last executing test programs:

6.309972186s ago: executing program 3 (id=1397):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x200}], 0x18}, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000012c0)=@newtaction={0x20c, 0x30, 0xa20, 0x70bd26, 0x25dfdbfd, {}, [{0x1f8, 0x1, [@m_ipt={0x154, 0x7, 0x0, 0x0, {{0x8}, {0xb0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x85, 0x6, {0x400, 'raw\x00', 0x5, 0x7, "e7baf755bed1ecc3f5fc2df03b3d0f06d09ccf684e4411ebfca469e487dfafc236a2bd68996c4dd4ae902cbfc9d7f59928859ad2d968df34a1ed9135ff9e64c3c00d2e5d74e326e9476228c1aadf95b61690dc9047103ce3b7c636"}}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x7e, 0x6, "3d0155179af52c218360f63b587b119bad958e13fdbef37483f1f2edf990373f1d7af2b17f247597099a981c0d86da1867e12c5be84d558a41eeaa0b3557e239bac0e1583360beff1ca128be336489bdfc2a0e7d3aed52c86121b03ee2a4749a645e0e58b3a42c39d715850ac9db2347e25ec5f4a6640029c120"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ipt={0xa0, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x75, 0x6, "b45c3e50999e0ff8b7cd267bd965c50b99594ae946a060b65c67ba37c0725f48dfc5713acdb126ac4fea463fdc8a72f0d8febaebccde90bfc89a2328790a2e1f3e4a8ec650f40dd2685113c4394824707942abe9ad835a1f6128ba736e738d0124901995773000610ee900ae766d905ff4"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x20c}}, 0x40c1)
recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000300)=""/123, 0x7b}, {&(0x7f0000000600)=""/117, 0x75}, {&(0x7f0000000380)=""/33, 0x21}, {&(0x7f00000004c0)=""/15, 0x20}], 0x5}, 0xb}], 0x2, 0x10, 0x0)

5.931098191s ago: executing program 2 (id=1398):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000240)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r4, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x100000b, 0x9, 0x0, 0x4000000000000002, 0x6, 0x8000000000, 0x80000000000000, 0x59, 0x0, 0x5, 0x0, 0x5, 0x6, 0x1000000000018, 0x7], 0xeeee0000, 0x89340})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd7092bad6b86152069042032c6071a0c8800000120000010000000c00020002000000000000001c0007800c00018008000100", @ANYRES32=r5, @ANYBLOB="0c00018008000100", @ANYRES32=r5, @ANYBLOB="fa67d104ce7b4439a28cf7a1de3f8c20d3a9ee35ba20dd0d344bc624890675c89f8dcb29e85c9cd8bdeb2920fe09d25791fe85aaeee71e6e2a8b8f17777611e6c52d874ae23f3bc95a365c517e3e954bfa78d3587c43d355001e487bcca4a9c08706ac755f82a60a0cf702b47ad02f587f50665e3ac6532e6a0835a16595ebfe24c3009f7d9ec259dfca9a477eb1e2b62e12c337c7a89467a873aadc6d94d4af62a8c1f721b50da899e9f92ce1f5d86d44a4acda6e388bc62d84b466da2a4da8224d158c91af712a"], 0x3c}}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

5.537882709s ago: executing program 1 (id=1399):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1a02, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0xa6d)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x404c03, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x20f9, &(0x7f0000000000)=[{0x6, 0x2, 0xfc, 0x7fff0006}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000e00), 0x12)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r7, &(0x7f0000000080), 0x12)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732"], 0xa8}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
ppoll(&(0x7f0000000040)=[{r0, 0x20}], 0x1, 0x0, 0x0, 0x0)

5.425617397s ago: executing program 3 (id=1400):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1a02, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0xa6d)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x404c03, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x20f9, &(0x7f0000000000)=[{0x6, 0x2, 0xfc, 0x7fff0006}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000e00), 0x12)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r7, &(0x7f0000000080), 0x12)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732"], 0xa8}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f00000500070084000000060005"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
ppoll(&(0x7f0000000040)=[{r0, 0x20}], 0x1, 0x0, 0x0, 0x0)

