
[ 1154.441248][T21640] ALSA: mixer_oss: invalid OSS volume '_����*[bYcq�~l�r�<W�|3z�'
[ 1154.462400][T21640] ALSA: mixer_oss: invalid OSS volume '{۱H��J:'
[ 1154.470246][T21640] ALSA: mixer_oss: invalid OSS volume '����B}s��둥"f�0����^�C���'
[ 1154.479448][T21640] ALSA: mixer_oss: invalid OSS volume '�gR�y�
�'���G!���P'
[ 1154.486976][T21640] ALSA: mixer_oss: invalid OSS volume '��{�����ouD�1*ڦi&qrm���4_Xn�'
[ 1154.498476][T21640] ALSA: mixer_oss: invalid OSS volume '��/U~d�?"���:9S��'
[ 1154.506422][T21640] ALSA: mixer_oss: invalid OSS volume '(�8�'
[ 1154.561245][T21640] ALSA: mixer_oss: invalid OSS volume '���'�)�3lo�X��+iG�9SNW�����'
[ 1154.587018][T21640] ALSA: mixer_oss: invalid OSS volume '�%�X%����9WsE?%�7�3'
[ 1154.629036][T21640] ALSA: mixer_oss: invalid OSS volume '��J�i'
[ 1154.636068][T21640] ALSA: mixer_oss: invalid OSS volume '������Of����S��Җ��[s��x��'
[ 1154.656394][T21640] ALSA: mixer_oss: invalid OSS volume ':�:IJ�U����TTځA��"B^��Csb;`c'
[ 1154.676624][T21640] ALSA: mixer_oss: invalid OSS volume 'cۉ�<��S٪3n���F��/���Pf'
[ 1154.703212][T21640] ALSA: mixer_oss: invalid OSS volume '�9������h�Ĩ�y�����^�7��]�'
[ 1154.717124][T21640] ALSA: mixer_oss: invalid OSS volume '�?6�<���g�$/����uX���Ad�>=V'
[ 1154.741015][T21640] ALSA: mixer_oss: invalid OSS volume '+����Ϳ����nU<$��^EKʘ�r�+'
[ 1154.818484][T21640] ALSA: mixer_oss: invalid OSS volume '+8�iYJz���'
[ 1155.491701][   T48] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[ 1155.718880][   T48] usb 7-1: Using ep0 maxpacket: 8
[ 1155.740687][   T48] usb 7-1: config 162 has an invalid interface number: 175 but max is 1
[ 1155.948666][   T48] usb 7-1: config 162 has an invalid interface number: 86 but max is 1
[ 1155.957104][   T48] usb 7-1: config 162 has no interface number 0
[ 1156.058131][   T48] usb 7-1: config 162 has no interface number 1
[ 1156.088313][T21658] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3635'.
[ 1156.313763][   T48] usb 7-1: config 162 interface 175 has no altsetting 0
[ 1156.342343][   T48] usb 7-1: config 162 interface 86 has no altsetting 0
[ 1156.529795][T10185] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[ 1156.567966][   T48] usb 7-1: New USB device found, idVendor=2899, idProduct=012c, bcdDevice=73.59
[ 1156.628779][   T48] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.679502][   T48] usb 7-1: Product: syz
[ 1156.713509][   T48] usb 7-1: Manufacturer: syz
[ 1156.729487][T10185] usb 1-1: Using ep0 maxpacket: 16
[ 1156.733964][   T48] usb 7-1: SerialNumber: syz
[ 1156.740947][T10185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[ 1156.766600][T10185] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[ 1156.810048][T10185] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1156.841921][T10185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.891726][T10185] usb 1-1: config 0 descriptor??
[ 1157.034335][T21667] rdma_op ffff88807d5379f0 conn xmit_rdma 0000000000000000
[ 1157.043841][T21667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3638'.
[ 1157.335088][T10185] kovaplus 0003:1E7D:2D50.003C: unknown main item tag 0x0
[ 1157.345999][T10185] kovaplus 0003:1E7D:2D50.003C: unknown main item tag 0x0
[ 1157.364549][T10185] kovaplus 0003:1E7D:2D50.003C: unknown main item tag 0x0
[ 1157.453278][T10185] kovaplus 0003:1E7D:2D50.003C: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0
[ 1157.528148][T21657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.544378][T21657] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.708599][   T48] usb 7-1: USB disconnect, device number 60
[ 1157.858260][T21675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.867569][T21675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1158.162194][T21680] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3641'.
[ 1158.246855][T21683] netlink: 280 bytes leftover after parsing attributes in process `syz.6.3640'.
[ 1158.304744][T10185] kovaplus 0003:1E7D:2D50.003C: couldn't init struct kovaplus_device
[ 1158.333134][T10185] kovaplus 0003:1E7D:2D50.003C: couldn't install mouse
[ 1158.411960][T10185] kovaplus 0003:1E7D:2D50.003C: probe with driver kovaplus failed with error -71
[ 1158.446896][T10185] usb 1-1: USB disconnect, device number 113
[ 1158.535306][T21689] netdevsim netdevsim5 netdevsim0: left allmulticast mode
[ 1158.543094][ T3590] usb 7-1: new full-speed USB device number 61 using dummy_hcd
[ 1158.618116][T21689] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1158.741026][ T3590] usb 7-1: not running at top speed; connect to a high speed hub
[ 1158.765272][ T3590] usb 7-1: config 3 has an invalid interface number: 31 but max is 2
[ 1158.777876][ T3590] usb 7-1: config 3 has an invalid interface number: 81 but max is 2
[ 1158.825151][ T3590] usb 7-1: config 3 has an invalid interface number: 83 but max is 2
[ 1158.870615][ T3590] usb 7-1: config 3 has no interface number 0
[ 1158.915154][ T3590] usb 7-1: config 3 has no interface number 1
[ 1158.947185][ T3590] usb 7-1: config 3 has no interface number 2
[ 1158.985416][ T3590] usb 7-1: config 3 interface 31 altsetting 113 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1159.036709][ T3590] usb 7-1: config 3 interface 81 altsetting 8 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[ 1159.097211][ T3590] usb 7-1: config 3 interface 81 altsetting 8 endpoint 0xA has invalid maxpacket 1023, setting to 64
[ 1159.165071][ T3590] usb 7-1: config 3 interface 81 altsetting 8 has a duplicate endpoint with address 0xA, skipping
[ 1159.237866][ T3590] usb 7-1: config 3 interface 81 altsetting 8 has a duplicate endpoint with address 0x5, skipping
[ 1159.297522][ T3590] usb 7-1: config 3 interface 81 altsetting 8 has a duplicate endpoint with address 0xD, skipping
[ 1159.368111][ T3590] usb 7-1: config 3 interface 81 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[ 1159.369556][T10185] usb 1-1: new high-speed USB device number 114 using dummy_hcd
[ 1159.427702][ T3590] usb 7-1: config 3 interface 81 altsetting 8 endpoint 0xF has invalid maxpacket 19679, setting to 64
[ 1159.498893][ T3590] usb 7-1: config 3 interface 81 altsetting 8 has a duplicate endpoint with address 0xA, skipping
[ 1159.534976][ T3590] usb 7-1: config 3 interface 83 altsetting 241 endpoint 0x4 has invalid maxpacket 512, setting to 64
[ 1159.566627][ T3590] usb 7-1: config 3 interface 83 altsetting 241 has a duplicate endpoint with address 0x5, skipping
[ 1159.584411][ T3590] usb 7-1: config 3 interface 83 altsetting 241 has a duplicate endpoint with address 0xF, skipping
[ 1159.595759][ T3590] usb 7-1: config 3 interface 83 altsetting 241 has a duplicate endpoint with address 0x9, skipping
[ 1159.598935][T10185] usb 1-1: Using ep0 maxpacket: 32
[ 1159.611827][ T3590] usb 7-1: config 3 interface 83 altsetting 241 endpoint 0x1 has an invalid bInterval 247, changing to 4
[ 1159.611864][ T3590] usb 7-1: config 3 interface 83 altsetting 241 has a duplicate endpoint with address 0x5, skipping
[ 1159.611890][ T3590] usb 7-1: config 3 interface 83 altsetting 241 endpoint 0xC has invalid maxpacket 1024, setting to 64
[ 1159.611919][ T3590] usb 7-1: config 3 interface 83 altsetting 241 has a duplicate endpoint with address 0xC, skipping
[ 1159.611946][ T3590] usb 7-1: config 3 interface 83 altsetting 241 has a duplicate endpoint with address 0xC, skipping
[ 1159.669130][ T3590] usb 7-1: config 3 interface 31 has no altsetting 0
[ 1159.683785][T21700] netlink: zone id is out of range
[ 1159.685398][ T3590] usb 7-1: config 3 interface 81 has no altsetting 0
[ 1159.699810][ T3590] usb 7-1: config 3 interface 83 has no altsetting 0
[ 1159.709197][T21700] netlink: zone id is out of range
[ 1159.714454][T21700] netlink: zone id is out of range
[ 1159.720770][T21700] netlink: zone id is out of range
[ 1159.727578][T21700] netlink: zone id is out of range
[ 1159.734839][T21700] netlink: zone id is out of range
[ 1159.735604][T10185] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 16
[ 1159.745683][ T3590] usb 7-1: New USB device found, idVendor=08ca, idProduct=2018, bcdDevice=38.54
[ 1159.760170][T21700] netlink: zone id is out of range
[ 1159.762201][T10185] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x3 has invalid maxpacket 1023
[ 1159.775141][ T3590] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1159.776416][T21701] ipt_REJECT: ECHOREPLY no longer supported.
