last executing test programs:

3m59.281504946s ago: executing program 4 (id=428):
socket$inet6_sctp(0xa, 0x801, 0x84)
gettid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB])
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0xaad82, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000400)={0x20, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000011}, 0x0) (fail_nth: 9)

3m57.132467729s ago: executing program 4 (id=431):
rt_sigaction(0x8, &(0x7f0000000100)={&(0x7f0000000000)="6547a59ec4027d18e366440fdc9205600000c4227d240a47dc7105c4a16963430f45d1fb400f0d9e00800000f30f5303", 0x4, &(0x7f00000000c0)="6766f728f365f04683a520000000c2400fffc3c4e1785bc246d8a449fe000000640f702833461186718a6ddfe10b40d9f4f20fac150800000001", {[0x400]}}, &(0x7f0000000200)={&(0x7f0000000140)="440fbbc9c462fd34ae47ab805967f3400fa6c0c4e11de09900080000c46169fd0c938fa808a2ac2c0000000028c4a30d444902003ef232dcc4c2dd0b2d0010c0fe0fdd23", 0x0, 0x0}, 0x8, &(0x7f00000002c0))
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380), 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0), &(0x7f00000000c0)})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="33fe000078009106000000000000004a07"], 0xfe33)

3m53.234842202s ago: executing program 4 (id=440):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) (async, rerun: 64)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 64)
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102) (async, rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}) (rerun: 32)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
munlockall() (async, rerun: 64)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) (async)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x1, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) (async)
r6 = dup(r5)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) (async)
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff) (async)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
pipe(&(0x7f0000000080)) (async)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
close(r8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r9, 0x2, 0x0, 0x1, 0x4, {0xa, 0x4e20, 0x7, @private0, 0x5338}}}, 0x80, 0x0}, 0x0) (async, rerun: 64)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) (async, rerun: 64)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)

3m51.643801442s ago: executing program 4 (id=445):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="09032dbd7000fedbdf251f"], 0x14}, 0x1, 0x0, 0x0, 0x54}, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x220a00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x24, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x820)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m46.604221849s ago: executing program 4 (id=454):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = socket(0x40000000015, 0x5, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
r4 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r4, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @multicast2}}, 0x24)
bind$inet6(r3, 0x0, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)

3m43.663151778s ago: executing program 4 (id=457):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000100))
getdents64(0xffffffffffffffff, &(0x7f0000000080)=""/108, 0x6c)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r2 = creat(&(0x7f0000000080)='./file0\x00', 0x1ac)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x2c47f4, 0x5c8, 0x80000003, 0x6})

3m28.202129933s ago: executing program 32 (id=457):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000100))
getdents64(0xffffffffffffffff, &(0x7f0000000080)=""/108, 0x6c)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r2 = creat(&(0x7f0000000080)='./file0\x00', 0x1ac)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x2c47f4, 0x5c8, 0x80000003, 0x6})

2m32.799449462s ago: executing program 3 (id=596):
socket$inet_sctp(0x2, 0x1, 0x84)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
ppoll(&(0x7f0000000280), 0x0, 0x0, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x6, 0x86, 0x1, "42341f9b1000007e4f00"})
r2 = syz_open_pts(r1, 0x40000)
dup3(r2, r1, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x0)

2m31.763994881s ago: executing program 3 (id=601):
unshare(0x28000600)
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="13"], 0x8, 0x0)
msgsnd(r0, &(0x7f0000002240)=ANY=[@ANYBLOB='z'], 0x401, 0x0)
msgrcv(r0, &(0x7f0000000940)={0x0, ""/4081}, 0xff9, 0x969edffe39095fd4, 0x3800)
semctl$GETZCNT(0x0, 0x4, 0xf, &(0x7f0000000040)=""/77)
syz_emit_ethernet(0x1378, 0x0, 0x0)

2m29.802317752s ago: executing program 3 (id=605):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = socket(0x40000000015, 0x5, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r5, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @multicast2}}, 0x24)
bind$inet6(r4, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1, 0xfffffffd}, 0x1c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)

2m28.878436053s ago: executing program 3 (id=607):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
close(r1)
syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r0, 0x0, 0xfb)
fchdir(r2)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010300000000fcdbdf25240000001800018014000200"], 0x2c}}, 0x20000000) (async)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010300000000fcdbdf25240000001800018014000200"], 0x2c}}, 0x20000000)
socket$packet(0x11, 0x0, 0x300)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c46070300aa17d89191a36eea4cb39a126b09b09e00000000000003000300080000008f010000380000003f02000007000000100020000200070002000000000000000100000001000000f8ffbfff7e0000000300000038000000070000000c00000003000000000003000000000008000000050000"], 0x78)
close(r5) (async)
close(r5)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

2m27.774129211s ago: executing program 3 (id=610):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/anycast6\x00')
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000000)={'syzkaller0\x00'})
preadv(r0, &(0x7f0000001bc0)=[{&(0x7f00000008c0)=""/118, 0x76}], 0x1, 0xaf6, 0xba)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000010000004000000040"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$rxrpc(0xffffffffffffffff, &(0x7f00000001c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x24)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)='%pK    \x00'}, 0x20)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r4, 0x59, 0x0}, 0x10)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x101080, 0x10)
r6 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a70000000000090507", @ANYRES32], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)=ANY=[@ANYBLOB="0005010015d200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="df17540000004e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fcntl$notify(r5, 0x402, 0x3)
chdir(&(0x7f0000000140)='./bus\x00')
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[], [], 0x2c})

2m24.730787157s ago: executing program 3 (id=618):
socket$alg(0x26, 0x5, 0x0)
r0 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x20, 0x4, 0x2d2}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000440), 0x4)
bind$inet6(r3, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r8 = dup2(r7, r7)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000280)={'\x00', 0x988, 0x10, 0x5, 0x700000000000000})
ioctl$BLKTRACESTOP(r8, 0x1275, 0x0)
ioctl$BLKTRACESTART(r7, 0x1274, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x6, 0x80000, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
open$dir(&(0x7f0000000240)='./file0\x00', 0x4000, 0x100)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x7, 0x0, @fd_index=0x1, 0xff, 0x0, 0x0, 0x4, 0x1, {0x0, r10}})
io_uring_enter(r0, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

2m18.062206486s ago: executing program 2 (id=629):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000880)={0x0, 0x4, 0x30}, &(0x7f00000008c0)=0xc)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000680)={0xa, @pix={0x5, 0x6, 0x4745504d, 0x1, 0x7, 0x10001, 0x2, 0x0, 0x1, 0x9485f96dc9548d5d, 0x0, 0x6}})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x128, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @lifetime_val={0x24, 0x9, {0xb4, 0x8000000000000001, 0xb4, 0x5}}]}, 0x128}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0xb400, 0x2}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)

2m15.542164561s ago: executing program 2 (id=636):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f0000000040)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(r5, &(0x7f0000000100), 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000000), 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001200)={0x18, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
syz_clone(0x142080000, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

2m13.151805926s ago: executing program 2 (id=640):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r3, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x5, 0x4, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r4, &(0x7f0000000080), &(0x7f0000001500)=@udp6=r3}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="6000000002060108000034e4000000000000eb58e9d3eff39ac17a273458a9f30000050001943b3ad00005000400000000000900020073797a310000001100030068617368100014000780050014000d000000080008"], 0x60}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000001180)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x20, 0x9, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40048d5}, 0x4)
syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0)
pselect6(0x40, &(0x7f0000000340)={0xd, 0xa3cd, 0x6, 0x7, 0x9, 0x9, 0x5, 0x1}, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x6, 0x9, 0x0, 0x200002b0, 0x200082e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000100000000000000000000000000000000000000000000000000000000400000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000e501000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b39000000000000000070000000700000fda7000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000edffffff00000000"]}, 0x3c0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x30, 0x7, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
writev(r8, &(0x7f0000000440)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c049d90491ceaebfd26d4eef23248000000fc58dbb8a19052343f", 0x32}, {&(0x7f0000000100)="051a00000e", 0x5}, {&(0x7f0000000240)="7a0e1d31be7e7f8945de0e8aeda07daacb", 0x11}, {&(0x7f00000002c0)="b0300d2d9dfa", 0x6}], 0x4)

2m11.706906732s ago: executing program 2 (id=642):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="09032dbd7000fedbdf251f"], 0x14}, 0x1, 0x0, 0x0, 0x54}, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x220a00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x24, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x820)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m8.574336549s ago: executing program 33 (id=618):
socket$alg(0x26, 0x5, 0x0)
r0 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x20, 0x4, 0x2d2}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000440), 0x4)
bind$inet6(r3, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r8 = dup2(r7, r7)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000280)={'\x00', 0x988, 0x10, 0x5, 0x700000000000000})
ioctl$BLKTRACESTOP(r8, 0x1275, 0x0)
ioctl$BLKTRACESTART(r7, 0x1274, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x6, 0x80000, 0x40000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
open$dir(&(0x7f0000000240)='./file0\x00', 0x4000, 0x100)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x7, 0x0, @fd_index=0x1, 0xff, 0x0, 0x0, 0x4, 0x1, {0x0, r10}})
io_uring_enter(r0, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

2m8.451963886s ago: executing program 2 (id=647):
socket$nl_generic(0x11, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x4, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'hsr0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
read$msr(r3, 0x0, 0x0)
mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000, 0x2, &(0x7f0000ffd000/0x1000)=nil)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
getsockname$packet(r4, 0x0, &(0x7f0000000e00))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

2m5.203691553s ago: executing program 2 (id=652):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r2 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4, 0x10000}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000080)=ANY=[@ANYRESOCT=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000ed6a00142c0000000000000000000000000000000001fc00"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$sock_attach_bpf(r3, 0x1, 0x14, &(0x7f0000000040), 0x3b)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x200000001, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)

1m49.851254457s ago: executing program 34 (id=652):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r2 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4, 0x10000}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000080)=ANY=[@ANYRESOCT=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000ed6a00142c0000000000000000000000000000000001fc00"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
setsockopt$sock_attach_bpf(r3, 0x1, 0x14, &(0x7f0000000040), 0x3b)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x200000001, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)

19.856041189s ago: executing program 7 (id=817):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="000302000000020b"]}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000080000024d564b", @ANYRESHEX])
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x82, 0x2, 'j\x00'}, 0x0, 0x0, 0x0})
r4 = syz_open_dev$media(&(0x7f0000000040), 0x2, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000140)={0x80000000, 0x0, 0xffffffffffffffff})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x84, 0x2, "078d"}, 0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r6, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40080b1}, 0x8000)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000500)={0x40, 0x1, 0x2, "3aec"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000540)=ANY=[@ANYBLOB="4005bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

16.728851584s ago: executing program 5 (id=824):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = socket(0x40000000015, 0x5, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
bind$rxrpc(r5, 0x0, 0x0)
bind$inet6(r4, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1, 0xfffffffd}, 0x1c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r7, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)

14.475206145s ago: executing program 1 (id=825):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
r1 = syz_open_dev$vbi(&(0x7f0000000480), 0x1, 0x2)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f00000005c0)={0x1, 0x2, @start={0x6, 0x1}})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000006c0)="adcd1a9a3fc36e961e4e0fe41b0cd695f6193947a87e966eb5a4760a9c08c10b71b392c76b312d06772dab21b323d4f8e479510dbc2d47", 0x37)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYRES32=r1], 0x0, 0x54, 0x0, 0x0, 0xe000000}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000440), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './file0'}}]})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001640)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r3)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000500)={0x94, 0x0, 0x2, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x0, 0x72}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x11f}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x67}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1c60}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x401, 0xfffc, 0x3]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x94}, 0x1, 0x0, 0x0, 0x4000010}, 0x8d0)
mkdir(&(0x7f0000000140)='./file1\x00', 0xd3)
linkat(r2, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./file0\x00', 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r6)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r8=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)='F', 0x1}, {0x0}], 0x2, &(0x7f0000000640)=ANY=[@ANYBLOB="20000000000000007d0000000200000000000400280000000b000000000021", @ANYRES32=r8], 0x20, 0x2400e044}, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

14.351996406s ago: executing program 7 (id=828):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbff, {0xa, 0x0, 0xefff}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x10000009}, 0x4090)

14.305592268s ago: executing program 5 (id=829):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0)
io_setup(0x8, &(0x7f0000000000)=<r0=>0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000480), 0x4)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r2, 0xc0045520, &(0x7f0000000040)=0x1)

13.137963467s ago: executing program 7 (id=830):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
epoll_create1(0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
r3 = dup(r2)
r4 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x40000)
ioctl$NBD_SET_SIZE(r4, 0xab02, 0xffffffffffffffff)
statx(0xffffffffffffffff, 0x0, 0x1000, 0x80, &(0x7f0000000240))
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB='7'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x94)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0x6)
r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000001, 0x40010, r3, 0x8000000)
r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x3000001, 0x100010, r3, 0x10000000)
r8 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000280)=@IORING_OP_WRITE_FIXED={0x5, 0x20, 0x4000, @fd=r8, 0x5, 0x3, 0x9, 0xd, 0x0, {0x3, r9}})
socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0xa8}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYRESHEX=r10, @ANYBLOB="000000000000001325abaa324de2b21d84e1260d67692d0c966669b6968748c65ec7033c1d3d0e839d5fbe035630885ba204b8abb892e2356c8a221e3a5b22c0a75f7da1f622fc06d098e1def8dab998af12e94f75637dc25eba29e6b4c920a86271", @ANYRES64=r2, @ANYBLOB="06e1f9a92da3549c729e367a1ed23121b7e34e0e19f33de5fcecb1052e25525142aa72860d7f1220a95ce58f26ec73d9653a8dfcc6a9601a513a44f8dfe459c57d141fe45373a0df335f11e336bbd4cfdda9253ba47c13501f7279d6d5cacd1b9cee6999f60d2fe56ef2b3c4249601008d9a0a7b83f8a7a8f76863c68afa24a8627dfbbac8257f2b82d810329e25b808f02121e4bcf95a94bcffe235a2743ba3d8f7b142c2403a88cc50d0fc29d6239bf62053703df41e5900000000"])
sendto$unix(r0, &(0x7f00000004c0)="a0a3", 0x2, 0x200080d1, 0x0, 0x0)
recvfrom$unix(r1, 0x0, 0x0, 0x10102, 0x0, 0x0)
process_vm_readv(0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

12.951546193s ago: executing program 1 (id=832):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad070005910fae9d6dcd3292ea08000000915d764c90c200", 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x20000000}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0x17, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [@printk={@d}], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00'}, 0x7b)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$BLKTRACESTART(r5, 0x40101286, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
landlock_create_ruleset(0x0, 0xffffffffffffff4b, 0x10000000000001)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$smackfs_netlabel(r7, 0x0, 0x57)
r8 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r9 = dup(r8)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000180)="e4498b1f334bf50307423aa333200cf88991a79ef031254f70cf895667f661e0be4b620d10dfcb678b3eab07db4859b7e78bc0090a2c0df6db6bfdbe3387455183b5c539885584c7dfab76126e3f968cfd659ee414a7551a9bab4e7a4845c6e556344965", &(0x7f0000000240)=@tcp=r9}, 0x20)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

12.24842738s ago: executing program 0 (id=833):
r0 = socket$alg(0x26, 0x5, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
add_key$keyring(&(0x7f00000085c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000500)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x800002d0, 0x190, 0x1, 0x4, 0xd59f80, 0x7, 0x9, 0x9, 0x8, 0x8, 0x71e, 0x13, 0x7, 0x7f, 0x3f, 0x37, {0x0, 0x1}, 0x3, 0xed}})
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000040)=[{}], 0x1, 0x7, 0x0, 0x0, 0x0, 0x2e})
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "3acf1ec7ae70bb24"}}, 0x48}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r5, &(0x7f0000000140)=[{&(0x7f0000000040)=""/223, 0xdf}], 0x1)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setresuid(0xee01, 0xee00, 0x0)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)

11.140554652s ago: executing program 1 (id=834):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x9, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4}}}}]}}]}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
r2 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r2, 0x9)
write$bt_hci(r2, 0x0, 0x5)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\"9'], 0x0}, 0x0)

10.711007001s ago: executing program 7 (id=835):
rt_sigaction(0x8, &(0x7f0000000100)={&(0x7f0000000000)="6547a59ec4027d18e366440fdc9205600000c4227d240a47dc7105c4a16963430f45d1fb400f0d9e00800000f30f5303", 0x4, &(0x7f00000000c0)="6766f728f365f04683a520000000c2400fffc3c4e1785bc246d8a449fe000000640f702833461186718a6ddfe10b40d9f4f20fac150800000001", {[0x400]}}, &(0x7f0000000200)={&(0x7f0000000140)="440fbbc9c462fd34ae47ab805967f3400fa6c0c4e11de09900080000c46169fd0c938fa808a2ac2c0000000028c4a30d444902003ef232dcc4c2dd0b2d0010c0fe0fdd23", 0x0, 0x0}, 0x8, &(0x7f00000002c0))
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380), 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0), &(0x7f00000000c0)})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0], 0x84}, 0x1, 0x0, 0x0, 0x801}, 0x40)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="33fe0000780091060000000000"], 0xfe33)