4.691828363s ago: executing program 0 (id=1401):
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000080000000000000000000000850000002800000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000680)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r6})
ioctl$XFS_IOC_FD_TO_HANDLE(r3, 0xc01c586a, &(0x7f0000000880)={<r7=>r3, &(0x7f0000000300)='\x00', 0x12080, &(0x7f0000000340)={@align=0x7cff, {0x1, 0x10, 0x7ff, 0x5}}, 0x5, &(0x7f0000000380)={@_ha_fsid}, &(0x7f00000003c0)=0xb672})
clock_gettime(0x0, &(0x7f0000000900)={<r8=>0x0, <r9=>0x0})
ppoll(&(0x7f00000008c0)=[{r7, 0x8040}, {0xffffffffffffffff, 0x100}, {r0, 0x1109}, {r3, 0x1240}, {r2, 0x4000}, {r4, 0x11}, {r1, 0x6032}, {r6, 0x400}], 0x8, &(0x7f0000000940)={r8, r9+10000000}, &(0x7f0000000980)={[0x7, 0x9]}, 0x8)
ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f00000002c0)=0x3)

4.641552405s ago: executing program 2 (id=1402):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x7, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x24c4436d5a174b6d, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4004000)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f00000000c0)={0xffff1000, 0x301000, 0x8})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f00000097c0)={0xffff1000, 0x11b000, 0x8})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r4 = getpid()
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, r5, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="b4000000000b00007910280000000000c3100009a0000000950074000000000031fb0d3a4231020004399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b62ac5ea9fca11027d19e93adb604a7d3deb92de3141e8ed7ac5b8902070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e8ece17d5f5b169391ef409c39c263895739e3d702c128b35d5fc23469240c61e150e2bae385f9ac9b03c22b0f7050c166b835298c5911f1053a723aee89051c24e1900ab97fa52d2e06dce0248a829ed46a520db4c1432080bbf707ad2f8af8118ee7d434a960ed6be4455ba57cb06459b64689e77ce95823a5533f5b11118906fd2fc29b3697c637d3693d4b4aade6f9202e6cfa6d7507f88af38b6109ad8f82b1d600a5447831df835d7000000218b0222004f98a7a0caddc397d8414be912b4e7536fefd951fe23a56fbf9fc643c6604268b5ccc13b996aaed0a6f6470566c8f534e5d486b2141646b35fd4472be8195fd917446a8abb1c2cd5dc09e2d75ec00ede2841e497d5178cf9445c7bb11f3c5cfdcae8c476d3fb75cac727143f92798a44864b49366b6cf228d9bc1d99ab2104e3c2e17ec46fbce102c158ff3748f1eb90b83d8be0dfcefbeed222009b41ad34d8656daf41e23322e58d91811feffc39ec11b11cc611f6fbfd999c3bef10caa2e8692259d40d69ed3d85ec2813b007b8ce6384a28798f445ad7fc451865f"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r8 = getgid()
mount$9p_virtio(0x0, 0x0, 0x0, 0x20000, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=virtio,fscache,d', @ANYRESHEX=r8, @ANYBLOB="2c63616368653d6c6f6f73652c63836368653d6c6f6f73652c736d61636b66736465663d002c7063723d30303030303030303030303030303030303035302c00"])