[ 1159.791675][T10185] usb 1-1: config 1 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1159.792280][T21700] netlink: zone id is out of range
[ 1159.811000][T21700] netlink: zone id is out of range
[ 1159.814799][T10185] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1159.825995][ T3590] usb 7-1: Product: ж
[ 1159.827608][T10185] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1159.840670][T10185] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1159.845480][ T3590] usb 7-1: Manufacturer: 匿㶨皖楿牢按뽂딁命짞뼽喁燷य遙悑몠Ⓧ霁䏻䴗
[ 1159.848671][T10185] usb 1-1: Product: ᅋꝎ簁샵ᡂ麙狅뾣⑴⊛ꃼޛ햬蒝䪊ㇺ䶎㺴༏蹄쥿䖃⴫Ì溞呍꩷䒡䀻♒纀먀㒼钧뒝⠱䎣ၦ浹暆쏲㮡꾨䢸℻뇐念莥ꦄ溛犐쳺묔Š秇ﻔ꺑巴쐙ꂬ筻
[ 1159.886074][T10185] usb 1-1: Manufacturer: ␄妞ﰀ鲔௓赁㎻짪煤趽⮿韚⢫嵍㝟쩐䟞핂⽋쨲煎禐䈙뻌渷씽䲉퀙ட퐿ઍ᠗㘥熎茱鏊篔詛ⶾ疠ᛄ⃀鉛ᰮ⾳圢쫊琥፳裫￳ꋧ掁㥡㪙
[ 1159.886061][ T3590] usb 7-1: SerialNumber: ૎崇惆塲혚郒䩚梏釂謷괌ﲌ蓁塭榶Ἃ甚볻聊ｎⳊ蠆쏋폼ᖙ뻽溺Ⱒ킂街戣迏쁅礃ﭴ蘯옿⯉ꔉ萈逘䓂倛Ꮘ测Ứ羇댇ꭴ䮬臯腎ꨯヤ⨬李鐬중䓅떕ꞡ쀚잿쉴푣亅䠕ꒇᬂ뎪쌃秷㪊ᤛ쩉ὃ〿뉉舧퇗땉鴶뚅ݱି༛믃嚲
[ 1159.907309][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1159.958569][T10185] usb 1-1: SerialNumber: ї
[ 1159.973910][T21693] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1159.981672][T21693] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1160.205101][T10185] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[ 1160.219443][T10185] usb 1-1: USB disconnect, device number 114
[ 1160.904903][T21717] netlink: 'syz.7.3651': attribute type 4 has an invalid length.
[ 1160.934187][T21713] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1161.440239][T21726] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3652'.
[ 1161.462969][ T3590] usb 7-1: USB disconnect, device number 61
[ 1162.358921][ T3590] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1162.538898][ T3590] usb 6-1: Using ep0 maxpacket: 16
[ 1162.550078][ T3590] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1162.575944][ T3590] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1162.615453][ T3590] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1162.632159][ T3590] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1162.641798][ T3590] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.650554][ T3590] usb 6-1: Product: syz
[ 1162.654908][ T3590] usb 6-1: Manufacturer: syz
[ 1162.660771][ T3590] usb 6-1: SerialNumber: syz
[ 1162.719151][T10547] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1162.889200][T10547] usb 3-1: Using ep0 maxpacket: 16
[ 1162.911408][T10547] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1162.948598][T10547] usb 3-1: config 129 has an invalid interface number: 145 but max is 0
[ 1162.966029][T10547] usb 3-1: config 129 has no interface number 0
[ 1162.976849][T10547] usb 3-1: config 129 interface 145 has no altsetting 0
[ 1162.987224][T10547] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= d.2f
[ 1163.018473][T21751] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3659'.
[ 1163.033878][T10547] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1163.042329][T10547] usb 3-1: Product: syz
[ 1163.046701][T10547] usb 3-1: Manufacturer: syz
[ 1163.051966][T10547] usb 3-1: SerialNumber: syz
[ 1163.067214][T16915] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[ 1163.111271][ T3590] usb 6-1: 2:1 : format type 0 is detected, processed as PCM
[ 1163.238878][T16915] usb 1-1: device descriptor read/64, error -71
[ 1163.310768][T21739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1163.320702][T21739] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1163.350301][T10547] usb 3-1: disable ehci-hcd to run US-144
[ 1163.365471][T10547] usb 3-1: USB disconnect, device number 78
[ 1163.478971][T16915] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 1163.629014][T16915] usb 1-1: device descriptor read/64, error -71
[ 1163.741496][T16915] usb usb1-port1: attempt power cycle
[ 1163.956822][ T3590] usb 6-1: 2:1: cannot get freq at ep 0x82
[ 1164.027257][ T3590] usb 6-1: USB disconnect, device number 10
[ 1164.099635][T16915] usb 1-1: new high-speed USB device number 117 using dummy_hcd
[ 1164.179819][T16915] usb 1-1: device descriptor read/8, error -71
[ 1164.448916][T16915] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[ 1164.529836][T16915] usb 1-1: device descriptor read/8, error -71
[ 1164.568865][   T48] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1164.721686][T16915] usb usb1-port1: unable to enumerate USB device
[ 1164.860504][   T48] usb 3-1: Using ep0 maxpacket: 8
[ 1164.867439][   T48] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1164.878854][   T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1164.947102][   T48] usb 3-1: config 0 descriptor??
[ 1164.967391][T21771] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1165.050404][T16915] usb 7-1: new high-speed USB device number 62 using dummy_hcd
[ 1165.253233][   T48] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1165.459725][T16915] usb 7-1: Using ep0 maxpacket: 32
[ 1165.479371][T16915] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1165.495145][T16915] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1165.505703][T16915] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1165.551466][T16915] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1165.588668][   T48] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1165.600358][T16915] usb 7-1: config 0 descriptor??
[ 1165.750263][   T48] asix 3-1:0.0: probe with driver asix failed with error -61
[ 1165.791573][T21756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1165.810470][T21756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1165.901729][   T48] usb 3-1: USB disconnect, device number 79
[ 1166.422202][T21790] FAULT_INJECTION: forcing a failure.