10.482198437s ago: executing program 0 (id=836):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x5)
r3 = dup(r2)
syz_fuse_handle_req(r3, &(0x7f0000000500)="08fcbc676a85808a8d0d649f253fd70b55b1053ce4b49c0c99bc341066463a50c1f7e199f2e3100c42ba21453860e15551062787b740c432600a4091b53d692583e5aff308b99d32919987545295e1f709b2096ee71c0fe3abd59c88ee88a2e2f57239129365d6a7bd8f40abef7643e87db99d7ccecdcd29ff821e8c6ea69a819c3542f93b44d7526e4400bad051288a4ab7a69ea11335f451eda64b8ee1ffb09cac9d662c075f73f953a6c7d3a9962cabdd0cccd4863d8b208d837c06db8013d485c64072a755ec833c2ae52d5777a40d41e795d2e3fb9ff2dcad3e7ca7a89565d9759baa72779e59f65bc1004db09aa33499ebf7502734ba19825d2a6018d7997e4ab3346ce9544d8a1753d50129741284922589e149e4a16482d0f8cfbfd8cf7e4ed7733b9ec2a6c36afc4a5a07f3de708d735fb8872b504204b11cd85404401e2c592114b5f7405e8654c54dd140d2528d36990c7e25444bbc9dde7324459865b2f29cf5d8bfd38b7f4cd530212b6e4163960eb3c5c052f488f58d8ac3892bda144837c2bbad246c94aabcb4bd36c192363d8da83150e8eeb06d5832305e64d7631835dbdc1a73672c28bd3470ee8dcb3423478f177216e5e1425cdebdbc60f05f47f0da30860d76a73b4e1f0c1bb7214aa8d1afb090a5f524fe7c9c91ff3bafdbb31b67602b42527d44f00b1b6bec81f4f0eb41f24a4cee0fbcd86f2bea383a921b2972246a05db70fa718f7c5fad7a438c85675b7f06a6d777b09ccf5043e61f9a0db0908d5b132cce1587f6171b71ddef9d1c7e3d06e67421ac21080f84647b2b783f3bdd93d28de220324ffd573122b7313567951b618fdaad8026d93d8ebaf7bb1a960c32a8eae2ddb57f7af79ea197a63902717c089be6920f81e32250da55791fbf077b7339c0566fe0158f5361cb89fcf51cb765fd49e825d9401b71863ff62bdac3ea704303023a2a3a116e464b3445be87f010f01bb15f176560c7dec7881e36d4015791d0b8a0c73b76fd6c2d14bd0330092b0315e2e9a0a950f91a86eca9021ed4a5b0f450a526dbb6e14e7dc6505bb118e99e0c25f0bcb71889e820f84bb5eb9df2b6e2666f9cd6c8450767a167fd45f8885777d6f2a250e573bbb533db53debb308b04cf2741dc912a7cf17d084f82690851a976bd1c5bf1900d876215bad73362a8746f5dbbac431e50737ba073f5f7162fb742380ae87ca1e556231a89b51f33b564dbd7f5395dcfb444d805fe3770b478e2b19c8e4ef8467514d245fba834e604e6409a036053b0c33a0e004a0f4980245698aa732134bcac83e03ef3357a3eb9c397b966ab92a8a81f4b75501e0ea60e21772780c2a0c360e2400d0592126f5dc54bd28a86a7c35dec7b4ddf88c9894c1e5b7c29f2158a46a4f0d06b289d9dd6bfc99f1f623b8737a82e1efaea0c8512082781048bb31af98358a26bce1944115b4195de49834cac30af0fbdcbd17f3512c1232cfcc6278cf741d2ee0abc9fc4a697e30d5971301c8d65e36cf8d4e02f07a160267c8c6ddd9859de3492d5e74c42b5912908dce581f9c8545f06c6431f81e39a47f4e6d6397ae6a00a78d16711a147bf98b763c02e6bbd7e9a905bf7ab6500aa2738207d69c1f46892594b9d838d69a7b4a9bfd53613315183028fa808b10849a988c4cfdc3c7949dedee1d7624589e8a8ca535673deb847d40f9709186744be93a33a4d9f6339e28182c6f888ebd7f6a17761425a071b437e819aae55efd5cdb6add68219d60b3a555afc034aa28d3b92b9467755cfa0e5ed238d9be7bfe5a3df3bd4c2c62ed408e1e45b4f89154252bb15f9fa652ec916295bdf0a5fc3bb58fb3f106114354fe5e4bf22624fedb2885ea2fa3355a0b54502f736bfb5a690378c5d538cb609366802419e84d57fadc73cdd5ddaeaa3e9b4904c7b73f4713371494192c4057a447d40fdf97c2685f080711039ee3ddae1e3e5020129dfe793e9107d2b1f756246115d56c0e6fc7a8d4187b9639c6fe7ca43ebfc619d46f94b8502a53acd5c9828eb29b764371c770ec3f5eca6154357dcec3ed5f4118fa57d93d1246c38ac96f842fcf3424d6ef43e3af8f172ef9178693819f2373fdb3a8765449abed6562d4c16ecb3689e95968ad82d095e99bd28d7564a9eda2159e34d005cc675f2fa350e931b6762475f7f784b4f72e37ce112a32426f08b6971003dc3155bd959dca63bcea83ccb3ccfab9646dfa2036e4e8f822e6eae496f81ab6adc7b742c40d74671206ea0950d7f7f46b09ac8e48a35e42730520ec7b18dfc00b153f0f7565e42465483aa918dcf350712bbcc8e3ff5b5890249127c2e8fe8a91d7c3838c5e57fadcfeea1a2c6cf76cba04382ad47acdb46b30a3136f0ee9ddbb3bd13264035c9c5fed6c0e4addffc8a748edf8bbcc625ed88f2effb84b9001255b7dcc2df8f29f7e6650f3d05b2d664154a35e49ba36a1593d258ebedb26e9f6672196edcb185e1fc91658fbacd45e13c0f046ff4ea887fcf197b5b704f9ddf3360f2d93ad53671b6342c763c66e2ccf5cbaf1ce8d0b37de3a3b2717aafa33e0cee8abf83e01bf424a7ede8145448f6de3b769e3460f8e9b94f42eb202ca4784cf3b5251d4459cad7886bb194120ee6fc95c1eb8210772b5e44fb3b7ccc642326eb6f8aabb809ec0914ae5e50c7d04ebcc74cea5d85275970b063b4f1518a8e0251cc2ea274449b6ec26c75cc1c417008bf776b8d669bc4b0c72560576c60ae57fe960e6350e24348f4a8b50b709c6517901bed11e41e7e554b5134d81f136dd3b520a491360aa32e86ec6b2109a9808366f1ca00ba700ddde966391ded45bf759376545afdea7b72e9933ee76840b02720d5b6dec37bc9ccf8f302d6b319cbe4e14ad1cc8c1274a8867db378e85d61d52006071c92b223b08b293d05e2e4769d1938e8c97fc9f57ad6e500df6feede36fd617951fb49540d16df2dc44edcae3b78f94cf461ad0fd56db7e181b7b67da556524ee2451caf1576628d0b785f0f43c20bb4e5b81f0b47c6a6439afc45af7299ceeb6bbd5c2e13f99f17cf5004936418a0a5c703c0f501ac7b9f839ce7d06da5553a7c32f772091d0cdbf677861eeb7cecb842d3d8bc32505c32e0d6b310491fe321434878139657bb5a4208704db80888724c542a7202ffdcdf030d262528a0445f9946c00cec40031afa09b2c7fdbb9eb6b07f6740fc7e8b2c0894b8e502f740bd0036439d85a31f842d8443f36e3b4716eba7897a9f8cdca1e1d23d8d59c46d0697f27a9b669881016c79fab319b1e3e69646899889c0c92fefdb46fac1d2fed38b34945cc8d2c1d3b24d0f5450506c3e2ad6dc45e573a599fb093018be40e8ed377de17c2851c828311f96e9dd982f8c2419b6d2e442ec9ff3ee4455dbf3dff384983602aefa3721f33e3a519efd5952cc87b180d500e2b36c1847e2cedab6d506bfed7a4544989bcb281533c422ca737fd6fdcefa75cfa0ed055e83b3ad676fc9baff36002e8cd9ff44f9d9fbb8a98eda4c34822844b50c2113572d1504f2e6f773ad9b2265b3cd308e9b2877f4cee7d3dde22fcf59b5cf373c7abb8675272c1d4c44170821dfe299694310e49905a40ee3798b912e582bf4c9ea5b84892958fb0925dfc5f1c1b5c0f44011437a68ff3da295a8215204a30b16f97e1a0a7ce3a007536682eff9e61d359abc8d372758d075af06465b11a83bf2fe367526064b01a69fa93ed9757c4d14d514fa0811b57a4af18903a60441118f806b09e49f4b1fd63d675e0d80f181d864e26f13dba9734e8eb0d994fa1691e11c714e0076aa4e16dbbf97b42da70249c7835bc727ab37b3cfc2e7fc26195381a5bb891771adb89b8613455d02da194c14a146bf614d28e8c546fca77226d544f46c72caa4154c367a487bc85c855d25a6bb45b6aabae9b869af479e04376a185f09cecc2f4b19ca4feb4cdb34ac47be5b6637732d6afff50877676554bfb94c798c2fc7bb49ec87f710e24d889b346517a2630dfb75ad267c27dea2d0c5c2e71a68b187d90246feaf82e9256dfeadbeddf73ab8c12d63084750e50d1c027ad51a9db3cdf5288e141235a966df3e2d7fe66c71bc3df1f28b203e361b7a574f8ba12fd9680fa9a7f5e5572285a871ba0b43991deccb3692a96fc627273d6fccc8d226b56de666dd07ab56839b67ad64a0366dc1bb3ea1802b5cc1323d4e28b1326185c344b55e281830f813b0255738e96b8353b9a496c66f6e6a5532fcf6c85da2f09426b2e6e65eeb744134c865650f959369cb1c709dfeb750485e7cc99ea4087595fc8bb17ad732aef4e03acf607f4c242b9940ae2117994a611b7c22b1a5410e139fe3f624ff2c09a5f33e5303b3267545d955969521091f55985aaaae8b922da756f3f3e85bc19f8d926f01535e10915d806eade0282d7edc9ff5a53b2779646c61e4df79a71f5071c4f0b66bbde5fe37b871030b089fa4630291d30817da6af59a1539fb186ae630f7d03b4c8f9ce4a942674d4b3d9e07aa2629b487b48a5da499d06c3de50ff1b6200d5aa467845f5ddcc6b7dc8d0df1b29544a3a062d6ab94c706404720d49a9ba8b99b3d86475c8ed4fa30a819a1349e18f136e6b9557568f304c36d04d6cd78d5247ece2d40110370cf2535740fc4083b4a59468280e493e0756a8679be4e0576057e126527643cbca7c26549991aab1bfa8d50053ad63b9d46f84aa72bdfa764f6956fc54788cd75ed0bdfea4628b0181a1498f81f993fe9eea2cd106985e7b21db7d05547d8e35110ddab510b093d91cada19b367de5e8ccb887830147a59104b3c63968eb1d89acbe4d4821e87b5c684a903e54a15c6f3025e8b031982f2ec9ec5381fb93e77f10fc25f7740498801bc932266f84d6c8244ae4bfac0872c1825d67264abc41666c733748535f5ffd3228830bf05372d520454cbeec2b75791d4712286ce4867d2b9f9cb685f0ab516ff0826deb520c49e7ea1258e71c4ba4789ac422a5372623429966cdccafef4b545f146a153f57eead6ad2de0ca925f70e8aff97df042a0d281f695e23af08b539fb6b074ebeaa8f21bd0da9641adcbd0723276bc898e8fdf330d68b9128111a45abef311b6dcae805bd36aca5e875d797e80242e8b89645b598ba08561b1e3637bbc5bd8cadcd46f038ab4deffffe977602a5965d793779e3beca0117a7595d533fce2a5a5a150bb91f0e3008cc47bf41a875c295a8fee1c89977f94226e1b4c964d51cb4c61946be4f81e2117cddcf80210f232f756cdda2f25d678799c2721bd61feecc91826fa4541da94d5a7b9ef898e4515be3cf09f56105d6b9326bae965dc89fdf1c4e37d0bb412354f8f0186514b98c2c35e622cebc9dfc4951ceae3fb1060cc87f80c32a0667c7cce811e020fea58cb01b0d144a2b23b3bd27d27a3148811d0288409a612c816697dd69945efdc3df7d07abfa223c3e97ccae0c6bd0759eccb31f28194a2a1113f868a57352229ec3322b94c7ea69048798e67c2a7d3c502a5131f69dac6e0045ed36628e9e28d21833c07997b3268d44ef8ab1be304b130943c1331bd978594cbf122d98b6ba2c2292d73163dc770da2a293ddc9609b2807bc39978ddbe57a8e8190a21390366a398a330b2a4488f49292a545fa6d31cc35a1056e39862a855eaf2d2ad725e20f78c9da1b3f2df1ac3f91c8b6e3d988d738f2b8430f2fde11376ee851259af9efc433b69b5f23f6b2c537ed890be1974b190102fe1a7da36c4a04bc1340fb96e750c919d5ed36515ecb271ce54418a3faa5e032e03d5996ea1fdf32a0efc15370fe0199057c2a0de31757433ec984d15bbf21895183d4449515b4184284f6949833f3e9326aa2a0f7ddb3d7a409c2769ca3f28a0a4222cd371130beed7ab57cd42f2e7b3f2ead15bc23f4f5fbac7a092020d6ee5fab44c0dfe16fcc47b8d167b6dba23cbf265cbff3ea64c02c6344a5eb37806dbf47210313b38b186b65b162de00c0428f5d1695fdc099afd6e9cf55f3f6d75779fb52ffc6d492914ccbfd12c829bee88f41e8502b9cf6088a8e06f41c59d2eed5c44e2c31a4fbd988088c5f4b7cd1e1aa0b98a7c7536e509d1a9a7016a49a4cfd499ea5d8c43205bd093ce0ca6a9e6de0911ccb1af3d3d73e3f170b85a3e25b898a41440aac15a2bbddecfd055699af4cd5ae5f6d93523ad1374d89e3400a4fc0d6277b213800576b93de3e6d87e517ac20407240de7772b672360c9160b374ac5c611a78b4c5d5c7c50877f34ccf0fae547d5670f43903391ec34689d6a77f15a04b3e8c53f16e8a4a9a4dd8ad2872d881d78368ac8f7c28182e703479eaca45f9506dc3fc431a338e85e3692d63252599b0259aacaa0742e892019d3f32b6d03bbb16ebdb070c2e7502a16e27c750ff3d21d034a66f444f8d07102c1beae1f468ca41aceabf13a141383326af211452b24b5bced448c9a2e893b46707a6797f75f1133648f400642d5104a990d7956741c293487b6987f01a3b09266b7ffc9776cb9219ca110ebe542126844f7dfd8aa77bed839c64dc869566b436081edcbe6ca3bf86dc8bb3607c313d5e1706959ee4ccea40592589534d3b29576e9ad32229c3accc559a8ac3b2191d5d6a8a8961e2bdcfd5afc1ab19d079032dd38faf4cf7eb57765026d9f2fa6234348b7faceb3fae2e45d3a730281f2bf5fcfa368a06bcc66ca91cb4d1f11eacc6b428532d24f8aa584b87c3f72405f512976bb76d775856f746cb6b877208556620bbaa71d58d41774ae0d0f2a8a87e32c2450616fc43fdf1c19462a70d20f4cdfbce489a184118ce2c11aadb76e5f7236aa70ce05b73c55f0f59fcb43f545b61c5275a25c6961beed3cff8dafa337344fb70f85190ca318967eb0cb643fd3d0322d5440f4e8fc6f73f1fc2ab9cc5583d80673e53c1c8d3ad928f75ecd512f4a23107e9b8e847147b12e53d18cdfaec47d1e85403ef3d9aa5ae826ed292903df583e5dc7b743ee4ee90a02cc8c9eacd9ec14fb60413a336c86bfb428d8906dd7e69b782cc84eb5758fad89af811308455844ecb308312bacf66463b02c4064d898dd211d2aa473f173b109f7b54372b4e2767ad0f899613130d015d9bcc3c7df86f567b55c1e4aed7eb7fcea4a6454eef4cd83ab01220bbcddb4c4f6b4d42e646effac7ee98c3c7569e51008acf3b912937d6889e9378aedcba7f3bee6a0cc96050cddc327a1ba95ffba9514facd165e89107ee3a5181acf7c9dacc17400cd4e17cb2d1e78ec2aa763fd72f4c335b1d592f1dc7386808c173d1ee3373ecd4f87eecb17b81060d249271db4928d568c75bb9d771693ed95a4ab416f5a1462eff85e8a98dcb45a1c0e321180a6efcdd99545103e273e23fd10ea8b1beeb1ceb0141ee3f3d30bb8f80ba64c0c7c912efcb037688943139389aee35768bfb74527dd26c8ae46a254ffcfb289bcf8e500f2f94f828b5440c7df3fb6cc5ab532d6d5478b8b1f10ee23755e8c2debc676c353fabdbfef5b84dbd3c25280249b19f1879837abc8525ffc05ef1a1727c677a6948e3411684ceab6f3060735322f1a97bf245418b03bd973dc0ea548e665fe46f2f50cc083b438ad102e01b6730d348024786a44b79c3b7a2f8f7d89add74cfbe3fa72672c9ce2b8cb46c0aa28e3c7d2819091777b7ef7970d6fd858cc9aa59e4086325f991d704cb5c23fc6e8f887d30da8c83140d47ff5ac83e1abce1efd4b963fb06e0fb2e95873b38ce2dce5e6c29d0cc39a50330f3b937001e6b5d4ba0651891a92c830f098f2d1339eabdacdc1791fc1b60317c885da3bdd3628f49f650aa4fbac08ec397cff59b7d877e522e8df4b38ad4942982e15c849b898e654deb0c15c86ec604a2190fb1e4055c457e49a3a9536ebb8a93a51626fdb30a6af2236dfdc235fd0838aa9fc537dc85407dc7f2d6b552f92f05da767b8102ce7738c4ba29bcee9a8d53aa50ddfbb21a229c62578eb7475e0d3839a8ee6fda0bd71896e1845eeefb9bf46360d43418061ac7b5f52fa1ee616291f2d352bd0b3d4d780e5140efa0165b68285d816cb16b23b723445930f22c0be2ae2b57dd4dbe2c59e3297b84714e5ec9ac428218e6c431ecb9aad0add8d889e13ffd7b0ffd7a01a979830fe9f0dd7b49c52d08ee41df4a10a8e3f54324ad890c2e21aeee83039305a3635bd38cc97055e29867c4c913d578e5d682f9488bc47558a316a387f66b3fc7e255b77d48866953eff5464a74ab505f3cfa44f59f718422d36482bbde7f25395d2a21e7aff4b33e834b9d79ae7ebd6ff5ca88a690125835a5b851076ad54fad5cfaff7a96f5acf9c5d3412c65ebd48d4d62ebaded8cc4a98313acb8298667cc0e337dbcffabba645ed0e0a99baaef921a5c40e404fb5c43651256b08f70841099464626bd0cc1c26356a5e00cd6b97a5392dbe36dad892912b20fd3115f92d68410517c45a6ece59e36cf1e20f63e9169ddb70e3505f1c2942b2ce65b93f02c60d15377a7040695abf81d9e39e739c272aa8791e056fc10b2b295a7fc392e191c09eed4fba25468521e1d7e0b80d3e02ff66fd0d4b8cb1e20a314b6b8e88edcd0ed73f467215ba081714471d6529500841bfacaae4c4f90540e609396151078e0d616d804a900b1460d4f4058ba86c725688a6364284256ec56be2cc3a4cf57bfb08b076a37d24dc1134fcf6989634450e7cf939419e7098e616cdf91b3c6e09305d1a1a29f95c46b772908fd97c01b75619239379350c09b5c83fb048dce4d8fdc924dec3d95ec08aceedbf10d4876e75e993f45c2d7384de459645735ab73a400817660b147ea070e641a05adc1ea654b57bf798dd095c3fe10caf5399d1025c8bcb29a29796296d83322f11349e55c02bfc4da38f6e9e869034adba1f58b03524a9ded488f49922f6400dba36c72624d0c1ae0de507fc03f6bcbaa6563fd5bb467ae3f9e651da03999d8e8a5a239bd8eb64c8e4851492b917ece737fcc18106e1cd835f8117ca942403feda6cdf47e240ab45110c72260349042e36e5dfa1308f553e3ba1adabeb12fc1f23c8aa5eab90916dbdf808564749b363a994145aa18551829fd7dd6fec4bbd17ae20303dae80b712336b26938fe22f78822c11d359749322deac1d41c38d63269c1fdc4180873325034634ba469b459b140aa9561e6c93034f2ccad0b8f10cf403bc2e8e68fae7ef3256adb0db3c68d906d79d02de2f8576b33e23f66b4a7ac75e4cba77c76acb1bde67cde74fd98c2a38523e33b92297cc1ac0b6a309e491021951c492def35b83b7671920ba1f275506e89f082c3c941b1cdc3eeb69f4d8cc1d906cdcb12b29ca43160f938cd2fe57cd8d2030b00f65d4094ee0d41392fa8a5ad423ec2980ffd3f3208c42f3efa4c791bcfda0e6d08f666b58919408da29bd3b74e8de072d9ca1cbed83b8dc367e8ba81196b835ebd6038278011f6b8f66198cfa9d551a4e30364799dd1d56f6841f69b6ae3d9f1b0001a23f80876784e8ba21ee9f685cffaad6a6031be3ada6599d73919ad84a31fed6a2282345ee4291dd31484fb8d317a6d5a2bfc4b0e785ea273171c65fec821510e88f9d64226ccb4156078ef31b01c2feabc048d8bfabfbc2a34325b740eb488ff53d2857b63c989cfebfc1b31c4d17f3fa8d4494e99f2a055cd18b049af55a669835078a06fbbf8232258ef3bea8342cf926397ecc75a42c65ef92c9687d55cc61da407d17bf01108b6ce3e05cac5d096477ed66644840b4a9b2845910d35fd45be8baae3933fd5efe59e22270a77e9d4c7355958bc495d0137b4aa424821196871cc887517ac509e5ccad6ea39ab3bb89970abb3657769e154e7ca437e7d18fb75e6372425af55f8b48fd917d4b61120d156683d06cb21ea0008fcff7b13de67854ae06f6aac57d661def4668dc9ebbcfaa7e6b8fa2a63b7245a3f13e259a45ac7f2fb1fca49d994761af74dfa395497c0f222d4751e44e6e68dbe768af24a0abc9020c6522d297e28084a63f73114cd629f76ef3fbd7ada7a816df20b051661fc45efd85f5942dc18b60f3ff82e48dbd45e5e2c66fd5c659d0276c22431fe76b1c1ca5c8473c02791f665a34339834342fc18f56a3ea3a63caa09c03f37977c91a1bf64bf54b5a066e44634d6c56173b740874ce618904469d620f5e05c39b798a5ebe8a6491b3608058fcd04e4c54ac97af555950d1939606fc5e7e096ebc0a6a6b1e4d31e2d172393aa52436bac5b044a15761e621871b88e9e4610db1cc6a9faa6e5efa2aee9389de97fd945308d4fb0d8b3d75356e8ffdd525313fdf2133d0caeafbf6bb3236109bbd3f6f5be1df8a9c85a880c4064ff69f4e90e0a43789fc978ab12f0c053c0ed037e71385caa4c6adafb2bfc045297c59cfd73d4ab374fa6ee6b184d908f5f661eaf7c685f326e4754682701dc59f87ea4c761593cd1c5aaa084f92b12ccde7c4436ee442cba7b4f5db50c30ae0459fd7a7457dc38d725d8778ccef40e9f9257dbcea1ae773050eaf049575faa82c9173df59a7d2ee4d42fe0f708de3bc29d59120b89231bcc1b2092a332e91f6a3f34ac079251bae2eec15c7145b615d0079e7590bdb12d334f7d0cf668ee68c83f7934b78840b15ad6af2db8a5f441fe0feaa598bdfaafd3fbf353532f3ca3d69de2d03190f2adb259c835f05027e1b3a3c6b79bfe5fb69b83e8c00417195d081b2b4d2a411fe133f43fcdfdf9ee04f4f4d881d9af1f2b24def7f67f6644ead06ccdec8e925f9fe1f53cda359783d266319c3c1ab76f9195ef365fe8857c04c4e99e79f0f910c3272559571ea1f0965274ffccaef0b5f0fdd3f88f15a33e02094a9cf2cf29285ed94aac05bfe225bec61ca45171a56c999b769cc7a73a39ce79210049e6d3b810638640b35fa29a3bc338c8573613d3590343325c57e45533d8c5142b364d7799dd8dd57d27270300a16094d7ef4125950def07c6c6bff95c427a016ea4d8453dced4fee1cc5b2e9ecfac85be0b7cf9b468ab5dec03c14638bbd420d095e4e7a24889e7dbf99c4a72abec1dafd526663d772d5f1dcafd6951521379aea832ea205d3235cda322342070abc58d9095fd6af57e19a5dc50025fbd83831e92b4cbe5c51f85edd612053e236e563dc5d3d2ecefa2cde0a198fe7cc23393ef5018b972dea29dd60f4448af65ce956260e6b72ebbd0fda3ef2af26585cc79e8daa9343e90c74c9392166391d2e65e0b640785d29b44259721abe688469ba991d55650a3e9326507eff4dac92def3fbfc64f32ea7eaadaa8da517ef42441ed8fc88f40b52ebde3b7558307221245195b098a6a22152ceb9a8967c5175aaeeb093fbb79fcbad6569485babe88fe9a55d000434f858ea9d538491c05a157e6da7b4888abee98989c44e4e20d08d614e62c69b900b3cd692c9b1ed2abb4a1e088253236e1492c4889c06371034968e0890a6c59601d6fda4f3c36818b0c6ff9d08d15e147583194abc25bd0a2005f98391bcc9d549fe1b862d91d12c5ebcc063e87ceb8818536a7d8be30c97aa21098fb3fedafcf4506b762a1fd2", 0x2000, &(0x7f00000039c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0xe8402)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000200)={&(0x7f0000000180)=[{0x7, 0x1801, 0x0, 0x0}, {0x8, 0x200, 0x0, 0x0}, {0xfffc, 0x4211, 0x0, 0x0}], 0x3})
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000040)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r6 = syz_open_dev$MSR(&(0x7f0000000080), 0x100000001, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb0c0000000300dcf0bec655b1236d469ab85e1b189d940010fcc6443a3ed2bdb1b202000000"], 0x0, 0x27}, 0x28)
read$msr(r6, &(0x7f0000032680)=""/102380, 0x18fec)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', <r8=>0x0})
r9 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8101, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r10=>0x0, &(0x7f0000000600)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r12 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r12, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @multicast1, 0x3}, 0x0, 0x0, 0x2})
io_uring_enter(r9, 0x47ba, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3}, @in=@empty, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x80, 0x0, r8}, {0xbd1, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x33}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3503, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe8)