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002a00)=[{{&(0x7f0000000180)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000002380)=[{&(0x7f0000000d40)="5867be5ead8a95ed0c99f8fa4ee674770ece996f67ffdaaaf2a743d5bb5d4c6eebc7fd3a81e6307ca7e7d0e50c21d8704d51a104a14e47d8041a2d62d3c1b3322099f9e057d9cf8565f639ed031526ae65637f78f136ab17ba5036bdb152b0756a68709b7347aab2b4f74be002fe148f7d5dfe29d972ac58a611995486b276a0be6811a7087d99e6067132d9009e1562827e4849c3ed6848c7d698f99613cae344a93863a7c810197fb80865a131b66b82eacd8dbb52dc58f124514bd2f12aafcdf3abe4c61b3a430da10fb021d289fbb7ce3a66053a5b09303e669bf22c91d3c328490af50abc0d0f89eebde7d6f0d8907af39ffe717d75d13ed3d7eed83809c83405e9ccd7450d47bb2876b5797c5ddbcdb61ba1678841392e74841a30537bf9653ba2ed32589ba55c95146322c4cc64bc1668ccece7d1610c5a586d3f2af4d8213159e31034384bf7ce509ad2f9ed7f01b213ea98c3c591da2240cd305bdcd23bef42c1eac17455d3fed0682707ba3246940641b17b3bccfde94572b253c32fdd2f600970181f948e72cfbf591b18ab82f5bc5976e1d00111c9a2d5159f191931a0deff282446a1521d878d6a7f483811d63059c6ab3a257df78c7b9fc30ba6c765ebb9dbda1d2ffa8b3be04b12451751fcb615c6777845e6dfa293678bd14a457868499c43e211195adf89a013adde99630781cf1f4b1a7ca341fc658e4b29c7cdb650435a1875393339cbfa8193599c37a79ae4bb531a0757e317cdc67b209c27a7de6b1de91a18c4b4cceda6c47edb3262e9b34a63165614907ff3ff17b52c258594078c756053afa62975e14983adad7562f8bf233a34e7f1d3211352553d5f5f9d8085cf5f8ad4712741a86aaa6cab57419b95b31c98a9b92db496f2822f8115ec712d23239ce3f6674a22a015d1e1d1af50481d39c1f14691728c3bb1a5624c9529fb46c63afeccb8fbc4057d98aa9114ab40df97d810cfd93ee0e9b0a8ad497704796032715dfa8a902f4169a5f03f5d6634802fc84e12ed56ecd1ad28f90533aead7de977bfe041a8c90d4f928e3b56b1e40bb9aa13f0f25483575617fc0ad091e89e0322e24572b3d11035f75589082c9b4b3dc785062af6aa4f870481fec2d427c9f52ab879b6a0c87d495b032ce239754e2880b4b6e15dc06aedc8e5276ca5c159ec0513fb6770cc8f91a9cb24f7127c5eb3332a9d7f627eaa7e88977a4da80607df63ab9c6b507fef1f0c5900c725c2befed30eeea17abda1cfe60e99899a373b10b1ad0cdcf281faae98984e01d4438f2f7df55035923efbc1462bc4e1e389941508128b198a600b3d63b94de558ee8d20e97bccfd13d896416cda6b7cd51f95b295a878f6e0f8133044afeefbf33f465d1bb7d0acdd535e1f9806faaf7585c80fa1980e6b096f9853a2e5537c147fae8fb21a95f5e0c2e23ff0708e637af8855ed731a05b719cbc692c4756d17bcc0e1cfbaf5de436bf78d79be20f64e349cb46c80365513c3bc1a184ba96c43a4c6dafd4cd4ce0417213c3c1c34cc8261c8668825f3d57f40b9f0350d067f68bf1dbd590461061f5bcf5575f5f1b68512af298e66cf69801f6d846b530315f08fb200e3647c26931cb9f8c47b4386ce50fdcd7c288dadb483f3b7d0148f74dd4fd4e9124412dffdb093726d41e2c558e49a3e3de241fc517dbc2a86fbb8dbda107c4c9fcfae6ad2cddb5499cc357ce6a284e17f55aa20ea57d8303ecc41b0712893b2d5c4fd52d8cd27a43b25a9c60281662e341111e1ace7e6930016ab64bf893bf8a00e82981f744203eb5ef7b7c775b45e88e7fd391b9e53f7be9818539a3598f5e6ea60ade3b5b4c651776bf5a4adcfe7f7af539ee1378281dc8da3f759963799495daf1bc3d0de9ea9a89ed4571b836e56fb40ef4aa4fc2a551fc19fead31d6307b735291da4c61b6005ba0f9df2af4feb7d5b9c43205f1edace96847049d67ba1ded96ec42507ddcc8b3f20687d1f14ac6affd6332af15fb8f749671e133385d8b7969379cb22c036329b59d0e2dea53a520a89ecb6b9be0f2f8153fd2edfcd70e7ca38144c1594b40ea0935c4a8e628749865362c1cfdc2a29d8a7d9029272225e3fb1dcb464d6911854eb53e4d99eddb682cc8af878113db005b70a3b846e0d89147b059ca3faf5bc54c99d58da8c79c8