[ 1166.422202][T21790] name failslab, interval 1, probability 0, space 0, times 0
[ 1166.441818][T21790] CPU: 0 UID: 0 PID: 21790 Comm: syz.0.3667 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1166.441840][T21790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1166.441850][T21790] Call Trace:
[ 1166.441857][T21790]  <TASK>
[ 1166.441864][T21790]  dump_stack_lvl+0x189/0x250
[ 1166.441893][T21790]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1166.441915][T21790]  ? __pfx__printk+0x10/0x10
[ 1166.441935][T21790]  ? __pfx___might_resched+0x10/0x10
[ 1166.441953][T21790]  should_fail_ex+0x414/0x560
[ 1166.441973][T21790]  should_failslab+0xa8/0x100
[ 1166.441995][T21790]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1166.442017][T21790]  ? __alloc_skb+0x112/0x2d0
[ 1166.442040][T21790]  __alloc_skb+0x112/0x2d0
[ 1166.442062][T21790]  nf_tables_commit+0x7b26/0x8e70
[ 1166.442080][T21790]  ? do_raw_spin_unlock+0x122/0x240
[ 1166.442116][T21790]  ? __pfx_nf_tables_commit+0x10/0x10
[ 1166.442136][T21790]  ? free_large_kmalloc+0xeb/0x200
[ 1166.442159][T21790]  ? free_large_kmalloc+0x145/0x200
[ 1166.442181][T21790]  ? nf_tables_newrule+0x23bc/0x2890
[ 1166.442212][T21790]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1166.442248][T21790]  nfnetlink_rcv+0x1a5b/0x2530
[ 1166.442298][T21790]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1166.442318][T21790]  ? stack_depot_save_flags+0x40/0x910
[ 1166.442390][T21790]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1166.442409][T21790]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1166.442431][T21790]  netlink_unicast+0x758/0x8d0
[ 1166.442455][T21790]  netlink_sendmsg+0x805/0xb30
[ 1166.442498][T21790]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1166.442518][T21790]  ? aa_sock_msg_perm+0x94/0x160
[ 1166.442536][T21790]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1166.442553][T21790]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1166.442572][T21790]  __sock_sendmsg+0x219/0x270
[ 1166.442590][T21790]  ____sys_sendmsg+0x505/0x830
[ 1166.442614][T21790]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1166.442641][T21790]  ? import_iovec+0x74/0xa0
[ 1166.442664][T21790]  ___sys_sendmsg+0x21f/0x2a0
[ 1166.442686][T21790]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1166.442734][T21790]  ? __fget_files+0x2a/0x420
[ 1166.442754][T21790]  ? __fget_files+0x3a0/0x420
[ 1166.442781][T21790]  __x64_sys_sendmsg+0x19b/0x260
[ 1166.442803][T21790]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1166.442835][T21790]  ? do_syscall_64+0xba/0x210
[ 1166.442859][T21790]  do_syscall_64+0xf6/0x210
[ 1166.442878][T21790]  ? clear_bhb_loop+0x60/0xb0
[ 1166.442904][T21790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1166.442918][T21790] RIP: 0033:0x7f7c08d8e969
[ 1166.442932][T21790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1166.442962][T21790] RSP: 002b:00007f7c06bb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1166.442979][T21790] RAX: ffffffffffffffda RBX: 00007f7c08fb6160 RCX: 00007f7c08d8e969
[ 1166.442990][T21790] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1166.443000][T21790] RBP: 00007f7c06bb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1166.443009][T21790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1166.443018][T21790] R13: 0000000000000000 R14: 00007f7c08fb6160 R15: 00007f7c090dfa28
[ 1166.443041][T21790]  </TASK>
[ 1166.756087][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1167.259028][   T30] kauditd_printk_skb: 549 callbacks suppressed
[ 1167.259048][   T30] audit: type=1800 audit(1747753952.884:4143): pid=21789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3666" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=103002 res=0 errno=0
[ 1167.297323][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1167.546182][T21794] team0: Port device bridge1 added
[ 1167.792123][T17196] usb 7-1: USB disconnect, device number 62
[ 1168.199333][ T3590] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1168.360953][ T3590] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1168.377429][ T3590] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1168.390497][ T3590] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1168.424301][ T3590] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1168.457413][ T3590] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1168.488485][ T3590] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.550098][ T3590] usb 6-1: config 0 descriptor??
[ 1168.801493][ T3590] hdpvr 6-1:0.0: firmware version 0x0 dated 
[ 1168.831920][ T3590] hdpvr 6-1:0.0: untested firmware, the driver might not work.
[ 1169.026929][T21819] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1169.052068][T21819] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1169.068865][T16915] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1169.224458][T16915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1169.240747][T16915] usb 3-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[ 1169.250116][T16915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1169.262324][T16915] usb 3-1: config 0 descriptor??
[ 1169.332395][ T3590] hdpvr 6-1:0.0: Could not setup controls
[ 1169.340324][ T3590] hdpvr 6-1:0.0: registering videodev failed
[ 1169.367278][ T3590] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -71
[ 1169.387900][ T3590] usb 6-1: USB disconnect, device number 11
[ 1169.403923][T21822] ptrace attach of "./syz-executor exec"[18355] was attempted by "./syz-executor exec"[21822]
[ 1169.659015][T17196] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[ 1169.829217][T17196] usb 7-1: Using ep0 maxpacket: 32
[ 1169.840236][T17196] usb 7-1: config 0 has an invalid interface number: 150 but max is 0
[ 1169.854432][T17196] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1169.874757][T17196] usb 7-1: config 0 has no interface number 0
[ 1169.885387][T17196] usb 7-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice= 8.b6
[ 1169.901601][T17196] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.912906][T17196] usb 7-1: Product: syz
[ 1169.917385][T17196] usb 7-1: Manufacturer: syz
[ 1169.924987][T17196] usb 7-1: SerialNumber: syz
[ 1169.938388][T21825] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3677'.
[ 1169.974195][T17196] usb 7-1: config 0 descriptor??
[ 1170.004179][T17196] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f
[ 1170.111851][T21828] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1170.634894][T17196] gspca_sn9c20x: Write register 1000 failed -110
[ 1170.650273][T17196] gspca_sn9c20x: Device initialization failed
[ 1170.859002][T17196] gspca_sn9c20x 7-1:0.150: probe with driver gspca_sn9c20x failed with error -110
[ 1171.067548][T21835] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3680'.
[ 1171.971548][T18387] usb 7-1: USB disconnect, device number 63
[ 1171.995723][T16915] usbhid 3-1:0.0: can't add hid device: -71
[ 1172.047958][T16915] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1172.105778][T16915] usb 3-1: USB disconnect, device number 80
[ 1172.651846][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802b3e2000: rx timeout, send abort
[ 1172.662388][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802b3e2000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1173.069770][T21854] x_tables: ip_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT
[ 1173.733127][T21874] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3688'.
[ 1173.797356][T21874] net_ratelimit: 10 callbacks suppressed
[ 1173.797373][T21874] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1174.515549][T21888] netlink: 'syz.6.3691': attribute type 2 has an invalid length.
[ 1174.534301][T21886] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1176.938558][T21918] ip6t_REJECT: TCP_RESET illegal for non-tcp
[ 1177.299670][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.306289][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.738997][ T5882] usb 7-1: new full-speed USB device number 64 using dummy_hcd
[ 1177.922324][ T5882] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1177.963080][ T5882] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1178.016307][ T5882] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1178.039220][T16915] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1178.056278][ T5882] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.097098][ T5882] hub 7-1:4.0: USB hub found
[ 1178.268335][T16915] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1178.277966][T16915] usb 3-1: New USB device strings: Mfr=1, Product=127, SerialNumber=255
[ 1178.287141][ T5882] hub 7-1:4.0: 13 ports detected
[ 1178.292683][T16915] usb 3-1: Product: syz
[ 1178.297353][ T5882] usb 7-1: selecting invalid altsetting 1
[ 1178.303765][T16915] usb 3-1: Manufacturer: syz
[ 1178.311908][ T5882] hub 7-1:4.0: Using single TT (err -22)
[ 1178.317703][T16915] usb 3-1: SerialNumber: syz
[ 1178.374154][T21933] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1178.399138][ T5882] hub 7-1:4.0: insufficient power available to use all downstream ports
[ 1178.409982][T16915] usb 3-1: config 0 descriptor??