10.448412524s ago: executing program 5 (id=837):
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x7a52c2, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x8, "afacd2119ca94c6b377526aeb5ab2a81fc0e3d99f20900"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25"})
syz_usb_connect(0x2, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000fe857108480b0730644f010203010902120001000000000904"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r1, 0x4bfb, &(0x7f0000000600)=""/171)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'pim6reg1\x00', 0x2})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x1a0, 0x4c, 0x1a, 0x1a0, 0x73, 0x300, 0x258, 0x258, 0x300, 0x258, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0x0, 0x0, 0xff], [0x0, 0xffffff00], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xe, 0xb, 0xc, 0xc07, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@icmp6={{0x28}, {0xc, "fc84"}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x8000, 0x7, 0x18d, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x1d, 0x4, @tid=r3}, &(0x7f0000bbdffc))
getrusage(0x0, &(0x7f0000000400))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_REMOVE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd70007f0000000900000008000399a000020005"], 0x24}, 0x1, 0x0, 0x0, 0x80c0}, 0x20000000)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=@v2={0x2000000, [{0x0, 0x6}, {0x83e, 0x40}]}, 0x14, 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, &(0x7f00000002c0)='cache=none')

10.255053965s ago: executing program 6 (id=838):
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f0000008dc0)={0x8000000, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0x0)

9.455351585s ago: executing program 6 (id=839):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0xe4ff, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}], [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xffffffffffffffff}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0)

8.43794618s ago: executing program 6 (id=840):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r0, &(0x7f0000002480)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0xfffffe00, @local, 0xffe0}, 0x1c, &(0x7f0000001800)=[{&(0x7f0000000800)='a', 0x1}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e24, 0x9, @mcast1}, 0x1c, &(0x7f0000001ac0)=[{&(0x7f0000001940)="02da3437153adc", 0x7}], 0x1}}], 0x2, 0x44844)

7.038320133s ago: executing program 1 (id=841):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00006d3000/0x1000)=nil, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = socket$inet6(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000640), 0x14)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000500)={'team0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xb8, 0x24, 0xf0b, 0x0, 0xfffffffd, {0x0, 0x0, 0x12, r8, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x1, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x26f}]}]}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x8001}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}]}}]}, 0xb8}}, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, <r10=>0x0}, 0x8)
r11 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r10, 0x4)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={r11, r6, 0x4, r6}, 0x10)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x300, 0x18c, 0x203, 0x0, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)

7.003869954s ago: executing program 7 (id=842):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x5, 0x4, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r4, &(0x7f0000000080), &(0x7f0000001500)=@udp6=r3}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x60}}, 0x2)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000001180)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x20, 0x9, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40048d5}, 0x4)
syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0)
pselect6(0x40, &(0x7f0000000340)={0xd, 0xa3cd, 0x6, 0x7, 0x9, 0x9, 0x5, 0x1}, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x6, 0x9, 0x0, 0x200002b0, 0x200082e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000100000000000000000000000000000000000000000000000000000000400000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000e501000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b39000000000000000070000000700000fda7000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000edffffff00000000"]}, 0x3c0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x30, 0x7, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
writev(r8, &(0x7f0000000440)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c049d90491ceaebfd26d4eef23248000000fc58dbb8a19052343f", 0x32}, {&(0x7f0000000100)="051a00000e", 0x5}, {&(0x7f0000000240)="7a0e1d31be7e7f8945de0e8aeda07daacb", 0x11}, {&(0x7f00000002c0)="b0300d2d9dfa", 0x6}], 0x4)

6.529350242s ago: executing program 0 (id=843):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0x70bd29, 0xfff0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0)

5.80978065s ago: executing program 6 (id=844):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_io_uring_setup(0x3a2c, &(0x7f0000000400)={0x0, 0x79af, 0x3780, 0x3, 0x40024d}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r3 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r1, 0x4, &(0x7f0000000300)=r3, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000f00), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9372, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000100)={0x2, @sliced={0x0, [0x8, 0xfffb, 0x8, 0x7, 0xe, 0xa455, 0x4, 0x4, 0x6, 0x5, 0xae, 0xfff, 0xb, 0x8, 0x6, 0x81, 0x0, 0x3, 0x8, 0x2, 0xffff, 0x5, 0x2, 0x6, 0x6, 0x80, 0x3, 0xfffb, 0x3, 0xffff, 0x3, 0x9e, 0x401, 0x7fff, 0x8, 0x7, 0x8e2e, 0x3, 0x0, 0xfff8, 0x9, 0x3, 0x5, 0xf, 0x5, 0x7fff, 0x6b, 0x7], 0x1}})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x9, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="00f461421c7af4506231768aea90850000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r5, 0x0, 0xfff7fffffffffff5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
userfaultfd(0x801)
socket(0x10, 0x3, 0x0)
setresuid(0x0, 0x0, 0x0)
setreuid(0xee01, 0xee01)

4.804487087s ago: executing program 0 (id=845):
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000001140), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r2 = socket(0x40000000015, 0x5, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_128={{0x303}, "cbbf09c473ef3eed", "d62cb2759e70ad75c3b50ef30b007511", "0894cb4c"}, 0x28)
sendmsg$sock(r3, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=[@txtime={{0x18, 0x11a, 0x3d, 0x4}}], 0x18}, 0x8000)
connect$inet(r2, 0x0, 0x0)
bind$inet(r2, 0x0, 0x0)
ftruncate(r2, 0x2911)
sendmsg$xdp(r2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
socket$qrtr(0x2a, 0x2, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000100), 0x1f, 0x400)
ioctl$EVIOCGKEY(r4, 0x80404518, 0x0)

3.249142566s ago: executing program 6 (id=846):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="09032dbd7000fedbdf251f"], 0x14}, 0x1, 0x0, 0x0, 0x54}, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x220a00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x24, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x820)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.868667127s ago: executing program 5 (id=847):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="09032dbd7000fedbdf251f"], 0x14}, 0x1, 0x0, 0x0, 0x54}, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x220a00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x24, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x820)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.693325236s ago: executing program 7 (id=848):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
r3 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
r4 = dup2(r3, r3)
write$tun(r4, 0x0, 0x46)

2.483505768s ago: executing program 1 (id=849):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES8=r0], 0x7c}, 0x1, 0x0, 0x0, 0x44080}, 0x0) (async, rerun: 32)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) (async, rerun: 32)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404c830}, 0x0)
io_setup(0x5, &(0x7f0000000040)) (async, rerun: 64)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, 0x0)
mkdir(&(0x7f0000000100)='./control\x00', 0xa0) (async)
mount$afs(0x0, &(0x7f00000000c0)='./control\x00', &(0x7f0000000000), 0x200000, 0x0)
setregid(0xffffffffffffffff, r3)
socket$inet(0x2, 0x2, 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000980)=@bloom_filter={0x1e, 0x81, 0x8, 0x5, 0x20000, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x4, 0x5}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000600)=ANY=[@ANYBLOB="18080000000000080000000000000000851000000600000018100000", @ANYRES32=r6, @ANYBLOB="00000000000000006100000a000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x94)
close(r5)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000000)={0x0, 0xffffff7e, 0x2, 0x1c, 0x200, &(0x7f0000000040)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) (async)
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000100)=0xa431) (async, rerun: 64)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) (rerun: 64)

1.956363687s ago: executing program 0 (id=850):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
futex(&(0x7f00000002c0), 0x8c, 0x1, 0x0, &(0x7f00000000c0), 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x2000)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)

1.549750262s ago: executing program 6 (id=851):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x9, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4}}}}]}}]}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
r2 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r2, 0x9)
write$bt_hci(r2, 0x0, 0x5)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\"9'], 0x0}, 0x0)

1.474075213s ago: executing program 0 (id=852):
rt_sigaction(0x8, &(0x7f0000000100)={&(0x7f0000000000)="6547a59ec4027d18e366440fdc9205600000c4227d240a47dc7105c4a16963430f45d1fb400f0d9e00800000f30f5303", 0x4, &(0x7f00000000c0)="6766f728f365f04683a520000000c2400fffc3c4e1785bc246d8a449fe000000640f702833461186718a6ddfe10b40d9f4f20fac150800000001", {[0x400]}}, &(0x7f0000000200)={&(0x7f0000000140)="440fbbc9c462fd34ae47ab805967f3400fa6c0c4e11de09900080000c46169fd0c938fa808a2ac2c0000000028c4a30d444902003ef232dcc4c2dd0b2d0010c0fe0fdd23", 0x0, 0x0}, 0x8, &(0x7f00000002c0))
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380), 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0), &(0x7f00000000c0)})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0], 0x84}, 0x1, 0x0, 0x0, 0x801}, 0x40)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="33fe0000780091060000000000"], 0xfe33)

1.457526503s ago: executing program 1 (id=853):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="09032dbd7000fedbdf251f"], 0x14}, 0x1, 0x0, 0x0, 0x54}, 0x4)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x220a00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x24, 0x4, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x820)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.407211414s ago: executing program 5 (id=854):
r0 = socket$alg(0x26, 0x5, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
add_key$keyring(&(0x7f00000085c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000500)=0x1)
ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x800002d0, 0x190, 0x1, 0x4, 0xd59f80, 0x7, 0x9, 0x9, 0x8, 0x8, 0x71e, 0x13, 0x7, 0x7f, 0x3f, 0x37, {0x0, 0x1}, 0x3, 0xed}})
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000040)=[{}], 0x1, 0x7, 0x0, 0x0, 0x0, 0x2e})
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "3acf1ec7ae70bb24"}}, 0x48}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r5, &(0x7f0000000140)=[{&(0x7f0000000040)=""/223, 0xdf}], 0x1)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setresuid(0xee01, 0xee00, 0x0)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r6, 0x2)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)

0s ago: executing program 5 (id=855):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000003eb000010000000800000000000100000004000000040001800c0002000000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x400c841}, 0x4008094)

kernel console output (not intermixed with test programs):