b01b4e1038184f703d4d36b047c2e635a7ce6695026ac5555fd5a59380c2506e79cebd74e8c91140571b29991391a374aa117417297c124c389b5fb61721a2ca446fa2bd6608cd0ed0502c41f47e90004aaeeb78d8fb216df6094f7338fad611ccec42e97b58efe572c1cc5ee46f0ad15b9f083aadd8ccfbc4e4b91cfe430bd833ed32804f101965e782d52f581c51712903fd54572d6bfdc3dbc8e679bbabdc9d05d423bb67dd3ca1f418fea037a9ab6819e5ac1c2fa400e606769c585e3430414a4781c070f7b72491131e5b71d6f36029702cca84476da0a6f8c6d00e9aaffbf445c06c44fb209d322b38cdfbe2f086807d1e7ae55310756eaba469b2504f7575e8c1c73af6be883eda09a56a4c283392d91974c1e484fd13ffcb91b718906682164ec531370715c10e495666875dc1529be51913eebb1659ac9fc747a2c55647095aba2982bda0e8148bbec720355253e3e4c14167c4b697d5d0a08d668d39564d4f70878339b1904ee8791fe536cfa0a207afccc04bdb177f8c46ec0e5e703cd69acc7a6660f31e7af0a63790bae407ce011ef8b8b84a4e9e588daf07a26073b8f97ebc4d3d8dbeaee6498172d0f5aabaaa4f1b7d874c3ff6b84e9bb4f547bb3a34cae6ee3a8566404d17fa3d0daf057f5f5f9cfc36d78d0e3222f7dcd6d99344617c737b80c4ceba3c4ca8b6314375bf7890a277867a7e1509de085ded7a734736cc7a04e474728d7b71ea9a1a8799c1fe567b399741e479687c2ca3d27ba664a8e59efbcd3cc626824db415585233468b2566598be279a5d7d8241d1a1a4c5b03f656c3f472109520fdc4c0c7306be3ad55afd5e7774e40ef18389fe040a0742c0d10b19501fd481d9386b30e5baffb4fba35dce31f6723dfbad97e5f057d159ac0b11d276704b0832dea50a87ff453f006dec69f0c42d4821258f1d52a96c52419dbf79918669092d72daf52415bec81e4902a4346dd21d7e12f933fcd388425f32f00e049089edb27496d00944fe5d80d97e2a31f4e733e8013d260fae185ce7f7902e3b9bcbc664e847905dac6f7ab9ee8713f5c9db533e7f875433727a96ad06def298a936cc53177a3c607601f6356608aeafaeb0ee5c9b61aeb64df1b927f5e226e386502d4da531013fbebd33f2d3d0cac64259d0690d864114c97f3b2d01086e6ce1da273d3cb14a3aa975ac5e9597749531dc4fee34e14363d292daad85c5e6e265157e6595450c38329b9f8edf195aeb901c8e9d4bc27299071feb080e14cf2a41da07a3632274fb191523ebebf7c2381139487cad0afa6ff794f0e29999c678710de8359428e54390e8b86657190ae20ee4731103daae8b88e9b6d0977d9ebd385b59ae7c66662d07f3033e2c37adbf7c884d5b72597ed4d6adab25263f8d5c18a3f297610dec668b8e2a4c738214d3248054a054626e98993c06657ec15fefe0b740eb55ad97afdf1c1f8865de52b69714bab50e67cfb713194da4a44ab00413b3816d006b3c9e0e43e7b2f7b8509eb469735ccb729f9b7405d4fb2a8bdc17b2e61e9af5719a7870c00945547970154d317807c21a89f16e1ce274ffe4debbbe08936d98d68abd00f27842611e3a052afb9c4030d36cc79f7c2af97e9bec274df9406adfa04795ce70d1416ea7d3f6c49f5889e535c419c0ca5588582a3ee441644825c9b97e002e326a4bdff8113a5c80fe6bbe932def4bd3a88a72706a29b790beac7d34bf688a3de4592e65ae942f755606466256bdff60a00f4fffae1e0b85ba2c007de07d1916ae18119030528a61c518267f5f95d2ddcfc80bec149b3c2daec67b4a878357615a4f6722f5cdc1fd3552e589aa6b38217b527873e3e33f84c62e4cdf7113b5719a2623cf7ca5ec479b83ab277beab76a2ade4226f3eb697acd5ca45cd04c0aeebec3823e81a6f305249d224aa40cf3076e0f244611194b1a859082fe7bfff36452497cae938d6cac652ecf468cd7aeb9196d258702c0565748417231132b84d26efdc949622f801d624ef120b51015099dd24adc13b4d1ecdc943b306f6e8f6d29ea1fcdc070c091527d060d1d509209e0ef10c6db764fdbe594b1cbcb5f8bea6288a4cd5bfb45462e096eefcec7877646f36efe8ff06f3719ba29bb5d70d2234b8b061