[ 1178.496145][ T5882] hub 7-1:4.0: hub_hub_status failed (err = -71)
[ 1178.505369][ T5882] hub 7-1:4.0: config failed, can't get hub status (err -71)
[ 1178.579678][ T5882] usb 7-1: USB disconnect, device number 64
[ 1178.945661][   T30] audit: type=1326 audit(1747753964.564:4144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1178.984439][   T30] audit: type=1326 audit(1747753964.564:4145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.006897][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1179.020683][   T30] audit: type=1326 audit(1747753964.564:4146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.043207][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1179.054252][   T30] audit: type=1326 audit(1747753964.564:4147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.076697][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1179.093610][   T30] audit: type=1326 audit(1747753964.564:4148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.168928][   T30] audit: type=1326 audit(1747753964.564:4149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.191441][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1179.292674][T21938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1179.336239][T21938] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.348133][   T30] audit: type=1326 audit(1747753964.564:4150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.394556][   T30] audit: type=1326 audit(1747753964.564:4151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.418931][   T30] audit: type=1326 audit(1747753964.564:4152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.441439][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1179.460373][   T30] audit: type=1326 audit(1747753964.564:4153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21923 comm="syz.2.3702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcde878e969 code=0x7fc00000
[ 1179.588821][T16915] usb 3-1: Firmware version (0.0) predates our first public release.
[ 1179.603314][T16915] usb 3-1: Please update to version 0.2 or newer
[ 1179.761445][T10185] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[ 1179.800140][T16915] usb 3-1: USB disconnect, device number 81
[ 1179.973819][T10185] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1180.057114][T10185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1180.106190][T10185] usb 1-1: config 0 descriptor??
[ 1180.141180][T21962] fuse: Bad value for 'fd'
[ 1180.441243][T21969] fuse: Bad value for 'fd'
[ 1180.615496][T21972] netlink: 'syz.7.3712': attribute type 16 has an invalid length.
[ 1180.768881][T21972] netlink: 'syz.7.3712': attribute type 17 has an invalid length.
[ 1180.814860][T21967] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1180.931694][T21967] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1181.291722][T10185] ath6kl: Failed to submit usb control message: -110
[ 1181.312313][T10185] ath6kl: unable to send the bmi data to the device: -110
[ 1181.391730][T10185] ath6kl: Unable to send get target info: -110
[ 1181.446310][T10185] ath6kl: Failed to init ath6kl core: -110
[ 1181.494056][T10185] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1181.578170][T21972] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1182.458987][T10547] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[ 1182.532037][T10185] usb 1-1: USB disconnect, device number 119
[ 1182.637371][T10547] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1182.663028][T10547] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1182.679855][T21986] loop8: detected capacity change from 0 to 7
[ 1182.690213][T10547] usb 7-1: config 0 descriptor??
[ 1182.708031][T15536] Dev loop8: unable to read RDB block 7
[ 1182.715202][T10547] cp210x 7-1:0.0: cp210x converter detected
[ 1182.719296][T15536]  loop8: unable to read partition table
[ 1182.728070][T15536] loop8: partition table beyond EOD, truncated
[ 1184.970221][T22017] FAULT_INJECTION: forcing a failure.
[ 1184.970221][T22017] name failslab, interval 1, probability 0, space 0, times 0
[ 1185.010779][T22017] CPU: 0 UID: 0 PID: 22017 Comm: syz.5.3722 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1185.010810][T22017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1185.010824][T22017] Call Trace:
[ 1185.010833][T22017]  <TASK>
[ 1185.010844][T22017]  dump_stack_lvl+0x189/0x250
[ 1185.010885][T22017]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1185.010915][T22017]  ? __pfx__printk+0x10/0x10
[ 1185.010941][T22017]  ? __pfx___might_resched+0x10/0x10
[ 1185.010961][T22017]  ? fs_reclaim_acquire+0x7d/0x100
[ 1185.010998][T22017]  should_fail_ex+0x414/0x560
[ 1185.011027][T22017]  should_failslab+0xa8/0x100
[ 1185.011057][T22017]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1185.011083][T22017]  ? skb_clone+0x212/0x3a0
[ 1185.011120][T22017]  skb_clone+0x212/0x3a0
[ 1185.011149][T22017]  ? netlink_trim+0x188/0x2e0
[ 1185.011175][T22017]  netlink_trim+0x19f/0x2e0
[ 1185.011209][T22017]  netlink_broadcast_filtered+0x80/0x1140
[ 1185.011233][T22017]  ? nfnl_pernet+0x23/0x240
[ 1185.011269][T22017]  ? nfnl_pernet+0x23/0x240
[ 1185.011297][T22017]  ? nfnl_pernet+0x23/0x240
[ 1185.011323][T22017]  ? nfnl_pernet+0x23/0x240
[ 1185.011355][T22017]  nlmsg_notify+0xf0/0x1a0
[ 1185.011385][T22017]  nf_tables_commit+0x7fb4/0x8e70
[ 1185.011411][T22017]  ? do_raw_spin_unlock+0x122/0x240
[ 1185.011464][T22017]  ? __pfx_nf_tables_commit+0x10/0x10
[ 1185.011492][T22017]  ? free_large_kmalloc+0xeb/0x200
[ 1185.011522][T22017]  ? free_large_kmalloc+0x145/0x200
[ 1185.011553][T22017]  ? nf_tables_newrule+0x23bc/0x2890
[ 1185.011596][T22017]  ? __pfx_nf_tables_newrule+0x10/0x10
[ 1185.011647][T22017]  nfnetlink_rcv+0x1a5b/0x2530
[ 1185.011712][T22017]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1185.011808][T22017]  ? skb_clone+0x246/0x3a0
[ 1185.011855][T22017]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1185.011879][T22017]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1185.011908][T22017]  netlink_unicast+0x758/0x8d0
[ 1185.011941][T22017]  netlink_sendmsg+0x805/0xb30
[ 1185.011976][T22017]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1185.012006][T22017]  ? aa_sock_msg_perm+0x94/0x160
[ 1185.012031][T22017]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1185.012071][T22017]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1185.012098][T22017]  __sock_sendmsg+0x219/0x270
[ 1185.012124][T22017]  ____sys_sendmsg+0x505/0x830
[ 1185.012161][T22017]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1185.012208][T22017]  ? import_iovec+0x74/0xa0
[ 1185.012246][T22017]  ___sys_sendmsg+0x21f/0x2a0
[ 1185.012279][T22017]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1185.012351][T22017]  ? __fget_files+0x2a/0x420
[ 1185.012378][T22017]  ? __fget_files+0x3a0/0x420
[ 1185.012418][T22017]  __x64_sys_sendmsg+0x19b/0x260
[ 1185.012451][T22017]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1185.012498][T22017]  ? do_syscall_64+0xba/0x210
[ 1185.012532][T22017]  do_syscall_64+0xf6/0x210
[ 1185.012560][T22017]  ? clear_bhb_loop+0x60/0xb0
[ 1185.012599][T22017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1185.012618][T22017] RIP: 0033:0x7f20f1d8e969
[ 1185.012637][T22017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1185.012654][T22017] RSP: 002b:00007f20f2c30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1185.012676][T22017] RAX: ffffffffffffffda RBX: 00007f20f1fb6080 RCX: 00007f20f1d8e969
[ 1185.012691][T22017] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1185.012705][T22017] RBP: 00007f20f2c30090 R08: 0000000000000000 R09: 0000000000000000
[ 1185.012718][T22017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1185.012730][T22017] R13: 0000000000000000 R14: 00007f20f1fb6080 R15: 00007f20f20dfa28
[ 1185.012762][T22017]  </TASK>
[ 1185.366565][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1185.648160][T10547] cp210x 7-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1185.778220][T10547] cp210x 7-1:0.0: querying part number failed
[ 1185.976910][T10547] usb 7-1: cp210x converter now attached to ttyUSB0
[ 1186.008264][T10547] usb 7-1: USB disconnect, device number 65
[ 1186.424764][T10547] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1186.456509][T10547] cp210x 7-1:0.0: device disconnected
[ 1186.696766][T22040] dns_resolver: Unsupported content type (8)
[ 1186.729065][T22040] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3726'.
[ 1186.738239][T22040] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3726'.
[ 1188.805180][T22069] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3732'.
[ 1190.061663][T22094] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1190.337455][T22102] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1190.758008][T10547] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[ 1191.113812][T10547] usb 7-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[ 1191.184185][ T3590] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1191.194612][T10547] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.388769][T10547] usb 7-1: Product: syz
[ 1191.409808][T10547] usb 7-1: Manufacturer: syz
[ 1191.414466][T10547] usb 7-1: SerialNumber: syz
[ 1191.440978][T10547] usb 7-1: config 0 descriptor??