 device number 9 using dummy_hcd
[  250.808102][ T7334] syz.0.367: attempt to access beyond end of device
[  250.808102][ T7334] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  250.823608][ T7334] gfs2: error -5 reading superblock
[  251.721665][ T6674] usb 3-1: Using ep0 maxpacket: 32
[  252.114537][   T43] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  252.870911][   T43] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  252.879350][   T43] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  252.890306][   T43] hid-generic 0000:0004:0034.0004: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  253.018612][ T6674] usb 3-1: unable to read config index 0 descriptor/start: -71
[  253.044584][ T6674] usb 3-1: can't read configurations, error -71
[  253.080745][ T7343] =======================================================
[  253.080745][ T7343] WARNING: The mand mount option has been deprecated and
[  253.080745][ T7343]          and is ignored by this kernel. Remove the mand
[  253.080745][ T7343]          option from the mount to silence this warning.
[  253.080745][ T7343] =======================================================
[  253.164443][ T7343] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  253.181961][ T5914] usb 5-1: USB disconnect, device number 9
[  253.202973][ T7343] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  253.218331][ T7343] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  253.227063][ T7343] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  253.468756][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.378'.
[  253.483007][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.378'.
[  253.484934][   T43] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  253.870933][   T43] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  253.974350][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.698654][   T43] usb 1-1: Product: syz
[  255.733785][   T43] usb 1-1: Manufacturer: syz
[  255.738469][   T43] usb 1-1: SerialNumber: syz
[  255.808411][   T43] usb 1-1: config 0 descriptor??
[  255.850094][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.381'.
[  255.854572][   T43] gspca_main: sunplus-2.14.0 probing 055f:c230
[  255.959872][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.966346][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  256.101496][   T43] gspca_sunplus: reg_r err -71
[  256.146705][   T43] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  256.263410][ T7373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.380'.
[  256.274072][ T7373] IPVS: Error joining to the multicast group
[  257.018387][   T43] usb 1-1: USB disconnect, device number 11
[  258.101980][ T7384] netlink: 20 bytes leftover after parsing attributes in process `syz.4.384'.
[  258.861310][   T43] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  259.081828][   T43] usb 4-1: Using ep0 maxpacket: 32
[  259.512144][   T43] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  259.522563][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.530630][   T43] usb 4-1: Product: syz
[  259.534905][   T43] usb 4-1: Manufacturer: syz
[  259.539521][   T43] usb 4-1: SerialNumber: syz
[  259.562988][   T43] usb 4-1: config 0 descriptor??
[  259.993029][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  259.993313][   T30] audit: type=1326 audit(1752692527.870:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.111034][   T30] audit: type=1326 audit(1752692527.870:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.220599][   T30] audit: type=1326 audit(1752692527.910:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.279527][   T43] airspy 4-1:0.0: Board ID: 00
[  260.285016][   T43] airspy 4-1:0.0: Firmware version: 
[  260.308447][   T30] audit: type=1326 audit(1752692527.910:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.394787][   T30] audit: type=1326 audit(1752692527.910:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.453974][   T30] audit: type=1326 audit(1752692527.920:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.680079][   T30] audit: type=1326 audit(1752692527.920:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.914020][ T7392] netlink: 65051 bytes leftover after parsing attributes in process `syz.3.386'.
[  260.935963][   T30] audit: type=1326 audit(1752692527.920:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  260.966282][ T7413] syz.1.391: attempt to access beyond end of device
[  260.966282][ T7413] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  260.979600][ T7413] gfs2: error -5 reading superblock
[  260.986212][   T43] airspy 4-1:0.0: usb_control_msg() failed -71 request 0e
[  261.001726][   T30] audit: type=1326 audit(1752692527.920:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  261.055875][   T43] airspy 4-1:0.0: Registered as swradio24
[  261.065759][   T43] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  261.108077][   T43] usb 4-1: USB disconnect, device number 9
[  261.190504][   T30] audit: type=1326 audit(1752692527.920:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7406 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  261.212091][    C0] vkms_vblank_simulate: vblank timer overrun
[  261.535360][ T7419] syz.0.392: attempt to access beyond end of device
[  261.535360][ T7419] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  261.549561][ T7419] gfs2: error -5 reading superblock
[  261.990913][ T7426] ubi: mtd0 is already attached to ubi31
[  262.896062][ T7431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.394'.
[  263.029065][ T7435] netlink: 8 bytes leftover after parsing attributes in process `syz.3.396'.
[  263.039695][ T7435] IPVS: Error joining to the multicast group
[  265.747535][ T6009] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  266.031935][ T6009] usb 2-1: Using ep0 maxpacket: 32
[  266.152022][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  266.209804][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  266.209823][   T30] audit: type=1326 audit(1752692534.090:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.287714][ T6009] usb 2-1: device descriptor read/all, error -71
[  266.324765][   T30] audit: type=1326 audit(1752692534.130:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.360648][   T30] audit: type=1326 audit(1752692534.140:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.458889][   T30] audit: type=1326 audit(1752692534.140:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.523411][ T7451] syz.0.399: attempt to access beyond end of device
[  266.523411][ T7451] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  266.537397][ T7451] gfs2: error -5 reading superblock
[  266.543023][   T30] audit: type=1326 audit(1752692534.140:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.543144][   T30] audit: type=1326 audit(1752692534.140:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.638140][   T30] audit: type=1326 audit(1752692534.140:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.692689][   T30] audit: type=1326 audit(1752692534.140:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.717808][   T30] audit: type=1326 audit(1752692534.140:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.801775][   T30] audit: type=1326 audit(1752692534.140:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7456 comm="syz.2.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  266.912139][ T5914] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  267.081679][ T5914] usb 5-1: Using ep0 maxpacket: 32
[  267.091192][ T5914] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  267.103880][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.112420][ T5914] usb 5-1: Product: syz
[  267.117777][ T5914] usb 5-1: Manufacturer: syz
[  267.122493][ T5914] usb 5-1: SerialNumber: syz
[  267.149221][ T5914] usb 5-1: config 0 descriptor??
[  267.571848][ T7480] 9pnet_virtio: no channels available for device syz
[  268.435031][ T5914] airspy 5-1:0.0: usb_control_msg() failed -110 request 0a
[  268.781721][ T5914] airspy 5-1:0.0: Could not detect board
[  268.787629][ T5914] airspy 5-1:0.0: probe with driver airspy failed with error -110
[  268.846708][ T7483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.410'.
[  268.863812][ T7483] IPVS: Error joining to the multicast group
[  269.062876][ T7488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.411'.
[  269.174596][ T7489] netlink: 65051 bytes leftover after parsing attributes in process `syz.4.406'.
[  269.779031][ T7497] netlink: 'syz.1.413': attribute type 21 has an invalid length.
[  269.949671][ T7507] loop2: detected capacity change from 0 to 7
[  269.987076][ T7507] Dev loop2: unable to read RDB block 7
[  269.996531][ T7507]  loop2: unable to read partition table
[  270.091058][ T7507] loop2: partition table beyond EOD, truncated
[  270.779405][ T7507] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  271.054241][ T6674] usb 5-1: USB disconnect, device number 10
[  271.057374][ T7508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.417'.
[  271.475632][ T7530] 9pnet_virtio: no channels available for device syz
[  272.842377][ T7542] syz.0.424: attempt to access beyond end of device
[  272.842377][ T7542] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  272.855784][ T7542] gfs2: error -5 reading superblock
[  273.120985][ T7539] syz.2.422: attempt to access beyond end of device
[  273.120985][ T7539] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0
[  273.134418][ T7539] gfs2: error -5 reading superblock
[  273.519632][ T7541] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'.
[  275.179528][ T7562] FAULT_INJECTION: forcing a failure.
[  275.179528][ T7562] name failslab, interval 1, probability 0, space 0, times 0
[  275.193756][ T7562] CPU: 1 UID: 0 PID: 7562 Comm: syz.4.428 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  275.193786][ T7562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  275.193800][ T7562] Call Trace:
[  275.193818][ T7562]  <TASK>
[  275.193827][ T7562]  dump_stack_lvl+0x189/0x250
[  275.193862][ T7562]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.193886][ T7562]  ? __pfx__printk+0x10/0x10
[  275.193920][ T7562]  ? kasan_check_range+0x68/0x2c0
[  275.193959][ T7562]  should_fail_ex+0x414/0x560
[  275.193995][ T7562]  should_failslab+0xa8/0x100
[  275.194028][ T7562]  kmem_cache_alloc_noprof+0x73/0x3c0
[  275.194057][ T7562]  ? skb_clone+0x212/0x3a0
[  275.194091][ T7562]  skb_clone+0x212/0x3a0
[  275.194123][ T7562]  __netlink_deliver_tap+0x404/0x850
[  275.194162][ T7562]  ? netlink_deliver_tap+0x2e/0x1b0
[  275.194189][ T7562]  netlink_deliver_tap+0x19c/0x1b0
[  275.194215][ T7562]  netlink_sendskb+0x68/0x140
[  275.194240][ T7562]  netlink_rcv_skb+0x28c/0x470
[  275.194265][ T7562]  ? __pfx_genl_rcv_msg+0x10/0x10
[  275.194298][ T7562]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  275.194343][ T7562]  ? down_read+0x1ad/0x2e0
[  275.194368][ T7562]  genl_rcv+0x28/0x40
[  275.194396][ T7562]  netlink_unicast+0x75c/0x8e0
[  275.194431][ T7562]  netlink_sendmsg+0x805/0xb30
[  275.194467][ T7562]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.194504][ T7562]  ? __pfx_netlink_sendmsg+0x10/0x10
[  275.194530][ T7562]  __sock_sendmsg+0x219/0x270
[  275.194567][ T7562]  ____sys_sendmsg+0x505/0x830
[  275.194600][ T7562]  ? __pfx_____sys_sendmsg+0x10/0x10
[  275.194638][ T7562]  ? import_iovec+0x74/0xa0
[  275.194666][ T7562]  ___sys_sendmsg+0x21f/0x2a0
[  275.194700][ T7562]  ? __pfx____sys_sendmsg+0x10/0x10
[  275.194770][ T7562]  ? __fget_files+0x2a/0x420
[  275.194788][ T7562]  ? __fget_files+0x3a0/0x420
[  275.194825][ T7562]  __x64_sys_sendmsg+0x19b/0x260
[  275.194855][ T7562]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  275.194904][ T7562]  ? do_syscall_64+0xbe/0x3b0
[  275.194928][ T7562]  do_syscall_64+0xfa/0x3b0
[  275.194949][ T7562]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.194969][ T7562]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  275.194989][ T7562]  ? clear_bhb_loop+0x60/0xb0
[  275.195015][ T7562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.195035][ T7562] RIP: 0033:0x7fe92178e929
[  275.195053][ T7562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.195070][ T7562] RSP: 002b:00007fe91f5b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  275.195092][ T7562] RAX: ffffffffffffffda RBX: 00007fe9219b6160 RCX: 00007fe92178e929
[  275.195106][ T7562] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000000000000009
[  275.195119][ T7562] RBP: 00007fe91f5b4090 R08: 0000000000000000 R09: 0000000000000000
[  275.195131][ T7562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.195143][ T7562] R13: 0000000000000001 R14: 00007fe9219b6160 R15: 00007ffd1520c998
[  275.195176][ T7562]  </TASK>
[  275.492756][    C1] vkms_vblank_simulate: vblank timer overrun
[  277.522808][ T7583] 9pnet_virtio: no channels available for device syz
[  277.593185][ T6009] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  277.614268][ T5850] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  277.625841][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: kworker/u9:8 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  277.625873][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  277.625887][ T5850] Workqueue: hci0 hci_rx_work
[  277.625926][ T5850] Call Trace:
[  277.625935][ T5850]  <TASK>
[  277.625944][ T5850]  dump_stack_lvl+0x189/0x250
[  277.625971][ T5850]  ? kernfs_path_from_node+0x2c/0x260
[  277.625994][ T5850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.626019][ T5850]  ? __pfx__printk+0x10/0x10
[  277.626049][ T5850]  ? kernfs_path_from_node+0x2c/0x260
[  277.626069][ T5850]  ? kernfs_path_from_node+0x2c/0x260
[  277.626092][ T5850]  ? kernfs_path_from_node+0x22c/0x260
[  277.626112][ T5850]  ? kernfs_path_from_node+0x2c/0x260
[  277.626137][ T5850]  sysfs_create_dir_ns+0x259/0x280
[  277.626174][ T5850]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  277.626210][ T5850]  ? do_raw_spin_unlock+0x122/0x240
[  277.626244][ T5850]  kobject_add_internal+0x59f/0xb40
[  277.626278][ T5850]  kobject_add+0x155/0x220
[  277.626306][ T5850]  ? __pfx_kobject_add+0x10/0x10
[  277.626329][ T5850]  ? _raw_spin_unlock+0x28/0x50
[  277.626371][ T5850]  ? get_device_parent+0x366/0x3a0
[  277.626403][ T5850]  device_add+0x408/0xb50
[  277.626435][ T5850]  hci_conn_add_sysfs+0xd5/0x1e0
[  277.626469][ T5850]  le_conn_complete_evt+0xc3a/0x1220
[  277.626509][ T5850]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  277.626535][ T5850]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  277.626554][ T5850]  ? __asan_memcpy+0x40/0x70
[  277.626582][ T5850]  ? __pfx___mutex_lock+0x10/0x10
[  277.626602][ T5850]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  277.626621][ T5850]  ? skb_pull_data+0xfb/0x200
[  277.626659][ T5850]  hci_le_conn_complete_evt+0x187/0x450
[  277.626692][ T5850]  hci_event_packet+0x78c/0x1200
[  277.626728][ T5850]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  277.626755][ T5850]  ? __pfx_hci_event_packet+0x10/0x10
[  277.626789][ T5850]  ? kcov_remote_start+0x4d3/0x7f0
[  277.626819][ T5850]  ? lockdep_hardirqs_on+0x90/0x150
[  277.626854][ T5850]  ? hci_send_to_monitor+0xe2/0x570
[  277.626883][ T5850]  hci_rx_work+0x46a/0xe80
[  277.626925][ T5850]  ? process_scheduled_works+0x9ef/0x17b0
[  277.626951][ T5850]  process_scheduled_works+0xade/0x17b0
[  277.627012][ T5850]  ? __pfx_process_scheduled_works+0x10/0x10
[  277.627056][ T5850]  worker_thread+0x8a0/0xda0
[  277.627082][ T5850]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  277.627123][ T5850]  ? __kthread_parkme+0x7b/0x200
[  277.627159][ T5850]  kthread+0x711/0x8a0
[  277.627191][ T5850]  ? __pfx_worker_thread+0x10/0x10
[  277.627213][ T5850]  ? __pfx_kthread+0x10/0x10
[  277.627243][ T5850]  ? _raw_spin_unlock_irq+0x23/0x50
[  277.627280][ T5850]  ? lockdep_hardirqs_on+0x9c/0x150
[  277.627309][ T5850]  ? __pfx_kthread+0x10/0x10
[  277.627339][ T5850]  ret_from_fork+0x3fc/0x770
[  277.627370][ T5850]  ? __pfx_ret_from_fork+0x10/0x10
[  277.627399][ T5850]  ? __switch_to_asm+0x39/0x70
[  277.627422][ T5850]  ? __switch_to_asm+0x33/0x70
[  277.627447][ T5850]  ? __pfx_kthread+0x10/0x10
[  277.627476][ T5850]  ret_from_fork_asm+0x1a/0x30
[  277.627521][ T5850]  </TASK>
[  277.627553][ T5850] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  278.728064][ T5914] libceph: connect (1)[c::]:6789 error -101
[  278.807603][ T5914] libceph: mon0 (1)[c::]:6789 connect error
[  278.918311][ T5850] Bluetooth: hci0: failed to register connection device
[  279.064638][   T30] kauditd_printk_skb: 102 callbacks suppressed
[  279.064657][   T30] audit: type=1326 audit(1752692546.950:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  279.094358][ T7580] ceph: No mds server is up or the cluster is laggy
[  279.142482][ T6009] usb 5-1: Using ep0 maxpacket: 32
[  279.182738][ T6009] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  279.229762][ T6009] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.259993][   T30] audit: type=1326 audit(1752692547.000:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  279.282858][   T30] audit: type=1326 audit(1752692547.000:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  279.306047][   T30] audit: type=1326 audit(1752692547.000:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  279.322046][ T6009] usb 5-1: Product: syz
[  279.331451][   T30] audit: type=1326 audit(1752692547.010:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  279.367936][ T6009] usb 5-1: Manufacturer: syz
[  279.375204][   T30] audit: type=1326 audit(1752692547.010:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  279.403967][ T6009] usb 5-1: SerialNumber: syz
[  279.424074][ T6009] usb 5-1: config 0 descriptor??
[  279.942629][   T30] audit: type=1326 audit(1752692547.010:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  280.083065][ T6009] usb 5-1: can't set config #0, error -71
[  280.089807][   T30] audit: type=1326 audit(1752692547.010:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  280.116267][ T6009] usb 5-1: USB disconnect, device number 11
[  280.129115][   T30] audit: type=1326 audit(1752692547.010:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  280.153311][   T30] audit: type=1326 audit(1752692547.010:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7588 comm="syz.2.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb1b58e929 code=0x7ffc0000
[  282.835592][ T7622] syz.4.445: attempt to access beyond end of device
[  282.835592][ T7622] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0
[  282.850150][ T7622] gfs2: error -5 reading superblock
[  285.206931][ T7639] ubi: mtd0 is already attached to ubi31
[  286.445318][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  286.445337][   T30] audit: type=1326 audit(1752692554.330:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  286.561763][   T30] audit: type=1326 audit(1752692554.330:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  286.638080][   T30] audit: type=1326 audit(1752692554.330:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  286.763789][   T30] audit: type=1326 audit(1752692554.330:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  286.818577][   T30] audit: type=1326 audit(1752692554.330:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  286.871974][   T30] audit: type=1326 audit(1752692554.330:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  287.164526][ T7669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.454'.
[  287.177109][ T7669] IPVS: Error joining to the multicast group
[  289.182258][   T30] audit: type=1326 audit(1752692554.330:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  289.399389][ T7673] netlink: 8 bytes leftover after parsing attributes in process `syz.3.456'.
[  289.409613][ T7673] IPVS: Error joining to the multicast group
[  291.001614][   T30] audit: type=1326 audit(1752692554.330:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  291.036485][   T30] audit: type=1326 audit(1752692554.330:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  291.065039][   T30] audit: type=1326 audit(1752692554.330:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7649 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  292.705156][ T7697] dvmrp8: entered allmulticast mode
[  293.471767][   T43] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  293.631734][   T43] usb 2-1: Using ep0 maxpacket: 8
[  293.690979][   T43] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  293.737851][   T43] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  293.738457][ T7710] syz.0.467: attempt to access beyond end of device
[  293.738457][ T7710] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  293.752523][   T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  293.761970][ T7710] gfs2: error -5 reading superblock
[  294.107500][   T43] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  294.127020][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.151626][   T43] usb 2-1: Product: syz
[  294.157430][   T43] usb 2-1: Manufacturer: syz
[  294.173252][   T43] usb 2-1: SerialNumber: syz
[  294.192152][   T43] usb 2-1: rejected 1 configuration due to insufficient available bus power
[  294.285735][   T43] usb 2-1: no configuration chosen from 1 choice
[  294.497310][ T7714] netlink: 20 bytes leftover after parsing attributes in process `syz.2.468'.
[  295.044796][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  295.044811][   T30] audit: type=1326 audit(1752692562.930:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  295.136403][   T30] audit: type=1326 audit(1752692562.930:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  295.162401][ T7717] nbd: socks must be embedded in a SOCK_ITEM attr
[  295.176810][ T7719] block nbd0: Cannot use ioctl interface on a netlink controlled device.
[  295.229150][ T7717] loop2: detected capacity change from 0 to 7
[  296.026419][ T7728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.471'.
[  296.037223][ T7728] IPVS: Error joining to the multicast group
[  297.043497][   T30] audit: type=1326 audit(1752692563.000:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.071869][   T30] audit: type=1326 audit(1752692563.000:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.093879][   T30] audit: type=1326 audit(1752692563.000:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.144444][ T6674] usb 2-1: USB disconnect, device number 9
[  297.147780][ T7717] Dev loop2: unable to read RDB block 7
[  297.166249][   T30] audit: type=1326 audit(1752692563.010:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.189467][   T30] audit: type=1326 audit(1752692563.010:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.264046][ T7731] netlink: 'syz.1.472': attribute type 1 has an invalid length.
[  297.272282][ T7731] netlink: 144 bytes leftover after parsing attributes in process `syz.1.472'.
[  297.281255][ T7731] netlink: 28 bytes leftover after parsing attributes in process `syz.1.472'.
[  297.281736][ T7717]  loop2: AHDI p1 p2 p3
[  297.290335][   T30] audit: type=1326 audit(1752692563.010:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.345464][ T7718] block nbd0: shutting down sockets
[  297.347527][ T7717] loop2: partition table partially beyond EOD, truncated
[  297.397078][   T30] audit: type=1326 audit(1752692563.010:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.400095][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.472'.
[  297.441730][ T7717] loop2: p1 start 1601398130 is beyond EOD, truncated
[  297.475467][ T7717] loop2: p2 start 1702059890 is beyond EOD, truncated
[  297.487235][   T30] audit: type=1326 audit(1752692563.020:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7718 comm="syz.0.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  297.546969][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.472'.
[  297.681176][ T7737] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0)
[  298.513879][ T7743] netlink: 76 bytes leftover after parsing attributes in process `syz.1.476'.
[  299.582956][   T43] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  299.721776][ T7757] program syz.3.481 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  299.756242][   T43] usb 3-1: config 0 has an invalid interface number: 90 but max is 0
[  299.767736][   T43] usb 3-1: config 0 has no interface number 0
[  299.783576][   T43] usb 3-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=de.7f
[  299.794688][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.803744][   T43] usb 3-1: Product: syz
[  299.808336][   T43] usb 3-1: Manufacturer: syz
[  299.814007][   T43] usb 3-1: SerialNumber: syz
[  299.840779][   T43] usb 3-1: config 0 descriptor??
[  299.859606][ T7758] program syz.3.481 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  299.881781][ T7758] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  299.945200][ T7758] FAULT_INJECTION: forcing a failure.
[  299.945200][ T7758] name failslab, interval 1, probability 0, space 0, times 0
[  299.975921][ T7758] CPU: 1 UID: 0 PID: 7758 Comm: syz.3.481 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  299.975954][ T7758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  299.975971][ T7758] Call Trace:
[  299.975980][ T7758]  <TASK>
[  299.975989][ T7758]  dump_stack_lvl+0x189/0x250
[  299.976026][ T7758]  ? __pfx____ratelimit+0x10/0x10
[  299.976048][ T7758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.976081][ T7758]  ? __pfx__printk+0x10/0x10
[  299.976105][ T7758]  ? ref_tracker_alloc+0x318/0x460
[  299.976129][ T7758]  should_fail_ex+0x414/0x560
[  299.976154][ T7758]  should_failslab+0xa8/0x100
[  299.976178][ T7758]  kmem_cache_alloc_noprof+0x73/0x3c0
[  299.976199][ T7758]  ? skb_clone+0x212/0x3a0
[  299.976222][ T7758]  skb_clone+0x212/0x3a0
[  299.976245][ T7758]  __netlink_deliver_tap+0x404/0x850
[  299.976272][ T7758]  ? netlink_deliver_tap+0x2e/0x1b0
[  299.976290][ T7758]  netlink_deliver_tap+0x19c/0x1b0
[  299.976308][ T7758]  netlink_unicast+0x730/0x8e0
[  299.976340][ T7758]  netlink_sendmsg+0x805/0xb30
[  299.976365][ T7758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.976389][ T7758]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  299.976411][ T7758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.976429][ T7758]  __sock_sendmsg+0x219/0x270
[  299.976456][ T7758]  ____sys_sendmsg+0x505/0x830
[  299.976479][ T7758]  ? __pfx_____sys_sendmsg+0x10/0x10
[  299.976505][ T7758]  ? import_iovec+0x74/0xa0
[  299.976525][ T7758]  ___sys_sendmsg+0x21f/0x2a0
[  299.976546][ T7758]  ? __pfx____sys_sendmsg+0x10/0x10
[  299.976594][ T7758]  ? __fget_files+0x2a/0x420
[  299.976607][ T7758]  ? __fget_files+0x3a0/0x420
[  299.976628][ T7758]  __x64_sys_sendmsg+0x19b/0x260
[  299.976650][ T7758]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  299.976676][ T7758]  ? __pfx_ksys_write+0x10/0x10
[  299.976694][ T7758]  ? rcu_is_watching+0x15/0xb0
[  299.976714][ T7758]  ? do_syscall_64+0xbe/0x3b0
[  299.976731][ T7758]  do_syscall_64+0xfa/0x3b0
[  299.976746][ T7758]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.976760][ T7758]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  299.976773][ T7758]  ? clear_bhb_loop+0x60/0xb0
[  299.976791][ T7758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.976805][ T7758] RIP: 0033:0x7fbb37b8e929
[  299.976818][ T7758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.976830][ T7758] RSP: 002b:00007fbb389ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  299.976846][ T7758] RAX: ffffffffffffffda RBX: 00007fbb37db6080 RCX: 00007fbb37b8e929
[  299.976857][ T7758] RDX: 0000000028000010 RSI: 0000200000000400 RDI: 0000000000000007
[  299.976866][ T7758] RBP: 00007fbb389ee090 R08: 0000000000000000 R09: 0000000000000000
[  299.976875][ T7758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  299.976884][ T7758] R13: 0000000000000000 R14: 00007fbb37db6080 R15: 00007ffc2de9dad8
[  299.976906][ T7758]  </TASK>
[  300.279761][   T43] cdc_subset 3-1:0.90: probe with driver cdc_subset failed with error -22
[  300.366785][ T5914] usb 3-1: USB disconnect, device number 11
[  300.852830][ T7768] 9pnet_virtio: no channels available for device syz
[  301.817874][   T43] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  302.154084][   T43] usb 3-1: unable to get BOS descriptor or descriptor too short
[  302.170264][   T43] usb 3-1: no configurations
[  302.190532][   T43] usb 3-1: can't read configurations, error -22
[  305.316761][ T7804] syz.2.491: attempt to access beyond end of device
[  305.316761][ T7804] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0
[  305.330288][ T7804] gfs2: error -5 reading superblock
[  305.810991][ T7805] syz.0.492: attempt to access beyond end of device
[  305.810991][ T7805] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  305.824314][ T7805] gfs2: error -5 reading superblock
[  306.186335][ T7814] 9pnet_virtio: no channels available for device syz
[  309.007020][ T7831] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  309.013703][ T7831] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  309.037465][ T7831] vhci_hcd vhci_hcd.0: Device attached
[  309.110224][   T30] kauditd_printk_skb: 46 callbacks suppressed
[  309.110244][   T30] audit: type=1326 audit(1752692576.990:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  309.233315][ T7835] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'.
[  309.469593][  T979] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[  310.339710][   T30] audit: type=1326 audit(1752692576.990:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.004266][ T7835] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.013519][ T7835] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.353059][   T30] audit: type=1326 audit(1752692576.990:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.374722][   T30] audit: type=1326 audit(1752692576.990:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.396487][   T30] audit: type=1326 audit(1752692577.030:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.420267][   T30] audit: type=1326 audit(1752692577.030:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.467915][   T30] audit: type=1326 audit(1752692577.030:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.491835][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  311.500259][   T30] audit: type=1326 audit(1752692577.030:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.524400][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  311.532392][   T30] audit: type=1326 audit(1752692577.030:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.555628][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  311.562953][   T30] audit: type=1326 audit(1752692577.030:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7829 comm="syz.3.501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  311.586446][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  311.596398][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  311.989308][ T7846] 9pnet_virtio: no channels available for device syz
[  313.701845][ T5843] Bluetooth: hci5: command tx timeout
[  314.892281][ T7835] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  314.915603][ T7835] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  315.421949][   T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  315.528777][ T7835] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.585694][ T7835] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.611770][   T24] usb 2-1: Using ep0 maxpacket: 32
[  315.627223][ T7835] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.658150][   T24] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  315.677991][ T7835] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  315.679651][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.769045][   T24] usb 2-1: Product: syz
[  315.789568][   T24] usb 2-1: Manufacturer: syz
[  315.794507][ T5843] Bluetooth: hci5: command tx timeout
[  315.819771][   T24] usb 2-1: SerialNumber: syz
[  315.872746][   T24] usb 2-1: config 0 descriptor??
[  316.035543][ T7833] vhci_hcd: connection reset by peer
[  316.112153][ T6402] vhci_hcd: stop threads
[  316.117274][ T6402] vhci_hcd: release socket
[  316.178750][ T6402] vhci_hcd: disconnect device
[  316.241794][  T979] vhci_hcd: vhci_device speed not set
[  316.361724][   T24] airspy 2-1:0.0: Board ID: 00
[  316.366572][   T24] airspy 2-1:0.0: Firmware version: 
[  317.150038][ T7901] 9pnet_virtio: no channels available for device syz
[  317.822249][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.828621][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  317.938013][ T5843] Bluetooth: hci5: command tx timeout
[  317.989955][ T7880] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.511'.
[  318.208474][   T24] airspy 2-1:0.0: usb_control_msg() failed -71 request 0e
[  318.227786][   T24] airspy 2-1:0.0: Registered as swradio24
[  318.241881][   T24] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  318.317651][ T7837] chnl_net:caif_netlink_parms(): no params data found
[  318.345702][   T24] usb 2-1: USB disconnect, device number 10
[  318.541717][ T7907] FAULT_INJECTION: forcing a failure.
[  318.541717][ T7907] name failslab, interval 1, probability 0, space 0, times 0
[  318.554676][ T7907] CPU: 0 UID: 0 PID: 7907 Comm: syz.2.517 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  318.554699][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  318.554709][ T7907] Call Trace:
[  318.554717][ T7907]  <TASK>
[  318.554725][ T7907]  dump_stack_lvl+0x189/0x250
[  318.554745][ T7907]  ? __pfx____ratelimit+0x10/0x10
[  318.554768][ T7907]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.554784][ T7907]  ? __pfx__printk+0x10/0x10
[  318.554808][ T7907]  ? __pfx___might_resched+0x10/0x10
[  318.554823][ T7907]  ? fs_reclaim_acquire+0x7d/0x100
[  318.554842][ T7907]  should_fail_ex+0x414/0x560
[  318.554866][ T7907]  should_failslab+0xa8/0x100
[  318.554902][ T7907]  __kmalloc_noprof+0xcb/0x4f0
[  318.554922][ T7907]  ? vb2_core_create_bufs+0x458/0xde0
[  318.554941][ T7907]  vb2_core_create_bufs+0x458/0xde0
[  318.554972][ T7907]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  318.554986][ T7907]  ? __mutex_trylock_common+0x153/0x260
[  318.555009][ T7907]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  318.555028][ T7907]  vb2_create_bufs+0x5b9/0xae0
[  318.555048][ T7907]  ? __pfx_vb2_create_bufs+0x10/0x10
[  318.555064][ T7907]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  318.555084][ T7907]  vb2_ioctl_create_bufs+0x285/0x3f0
[  318.555104][ T7907]  v4l_create_bufs+0x193/0x2a0
[  318.555122][ T7907]  __video_do_ioctl+0xc9b/0xdb0
[  318.555148][ T7907]  ? __pfx___video_do_ioctl+0x10/0x10
[  318.555175][ T7907]  video_usercopy+0x86e/0x14f0
[  318.555200][ T7907]  ? __pfx___video_do_ioctl+0x10/0x10
[  318.555217][ T7907]  ? __pfx_video_usercopy+0x10/0x10
[  318.555233][ T7907]  ? smack_file_ioctl+0x2a9/0x340
[  318.555264][ T7907]  ? __fget_files+0x2a/0x420
[  318.555276][ T7907]  ? __fget_files+0x3a0/0x420
[  318.555291][ T7907]  v4l2_ioctl+0x18a/0x1e0
[  318.555307][ T7907]  ? __pfx_v4l2_ioctl+0x10/0x10
[  318.555323][ T7907]  __se_sys_ioctl+0xfc/0x170
[  318.555344][ T7907]  do_syscall_64+0xfa/0x3b0
[  318.555357][ T7907]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.555378][ T7907]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.555392][ T7907]  ? clear_bhb_loop+0x60/0xb0
[  318.555409][ T7907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.555422][ T7907] RIP: 0033:0x7ffb1b58e929
[  318.555436][ T7907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.555447][ T7907] RSP: 002b:00007ffb193d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  318.555462][ T7907] RAX: ffffffffffffffda RBX: 00007ffb1b7b6080 RCX: 00007ffb1b58e929
[  318.555473][ T7907] RDX: 0000200000000480 RSI: 00000000c100565c RDI: 0000000000000008
[  318.555481][ T7907] RBP: 00007ffb193d5090 R08: 0000000000000000 R09: 0000000000000000
[  318.555490][ T7907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.555499][ T7907] R13: 0000000000000000 R14: 00007ffb1b7b6080 R15: 00007ffe7ab30a58
[  318.555521][ T7907]  </TASK>
[  318.842793][    C0] vkms_vblank_simulate: vblank timer overrun
[  318.948541][ T7837] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.956465][ T7837] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.969080][ T7837] bridge_slave_0: entered allmulticast mode
[  318.977767][ T7837] bridge_slave_0: entered promiscuous mode
[  318.989374][ T7837] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.997190][ T7837] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.007303][ T7837] bridge_slave_1: entered allmulticast mode
[  319.018038][ T7837] bridge_slave_1: entered promiscuous mode
[  319.067598][ T7837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  319.080183][ T7837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  319.130040][ T7837] team0: Port device team_slave_0 added
[  319.139158][ T7837] team0: Port device team_slave_1 added
[  319.441450][ T7837] batman_adv: batadv0: Adding interface: batadv_slave_0
[  319.471474][ T7837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  319.498396][    C0] vkms_vblank_simulate: vblank timer overrun
[  320.071835][ T5843] Bluetooth: hci5: command tx timeout
[  320.457397][ T7837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  320.479222][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  320.479243][   T30] audit: type=1326 audit(1752692587.610:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  320.771850][   T30] audit: type=1326 audit(1752692587.620:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  320.793306][    C0] vkms_vblank_simulate: vblank timer overrun
[  320.896871][   T30] audit: type=1326 audit(1752692588.360:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  321.000792][ T7837] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.025736][ T7837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.060630][   T30] audit: type=1326 audit(1752692588.360:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  321.179190][   T30] audit: type=1326 audit(1752692588.360:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  321.203597][ T7837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.307675][   T30] audit: type=1326 audit(1752692588.510:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  321.422948][   T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  321.443476][   T30] audit: type=1326 audit(1752692588.510:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  321.557376][ T7935] syz.2.523: attempt to access beyond end of device
[  321.557376][ T7935] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0
[  321.571472][ T7935] gfs2: error -5 reading superblock
[  321.611907][   T24] usb 1-1: Using ep0 maxpacket: 32
[  322.012055][   T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  322.061610][   T30] audit: type=1326 audit(1752692588.510:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  322.071765][   T24] usb 1-1: config 0 has no interface number 0
[  322.157340][   T24] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  322.176813][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.217352][   T30] audit: type=1326 audit(1752692588.510:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  322.250138][   T24] usb 1-1: Product: syz
[  322.259164][ T7837] hsr_slave_0: entered promiscuous mode
[  322.271136][   T24] usb 1-1: Manufacturer: syz
[  322.282931][   T24] usb 1-1: SerialNumber: syz
[  322.295170][ T7837] hsr_slave_1: entered promiscuous mode
[  322.351603][   T30] audit: type=1326 audit(1752692588.510:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb37b8e929 code=0x7ffc0000
[  322.353292][   T24] usb 1-1: config 0 descriptor??
[  322.378379][ T7837] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  322.402508][ T7837] Cannot create hsr debugfs directory
[  322.434962][   T24] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  322.481224][   T24] usb 1-1: selecting invalid altsetting 1
[  322.499472][   T24] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  322.526993][   T24] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  322.558572][   T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  322.607871][   T24] usb 1-1: media controller created
[  322.723877][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  323.149336][ T7837] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  323.177341][ T7837] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  323.203368][ T7837] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  323.231945][ T7837] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  323.434915][ T7837] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.499892][ T7837] 8021q: adding VLAN 0 to HW filter on device team0
[  323.537430][ T6402] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.544664][ T6402] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.586156][ T6402] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.593371][ T6402] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.702288][ T7932] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  323.742740][   T24] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  323.762738][   T24] zl10353_read_register: readreg error (reg=127, ret==-71)
[  323.798315][   T24] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  323.927662][   T24] usb 1-1: USB disconnect, device number 12
[  325.136036][ T7837] 8021q: adding VLAN 0 to HW filter on device batadv0
[  325.821796][   T24] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  325.977125][ T7995] syz.1.534: attempt to access beyond end of device
[  325.977125][ T7995] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  325.991068][ T7995] gfs2: error -5 reading superblock
[  326.462983][   T24] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  326.516665][ T7837] veth0_vlan: entered promiscuous mode
[  326.518224][   T24] usb 1-1: config 0 has no interface number 0
[  326.552732][   T24] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.571132][ T7837] veth1_vlan: entered promiscuous mode
[  326.605153][   T24] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.634652][   T24] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  326.681875][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.730096][   T24] usb 1-1: config 0 descriptor??
[  326.738497][ T7837] veth0_macvtap: entered promiscuous mode
[  326.780005][ T7837] veth1_macvtap: entered promiscuous mode
[  326.864878][ T7837] batman_adv: batadv0: Interface activated: batadv_slave_0
[  326.973501][ T7837] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.070437][ T8009] syz.3.538: attempt to access beyond end of device
[  327.070437][ T8009] nbd3: rw=6144, sector=128, nr_sectors = 8 limit=0
[  327.084133][ T8009] gfs2: error -5 reading superblock
[  327.587349][ T7837] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  327.617835][ T7837] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.645794][ T7837] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.658119][ T7837] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.945518][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.991481][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.001054][ T6402] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.034411][ T6402] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.072491][ T7865] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  328.464309][ T7865] usb 3-1: unable to get BOS descriptor or descriptor too short
[  328.718151][ T7865] usb 3-1: config 4 has an invalid interface number: 210 but max is 0
[  328.771749][ T7865] usb 3-1: config 4 has no interface number 0
[  328.777993][ T7865] usb 3-1: config 4 interface 210 has no altsetting 0
[  328.823825][ T7865] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice=6e.27
[  328.885239][ T7865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.932183][   T24] usbhid 1-1:0.1: can't add hid device: -71
[  328.938263][   T24] usbhid 1-1:0.1: probe with driver usbhid failed with error -71
[  328.950283][ T7865] usb 3-1: Product: syz
[  328.971773][ T7865] usb 3-1: Manufacturer: syz
[  328.976464][ T7865] usb 3-1: SerialNumber: syz
[  329.018004][   T24] usb 1-1: USB disconnect, device number 13
[  329.279816][ T7865] usb 3-1: USB disconnect, device number 14
[  330.218188][ T8034] syz.5.493: attempt to access beyond end of device
[  330.218188][ T8034] nbd5: rw=6144, sector=128, nr_sectors = 8 limit=0
[  330.231563][ T8034] gfs2: error -5 reading superblock
[  330.497336][ T8041] netlink: 8 bytes leftover after parsing attributes in process `syz.3.545'.
[  330.507645][ T8041] IPVS: Error joining to the multicast group
[  331.704308][ T8051] loop2: detected capacity change from 0 to 7
[  331.707452][   T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  331.727454][ T8051]  loop2: p1 p4
[  331.732485][ T8051] loop2: partition table partially beyond EOD, truncated
[  331.741641][ T8051] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  331.782018][ T5900] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  331.894774][   T24] usb 1-1: Using ep0 maxpacket: 8
[  332.022585][ T5900] usb 2-1: config 0 has too many interfaces: 204, using maximum allowed: 32
[  332.208922][   T24] usb 1-1: config 1 interface 0 has no altsetting 0
[  332.221794][ T5900] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 204
[  332.241385][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.253136][ T5900] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  332.253849][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[  332.286576][ T5900] usb 2-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  332.313267][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.326608][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.344351][ T5900] usb 2-1: config 0 descriptor??
[  332.349762][   T24] usb 1-1: Product: syz
[  332.357232][   T24] usb 1-1: Manufacturer: syz
[  332.365349][   T24] usb 1-1: SerialNumber: syz
[  332.434460][ T8054] erofs (device nbd2): cannot find valid erofs superblock
[  334.435574][   T24] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input6
[  335.722915][ T5900] input: HID 28bd:0909 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0909.0005/input/input7
[  335.810015][   T24] usb 1-1: USB disconnect, device number 14
[  335.810089][    C1] appletouch 1-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  335.896857][ T5900] uclogic 0003:28BD:0909.0005: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.1-1/input0
[  336.066838][   T24] appletouch 1-1:1.0: input: appletouch disconnected
[  336.093307][ T5900] usb 2-1: USB disconnect, device number 11
[  338.046698][ T8076] netlink: 8 bytes leftover after parsing attributes in process `syz.1.555'.
[  340.107872][ T8082] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  342.789267][ T8085] macvlan2: entered promiscuous mode
[  342.924219][ T8085] macvlan2: entered allmulticast mode
[  342.962406][ T8085] bond1: entered promiscuous mode
[  342.989256][ T8085] bridge1: entered promiscuous mode
[  343.004177][ T8085] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  343.018206][ T8085] bond1: left promiscuous mode
[  343.025101][ T8085] bridge1: left promiscuous mode
[  343.262235][ T5900] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  343.461640][ T5900] usb 3-1: Using ep0 maxpacket: 32
[  343.463957][ T8109] syz.5.561: attempt to access beyond end of device
[  343.463957][ T8109] nbd5: rw=6144, sector=128, nr_sectors = 8 limit=0
[  343.471970][ T5900] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  343.479968][ T8109] gfs2: error -5 reading superblock
[  343.558612][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.571164][ T5900] usb 3-1: Product: syz
[  343.576286][ T5900] usb 3-1: Manufacturer: syz
[  343.581186][ T5900] usb 3-1: SerialNumber: syz
[  344.854572][ T5900] usb 3-1: config 0 descriptor??
[  344.973889][ T8121] syz.1.564: attempt to access beyond end of device
[  344.973889][ T8121] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  344.987504][ T8121] gfs2: error -5 reading superblock
[  345.548330][ T5900] airspy 3-1:0.0: Board ID: 00
[  345.582106][ T5900] airspy 3-1:0.0: Firmware version: 
[  346.164334][ T8106] netlink: 65051 bytes leftover after parsing attributes in process `syz.2.560'.
[  346.408210][ T5900] airspy 3-1:0.0: usb_control_msg() failed -71 request 0e
[  346.421617][ T5900] airspy 3-1:0.0: Registered as swradio24
[  346.427427][ T5900] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  346.439959][ T5900] usb 3-1: USB disconnect, device number 15
[  347.603914][ T8139] syz.1.567: attempt to access beyond end of device
[  347.603914][ T8139] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  347.617197][ T8139] gfs2: error -5 reading superblock
[  348.144165][ T8144] netlink: 240 bytes leftover after parsing attributes in process `syz.2.570'.
[  353.779871][ T8176] netlink: 8 bytes leftover after parsing attributes in process `syz.1.577'.
[  353.789034][ T8176] IPVS: Error joining to the multicast group
[  360.145997][ T8252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.591'.
[  360.253642][ T8252] IPVS: Error joining to the multicast group
[  360.710817][ T8265] mmap: syz.2.595 (8265): VmData 25858048 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  363.303617][ T8290] netlink: 8 bytes leftover after parsing attributes in process `syz.0.602'.
[  363.315031][ T8290] IPVS: Error joining to the multicast group
[  364.279905][ T8296] netlink: 8 bytes leftover after parsing attributes in process `syz.3.605'.
[  364.289095][ T8296] IPVS: Error joining to the multicast group
[  365.379968][ T8314] trusted_key: encrypted_key: insufficient parameters specified
[  368.112302][ T8340] syz.1.613: attempt to access beyond end of device
[  368.112302][ T8340] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  368.126223][ T8340] gfs2: error -5 reading superblock
[  368.387658][ T8337] dvmrp8: entered allmulticast mode
[  370.184067][ T8356] ubi: mtd0 is already attached to ubi31
[  371.167911][ T8364] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  371.331831][ T5900] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  371.564367][ T5900] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[  371.606178][ T5900] usb 2-1: config 0 has no interface number 0