137bf5753026836fbedd8120af848b1d809a15f72965a410cc3f07d8b4427e216cf2280af3eb1a029d5106d0d32f1cd05e02e291bacb2b94bb7b15f3c60a88926335f6c8de03988cab348c16197c166b02b9548dfdefd90978e0779e2b69e6157f9186cbd1b22bf13f4698810543c85e22d615d33f07a4abaf98429128fd3ee77fca92e06cf93f752b58f184109f6932db3a641ee1a669a0ce49a1b956b11257526b629c9b414b312cd873059cd9889a66014159eb857bf8b9825d01e4ff14cbbf261e549f49fafc422de8b71e128cffe897e7953ffea5391ca1d420b4b410e4acb0572ec1b16671d926adbb5e4e02490f4a9f486b00da9b5849c3759b7b49a41f4548fc7c1fff0eed41e3b28aca3b645f67923a078cb21b4fc1b0b7c55d841c21366225dde55ed6efc0ec32615b6974d4087b33e5cbce660925f4e516761577b9a0fa37f21f3141008b611ff4bafa838443ee427b9e1b76948cd5e7079a9519602b6f70ef8057def2d60e549aac28a75f236451a84966c46964ccae360bb5f7bafee5f9386d503f52532a5a5640846d15a3c2ef5341c7369666b00b2682dc510d29feedc71c58d15f79c054574ae3819619030f7265970845ed776ef1c4fd60b4c53193a3cdba164988c2c3e2e73385ed53d7b6ad9779e2ac31543ddba5ed6628cf52bdf81cf30e06978d65c7870c9100b215dbb2e8e477a49163d4ab3ad2986c075c757d4a12e5fc59aa5d42b0291adf6c5406c5cfc2f605c638b6412cc7076b5b60a761d7fd83f058f24eb6c669e1c39634108f18f20b9ce88f925afba83f34886cde247caabb4281ad59445d65fe66c0947bd3a4bae7280dbda5d8b52c1e0f89c92e68ff0dca4425ad757b92b825a3861298d68391240dfabec29708cd95a9872e684cc25c041560359fdd52ec13fa9d8090c463f21bba6856e054dee2e7a30c7ca0e2fbde627b128cc9874ceddf1a51b7fccda015d1b1c717ebce3d5053131ce4e4b19e56c64ede7e8ca2ca131036caa870ab587959be8c29ebc111cea350703434bfed1c953b9dc574dd34e8c8a09cde345451bdc157b840e426e9ee6efc735eb12cfe2a01501796f0ae23d538a9bd6137fae932dc78496b8f4c677be830fdc0f340c0cc0523ee7d56d8de2cbf9f42e090a607110a35d479a702d7bb16a22ab4f5d1e58adb224a93edd06d34a789d3d0c7df0f18030505f738d49df17533bfcd108bc2a398390bc0386014197b7591b3c0bb2b1a5d8bf4dd72c30fbee95c05bbf07e255a80e4fa3d202e008d91ae14cb04240b28552a1a555c15e2caa5b4f4d582bff5b4f2a71b885b9b5f62673b915ee83f0e6262ff40f984641c565e0a79c2977d257f18b7c01ba287f6e4bf76877e8d2e2862b02b0b8ca49858b1ce0f2cc3e0ee0b97cbbcd8d6702c458ed457236f97867723a2fbfba8f", 0xffc}, {&(0x7f0000001d40)="aa550bd231d3b281ca83f0a6b7487ff82c116b3f66ffec78698c59b948a0deb510505b50f8c653b1d5e768fed693c18a47e8abaa36846782c48fcc644457ef1f0d8bd991517a1c34a412e1f68cbc8c80667deb66d2f6c861f3f18a2f5a0bed6494e11f1e5045caf6339e90db8d0e197b692e04ec8b95e61c20165271b84c6d64925a8a8bf0aa67e4394393cf1827f80263b097030e769649c881bc64fc22a1ae2ef80dec66ad6c773a9a97be131665960a9276adcdd0054c15100b76d61e0f4bfc7d74cc8a6889cc675271c3209e42d02a91b1e498d036682b2bb559c8e46a4efbb4f7a2c882060ab59f7747cbc6b9fbd8844d017422", 0xf6}, {&(0x7f0000001e40)}, {&(0x7f0000001f00)="1eea8d1cb70ddf05837aaf124e12379ec7bdb0305e8c09d21652a32e2f3a4c57ae2e19a54ab660", 0x27}, {&(0x7f0000000240)="d80d", 0x2}, {&(0x7f0000001f80)="e874086b0b348e73aa301b913c667df569275bcb14cc21a31a131127d8df9d2ce6dac6f548ab18678c33fbc0350f5b7d8dfbf0d294c9f33831a1a42096dc47f46a50ff59bd1da4ed405ffea026cc22da540cb01ec8214a6caf818873a07f53acb86eeff43240f199a613907d3db8f5a4bdabf07e49303db81845cf287025d889594ec9ae66b86710664c1d89fd75c58b684dd9c4c58f767e98aaf1513f936c143886b16a53f8ece11f2732115b1f7149a64c414b55113d755bcd880247841d164a829614365e4b00c5bb3ac54be8dc3b7e9313c6b1feae12cafef38f4b3c3bd3e6ad407e955e08bd2bc97b66a3b34945177a", 