[ 1191.481045][T10547] gspca_main: sunplus-2.14.0 probing 04fc:504a
[ 1191.521668][ T3590] usb 6-1: config 0 has no interfaces?
[ 1191.536229][ T3590] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1191.548832][ T3590] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.597259][ T3590] usb 6-1: Product: syz
[ 1191.670412][ T3590] usb 6-1: Manufacturer: syz
[ 1191.746515][ T3590] usb 6-1: SerialNumber: syz
[ 1191.772182][ T3590] usb 6-1: config 0 descriptor??
[ 1192.043148][T22113] netlink: 'syz.5.3742': attribute type 2 has an invalid length.
[ 1192.293880][T22119] FAULT_INJECTION: forcing a failure.
[ 1192.293880][T22119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1192.312763][T22119] CPU: 0 UID: 0 PID: 22119 Comm: syz.0.3745 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1192.312810][T22119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1192.312833][T22119] Call Trace:
[ 1192.312846][T22119]  <TASK>
[ 1192.312856][T22119]  dump_stack_lvl+0x189/0x250
[ 1192.312889][T22119]  ? __lock_acquire+0xaac/0xd20
[ 1192.312921][T22119]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1192.312950][T22119]  ? __pfx__printk+0x10/0x10
[ 1192.312971][T22119]  ? __might_fault+0xb0/0x130
[ 1192.313012][T22119]  should_fail_ex+0x414/0x560
[ 1192.313040][T22119]  _copy_from_user+0x2d/0xb0
[ 1192.313070][T22119]  kstrtouint_from_user+0xc4/0x170
[ 1192.313099][T22119]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1192.313143][T22119]  proc_fail_nth_write+0x88/0x240
[ 1192.313173][T22119]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1192.313209][T22119]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1192.313240][T22119]  vfs_write+0x27b/0xa90
[ 1192.313274][T22119]  ? __pfx_vfs_write+0x10/0x10
[ 1192.313302][T22119]  ? __fget_files+0x2a/0x420
[ 1192.313334][T22119]  ? __fget_files+0x3a0/0x420
[ 1192.313359][T22119]  ? __fget_files+0x2a/0x420
[ 1192.313396][T22119]  ksys_write+0x145/0x250
[ 1192.313420][T22119]  ? rcu_is_watching+0x15/0xb0
[ 1192.313441][T22119]  ? __pfx_ksys_write+0x10/0x10
[ 1192.313469][T22119]  ? do_syscall_64+0xba/0x210
[ 1192.313501][T22119]  do_syscall_64+0xf6/0x210
[ 1192.313529][T22119]  ? clear_bhb_loop+0x60/0xb0
[ 1192.313554][T22119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1192.313578][T22119] RIP: 0033:0x7f7c08d8d41f
[ 1192.313596][T22119] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1192.313619][T22119] RSP: 002b:00007f7c06bd5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1192.313640][T22119] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7c08d8d41f
[ 1192.313655][T22119] RDX: 0000000000000001 RSI: 00007f7c06bd50a0 RDI: 000000000000000a
[ 1192.313667][T22119] RBP: 00007f7c06bd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1192.313679][T22119] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1192.313691][T22119] R13: 0000000000000000 R14: 00007f7c08fb6080 R15: 00007f7c090dfa28
[ 1192.313724][T22119]  </TASK>
[ 1192.430071][T10547] gspca_sunplus: reg_r err -110
[ 1192.433231][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1192.468904][ T3590] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1192.486740][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1192.562209][    C0] hrtimer: interrupt took 243533729 ns
[ 1192.662225][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1192.818969][T10547] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[ 1193.008942][   T30] kauditd_printk_skb: 57 callbacks suppressed
[ 1193.008962][   T30] audit: type=1326 audit(1747753978.634:4211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.037691][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1193.110485][   T30] audit: type=1326 audit(1747753978.634:4212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.143895][   T30] audit: type=1326 audit(1747753978.634:4213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.203263][   T30] audit: type=1326 audit(1747753978.634:4214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.225713][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1193.352283][ T3590] usb 3-1: Using ep0 maxpacket: 16
[ 1193.352326][   T30] audit: type=1326 audit(1747753978.634:4215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.413086][ T3590] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1193.440990][ T3590] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1193.478931][   T30] audit: type=1326 audit(1747753978.634:4216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.517738][ T3590] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1193.536553][ T3590] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.576745][ T3590] usb 3-1: Product: syz
[ 1193.588269][ T3590] usb 3-1: Manufacturer: syz
[ 1193.623398][ T3590] usb 3-1: SerialNumber: syz
[ 1193.628768][T17196] usb 7-1: USB disconnect, device number 66
[ 1193.634800][   T30] audit: type=1326 audit(1747753978.634:4217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.657224][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1193.689418][ T3590] usb 3-1: config 0 descriptor??
[ 1193.705196][   T30] audit: type=1326 audit(1747753978.634:4218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.786743][   T30] audit: type=1326 audit(1747753978.634:4219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.809201][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1193.823375][T10547] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[ 1193.917203][   T30] audit: type=1326 audit(1747753978.634:4220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22120 comm="syz.7.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f607498e969 code=0x7ffc0000
[ 1193.939699][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1193.974957][ T3590] appledisplay 3-1:0.0: Error while getting initial brightness: -71
[ 1194.005297][T10547] usb 1-1: too many configurations: 18, using maximum allowed: 8
[ 1194.031183][ T3590] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -71
[ 1194.042055][T10547] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1194.049687][T10547] usb 1-1: can't read configurations, error -61
[ 1194.079146][ T3590] usb 3-1: USB disconnect, device number 82
[ 1194.117775][T16915] usb 6-1: USB disconnect, device number 12
[ 1194.188772][T10547] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[ 1194.391850][T10547] usb 1-1: too many configurations: 18, using maximum allowed: 8
[ 1194.404830][T10547] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1194.417736][T10547] usb 1-1: can't read configurations, error -61
[ 1194.446382][T10547] usb usb1-port1: attempt power cycle
[ 1194.820418][T10547] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[ 1194.856316][T10547] usb 1-1: too many configurations: 18, using maximum allowed: 8
[ 1194.870864][T10547] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1194.926476][T10547] usb 1-1: can't read configurations, error -61
[ 1194.984703][T22142] dns_resolver: Unsupported content type (8)
[ 1195.058881][T10547] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 1195.089409][T22145] input: syz1 as /devices/virtual/input/input111
[ 1195.100078][T10547] usb 1-1: too many configurations: 18, using maximum allowed: 8
[ 1195.111020][T10547] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1195.119396][T10547] usb 1-1: can't read configurations, error -61
[ 1195.168342][T22142] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3751'.
[ 1195.178033][T22142] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3751'.
[ 1195.290849][T10547] usb usb1-port1: unable to enumerate USB device
[ 1195.449553][T10185] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1195.598908][T10185] usb 3-1: Using ep0 maxpacket: 16
[ 1195.604976][T10185] usb 3-1: no configurations
[ 1195.610228][T10185] usb 3-1: can't read configurations, error -22
[ 1195.830950][T10185] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 1196.007364][T10185] usb 3-1: Using ep0 maxpacket: 16
[ 1196.010708][T22157] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3754'.
[ 1196.025947][T10185] usb 3-1: no configurations
[ 1196.030829][T10185] usb 3-1: can't read configurations, error -22
[ 1196.037810][T10185] usb usb3-port1: attempt power cycle
[ 1196.258577][T22157] loop8: detected capacity change from 0 to 8
[ 1196.304777][T22158] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1196.379092][T22157] Dev loop8: unable to read RDB block 8
[ 1196.384853][T22157]  loop8: unable to read partition table
[ 1196.394285][T22157] loop8: partition table beyond EOD, truncated
[ 1196.405007][T22157] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1196.420642][T10185] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1196.450536][T10185] usb 3-1: Using ep0 maxpacket: 16
[ 1196.456611][T10185] usb 3-1: no configurations
[ 1196.462519][T10185] usb 3-1: can't read configurations, error -22
[ 1196.698927][T10185] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1196.722218][T10185] usb 3-1: Using ep0 maxpacket: 16
[ 1196.728304][T10185] usb 3-1: no configurations
[ 1196.742746][T10185] usb 3-1: can't read configurations, error -22
[ 1196.761501][T10185] usb usb3-port1: unable to enumerate USB device
[ 1199.031308][T22187] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3764'.