[  371.623743][ T5900] usb 2-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  371.654118][ T5900] usb 2-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  371.681861][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.502021][ T5900] usb 2-1: Product: syz
[  372.506265][ T5900] usb 2-1: Manufacturer: syz
[  372.510890][ T5900] usb 2-1: SerialNumber: syz
[  373.216580][ T5900] usb 2-1: config 0 descriptor??
[  375.073473][ T5900] keyspan 2-1:0.133: Keyspan 1 port adapter converter detected
[  375.081399][ T5900] keyspan 2-1:0.133: unsupported endpoint type 0
[  375.099151][ T5900] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 81
[  375.107180][ T5900] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 1
[  375.117379][ T5900] keyspan 2-1:0.133: found no endpoint descriptor for endpoint 2
[  375.129104][ T5900] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  375.158812][ T5900] usb 2-1: USB disconnect, device number 12
[  375.175917][ T5900] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  375.216625][ T5900] keyspan 2-1:0.133: device disconnected
[  375.572159][ T7877] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  375.781706][ T7877] usb 3-1: Using ep0 maxpacket: 16
[  375.917967][ T7877] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  376.294169][ T7877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  376.328520][ T7877] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  376.348079][ T7877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.356295][ T7877] usb 3-1: Product: syz
[  376.363334][ T7877] usb 3-1: Manufacturer: syz
[  376.368977][ T7877] usb 3-1: SerialNumber: syz
[  376.385423][ T7877] usb 3-1: config 0 descriptor??
[  376.393164][ T7877] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  376.411615][ T8400] syz.1.631: attempt to access beyond end of device
[  376.411615][ T8400] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  376.424810][ T8400] gfs2: error -5 reading superblock
[  376.450923][ T7877] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  376.692601][ T7877] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  376.720448][ T7877] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  376.749715][ T7877] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  376.771148][ T7877] em28xx 3-1:0.0: No AC97 audio processor
[  376.857625][ T8411] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  376.889072][ T8411] CIFS: Unable to determine destination address
[  377.141761][ T7866] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  377.371951][ T7877] usb 3-1: USB disconnect, device number 16
[  377.406399][ T7877] em28xx 3-1:0.0: Disconnecting em28xx
[  377.512635][ T7877] em28xx 3-1:0.0: Freeing device
[  377.621629][ T7866] usb 6-1: Using ep0 maxpacket: 16
[  377.715558][ T7866] usb 6-1: too many configurations: 60, using maximum allowed: 8
[  377.850337][ T7866] usb 6-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  377.859623][ T7866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  377.881668][ T7866] usb 6-1: Product: syz
[  377.911314][ T7866] usb 6-1: Manufacturer: syz
[  378.015117][ T8418] CIFS: Unable to determine destination address
[  378.397754][ T7866] usb 6-1: SerialNumber: syz
[  379.234096][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  379.240458][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  379.282541][ T7866] usb 6-1: config 0 descriptor??
[  379.291303][ T7866] pwc: Philips SPC 880NC USB webcam detected.
[  380.291670][  T979] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  380.686495][ T8434] netlink: 76 bytes leftover after parsing attributes in process `syz.2.640'.
[  380.775721][  T979] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[  381.332232][ T7866] pwc: Warning: more than 1 configuration available.
[  381.340637][ T7866] pwc: Failed to set LED on/off time (-71)
[  381.380937][ T7866] pwc: send_video_command error -71
[  381.381559][  T979] usb 1-1: config 0 has no interface number 0
[  381.402095][  T979] usb 1-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  381.407156][ T7866] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  381.447867][  T979] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  381.489038][  T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.493516][ T7866] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  381.588421][  T979] usb 1-1: Product: syz
[  381.598642][  T979] usb 1-1: Manufacturer: syz
[  381.608606][  T979] usb 1-1: SerialNumber: syz
[  381.632504][  T979] usb 1-1: config 0 descriptor??
[  381.654778][ T7866] usb 6-1: USB disconnect, device number 2
[  382.170788][ T8440] syz.5.641: attempt to access beyond end of device
[  382.170788][ T8440] nbd5: rw=6144, sector=128, nr_sectors = 8 limit=0
[  382.184373][ T8440] gfs2: error -5 reading superblock
[  383.413279][  T979] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[  383.421130][  T979] keyspan 1-1:0.133: unsupported endpoint type 0
[  383.453020][  T979] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[  383.471669][  T979] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[  383.479479][  T979] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[  383.539360][  T979] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  383.586246][  T979] usb 1-1: USB disconnect, device number 15
[  383.794692][  T979] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  384.611804][  T979] keyspan 1-1:0.133: device disconnected
[  385.263482][ T8457] netlink: 20 bytes leftover after parsing attributes in process `syz.1.646'.
[  386.017639][ T8468] 9pnet_virtio: no channels available for device syz
[  390.131803][ T5850] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  390.141594][ T5850] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  390.149940][ T5850] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  390.159551][ T5850] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  390.168221][ T5850] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  390.458282][ T8490] ubi: mtd0 is already attached to ubi31
[  392.341836][ T5850] Bluetooth: hci6: command tx timeout
[  393.321788][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  393.321808][   T30] audit: type=1326 audit(1752692661.190:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.0.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  393.332288][ T8486] chnl_net:caif_netlink_parms(): no params data found
[  393.455278][   T30] audit: type=1326 audit(1752692661.190:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.0.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  393.569747][   T30] audit: type=1326 audit(1752692661.200:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.0.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  393.701524][   T30] audit: type=1326 audit(1752692661.200:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.0.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  393.835803][   T30] audit: type=1326 audit(1752692661.200:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8515 comm="syz.0.656" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  394.470202][ T8529] netlink: 76 bytes leftover after parsing attributes in process `syz.1.658'.
[  395.046617][ T5850] Bluetooth: hci6: command tx timeout
[  395.634497][ T8486] bridge0: port 1(bridge_slave_0) entered blocking state
[  395.819883][ T8537] syz.1.661: attempt to access beyond end of device
[  395.819883][ T8537] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  395.833935][ T8537] gfs2: error -5 reading superblock
[  395.900331][ T8486] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.917228][ T8486] bridge_slave_0: entered allmulticast mode
[  398.081676][ T5850] Bluetooth: hci6: command tx timeout
[  398.155925][ T8486] bridge_slave_0: entered promiscuous mode
[  398.234243][ T8486] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.276665][ T8486] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.319134][ T8486] bridge_slave_1: entered allmulticast mode
[  398.371731][ T8486] bridge_slave_1: entered promiscuous mode
[  398.868031][   T10] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  398.901768][ T8486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  399.597944][   T10] usb 6-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  399.650808][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.654088][ T8486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  399.702226][   T10] usb 6-1: Product: syz
[  399.708311][   T10] usb 6-1: Manufacturer: syz
[  399.763969][   T10] usb 6-1: SerialNumber: syz
[  399.816974][   T10] usb 6-1: config 0 descriptor??
[  399.849520][   T10] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  399.891687][   T10] pctv452e: pctv452e_power_ctrl: 1
[  399.891687][   T10] 
[  399.934087][ T8486] team0: Port device team_slave_0 added
[  399.963886][ T8486] team0: Port device team_slave_1 added
[  400.021614][   T10] usb 6-1: selecting invalid altsetting 3
[  400.027507][   T10] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  400.027507][   T10] 
[  400.103599][ T5850] Bluetooth: hci6: command tx timeout
[  400.172046][   T10] dvb-usb: bulk message failed: -22 (5/0)
[  401.181120][ T8559] CIFS mount error: No usable UNC path provided in device string!
[  401.181120][ T8559] 
[  401.191674][ T8559] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  402.533424][ T8553] syz.1.665: attempt to access beyond end of device
[  402.533424][ T8553] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  402.879977][ T8486] batman_adv: batadv0: Adding interface: batadv_slave_0
[  402.902943][ T8553] gfs2: error -5 reading superblock
[  402.951334][ T8486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.291391][ T8486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  403.341881][   T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  403.369657][ T8486] batman_adv: batadv0: Adding interface: batadv_slave_1
[  403.387244][   T10] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  403.488928][ T7877] usb 6-1: USB disconnect, device number 3
[  403.511628][ T8486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  403.639424][ T8486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  404.031627][   T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  405.082752][   T10] usb 2-1: Using ep0 maxpacket: 32
[  405.137030][   T10] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  405.171623][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.306689][ T8486] hsr_slave_0: entered promiscuous mode
[  405.311066][   T10] usb 2-1: config 0 descriptor??
[  405.340588][ T8486] hsr_slave_1: entered promiscuous mode
[  405.372460][ T8486] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  405.380124][ T8486] Cannot create hsr debugfs directory
[  405.816532][ T8580] netlink: 76 bytes leftover after parsing attributes in process `syz.0.670'.
[  406.375221][   T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  406.392341][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  406.429146][   T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  406.489411][ T5843] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  406.498407][ T5843] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  406.514558][ T5843] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  406.524100][   T10] usb 2-1: media controller created
[  406.622049][ T5843] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  406.629941][ T5843] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  406.734914][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  406.893116][   T10] az6027: usb out operation failed. (-71)
[  406.936098][ T8589] netlink: 9244 bytes leftover after parsing attributes in process `syz.0.673'.
[  406.943126][   T10] az6027: usb out operation failed. (-71)
[  406.950956][   T10] stb0899_attach: Driver disabled by Kconfig
[  407.295077][   T10] az6027: no front-end attached
[  407.295077][   T10] 
[  407.328976][ T6416] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.372351][   T10] az6027: usb out operation failed. (-71)
[  407.393679][   T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  407.527427][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input12
[  407.690413][   T10] dvb-usb: schedule remote query interval to 400 msecs.
[  407.711394][   T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  407.760859][   T10] usb 2-1: USB disconnect, device number 13
[  407.944169][   T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  408.035131][ T8598] CIFS mount error: No usable UNC path provided in device string!
[  408.035131][ T8598] 
[  408.092283][ T8598] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  408.146018][ T6416] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.162065][ T5850] Bluetooth: hci7: command tx timeout
[  409.902850][ T6416] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.179571][ T6416] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  410.938437][ T8623] netlink: 76 bytes leftover after parsing attributes in process `syz.0.681'.
[  411.312643][ T5850] Bluetooth: hci7: command tx timeout
[  411.948872][ T8486] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  412.040034][ T8486] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  412.052522][ T8636] CIFS mount error: No usable UNC path provided in device string!
[  412.052522][ T8636] 
[  412.103707][ T8486] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  412.122750][ T8636] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  412.163316][ T8633] syz.1.684: attempt to access beyond end of device
[  412.163316][ T8633] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  412.212087][ T8633] gfs2: error -5 reading superblock
[  412.364073][ T8640] netlink: 8 bytes leftover after parsing attributes in process `syz.5.687'.
[  412.376353][ T8486] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  412.600139][ T6416] bridge_slave_1: left allmulticast mode
[  412.606750][ T6416] bridge_slave_1: left promiscuous mode
[  412.649044][ T6416] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.725739][ T6416] bridge_slave_0: left allmulticast mode
[  412.769641][ T6416] bridge_slave_0: left promiscuous mode
[  412.805994][ T6416] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.381799][ T5850] Bluetooth: hci7: command tx timeout
[  414.655702][ T6416] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  414.697112][ T6416] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  414.764657][ T6416] bond0 (unregistering): Released all slaves
[  414.857614][ T8583] chnl_net:caif_netlink_parms(): no params data found
[  414.938600][ T8657] ntfs3(nbd1): try to read out of volume at offset 0x0
[  415.112629][ T6416] IPVS: stopping master sync thread 6264 ...
[  415.313159][   T30] audit: type=1326 audit(1752692683.190:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.462083][ T5850] Bluetooth: hci7: command tx timeout
[  415.511231][   T30] audit: type=1326 audit(1752692683.200:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.625936][   T30] audit: type=1326 audit(1752692683.280:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.655470][   T30] audit: type=1326 audit(1752692683.280:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.683390][   T30] audit: type=1326 audit(1752692683.300:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.707385][   T30] audit: type=1326 audit(1752692683.300:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.729137][   T30] audit: type=1326 audit(1752692683.300:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.800946][   T30] audit: type=1326 audit(1752692683.300:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  415.854050][   T30] audit: type=1326 audit(1752692683.300:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  416.050290][   T30] audit: type=1326 audit(1752692683.300:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8661 comm="syz.1.692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effb618e929 code=0x7ffc0000
[  416.864155][ T8583] bridge0: port 1(bridge_slave_0) entered blocking state
[  416.902700][ T8583] bridge0: port 1(bridge_slave_0) entered disabled state
[  416.942665][ T8583] bridge_slave_0: entered allmulticast mode
[  416.968097][ T8583] bridge_slave_0: entered promiscuous mode
[  416.993961][ T8583] bridge0: port 2(bridge_slave_1) entered blocking state
[  417.022061][ T8583] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.029488][ T8583] bridge_slave_1: entered allmulticast mode
[  417.047951][ T8583] bridge_slave_1: entered promiscuous mode
[  417.159889][ T6416] hsr_slave_0: left promiscuous mode
[  417.182858][ T6416] hsr_slave_1: left promiscuous mode
[  417.198699][ T6416] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  417.242799][ T6416] batman_adv: batadv0: Removing interface: batadv_slave_0
[  417.438841][ T6416] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  417.530006][ T8683] openvswitch: netlink: Flow key attr not present in new flow.
[  417.553658][ T8683] 9pnet_virtio: no channels available for device syz
[  418.087536][ T6416] batman_adv: batadv0: Removing interface: batadv_slave_1
[  418.554106][ T8685] No such timeout policy "syz1"
[  418.580879][ T6416] veth1_macvtap: left promiscuous mode
[  418.594246][ T6416] veth0_macvtap: left promiscuous mode
[  418.628285][ T6416] veth1_vlan: left promiscuous mode
[  418.640882][ T6416] veth0_vlan: left promiscuous mode
[  420.329278][ T6416] pim6reg (unregistering): left allmulticast mode
[  420.716227][ T8695] syz.0.700: attempt to access beyond end of device
[  420.716227][ T8695] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  420.808226][ T8695] gfs2: error -5 reading superblock
[  421.792667][ T8699] syz.0.701: attempt to access beyond end of device
[  421.792667][ T8699] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  421.805875][ T8699] gfs2: error -5 reading superblock
[  422.432554][ T7866] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  422.481895][ T6416] team0 (unregistering): Port device team_slave_1 removed
[  422.613866][ T6416] team0 (unregistering): Port device team_slave_0 removed
[  422.663615][ T7866] usb 1-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  422.679181][ T7866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.717721][ T7866] usb 1-1: Product: syz
[  422.741582][ T7866] usb 1-1: Manufacturer: syz
[  422.752004][ T7866] usb 1-1: SerialNumber: syz
[  422.772746][ T7866] usb 1-1: config 0 descriptor??
[  422.785114][ T7866] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  422.815381][ T7866] pctv452e: pctv452e_power_ctrl: 1
[  422.815381][ T7866] 
[  422.841621][ T7866] usb 1-1: selecting invalid altsetting 3
[  422.857739][ T7866] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  422.857739][ T7866] 
[  422.888723][ T7866] dvb-usb: bulk message failed: -22 (5/0)
[  422.922135][ T7866] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  422.954034][ T7866] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  423.342857][ T8707] CIFS mount error: No usable UNC path provided in device string!
[  423.342857][ T8707] 
[  423.353330][ T8707] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  425.396314][  T979] usb 1-1: USB disconnect, device number 16
[  426.606716][ T8583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  426.725042][ T8583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  427.171796][ T2152] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  427.558185][ T8583] team0: Port device team_slave_0 added
[  427.571846][ T2152] usb 1-1: Using ep0 maxpacket: 16
[  427.650664][ T2152] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.722905][ T2152] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.749913][ T2152] usb 1-1: config 0 interface 0 has no altsetting 0
[  427.771447][ T2152] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  427.795670][ T8583] team0: Port device team_slave_1 added
[  427.841871][ T2152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.909416][ T2152] usb 1-1: config 0 descriptor??
[  428.241804][ T8583] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.248828][ T8583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.361017][ T8725] netlink: 20 bytes leftover after parsing attributes in process `syz.1.708'.
[  429.082766][ T8583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  429.114621][ T7866] kernel write not supported for file /dsp (pid: 7866 comm: kworker/1:9)
[  429.188609][ T8486] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.245723][ T8583] batman_adv: batadv0: Adding interface: batadv_slave_1
[  429.281515][ T8583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  429.434468][ T8583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  429.884361][ T8583] hsr_slave_0: entered promiscuous mode
[  429.902442][ T8583] hsr_slave_1: entered promiscuous mode
[  429.932827][ T8583] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  429.940517][ T8583] Cannot create hsr debugfs directory
[  430.093793][ T7877] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  430.188351][ T8486] 8021q: adding VLAN 0 to HW filter on device team0
[  430.215581][ T8718] xt_CT: No such helper "snmp"
[  430.268693][ T2152] lenovo 0003:17EF:6009.0006: unknown main item tag 0x0
[  430.281578][ T2152] lenovo 0003:17EF:6009.0006: unknown main item tag 0x0
[  430.294885][ T7877] usb 6-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  430.311604][ T7877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.321650][ T2152] lenovo 0003:17EF:6009.0006: unknown main item tag 0x0
[  430.356404][ T7877] usb 6-1: Product: syz
[  430.360652][ T7877] usb 6-1: Manufacturer: syz
[  430.367538][ T2152] lenovo 0003:17EF:6009.0006: unknown main item tag 0x0
[  430.410813][ T7877] usb 6-1: SerialNumber: syz
[  430.427434][ T2152] lenovo 0003:17EF:6009.0006: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.0-1/input0
[  430.462384][ T7877] usb 6-1: config 0 descriptor??
[  430.513283][ T7877] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  430.548789][ T7877] pctv452e: pctv452e_power_ctrl: 1
[  430.548789][ T7877] 
[  430.558306][   T10] usb 1-1: USB disconnect, device number 17
[  430.577934][ T7877] usb 6-1: selecting invalid altsetting 3
[  430.632947][ T7877] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  430.632947][ T7877] 
[  430.891288][ T8741] CIFS mount error: No usable UNC path provided in device string!
[  430.891288][ T8741] 
[  430.911715][ T8741] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  431.230986][ T6416] bridge0: port 1(bridge_slave_0) entered blocking state
[  431.238278][ T6416] bridge0: port 1(bridge_slave_0) entered forwarding state
[  431.472386][ T7877] dvb-usb: bulk message failed: -22 (5/0)
[  432.899381][ T8509] bridge0: port 2(bridge_slave_1) entered blocking state
[  432.906663][ T8509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  433.548405][ T7877] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  433.951872][ T7877] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  434.028229][ T7877] usb 6-1: USB disconnect, device number 4
[  435.135419][ T8583] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  435.280058][ T8583] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  435.354376][ T8583] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  435.888897][ T8583] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  436.641703][ T8486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  437.133868][ T8771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.719'.
[  437.152324][ T8771] IPVS: Error joining to the multicast group
[  437.328800][ T5843] Bluetooth: hci5: command 0x0406 tx timeout
[  437.558185][ T8780] dvmrp8: entered allmulticast mode
[  438.055909][ T8583] 8021q: adding VLAN 0 to HW filter on device bond0
[  438.238802][ T8583] 8021q: adding VLAN 0 to HW filter on device team0
[  438.297534][ T6408] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.304815][ T6408] bridge0: port 1(bridge_slave_0) entered forwarding state
[  438.373308][ T8509] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.380529][ T8509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.721875][   T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  438.902062][   T10] usb 6-1: Using ep0 maxpacket: 16
[  438.914251][   T10] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  438.939623][ T8486] veth0_vlan: entered promiscuous mode
[  438.957417][   T10] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  438.973956][ T8797] syz.0.723: attempt to access beyond end of device
[  438.973956][ T8797] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  439.006953][ T8486] veth1_vlan: entered promiscuous mode
[  439.012986][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  439.044732][   T10] usb 6-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  439.080063][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.167608][ T8797] gfs2: error -5 reading superblock
[  439.170690][   T10] usb 6-1: config 0 descriptor??
[  439.258262][ T8486] veth0_macvtap: entered promiscuous mode