0xf2}, {&(0x7f0000002080)="880aef9c93cca7e1391fc40d2ff0a48c66668851e35db26f10f5cf89", 0x1c}, {0x0}, {0x0}, {&(0x7f0000002280)="ec1b92bd00daece3d8e1a031c6cd7d76cee44894ab49d1af25d4b731a3b06d25225c578f3cbdfbad51720a377cdc37bb8c1f27d95e3fd4de09a13a30c275da0d9be3660a676718d06b56a20082868539de235f612d0faaea0fc64be6eb63ccfe847bc4786b0e514ee61d21ca70ad5a9761d3ec3381c5dcccda65d51011b29960041f5a6c56b94f84f3164a449193b2ef4d24bab5aed0655c965f8ec798ef45bb032409098d42", 0xa6}], 0xa, &(0x7f0000002780)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="180000000100000002000000", @ANYRES32=r7, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1800000001000017026a01e1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="180000000100000002000000", @ANYRES32=r4, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="100000000100000001000000", @ANYRES32=r1, @ANYBLOB="180000000100000002000000", @ANYRES32=r4, @ANYRES32=r6, @ANYRES32=r8, @ANYBLOB="180000000100000002000000", @ANYRES32=r4, @ANYRES32=0xee01, @ANYRES32=0x0], 0xa0, 0x4000040}}, {{0x0, 0x0, &(0x7f00000029c0)=[{&(0x7f0000002840)="644f3d121c3f6d04476e6cf158d82ac1ddd870bcb32b16a04413a10e4c37ec13fe87bb3ad860e1bea328f9e712bb051e8c44bcb3733e9477fb75e598dc00e394f661832c78e37d0f21ee6f14e92e8b7175e7251ac25aa525b5ad881e819b9e9918426e5cc0a137de9b6775548e8e9547a693cca7b54b40dbdecc1121e891a609724c13410f194c7a61fff50304b1ad4bfc30f684a7fc924bbf0a615c16021b62b92d862b555a7d34ae20e65c06306524b7c4cfb272c50d09f797c9a81907ae7bc6397d6bb5701e1f269deddb64e586ae64", 0xd1}, {&(0x7f0000002940)}], 0x2, 0x0, 0x0, 0x10000800}}], 0x2, 0x8010)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xa}, 0x6e)
getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [0x61, 0x10000, 0x9c9, 0xf, 0x4, 0x3]}, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200))
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x402, 0x0)
r10 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r10, &(0x7f0000032680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r9, 0x0)
read(r9, &(0x7f00000000c0)=""/163, 0xd0140f23)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x304, 0x0, 0x150, 0x150, 0x0, 0xf8010000, 0x23c, 0x238, 0x238, 0x23c, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @private2, [], [], 'team_slave_0\x00', 'hsr0\x00', {0xff}, {}, 0x84}, 0x0, 0x10c, 0x174, 0x0, {}, [@common=@unspec=@helper={{0x44}, {0x0, 'snmp\x00'}}, @inet=@rpfilter={{0x24}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [0x0, 0x0, 0x0, 0xff000000], [0x0, 0x0, 0xff000000, 0x43cdeb732741cf8f], 'batadv_slave_0\x00', 'gre0\x00', {}, {}, 0x87, 0x0, 0x4}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x360)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$FUSE_ATTR(r0, &(0x7f0000002540)={0x78, 0x2, 0x0, {0x8, 0x8, 0x0, {0x0, 0xcfb, 0x5, 0x9b, 0x3, 0x100, 0x2, 0x8, 0x4, 0x1000, 0x4, 0x0, 0xee00, 0x1288, 0x598}}}, 0x78)