[ 1199.042014][T22188] ptrace attach of "./syz-executor exec"[18355] was attempted by "./syz-executor exec"[22188]
[ 1199.070756][T22187] xt_TCPMSS: Only works on TCP SYN packets
[ 1199.318974][ T3590] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[ 1199.508809][ T3590] usb 7-1: Using ep0 maxpacket: 32
[ 1200.135796][T22194] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1200.187888][ T3590] usb 7-1: config 0 has an invalid interface number: 150 but max is 0
[ 1200.202514][ T3590] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1200.215961][ T3590] usb 7-1: config 0 has no interface number 0
[ 1200.226054][ T3590] usb 7-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice= 8.b6
[ 1200.235643][ T3590] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.243922][ T3590] usb 7-1: Product: syz
[ 1200.248246][ T3590] usb 7-1: Manufacturer: syz
[ 1200.256937][ T3590] usb 7-1: SerialNumber: syz
[ 1200.265449][ T3590] usb 7-1: config 0 descriptor??
[ 1200.305623][ T3590] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f
[ 1200.868967][ T3590] gspca_sn9c20x: Write register 1000 failed -110
[ 1200.875592][ T3590] gspca_sn9c20x: Device initialization failed
[ 1200.885949][ T3590] gspca_sn9c20x 7-1:0.150: probe with driver gspca_sn9c20x failed with error -110
[ 1201.314355][T22210] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3766'.
[ 1201.339865][T22211] dns_resolver: Unsupported content type (8)
[ 1201.559989][T22212] loop8: detected capacity change from 0 to 8
[ 1201.579693][T22212] Dev loop8: unable to read RDB block 8
[ 1201.639152][T22212]  loop8: unable to read partition table
[ 1201.649456][T22212] loop8: partition table beyond EOD, truncated
[ 1201.719723][T22216] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1201.737224][T22212] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1201.987277][T10547] usb 7-1: USB disconnect, device number 67
[ 1202.122582][T22221] netlink: 'syz.7.3769': attribute type 32 has an invalid length.
[ 1202.673270][T22228] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3771'.
[ 1204.309997][T22246] netlink: 'syz.5.3775': attribute type 1 has an invalid length.
[ 1204.504745][T22246] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1204.600301][T10547] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1204.831579][T10547] usb 3-1: Using ep0 maxpacket: 16
[ 1204.859710][T10547] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1205.070285][T10547] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1205.145561][T10547] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1205.204373][T10547] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1205.260584][T10547] usb 3-1: config 0 descriptor??
[ 1206.087949][T10547] letsketch 0003:6161:4D15.003D: Device info: ဉ
[ 1206.205598][T22282] ptrace attach of "./syz-executor exec"[18355] was attempted by "./syz-executor exec"[22282]
[ 1206.291762][T10547] letsketch 0003:6161:4D15.003D: Device info: 豧
[ 1206.479045][ T3590] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[ 1206.495421][T22289] batadv_slave_0: entered promiscuous mode
[ 1206.503945][T22289] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3784'.
[ 1206.525981][T22289] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[ 1206.598994][T10547] usb 3-1: Max retries (5) exceeded reading string descriptor 202
[ 1206.669031][ T3590] usb 7-1: Using ep0 maxpacket: 32
[ 1206.678853][T10547] letsketch 0003:6161:4D15.003D: probe with driver letsketch failed with error -71
[ 1206.691882][ T3590] usb 7-1: config 0 has an invalid interface number: 150 but max is 0
[ 1206.710812][ T3590] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1206.731585][ T3590] usb 7-1: config 0 has no interface number 0
[ 1206.752009][ T3590] usb 7-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice= 8.b6
[ 1206.761700][ T3590] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.770020][ T3590] usb 7-1: Product: syz
[ 1206.774455][ T3590] usb 7-1: Manufacturer: syz
[ 1206.779334][ T3590] usb 7-1: SerialNumber: syz
[ 1206.790713][T10547] usb 3-1: USB disconnect, device number 87
[ 1206.801575][ T3590] usb 7-1: config 0 descriptor??
[ 1206.831388][ T3590] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f
[ 1207.339140][ T3590] gspca_sn9c20x: Write register 1000 failed -110
[ 1207.345703][ T3590] gspca_sn9c20x: Device initialization failed
[ 1207.385110][ T3590] gspca_sn9c20x 7-1:0.150: probe with driver gspca_sn9c20x failed with error -110
[ 1208.381221][T22300] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3785'.
[ 1208.420953][T22300] loop8: detected capacity change from 0 to 8
[ 1208.480284][T22301] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1208.511268][T22300] Dev loop8: unable to read RDB block 8
[ 1208.529690][T22300]  loop8: unable to read partition table
[ 1208.539485][T22300] loop8: partition table beyond EOD, truncated
[ 1208.545901][T22300] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1209.803743][   T10] usb 7-1: USB disconnect, device number 68
[ 1210.169073][T20335] Bluetooth: hci2: command 0x0406 tx timeout
[ 1212.212484][T22360] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3799'.
[ 1212.236404][T22360] loop8: detected capacity change from 0 to 8
[ 1212.253317][T22360] Dev loop8: unable to read RDB block 8
[ 1212.259452][T22360]  loop8: unable to read partition table
[ 1212.270037][T22360] loop8: partition table beyond EOD, truncated
[ 1212.276295][T22360] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1212.507414][T22360] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1212.680029][T22363] ptrace attach of "./syz-executor exec"[20762] was attempted by "./syz-executor exec"[22363]
[ 1213.368971][ T3590] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1213.526497][ T3590] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1213.535900][ T3590] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1213.550573][ T3590] usb 3-1: config 0 descriptor??
[ 1213.571458][ T3590] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1213.758988][T10547] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 1213.908847][T10547] usb 1-1: device descriptor read/64, error -71
[ 1214.218797][T10547] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 1214.396946][T22380] ptrace attach of "./syz-executor exec"[13485] was attempted by "./syz-executor exec"[22380]
[ 1214.500842][T10547] usb 1-1: device descriptor read/64, error -71
[ 1214.515421][T22365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1214.548982][T22365] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1214.640604][T10547] usb usb1-port1: attempt power cycle
[ 1214.738919][   T10] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1214.806533][T22365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1214.815565][T22365] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1214.978887][T10547] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 1214.994633][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1215.026791][   T10] usb 6-1: config 0 has an invalid interface number: 150 but max is 0
[ 1215.035795][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1215.057681][   T10] usb 6-1: config 0 has no interface number 0
[ 1215.080505][T10547] usb 1-1: device descriptor read/8, error -71
[ 1215.092749][   T10] usb 6-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice= 8.b6
[ 1215.106540][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1215.129664][   T10] usb 6-1: Product: syz
[ 1215.152477][   T10] usb 6-1: Manufacturer: syz
[ 1215.157692][   T10] usb 6-1: SerialNumber: syz
[ 1215.276240][   T10] usb 6-1: config 0 descriptor??
[ 1215.325139][T10547] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1215.378110][   T10] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f
[ 1215.389521][T10547] usb 1-1: device descriptor read/8, error -71
[ 1215.579303][T10547] usb usb1-port1: unable to enumerate USB device
[ 1215.919314][   T10] gspca_sn9c20x: Write register 1000 failed -110
[ 1215.919575][ T3590] usb 3-1: USB disconnect, device number 88
[ 1215.945704][   T10] gspca_sn9c20x: Device initialization failed
[ 1215.969652][   T10] gspca_sn9c20x 6-1:0.150: probe with driver gspca_sn9c20x failed with error -110
[ 1216.019788][T22395] loop2: detected capacity change from 0 to 7
[ 1216.027141][T22395]  loop2:
[ 1216.034503][T22395] loop2: partition table partially beyond EOD, truncated
[ 1216.876167][T17196] usb 6-1: USB disconnect, device number 13
[ 1217.134658][T22410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3812'.