[  439.413521][ T8486] veth1_macvtap: entered promiscuous mode
[  439.537976][ T8486] batman_adv: batadv0: Interface activated: batadv_slave_0
[  440.266590][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  440.275164][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  440.425671][ T8486] batman_adv: batadv0: Interface activated: batadv_slave_1
[  440.647605][ T8486] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  440.723763][   T10] lenovo 0003:17EF:6009.0007: unknown main item tag 0x0
[  440.735300][ T8804] xt_CT: No such helper "snmp"
[  440.749496][ T8486] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  440.782498][   T10] lenovo 0003:17EF:6009.0007: unknown main item tag 0x0
[  440.799009][ T8486] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  440.811747][   T10] lenovo 0003:17EF:6009.0007: unknown main item tag 0x0
[  440.818769][   T10] lenovo 0003:17EF:6009.0007: unknown main item tag 0x0
[  440.832100][ T8486] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  440.892371][   T10] lenovo 0003:17EF:6009.0007: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.5-1/input0
[  440.970779][ T7866] usb 6-1: USB disconnect, device number 5
[  440.988550][ T8583] 8021q: adding VLAN 0 to HW filter on device batadv0
[  441.478254][ T8502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  441.495057][ T8502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  441.625039][ T8822] openvswitch: netlink: Flow key attr not present in new flow.
[  441.646363][ T8822] 9pnet_virtio: no channels available for device syz
[  442.508993][ T8502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  442.690821][ T8502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  442.960370][ T8825] syz.0.728: attempt to access beyond end of device
[  442.960370][ T8825] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  443.172563][ T8825] gfs2: error -5 reading superblock
[  443.569677][ T8836] ubi: mtd0 is already attached to ubi31
[  444.330613][ T8831] syz.1.729: attempt to access beyond end of device
[  444.330613][ T8831] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  444.410201][ T8831] gfs2: error -5 reading superblock
[  444.699857][ T8583] veth0_vlan: entered promiscuous mode
[  444.770500][ T8583] veth1_vlan: entered promiscuous mode
[  444.853748][ T8583] veth0_macvtap: entered promiscuous mode
[  444.911753][ T8583] veth1_macvtap: entered promiscuous mode
[  445.607019][ T8583] batman_adv: batadv0: Interface activated: batadv_slave_0
[  445.675051][ T8583] batman_adv: batadv0: Interface activated: batadv_slave_1
[  445.760990][ T8583] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  445.884813][ T8583] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  445.920978][ T8583] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  445.945190][ T8583] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  445.985525][ T8855] syz.0.733: attempt to access beyond end of device
[  445.985525][ T8855] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  446.603599][ T8855] gfs2: error -5 reading superblock
[  447.798117][ T6118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  447.881973][ T6118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  448.822502][ T8239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  448.849552][ T8239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  449.470378][ T8878] netlink: 8 bytes leftover after parsing attributes in process `syz.5.737'.
[  449.482375][ T8878] IPVS: Error joining to the multicast group
[  450.921601][ T5921] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  451.331726][ T5921] usb 1-1: Using ep0 maxpacket: 16
[  451.348655][ T5921] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  451.440018][ T8887] 8021q: VLANs not supported on vxcan1
[  451.480039][ T5921] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  451.591661][ T5921] usb 1-1: config 0 interface 0 has no altsetting 0
[  451.598383][ T5921] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  452.824463][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.103750][ T5921] usb 1-1: config 0 descriptor??
[  453.472987][ T8890] netlink: 4 bytes leftover after parsing attributes in process `syz.7.666'.
[  454.905149][ T5921] lenovo 0003:17EF:6009.0008: unknown main item tag 0x0
[  454.913666][ T8904] xt_CT: No such helper "snmp"
[  454.951175][ T5921] lenovo 0003:17EF:6009.0008: unknown main item tag 0x0
[  454.987133][ T8915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.992774][ T5921] lenovo 0003:17EF:6009.0008: unknown main item tag 0x0
[  455.034990][ T5921] lenovo 0003:17EF:6009.0008: unknown main item tag 0x0
[  455.037778][ T8915] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  455.084882][ T5921] lenovo 0003:17EF:6009.0008: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.0-1/input0
[  455.111600][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  455.284736][ T5921] usb 1-1: USB disconnect, device number 18
[  455.313019][ T7866] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  456.132226][   T10] usb 6-1: device descriptor read/64, error -71
[  456.391864][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  456.552050][   T10] usb 6-1: device descriptor read/64, error -71
[  456.662239][   T10] usb usb6-port1: attempt power cycle
[  456.919208][ T8937] netlink: 4 bytes leftover after parsing attributes in process `syz.6.751'.
[  456.953017][ T8935] netlink: 8 bytes leftover after parsing attributes in process `syz.1.750'.
[  456.964165][ T8935] IPVS: Error joining to the multicast group
[  457.121777][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  457.195593][ T8937] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  457.204943][ T8937] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  457.213770][ T8937] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  457.222731][ T8937] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  457.310058][   T10] usb 6-1: device descriptor read/8, error -71
[  457.726250][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  457.726272][   T30] audit: type=1326 audit(1752692725.600:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  457.791664][   T30] audit: type=1326 audit(1752692725.620:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  457.841566][   T30] audit: type=1326 audit(1752692725.620:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  457.914350][   T30] audit: type=1326 audit(1752692725.620:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  458.187111][   T30] audit: type=1326 audit(1752692725.620:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  458.268821][ T8947] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  458.282604][ T8947] 9pnet_virtio: no channels available for device syz
[  459.174761][   T30] audit: type=1326 audit(1752692725.650:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  459.226743][   T30] audit: type=1326 audit(1752692725.650:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  459.448459][   T30] audit: type=1326 audit(1752692725.650:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  459.585942][   T30] audit: type=1326 audit(1752692725.650:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  459.656464][   T30] audit: type=1326 audit(1752692725.650:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8939 comm="syz.0.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff63d18e929 code=0x7ffc0000
[  460.708125][ T7877] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  460.878553][ T7877] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  460.919188][ T7877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.946607][ T7877] usb 2-1: Product: syz
[  460.963726][ T7877] usb 2-1: Manufacturer: syz
[  460.968479][ T7877] usb 2-1: SerialNumber: syz
[  461.293607][ T7877] usb 2-1: config 0 descriptor??
[  461.530538][ T7877] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  461.682171][ T7877] pctv452e: pctv452e_power_ctrl: 1
[  461.682171][ T7877] 
[  461.749130][ T7877] usb 2-1: selecting invalid altsetting 3
[  461.865083][ T7877] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  461.865083][ T7877] 
[  462.074530][ T8968] CIFS mount error: No usable UNC path provided in device string!
[  462.074530][ T8968] 
[  462.084727][ T8968] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  463.733412][ T7877] dvb-usb: bulk message failed: -22 (5/0)
[  464.532278][ T7877] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  464.555675][ T7877] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  464.649697][ T8971] netlink: 4 bytes leftover after parsing attributes in process `syz.5.761'.
[  464.692682][ T7877] usb 2-1: USB disconnect, device number 15
[  464.801855][ T5921] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  465.031641][ T5921] usb 8-1: Using ep0 maxpacket: 16
[  465.238736][ T5921] usb 8-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  465.311785][ T8983] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  465.329305][ T8983] 9pnet_virtio: no channels available for device syz
[  466.351627][ T5921] usb 8-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  466.362588][ T5921] usb 8-1: config 0 interface 0 has no altsetting 0
[  466.384090][ T5921] usb 8-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  466.393307][ T5921] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.420962][ T5921] usb 8-1: config 0 descriptor??
[  467.100195][ T8989] netlink: 8 bytes leftover after parsing attributes in process `syz.1.766'.
[  467.110285][ T8989] IPVS: Error joining to the multicast group
[  469.164793][ T5921] usbhid 8-1:0.0: can't add hid device: -71
[  469.231062][ T5921] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  469.287069][ T5921] usb 8-1: USB disconnect, device number 2
[  473.191414][ T9020] netlink: 20 bytes leftover after parsing attributes in process `syz.0.775'.
[  473.292342][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  473.292360][   T30] audit: type=1326 audit(1752692741.180:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.6.774" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1aed18e929 code=0x0
[  473.321923][  T979] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  473.682727][ T5921] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  473.701853][  T979] usb 8-1: Using ep0 maxpacket: 16
[  473.723201][ T9027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.776'.
[  473.734983][ T9027] IPVS: Error joining to the multicast group
[  474.217176][  T979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  474.306897][  T979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  474.351629][ T5921] usb 6-1: Using ep0 maxpacket: 16
[  474.383501][ T5921] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  474.406260][ T5921] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  474.416336][ T5921] usb 6-1: config 0 interface 0 has no altsetting 0
[  474.423482][ T5921] usb 6-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  474.432716][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.444901][ T5921] usb 6-1: config 0 descriptor??
[  474.457934][  T979] usb 8-1: New USB device found, idVendor=0582, idProduct=87d1, bcdDevice=f8.e7
[  474.627769][  T979] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.475513][  T979] usb 8-1: Product: syz
[  475.480600][  T979] usb 8-1: Manufacturer: syz
[  475.492417][  T979] usb 8-1: SerialNumber: syz
[  475.532958][  T979] usb 8-1: config 0 descriptor??
[  476.834438][ T5921] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[  476.863617][ T5921] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[  476.870702][ T5921] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[  477.912284][ T9024] xt_CT: No such helper "snmp"
[  477.924261][ T5921] lenovo 0003:17EF:6009.0009: unknown main item tag 0x0
[  477.954824][   T30] audit: type=1400 audit(1752692744.990:760): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=wx pid=9046 comm="syz.0.781" name="163" dev="tmpfs" ino=896
[  478.698432][ T5921] lenovo 0003:17EF:6009.0009: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.5-1/input0
[  479.535230][ T5921] usb 6-1: USB disconnect, device number 10
[  479.713702][  T979] usb 8-1: USB disconnect, device number 3
[  480.307364][ T9069] netlink: 8 bytes leftover after parsing attributes in process `syz.7.788'.
[  480.318378][ T9069] IPVS: Error joining to the multicast group
[  481.778259][ T9075] netlink: 20 bytes leftover after parsing attributes in process `syz.5.789'.
[  484.779510][   T30] audit: type=1326 audit(1752692752.660:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  484.848809][   T30] audit: type=1326 audit(1752692752.690:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  484.963960][   T30] audit: type=1326 audit(1752692752.700:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  484.982033][ T9096] FAULT_INJECTION: forcing a failure.
[  484.982033][ T9096] name failslab, interval 1, probability 0, space 0, times 0
[  484.987130][   T30] audit: type=1326 audit(1752692752.700:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  485.864138][   T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  485.974038][   T30] audit: type=1326 audit(1752692752.700:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  486.001661][   T30] audit: type=1326 audit(1752692752.700:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  486.023703][   T30] audit: type=1326 audit(1752692752.700:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  486.048325][ T9096] CPU: 1 UID: 0 PID: 9096 Comm: syz.1.797 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  486.048349][ T9096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  486.048361][ T9096] Call Trace:
[  486.048371][ T9096]  <TASK>
[  486.048378][ T9096]  dump_stack_lvl+0x189/0x250
[  486.048400][ T9096]  ? __pfx____ratelimit+0x10/0x10
[  486.048423][ T9096]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.048440][ T9096]  ? __pfx__printk+0x10/0x10
[  486.048463][ T9096]  ? __pfx___might_resched+0x10/0x10
[  486.048479][ T9096]  ? fs_reclaim_acquire+0x7d/0x100
[  486.048497][ T9096]  should_fail_ex+0x414/0x560
[  486.048523][ T9096]  should_failslab+0xa8/0x100
[  486.048547][ T9096]  __kmalloc_noprof+0xcb/0x4f0
[  486.048566][ T9096]  ? kfree+0x4d/0x440
[  486.048582][ T9096]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  486.048603][ T9096]  tomoyo_realpath_from_path+0xe3/0x5d0
[  486.048620][ T9096]  ? tomoyo_domain+0xda/0x130
[  486.048640][ T9096]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  486.048661][ T9096]  tomoyo_path_number_perm+0x1e8/0x5a0
[  486.048684][ T9096]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  486.048721][ T9096]  ? __lock_acquire+0xab9/0xd20
[  486.048751][ T9096]  ? __fget_files+0x2a/0x420
[  486.048766][ T9096]  ? __fget_files+0x2a/0x420
[  486.048778][ T9096]  ? __fget_files+0x3a0/0x420
[  486.048790][ T9096]  ? __fget_files+0x2a/0x420
[  486.048807][ T9096]  security_file_ioctl+0xcb/0x2d0
[  486.048831][ T9096]  __se_sys_ioctl+0x47/0x170
[  486.048852][ T9096]  do_syscall_64+0xfa/0x3b0
[  486.048866][ T9096]  ? lockdep_hardirqs_on+0x9c/0x150
[  486.048888][ T9096]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.048902][ T9096]  ? clear_bhb_loop+0x60/0xb0
[  486.048920][ T9096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.048934][ T9096] RIP: 0033:0x7effb618e929
[  486.048948][ T9096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.048968][ T9096] RSP: 002b:00007effb707b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  486.048984][ T9096] RAX: ffffffffffffffda RBX: 00007effb63b5fa0 RCX: 00007effb618e929
[  486.048996][ T9096] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  486.049005][ T9096] RBP: 00007effb707b090 R08: 0000000000000000 R09: 0000000000000000
[  486.049014][ T9096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.049023][ T9096] R13: 0000000000000000 R14: 00007effb63b5fa0 R15: 00007ffe90038ad8
[  486.049045][ T9096]  </TASK>
[  486.049052][ T9096] ERROR: Out of memory at tomoyo_realpath_from_path.
[  486.201862][   T30] audit: type=1326 audit(1752692752.700:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  486.384906][   T24] usb 1-1: Using ep0 maxpacket: 16
[  486.457744][   T24] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  486.657456][   T24] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  486.667897][   T24] usb 1-1: config 0 interface 0 has no altsetting 0
[  486.674662][   T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  486.684116][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  486.718311][   T24] usb 1-1: config 0 descriptor??
[  486.735917][ T9109] RDS: rds_bind could not find a transport for ::ffff:172.30.1.8, load rds_tcp or rds_rdma?
[  487.393057][   T30] audit: type=1326 audit(1752692752.700:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  487.457015][   T30] audit: type=1326 audit(1752692752.700:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9092 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1aed18e929 code=0x7ffc0000
[  487.629940][   T24] usbhid 1-1:0.0: can't add hid device: -71
[  487.636046][   T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  487.656720][   T24] usb 1-1: USB disconnect, device number 19
[  488.069603][ T9124] dvmrp8: entered allmulticast mode
[  488.702012][ T9129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.805'.
[  492.207088][ T9153] sctp: [Deprecated]: syz.0.810 (pid 9153) Use of int in max_burst socket option.
[  492.207088][ T9153] Use struct sctp_assoc_value instead
[  493.319718][   T30] kauditd_printk_skb: 46 callbacks suppressed
[  493.319740][   T30] audit: type=1326 audit(1752692761.200:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  493.492672][   T30] audit: type=1326 audit(1752692761.200:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  493.974320][   T30] audit: type=1326 audit(1752692761.230:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.047015][ T2152] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  494.101330][   T30] audit: type=1326 audit(1752692761.230:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.178284][   T30] audit: type=1326 audit(1752692761.230:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.223599][ T5921] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  494.251623][ T2152] usb 2-1: Using ep0 maxpacket: 32
[  494.251680][   T30] audit: type=1326 audit(1752692761.230:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.331836][ T2152] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  494.346033][ T2152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.360286][ T2152] usb 2-1: Product: syz
[  494.364957][   T30] audit: type=1326 audit(1752692761.230:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.391533][ T2152] usb 2-1: Manufacturer: syz
[  494.412960][ T2152] usb 2-1: SerialNumber: syz
[  494.422093][ T5921] usb 8-1: Using ep0 maxpacket: 16
[  494.436018][ T2152] usb 2-1: config 0 descriptor??
[  494.441119][ T5921] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  494.460520][ T5921] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  494.471243][   T30] audit: type=1326 audit(1752692761.230:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.514042][ T5921] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  494.551294][   T30] audit: type=1326 audit(1752692761.230:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.573166][    T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  494.608438][ T5921] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  494.621529][ T5921] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.657993][ T5921] usb 8-1: Product: syz
[  494.668190][   T30] audit: type=1326 audit(1752692761.230:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.5.813" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f80cfb8e929 code=0x7ffc0000
[  494.744355][    T9] usb 7-1: Using ep0 maxpacket: 32
[  494.846743][ T2152] airspy 2-1:0.0: Board ID: 00
[  495.495125][ T2152] airspy 2-1:0.0: Firmware version: 
[  495.511638][ T5921] usb 8-1: Manufacturer: syz
[  495.516309][ T5921] usb 8-1: SerialNumber: syz
[  495.606551][    T9] usb 7-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  495.622183][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.673945][    T9] usb 7-1: Product: syz
[  495.706309][    T9] usb 7-1: Manufacturer: syz
[  495.721644][    T9] usb 7-1: SerialNumber: syz
[  495.745507][    T9] usb 7-1: config 0 descriptor??
[  495.769928][ T2152] airspy 2-1:0.0: usb_control_msg() failed -71 request 0e
[  495.782614][    T9] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  495.802649][ T2152] airspy 2-1:0.0: Registered as swradio24
[  495.808722][ T2152] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  495.889522][ T2152] usb 2-1: USB disconnect, device number 16
[  496.446756][ T5921] usb 8-1: 0:2 : does not exist
[  496.512637][ T5921] usb 8-1: 1:0: cannot get min/max values for control 4 (id 1)
[  496.643404][ T5921] usb 8-1: USB disconnect, device number 4
[  496.671633][   T24] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  497.302012][    T9] gspca_stk1135: reg_w 0xd err -110
[  497.308369][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  497.588996][ T9197] netlink: 8 bytes leftover after parsing attributes in process `syz.5.824'.
[  497.598387][ T9197] IPVS: Error joining to the multicast group
[  498.702418][    T9] gspca_stk1135: Sensor write failed
[  498.709343][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.715791][    T9] gspca_stk1135: Sensor write failed
[  498.721158][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.730698][    T9] gspca_stk1135: Sensor read failed
[  498.736052][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.742457][    T9] gspca_stk1135: Sensor read failed
[  498.751703][    T9] gspca_stk1135: Detected sensor type unknown (0x0)
[  498.758438][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.765089][    T9] gspca_stk1135: Sensor read failed
[  498.770387][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.776924][    T9] gspca_stk1135: Sensor read failed
[  498.782291][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.788687][    T9] gspca_stk1135: Sensor write failed
[  498.795072][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  498.801501][    T9] gspca_stk1135: Sensor write failed
[  498.806925][    T9] stk1135 7-1:0.0: probe with driver stk1135 failed with error -110
[  498.863576][ T7877] usb 7-1: USB disconnect, device number 2
[  499.105602][ T9202] overlayfs: conflicting lowerdir path
[  499.171706][   T24] usb 1-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  499.201254][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.361377][   T24] usb 1-1: Product: syz
[  499.369023][   T24] usb 1-1: config 0 descriptor??
[  499.374650][   T24] usb 1-1: can't set config #0, error -71
[  499.385799][   T24] usb 1-1: USB disconnect, device number 20
[  499.691978][ T5900] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  500.175947][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  500.175967][   T30] audit: type=1326 audit(1752692768.060:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  500.323507][   T30] audit: type=1326 audit(1752692768.210:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  500.348873][ T5900] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  500.360371][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.372734][ T5900] usb 6-1: Product: syz
[  500.376936][ T5900] usb 6-1: Manufacturer: syz
[  500.391786][   T30] audit: type=1326 audit(1752692768.270:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  500.441556][ T5900] usb 6-1: SerialNumber: syz
[  500.462541][ T5900] usb 6-1: config 0 descriptor??
[  500.515834][   T30] audit: type=1326 audit(1752692768.270:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  501.027107][   T30] audit: type=1326 audit(1752692768.270:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  501.049748][ T5900] usb 6-1: USB disconnect, device number 11
[  501.085282][   T30] audit: type=1326 audit(1752692768.270:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  501.209629][   T30] audit: type=1326 audit(1752692768.270:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  501.406321][ T9227] netlink: 20 bytes leftover after parsing attributes in process `syz.1.832'.
[  501.718772][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  501.733432][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  501.891581][   T30] audit: type=1326 audit(1752692768.270:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  501.914419][   T30] audit: type=1326 audit(1752692768.270:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  501.935931][   T30] audit: type=1326 audit(1752692768.270:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9214 comm="syz.7.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fefbdf8e929 code=0x7ffc0000
[  502.891679][ T5900] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  503.021755][    T9] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  503.061638][ T5900] usb 2-1: Using ep0 maxpacket: 16