4.438653767s ago: executing program 1 (id=1403):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x3a15400, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x3)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x8)
mmap(&(0x7f00009da000/0x3000)=nil, 0x3000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x24, 0x0, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x87d4b69a72310a97)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r6, 0xb)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
connect$llc(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000010000108000000000000000000", @ANYRES32=0x0, @ANYBLOB="82001b0008001b0000000000"], 0x53}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)

4.162342388s ago: executing program 3 (id=1404):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r1, 0x0, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_DEVICE={0x40, 0x2e, 0x0, 0x1, [@NL802154_DEV_ATTR_FRAME_COUNTER={0x6, 0x1, 0x3}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5}, @NL802154_DEV_ATTR_EXTENDED_ADDR={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x2}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x20000010)

3.711031828s ago: executing program 0 (id=1405):
connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0x4e24, 0x3000000, @mcast2, 0x6}, 0x1c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x48}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f00003a1000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000000)="9a01000000f800b8d58800000f23d00f21f8351000000d0f23f864640f79ea66baf80cb8c85f5480ef66bafc0cecc4c2adac17b9550200000f320f2860c7c4e11751df0f2e2d00000080b9800000c00f3235008000000f30", 0x58}], 0x1, 0x4a, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0x70003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x2, 0xffffffffefffff15, 0x3, 0x4, 0x1, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0xf4)