[ 1219.317649][   T30] kauditd_printk_skb: 27 callbacks suppressed
[ 1219.317671][   T30] audit: type=1326 audit(1747754004.934:4248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1219.399045][T16915] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1219.477733][   T30] audit: type=1326 audit(1747754004.934:4249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1219.612051][T16915] usb 3-1: Using ep0 maxpacket: 32
[ 1219.618883][   T30] audit: type=1326 audit(1747754004.934:4250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1219.649650][T16915] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[ 1219.667956][T16915] usb 3-1: config 0 has no interface number 0
[ 1219.678291][   T30] audit: type=1326 audit(1747754004.934:4251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1219.722372][T16915] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1219.748925][T16915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1219.843627][T16915] usb 3-1: Product: syz
[ 1219.871064][   T30] audit: type=1326 audit(1747754004.934:4252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1219.893965][T16915] usb 3-1: Manufacturer: syz
[ 1219.898641][T16915] usb 3-1: SerialNumber: syz
[ 1219.947564][T16915] usb 3-1: config 0 descriptor??
[ 1219.989056][   T30] audit: type=1326 audit(1747754004.934:4253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1220.002894][T16915] smsc95xx v2.0.0
[ 1220.066846][T22436] loop2: detected capacity change from 0 to 7
[ 1220.097724][T22436]  loop2:
[ 1220.108949][T22436] loop2: partition table partially beyond EOD, truncated
[ 1220.122144][   T30] audit: type=1326 audit(1747754004.934:4254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1220.215407][T22426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1220.238608][   T30] audit: type=1326 audit(1747754004.934:4255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1220.293126][T22426] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1220.380988][   T30] audit: type=1326 audit(1747754004.934:4256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1220.714376][   T30] audit: type=1326 audit(1747754004.934:4257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22423 comm="syz.6.3815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1221.142567][T22445] tipc: Failed to remove unknown binding: 66,1,1/0:1898249817/1898249819
[ 1221.164849][T22445] tipc: Failed to remove unknown binding: 66,1,1/0:1898249817/1898249819
[ 1222.778877][ T3590] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[ 1222.928838][ T3590] usb 7-1: Using ep0 maxpacket: 16
[ 1224.217394][T22466] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3826'.
[ 1224.299052][T22466] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3826'.
[ 1224.307982][T16915] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[ 1224.308249][T16915] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[ 1224.380504][T22466] netlink: 'syz.7.3826': attribute type 14 has an invalid length.
[ 1224.402842][T16915] usb 3-1: USB disconnect, device number 89
[ 1225.670285][T22481] ptrace attach of "./syz-executor exec"[19458] was attempted by "./syz-executor exec"[22481]
[ 1225.714466][ T3590] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1225.734550][ T3590] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1225.846044][ T3590] usb 7-1: can't read configurations, error -71
[ 1225.928544][T22483] loop2: detected capacity change from 0 to 7
[ 1225.939475][T15536]  loop2:
[ 1225.942479][T15536] loop2: partition table partially beyond EOD, truncated
[ 1225.978837][T17196] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1226.021165][T22483]  loop2:
[ 1226.024190][T22483] loop2: partition table partially beyond EOD, truncated
[ 1226.158795][T17196] usb 1-1: Using ep0 maxpacket: 32
[ 1226.185757][T17196] usb 1-1: config 0 has an invalid interface number: 150 but max is 0
[ 1226.223706][T17196] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1226.308067][T17196] usb 1-1: config 0 has no interface number 0
[ 1226.342821][T17196] usb 1-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice= 8.b6
[ 1226.362508][T17196] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1226.394312][T17196] usb 1-1: Product: syz
[ 1226.415808][T17196] usb 1-1: Manufacturer: syz
[ 1226.428714][T17196] usb 1-1: SerialNumber: syz
[ 1226.455412][T17196] usb 1-1: config 0 descriptor??
[ 1226.486418][T17196] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f
[ 1227.019049][T17196] gspca_sn9c20x: Write register 1000 failed -110
[ 1227.052875][T17196] gspca_sn9c20x: Device initialization failed
[ 1227.107585][T17196] gspca_sn9c20x 1-1:0.150: probe with driver gspca_sn9c20x failed with error -110
[ 1227.379815][   T30] kauditd_printk_skb: 384 callbacks suppressed
[ 1227.379834][   T30] audit: type=1326 audit(1747754012.994:4642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1227.468850][T16915] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1227.499245][   T30] audit: type=1326 audit(1747754012.994:4643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1227.588071][   T30] audit: type=1326 audit(1747754012.994:4644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1227.628911][T16915] usb 3-1: Using ep0 maxpacket: 32
[ 1227.662275][T16915] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1227.682854][   T30] audit: type=1326 audit(1747754012.994:4645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1227.710063][T16915] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 129, changing to 11
[ 1227.737768][T16915] usb 3-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1227.766150][   T30] audit: type=1326 audit(1747754012.994:4646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1227.799645][T16915] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1227.812105][T16915] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1227.859050][T16915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1227.868859][   T30] audit: type=1326 audit(1747754012.994:4647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1227.910383][T16915] usb 3-1: config 0 descriptor??
[ 1227.975440][   T30] audit: type=1326 audit(1747754012.994:4648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1228.063527][   T30] audit: type=1326 audit(1747754012.994:4649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1228.155966][   T30] audit: type=1326 audit(1747754012.994:4650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1228.207687][T16915] usbhid 3-1:0.0: can't add hid device: -71
[ 1228.235857][T16915] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1228.243814][   T30] audit: type=1326 audit(1747754013.004:4651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22486 comm="syz.6.3831" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f91cb32ab39 code=0x7ffc0000
[ 1228.398637][T16915] usb 3-1: USB disconnect, device number 90
[ 1228.545832][T10185] usb 1-1: USB disconnect, device number 2
[ 1228.866851][T22512] input: syz1 as /devices/virtual/input/input113
[ 1228.949844][T22516] loop2: detected capacity change from 0 to 7
[ 1228.957012][T22516]  loop2:
[ 1228.961170][T22516] loop2: partition table partially beyond EOD, truncated
[ 1229.128905][   T31] INFO: task syz.1.3370:20547 blocked for more than 143 seconds.