[  503.074129][ T5900] usb 2-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  503.091609][ T5900] usb 2-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  503.113548][ T5900] usb 2-1: config 0 interface 0 has no altsetting 0
[  503.120257][ T5900] usb 2-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  503.173103][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.179492][ T5900] usb 2-1: config 0 descriptor??
[  503.191568][  T979] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  503.199507][    T9] usb 8-1: Using ep0 maxpacket: 32
[  503.208893][    T9] usb 8-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  503.222625][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.292410][ T5921] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  503.311865][    T9] usb 8-1: Product: syz
[  503.316217][    T9] usb 8-1: Manufacturer: syz
[  503.326283][    T9] usb 8-1: SerialNumber: syz
[  503.512011][    T9] usb 8-1: config 0 descriptor??
[  503.534938][  T979] usb 6-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  503.561659][ T5921] usb 1-1: device descriptor read/64, error -71
[  503.576158][  T979] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.606737][  T979] usb 6-1: Product: syz
[  503.651646][  T979] usb 6-1: Manufacturer: syz
[  503.671577][  T979] usb 6-1: SerialNumber: syz
[  503.728535][ T9232] xt_CT: No such helper "snmp"
[  503.728771][  T979] usb 6-1: config 0 descriptor??
[  503.821787][ T5921] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  503.842211][  T979] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  503.871577][  T979] pctv452e: pctv452e_power_ctrl: 1
[  503.871577][  T979] 
[  503.879207][  T979] usb 6-1: selecting invalid altsetting 3
[  503.898942][  T979] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  503.898942][  T979] 
[  503.910502][  T979] dvb-usb: bulk message failed: -22 (5/0)
[  503.924483][  T979] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  503.957853][    T9] airspy 8-1:0.0: Board ID: 00
[  503.971072][    T9] airspy 8-1:0.0: Firmware version: 
[  503.978680][  T979] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  503.990718][ T5900] usbhid 2-1:0.0: can't add hid device: -71
[  504.001678][ T5900] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  504.003480][ T5921] usb 1-1: device descriptor read/64, error -71
[  504.051613][ T5900] usb 2-1: USB disconnect, device number 17
[  504.185777][ T9249] CIFS mount error: No usable UNC path provided in device string!
[  504.185777][ T9249] 
[  504.195994][ T9249] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  504.406502][ T5921] usb usb1-port1: attempt power cycle
[  504.424515][    T9] airspy 8-1:0.0: usb_control_msg() failed -71 request 0e
[  505.881762][    T9] airspy 8-1:0.0: Registered as swradio24
[  506.518175][ T5921] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  507.292627][    T9] airspy 8-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  507.305323][    T9] usb 8-1: USB disconnect, device number 5
[  507.486813][  T979] usb 6-1: USB disconnect, device number 12
[  507.511701][ T5921] usb 1-1: device not accepting address 23, error -71
[  512.238965][ T9301] syz.1.853: attempt to access beyond end of device
[  512.238965][ T9301] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0
[  512.259867][ T9301] gfs2: error -5 reading superblock
[  512.413490][ T5921] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  512.522347][  T979] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  512.691548][ T5921] usb 1-1: Using ep0 maxpacket: 32
[  512.696905][  T979] usb 7-1: Using ep0 maxpacket: 16
[  512.763582][ T5921] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  513.174708][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.184851][  T979] usb 7-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.196053][  T979] usb 7-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.205839][ T5921] usb 1-1: Product: syz
[  513.211639][  T979] usb 7-1: config 0 interface 0 has no altsetting 0
[  513.218340][  T979] usb 7-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  513.228245][ T5921] usb 1-1: Manufacturer: syz
[  513.233007][ T5921] usb 1-1: SerialNumber: syz
[  513.243741][  T979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.252647][ T5921] usb 1-1: config 0 descriptor??
[  513.273992][  T979] usb 7-1: config 0 descriptor??
[  513.872520][   T31] INFO: task syz.3.618:8350 blocked for more than 143 seconds.
[  514.026149][ T5850] Bluetooth: hci6: command 0x0406 tx timeout
[  514.335273][ T5921] airspy 1-1:0.0: Board ID: 00
[  514.340131][ T5921] airspy 1-1:0.0: Firmware version: 
[  514.391644][   T31]       Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0
[  514.429952][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  514.464412][ T9313] xt_CT: No such helper "snmp"
[  514.475397][   T31] task:syz.3.618       state:D
[  514.632183][ T5921] airspy 1-1:0.0: usb_control_msg() failed -71 request 0e
[  514.654717][   T31]  stack:26024 pid:8350  tgid:8348  ppid:5836   task_flags:0x400140 flags:0x00004004
[  514.665866][ T5921] airspy 1-1:0.0: Registered as swradio24
[  514.681043][ T5921] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  514.696083][   T31] Call Trace:
[  514.715248][   T31]  <TASK>
[  514.721204][ T5921] usb 1-1: USB disconnect, device number 25
[  514.727324][   T31]  __schedule+0x16a2/0x4cb0
[  514.741657][   T31]  ? schedule+0x165/0x360
[  514.746248][   T31]  ? __pfx___schedule+0x10/0x10
[  514.751767][   T31]  ? schedule+0x91/0x360
[  514.760609][   T31]  schedule+0x165/0x360
[  514.769378][   T31]  schedule_preempt_disabled+0x13/0x30
[  514.780526][   T31]  __mutex_lock+0x724/0xe80
[  514.789284][   T31]  ? __mutex_lock+0x51b/0xe80
[  514.815294][   T31]  ? relay_open+0x3b8/0x920
[  514.824927][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  514.918637][   T31]  ? pcpu_alloc_noprof+0xf85/0x16b0
[  514.925769][   T31]  relay_open+0x3b8/0x920
[  514.937267][   T31]  do_blk_trace_setup+0x591/0x9d0
[  514.949596][   T31]  blk_trace_setup+0x116/0x1f0
[  514.960367][   T31]  ? __pfx_blk_trace_setup+0x10/0x10
[  514.973914][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  514.990263][   T31]  blk_trace_ioctl+0x181/0x430
[  514.997655][   T31]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  515.014262][   T31]  ? smk_access+0x14c/0x4e0
[  515.026029][   T31]  ? smk_tskacc+0x2fc/0x370
[  515.041279][   T31]  ? __pfx_smack_file_ioctl+0x10/0x10
[  515.053980][   T31]  blkdev_ioctl+0x416/0x6d0
[  515.064564][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  515.076613][   T31]  ? __fget_files+0x2a/0x420
[  515.089112][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  515.099052][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  515.113322][   T31]  __se_sys_ioctl+0xfc/0x170
[  515.123970][   T31]  do_syscall_64+0xfa/0x3b0
[  515.135448][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  515.181605][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.293138][   T31]  ? clear_bhb_loop+0x60/0xb0
[  515.458598][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.473322][   T31] RIP: 0033:0x7fbb37b8e929
[  515.488564][   T31] RSP: 002b:00007fbb38a0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  515.597768][   T31] RAX: ffffffffffffffda RBX: 00007fbb37db5fa0 RCX: 00007fbb37b8e929
[  515.625651][   T31] RDX: 0000200000000280 RSI: 00000000c0481273 RDI: 0000000000000007
[  515.641075][   T31] RBP: 00007fbb37c10b39 R08: 0000000000000000 R09: 0000000000000000
[  515.663839][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  515.688693][   T31] R13: 0000000000000000 R14: 00007fbb37db5fa0 R15: 00007ffc2de9dad8
[  515.706938][   T31]  </TASK>
[  515.720944][   T31] INFO: task syz.3.618:8351 blocked for more than 145 seconds.
[  515.735576][   T31]       Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0
[  515.743776][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  515.752730][   T31] task:syz.3.618       state:D stack:28840 pid:8351  tgid:8348  ppid:5836   task_flags:0x400040 flags:0x00004004
[  515.766043][   T31] Call Trace:
[  515.769477][   T31]  <TASK>
[  515.772599][   T31]  __schedule+0x16a2/0x4cb0
[  515.777294][   T31]  ? __lock_acquire+0xa00/0xd20
[  515.782794][   T31]  ? schedule+0x165/0x360
[  515.787281][   T31]  ? __pfx___schedule+0x10/0x10
[  515.798045][   T31]  ? schedule+0x91/0x360
[  515.808213][   T31]  schedule+0x165/0x360
[  515.821676][   T31]  schedule_preempt_disabled+0x13/0x30
[  515.891070][   T31]  __mutex_lock+0x724/0xe80
[  515.896112][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  515.901609][   T31]  ? __mutex_lock+0x51b/0xe80
[  515.906389][   T31]  ? blk_trace_startstop+0xa3/0x640
[  515.913430][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  515.920131][   T31]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  515.929253][   T31]  blk_trace_startstop+0xa3/0x640
[  515.937222][   T31]  ? stack_depot_save_flags+0x40/0x900
[  515.944025][   T31]  ? __pfx_blk_trace_startstop+0x10/0x10
[  515.951868][   T31]  ? kasan_save_track+0x4f/0x80
[  515.956843][   T31]  ? kasan_save_track+0x3e/0x80
[  515.961906][   T31]  ? kasan_save_free_info+0x46/0x50
[  515.967246][   T31]  ? __kasan_slab_free+0x62/0x70
[  515.972374][   T31]  ? kfree+0x18e/0x440
[  515.976554][   T31]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  515.983410][   T31]  ? security_file_ioctl+0xcb/0x2d0
[  515.988728][   T31]  blk_trace_ioctl+0x19b/0x430
[  515.993699][   T31]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  515.999050][   T31]  ? do_vfs_ioctl+0xf37/0x1990
[  516.004176][   T31]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  516.009255][   T31]  ? kasan_quarantine_put+0xdd/0x220
[  516.015119][   T31]  blkdev_common_ioctl+0xdce/0x2450
[  516.088112][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  516.094301][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  516.155713][   T31]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  516.236017][   T31]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  516.248770][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  516.254666][   T31]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  516.260781][   T31]  ? file_init_path+0x3b/0x590
[  516.268511][   T31]  ? __lock_acquire+0xab9/0xd20
[  516.273596][   T31]  ? __asan_memset+0x22/0x50
[  516.278930][   T31]  ? smack_file_ioctl+0x24a/0x340
[  516.285654][   T31]  ? __pfx_smack_file_ioctl+0x10/0x10
[  516.292275][   T31]  blkdev_ioctl+0x4ef/0x6d0
[  516.296907][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  516.302095][   T31]  ? __fget_files+0x2a/0x420
[  516.306955][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  516.313918][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  516.320668][   T31]  __se_sys_ioctl+0xfc/0x170
[  516.326459][   T31]  do_syscall_64+0xfa/0x3b0
[  516.331794][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  516.337588][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.347319][   T31]  ? clear_bhb_loop+0x60/0xb0
[  516.352381][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.358418][   T31] RIP: 0033:0x7fbb37b8e929
[  516.371620][   T31] RSP: 002b:00007fbb389ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  516.381159][   T31] RAX: ffffffffffffffda RBX: 00007fbb37db6080 RCX: 00007fbb37b8e929
[  516.390527][   T31] RDX: 0000000000000000 RSI: 0000000000001275 RDI: 0000000000000007
[  516.398707][   T31] RBP: 00007fbb37c10b39 R08: 0000000000000000 R09: 0000000000000000
[  516.407703][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  516.415824][   T31] R13: 0000000000000000 R14: 00007fbb37db6080 R15: 00007ffc2de9dad8
[  516.426384][   T31]  </TASK>
[  516.449728][   T31] INFO: task syz.3.618:8352 blocked for more than 146 seconds.
[  516.457515][   T31]       Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0
[  516.465404][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  516.474300][   T31] task:syz.3.618       state:D stack:28904 pid:8352  tgid:8348  ppid:5836   task_flags:0x400040 flags:0x00004004
[  516.486619][   T31] Call Trace:
[  516.490032][   T31]  <TASK>
[  516.494284][   T31]  __schedule+0x16a2/0x4cb0
[  516.499257][   T31]  ? schedule+0x165/0x360
[  516.503921][   T31]  ? __pfx___schedule+0x10/0x10
[  516.509062][   T31]  ? schedule+0x91/0x360
[  516.522880][  T979] usbhid 7-1:0.0: can't add hid device: -71
[  516.528972][  T979] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  516.539266][   T31]  schedule+0x165/0x360
[  516.553230][   T31]  schedule_preempt_disabled+0x13/0x30
[  516.578028][   T31]  __mutex_lock+0x724/0xe80
[  516.588527][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  516.601473][   T31]  ? __mutex_lock+0x51b/0xe80
[  516.607437][   T31]  ? blk_trace_startstop+0xa3/0x640
[  516.615581][  T979] usb 7-1: USB disconnect, device number 3
[  516.624626][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  516.638495][   T31]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  516.644841][   T31]  blk_trace_startstop+0xa3/0x640
[  516.652480][   T31]  ? stack_depot_save_flags+0x40/0x900
[  516.658025][   T31]  ? __pfx_blk_trace_startstop+0x10/0x10
[  516.664126][   T31]  ? kasan_save_track+0x4f/0x80
[  516.669049][   T31]  ? kasan_save_track+0x3e/0x80
[  516.674564][   T31]  ? kasan_save_free_info+0x46/0x50
[  516.679791][   T31]  ? __kasan_slab_free+0x62/0x70
[  516.684886][   T31]  ? kfree+0x18e/0x440
[  516.689009][   T31]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  516.694800][   T31]  ? security_file_ioctl+0xcb/0x2d0
[  516.700053][   T31]  blk_trace_ioctl+0x19b/0x430
[  516.704962][   T31]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  516.710280][   T31]  ? do_vfs_ioctl+0xf37/0x1990
[  516.720802][   T31]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  516.771678][   T31]  ? kasan_quarantine_put+0xdd/0x220
[  516.782086][   T31]  blkdev_common_ioctl+0xdce/0x2450
[  516.787485][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  516.794493][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  516.800290][   T31]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  516.811560][   T31]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  516.826580][   T31]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  516.834717][   T31]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  516.840898][   T31]  ? __lock_acquire+0xab9/0xd20
[  516.845942][   T31]  ? __asan_memset+0x22/0x50
[  516.854899][   T31]  ? smack_file_ioctl+0x24a/0x340
[  516.860118][   T31]  ? __pfx_smack_file_ioctl+0x10/0x10
[  516.866777][   T31]  blkdev_ioctl+0x4ef/0x6d0
[  516.871464][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  516.877771][   T31]  ? __fget_files+0x2a/0x420
[  516.882607][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  516.887678][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[  516.894029][   T31]  __se_sys_ioctl+0xfc/0x170
[  516.898872][   T31]  do_syscall_64+0xfa/0x3b0
[  516.904819][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  516.910261][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.916495][   T31]  ? clear_bhb_loop+0x60/0xb0
[  516.921313][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.936255][   T31] RIP: 0033:0x7fbb37b8e929
[  516.945460][   T31] RSP: 002b:00007fbb389cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  516.958114][   T31] RAX: ffffffffffffffda RBX: 00007fbb37db6160 RCX: 00007fbb37b8e929
[  516.966370][   T31] RDX: 0000000000000000 RSI: 0000000000001274 RDI: 0000000000000007
[  516.974510][   T31] RBP: 00007fbb37c10b39 R08: 0000000000000000 R09: 0000000000000000
[  516.988092][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  516.997393][   T31] R13: 0000000000000001 R14: 00007fbb37db6160 R15: 00007ffc2de9dad8
[  517.010107][   T31]  </TASK>
[  517.015067][   T31] 
[  517.015067][   T31] Showing all locks held in the system:
[  517.038993][   T31] 1 lock held by khungtaskd/31:
[  517.046527][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  517.071731][   T31] 3 locks held by kworker/1:2/2152:
[  517.080372][   T31] 2 locks held by getty/5596:
[  517.090136][   T31]  #0: ffff8880353220a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  517.100945][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  517.116237][   T31] 3 locks held by syz.4.457/7692:
[  517.125893][   T31] 2 locks held by syz.3.618/8350:
[  517.131063][   T31]  #0: ffff88814335ba08 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_setup+0xfb/0x1f0
[  517.145740][   T31]  #1: ffffffff8e1931e8 (relay_channels_mutex){+.+.}-{4:4}, at: relay_open+0x3b8/0x920
[  517.168747][   T31] 1 lock held by syz.3.618/8351:
[  517.177049][   T31]  #0: ffff88814335ba08 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_startstop+0xa3/0x640
[  517.206434][   T31] 1 lock held by syz.3.618/8352:
[  517.216147][   T31]  #0: ffff88814335ba08 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_startstop+0xa3/0x640
[  517.236764][   T31] 
[  517.239253][   T31] =============================================
[  517.239253][   T31] 
[  517.251348][   T31] NMI backtrace for cpu 0
[  517.251369][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  517.251393][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  517.251406][   T31] Call Trace:
[  517.251414][   T31]  <TASK>
[  517.251422][   T31]  dump_stack_lvl+0x189/0x250
[  517.251454][   T31]  ? __wake_up_klogd+0xd9/0x110
[  517.251484][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  517.251506][   T31]  ? __pfx__printk+0x10/0x10
[  517.251543][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  517.251572][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  517.251594][   T31]  ? irqentry_exit+0x74/0x90
[  517.251624][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.251663][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  517.251695][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  517.251724][   T31]  watchdog+0xfee/0x1030
[  517.251756][   T31]  ? watchdog+0x1de/0x1030
[  517.251794][   T31]  kthread+0x711/0x8a0
[  517.251823][   T31]  ? __pfx_watchdog+0x10/0x10
[  517.251858][   T31]  ? __pfx_kthread+0x10/0x10
[  517.251886][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  517.251912][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.251937][   T31]  ? __pfx_kthread+0x10/0x10
[  517.251965][   T31]  ret_from_fork+0x3fc/0x770
[  517.251987][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  517.252013][   T31]  ? __switch_to_asm+0x39/0x70
[  517.252036][   T31]  ? __switch_to_asm+0x33/0x70
[  517.252059][   T31]  ? __pfx_kthread+0x10/0x10
[  517.252086][   T31]  ret_from_fork_asm+0x1a/0x30
[  517.252131][   T31]  </TASK>
[  517.405224][    C0] vkms_vblank_simulate: vblank timer overrun
[  517.413362][   T31] Sending NMI from CPU 0 to CPUs 1:
[  517.418633][    C1] NMI backtrace for cpu 1
[  517.418650][    C1] CPU: 1 UID: 0 PID: 7692 Comm: syz.4.457 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  517.418671][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  517.418682][    C1] RIP: 0010:memset_orig+0x75/0xb0
[  517.418706][    C1] Code: 89 47 30 48 89 47 38 48 8d 7f 40 75 d8 0f 1f 84 00 00 00 00 00 89 d1 83 e1 38 74 14 c1 e9 03 66 0f 1f 44 00 00 ff c9 48 89 07 <48> 8d 7f 08 75 f5 83 e2 07 74 0a ff ca 88 07 48 8d 7f 01 75 f6 4c
[  517.418721][    C1] RSP: 0018:ffffc90003fdf130 EFLAGS: 00000202
[  517.418737][    C1] RAX: 0000000000000000 RBX: ffffc90003fdf240 RCX: 0000000000000001
[  517.418749][    C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffffc90003fdf258
[  517.418760][    C1] RBP: dffffc0000000000 R08: ffffc90003fdf267 R09: 0000000000000000
[  517.418773][    C1] R10: ffffc90003fdf258 R11: fffff520007fbe4d R12: ffffc90003fdfa28
[  517.418785][    C1] R13: ffffc90003fdf258 R14: ffffc90003fdf208 R15: ffffc90003fdf250
[  517.418799][    C1] FS:  00007fe91f5b46c0(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[  517.418814][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  517.418826][    C1] CR2: 00007ffe44d0b2a0 CR3: 0000000033f22000 CR4: 00000000003526f0
[  517.418841][    C1] Call Trace:
[  517.418848][    C1]  <TASK>
[  517.418855][    C1]  unwind_next_frame+0xc98/0x2390
[  517.418885][    C1]  ? unwind_next_frame+0xa5/0x2390
[  517.418909][    C1]  ? relay_open_buf+0x28a/0xd40
[  517.418931][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  517.418955][    C1]  arch_stack_walk+0x11c/0x150
[  517.418977][    C1]  ? relay_open+0x427/0x920
[  517.418999][    C1]  stack_trace_save+0x9c/0xe0
[  517.419019][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  517.419047][    C1]  save_stack+0xf7/0x1f0
[  517.419072][    C1]  ? __pfx_save_stack+0x10/0x10
[  517.419094][    C1]  ? post_alloc_hook+0x240/0x2a0
[  517.419182][    C1]  ? get_page_from_freelist+0x21d5/0x22b0
[  517.419202][    C1]  ? __alloc_frozen_pages_noprof+0x181/0x370
[  517.419226][    C1]  ? alloc_pages_mpol+0x232/0x4a0
[  517.419254][    C1]  ? alloc_pages_noprof+0xa9/0x190
[  517.419277][    C1]  ? relay_open_buf+0x28a/0xd40
[  517.419304][    C1]  ? seqcount_lockdep_reader_access+0x102/0x180
[  517.419337][    C1]  __set_page_owner+0x8d/0x4a0
[  517.419364][    C1]  ? __pfx___set_page_owner+0x10/0x10
[  517.419393][    C1]  post_alloc_hook+0x240/0x2a0
[  517.419420][    C1]  get_page_from_freelist+0x21d5/0x22b0
[  517.419465][    C1]  ? __pfx_get_page_from_freelist+0x10/0x10
[  517.419485][    C1]  ? prepare_alloc_pages+0x213/0x610
[  517.419506][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  517.419527][    C1]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  517.419549][    C1]  ? __sanitizer_cov_trace_pc+0x4a/0x70
[  517.419573][    C1]  ? policy_nodemask+0x27c/0x720
[  517.419600][    C1]  alloc_pages_mpol+0x232/0x4a0
[  517.419628][    C1]  alloc_pages_noprof+0xa9/0x190
[  517.419654][    C1]  relay_open_buf+0x28a/0xd40
[  517.419680][    C1]  relay_open+0x427/0x920
[  517.419703][    C1]  do_blk_trace_setup+0x591/0x9d0
[  517.419734][    C1]  blk_trace_setup+0x116/0x1f0
[  517.419763][    C1]  ? __pfx_blk_trace_setup+0x10/0x10
[  517.419793][    C1]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  517.419822][    C1]  blk_trace_ioctl+0x181/0x430
[  517.419864][    C1]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  517.419890][    C1]  ? smk_access+0x14c/0x4e0
[  517.419913][    C1]  ? smk_tskacc+0x2fc/0x370
[  517.419938][    C1]  ? __pfx_smack_file_ioctl+0x10/0x10
[  517.419965][    C1]  blkdev_ioctl+0x416/0x6d0
[  517.419983][    C1]  ? __pfx_blkdev_ioctl+0x10/0x10
[  517.419998][    C1]  ? __fget_files+0x2a/0x420
[  517.420015][    C1]  ? bpf_lsm_file_ioctl+0x9/0x20
[  517.420032][    C1]  ? __pfx_blkdev_ioctl+0x10/0x10
[  517.420047][    C1]  __se_sys_ioctl+0xfc/0x170
[  517.420070][    C1]  do_syscall_64+0xfa/0x3b0
[  517.420086][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.420112][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.420129][    C1]  ? clear_bhb_loop+0x60/0xb0
[  517.420149][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.420166][    C1] RIP: 0033:0x7fe92178e929
[  517.420182][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.420197][    C1] RSP: 002b:00007fe91f5b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  517.420216][    C1] RAX: ffffffffffffffda RBX: 00007fe9219b6160 RCX: 00007fe92178e929
[  517.420229][    C1] RDX: 0000200000000280 RSI: 00000000c0481273 RDI: 0000000000000006
[  517.420241][    C1] RBP: 00007fe921810b39 R08: 0000000000000000 R09: 0000000000000000
[  517.420252][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  517.420262][    C1] R13: 0000000000000000 R14: 00007fe9219b6160 R15: 00007ffd1520c998
[  517.420284][    C1]  </TASK>
[  518.411627][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  518.418582][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  518.430429][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  518.440513][   T31] Call Trace:
[  518.443819][   T31]  <TASK>
[  518.446795][   T31]  dump_stack_lvl+0x99/0x250
[  518.451422][   T31]  ? __asan_memcpy+0x40/0x70
[  518.456044][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  518.461272][   T31]  ? __pfx__printk+0x10/0x10
[  518.465929][   T31]  panic+0x2db/0x790
[  518.469880][   T31]  ? __pfx_panic+0x10/0x10
[  518.474330][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  518.480179][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  518.485594][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  518.491798][   T31]  watchdog+0x102d/0x1030
[  518.496182][   T31]  ? watchdog+0x1de/0x1030
[  518.500648][   T31]  kthread+0x711/0x8a0
[  518.504762][   T31]  ? __pfx_watchdog+0x10/0x10
[  518.509476][   T31]  ? __pfx_kthread+0x10/0x10
[  518.514106][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  518.519348][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  518.524586][   T31]  ? __pfx_kthread+0x10/0x10
[  518.529231][   T31]  ret_from_fork+0x3fc/0x770
[  518.533871][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  518.539024][   T31]  ? __switch_to_asm+0x39/0x70
[  518.543837][   T31]  ? __switch_to_asm+0x33/0x70
[  518.548640][   T31]  ? __pfx_kthread+0x10/0x10
[  518.553272][   T31]  ret_from_fork_asm+0x1a/0x30
[  518.558084][   T31]  </TASK>
[  518.561496][   T31] Kernel Offset: disabled
[  518.565859][   T31] Rebooting in 86400 seconds..