[ 1229.136786][   T31]       Not tainted 6.15.0-rc7-syzkaller #0
[ 1229.148093][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1229.166385][   T31] task:syz.1.3370      state:D stack:25272 pid:20547 tgid:20547 ppid:19135  task_flags:0x400040 flags:0x00004006
[ 1229.184171][   T31] Call Trace:
[ 1229.187496][   T31]  <TASK>
[ 1229.190873][   T31]  __schedule+0x16e2/0x4cd0
[ 1229.195519][   T31]  ? schedule+0x165/0x360
[ 1229.228910][ T3590] usb 7-1: new full-speed USB device number 71 using dummy_hcd
[ 1229.309702][T22526] dns_resolver: Unsupported content type (8)
[ 1229.346067][   T31]  ? __pfx___schedule+0x10/0x10
[ 1229.367721][   T31]  ? schedule+0x91/0x360
[ 1229.380722][   T31]  schedule+0x165/0x360
[ 1229.386888][   T31]  schedule_timeout+0x9a/0x270
[ 1229.392393][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1229.608501][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1229.624926][T22525] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1229.642838][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1229.652924][ T3590] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1229.662924][ T3590] usb 7-1: not running at top speed; connect to a high speed hub
[ 1229.670873][   T31]  ? wait_for_completion+0x267/0x5d0
[ 1229.679706][   T31]  wait_for_completion+0x2bf/0x5d0
[ 1229.705409][ T3590] usb 7-1: config 17 has an invalid interface number: 8 but max is 1
[ 1229.717822][ T3590] usb 7-1: config 17 has 1 interface, different from the descriptor's value: 2
[ 1229.728397][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1229.734278][   T31]  ? try_to_wake_up+0x7e5/0x1290
[ 1229.739626][ T3590] usb 7-1: config 17 has no interface number 0
[ 1229.746426][   T31]  vhost_task_stop+0xbf/0xd0
[ 1229.752336][ T3590] usb 7-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 0, changing to 4
[ 1229.763613][   T31]  kvm_put_kvm+0x327/0x1650
[ 1229.769731][   T31]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1229.775270][ T3590] usb 7-1: config 17 interface 8 has no altsetting 0
[ 1229.782694][   T31]  ? __pfx_kvm_vm_release+0x10/0x10
[ 1229.788332][   T31]  kvm_vm_release+0x43/0x50
[ 1229.797967][ T3590] usb 7-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[ 1229.807882][ T3590] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1229.817654][   T31]  __fput+0x44c/0xa70
[ 1229.827924][   T31]  task_work_run+0x1d1/0x260
[ 1229.836484][ T3590] usb 7-1: Product: 䗱ٺᬈ櫻嘏ﯾᏺ麗㘆젳똥푴
[ 1229.853149][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1229.859034][ T3590] usb 7-1: Manufacturer: ခ
[ 1229.864262][   T31]  resume_user_mode_work+0x5e/0x80
[ 1229.871929][ T3590] usb 7-1: SerialNumber: у
[ 1229.876665][   T31]  syscall_exit_to_user_mode+0x9a/0x120
[ 1229.912645][   T31]  do_syscall_64+0x103/0x210
[ 1229.918862][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1229.947262][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1229.964524][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.970844][   T31] RIP: 0033:0x7f8ab5b8e969
[ 1229.975566][   T31] RSP: 002b:00007f8ab5edfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1229.985486][   T31] RAX: 0000000000000000 RBX: 00007f8ab5db7ba0 RCX: 00007f8ab5b8e969
[ 1229.994410][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1230.005316][   T31] RBP: 00007f8ab5db7ba0 R08: 00000000000001f4 R09: 00000011b5edfe7f
[ 1230.480196][ T3590] usb 7-1: selecting invalid altsetting 0
[ 1230.485968][ T3590] usb 7-1: 8:6 : no UAC_FORMAT_TYPE desc
[ 1230.492279][   T31] R10: 00007f8ab5db7ac0 R11: 0000000000000246 R12: 0000000000105e56
[ 1230.516745][   T31] R13: 00007f8ab5edfc80 R14: ffffffffffffffff R15: 00007f8ab5edfca0
[ 1230.532435][ T3590] usb 7-1: selecting invalid altsetting 0
[ 1230.540432][   T31]  </TASK>
[ 1230.546196][   T31] 
[ 1230.546196][   T31] Showing all locks held in the system:
[ 1230.556916][   T31] 1 lock held by khungtaskd/31:
[ 1230.599588][ T3590] usb 7-1: USB disconnect, device number 71
[ 1230.632116][   T31]  #0: ffffffff8df3dee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1230.656171][   T31] 10 locks held by kworker/1:2/3590:
[ 1230.664177][   T31] 2 locks held by getty/5589:
[ 1230.672529][   T31]  #0: ffff88814dda10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1230.714075][   T31]  #1: ffffc900036cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1230.725262][   T31] 2 locks held by syz.5.3837/22507:
[ 1230.730997][   T31]  #0: ffff888079ca1408 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1230.742301][   T31]  #1: ffffffff8df439b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f4/0x730
[ 1230.754075][   T31] 1 lock held by syz.0.3842/22525:
[ 1230.759706][   T31]  #0: ffffffff8df43880 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1230.770408][   T31] 1 lock held by syz.2.3843/22523:
[ 1230.775942][   T31] 
[ 1230.778456][   T31] =============================================
[ 1230.778456][   T31] 
[ 1230.886799][   T31] NMI backtrace for cpu 1
[ 1230.886821][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1230.886844][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1230.886857][   T31] Call Trace:
[ 1230.886867][   T31]  <TASK>
[ 1230.886876][   T31]  dump_stack_lvl+0x189/0x250
[ 1230.886910][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1230.886938][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1230.886967][   T31]  ? __pfx__printk+0x10/0x10
[ 1230.887002][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1230.887028][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1230.887048][   T31]  ? _printk+0xcf/0x120
[ 1230.887073][   T31]  ? __pfx__printk+0x10/0x10
[ 1230.887096][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1230.887121][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1230.887147][   T31]  watchdog+0xfee/0x1030
[ 1230.887177][   T31]  ? watchdog+0x1de/0x1030
[ 1230.887221][   T31]  kthread+0x70e/0x8a0
[ 1230.887251][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1230.887277][   T31]  ? __pfx_kthread+0x10/0x10
[ 1230.887304][   T31]  ? __pfx_kthread+0x10/0x10
[ 1230.887328][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1230.887353][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1230.887380][   T31]  ? __pfx_kthread+0x10/0x10
[ 1230.887403][   T31]  ret_from_fork+0x4b/0x80
[ 1230.887424][   T31]  ? __pfx_kthread+0x10/0x10
[ 1230.887447][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1230.887483][   T31]  </TASK>
[ 1230.887494][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1231.036032][    C0] NMI backtrace for cpu 0
[ 1231.036052][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1231.036075][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1231.036087][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1231.036119][    C0] Code: c3 d4 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 8f 11 00 f3 0f 1e fa fb f4 <e9> 98 d4 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1231.036136][    C0] RSP: 0018:ffffffff8dc07d80 EFLAGS: 000002c6
[ 1231.036155][    C0] RAX: 96c694f3afd43e00 RBX: ffffffff81977108 RCX: 96c694f3afd43e00
[ 1231.036171][    C0] RDX: 0000000000000001 RSI: ffffffff8d74e096 RDI: ffffffff8bc1f300
[ 1231.036186][    C0] RBP: ffffffff8dc07ec0 R08: ffff8880b8832b5b R09: 1ffff1101710656b
[ 1231.036201][    C0] R10: dffffc0000000000 R11: ffffed101710656c R12: ffffffff8f7f3370
[ 1231.036216][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1b92a48
[ 1231.036229][    C0] FS:  0000000000000000(0000) GS:ffff8881260c2000(0000) knlGS:0000000000000000
[ 1231.036246][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1231.036260][    C0] CR2: 00002000002ed030 CR3: 0000000032120000 CR4: 00000000003526f0
[ 1231.036278][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000d8
[ 1231.036291][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1231.036303][    C0] Call Trace:
[ 1231.036311][    C0]  <TASK>
[ 1231.036319][    C0]  default_idle+0x13/0x20
[ 1231.036347][    C0]  default_idle_call+0x74/0xb0
[ 1231.036375][    C0]  do_idle+0x1e8/0x510
[ 1231.036398][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1231.036415][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1231.036458][    C0]  cpu_startup_entry+0x44/0x60
[ 1231.036477][    C0]  rest_init+0x2de/0x300
[ 1231.036493][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1231.036516][    C0]  start_kernel+0x470/0x4f0
[ 1231.036544][    C0]  x86_64_start_reservations+0x2a/0x30
[ 1231.036565][    C0]  x86_64_start_kernel+0x66/0x70
[ 1231.036585][    C0]  common_startup_64+0x13e/0x147
[ 1231.036622][    C0]  </TASK>
[ 1231.487404][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1231.494334][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1231.504448][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1231.514542][   T31] Call Trace:
[ 1231.517856][   T31]  <TASK>
[ 1231.520807][   T31]  dump_stack_lvl+0x99/0x250
[ 1231.525417][   T31]  ? __asan_memcpy+0x40/0x70
[ 1231.530024][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1231.535259][   T31]  ? __pfx__printk+0x10/0x10
[ 1231.539877][   T31]  panic+0x2db/0x790
[ 1231.543791][   T31]  ? __pfx_panic+0x10/0x10
[ 1231.548216][   T31]  ? tick_nohz_tick_stopped+0x86/0xb0
[ 1231.553599][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1231.558975][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1231.565140][   T31]  watchdog+0x102d/0x1030
[ 1231.569485][   T31]  ? watchdog+0x1de/0x1030
[ 1231.573919][   T31]  kthread+0x70e/0x8a0
[ 1231.577997][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1231.582693][   T31]  ? __pfx_kthread+0x10/0x10
[ 1231.587289][   T31]  ? __pfx_kthread+0x10/0x10
[ 1231.591891][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1231.597099][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1231.602307][   T31]  ? __pfx_kthread+0x10/0x10
[ 1231.606933][   T31]  ret_from_fork+0x4b/0x80
[ 1231.611358][   T31]  ? __pfx_kthread+0x10/0x10
[ 1231.615957][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1231.620735][   T31]  </TASK>
[ 1231.624095][   T31] Kernel Offset: disabled
[ 1231.628439][   T31] Rebooting in 86400 seconds..