3.591640637s ago: executing program 3 (id=1406):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="e03f030025"], 0x33fe0)

3.462355849s ago: executing program 1 (id=1407):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000240)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r4, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x100000b, 0x9, 0x0, 0x4000000000000002, 0x6, 0x8000000000, 0x80000000000000, 0x59, 0x0, 0x5, 0x0, 0x5, 0x6, 0x1000000000018, 0x7], 0xeeee0000, 0x89340})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd7092bad6b86152069042032c6071a0c8800000120000010000000c00020002000000000000001c0007800c00018008000100", @ANYRES32=r5, @ANYBLOB="0c000180080001", @ANYRES32=r5, @ANYBLOB="fa67d104ce7b4439a28cf7a1de3f8c20d3a9ee35ba20dd0d344bc624890675c89f8dcb29e85c9cd8bdeb2920fe09d25791fe85aaeee71e6e2a8b8f17777611e6c52d874ae23f3bc95a365c517e3e954bfa78d3587c43d355001e487bcca4a9c08706ac755f82a60a0cf702b47ad02f587f50665e3ac6532e6a0835a16595ebfe24c3009f7d9ec259dfca9a477eb1e2b62e12c337c7a89467a873aadc6d94d4af62a8c1f721b50da899e9f92ce1f5d86d44a4acda6e388bc62d84b466da2a4da8224d158c91af712a"], 0x3c}}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

3.360175493s ago: executing program 0 (id=1408):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00'})
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010029bd7000fddbdf252300000008000300"], 0x1c}, 0x1, 0x0, 0x0, 0x48000}, 0x40)

3.325984977s ago: executing program 0 (id=1409):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1a02, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0xa6d)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x404c03, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x20f9, &(0x7f0000000000)=[{0x6, 0x2, 0xfc, 0x7fff0006}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000e00), 0x12)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r7, &(0x7f0000000080), 0x12)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732"], 0xa8}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

2.765479767s ago: executing program 2 (id=1410):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000000100))
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000240)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r5, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x100000b, 0x9, 0x0, 0x4000000000000002, 0x6, 0x8000000000, 0x80000000000000, 0x59, 0x0, 0x5, 0x0, 0x5, 0x6, 0x1000000000018, 0x7], 0xeeee0000, 0x89340})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002cbd7092bad6b86152069042032c6071a0c8800000120000010000000c00020002000000000000001c0007800c00018008000100", @ANYRES32=r6, @ANYBLOB="0c00018008000100", @ANYRES32=r6, @ANYBLOB="fa67d104ce7b4439a28cf7a1de3f8c20d3a9ee35ba20dd0d344bc624890675c89f8dcb29e85c9cd8bdeb2920fe09d25791fe85aaeee71e6e2a8b8f17777611e6c52d874ae23f3bc95a365c517e3e954bfa78d3587c43d355001e487bcca4a9c08706ac755f82a60a0cf702b47ad02f587f50665e3ac6532e6a0835a16595ebfe24c3009f7d9ec259dfca9a477eb1e2b62e12c337c7a89467a873aadc6d94d4af62a8c1f721b50da899e9f92ce1f5d86d44a4acda6e388bc62d84b466da2a4da8224d158c91af712a"], 0x3c}}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

2.764423957s ago: executing program 3 (id=1411):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x1a1a02, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0xa6d)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4, 0x6}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, 0x0, 0x404c03, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x20f9, &(0x7f0000000000)=[{0x6, 0x2, 0xfc, 0x7fff0006}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000004c0), 0x8000, 0x0)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r6, &(0x7f0000000e00), 0x12)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r7, &(0x7f0000000080), 0x12)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732"], 0xa8}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
ppoll(&(0x7f0000000040)=[{r0, 0x20}], 0x1, 0x0, 0x0, 0x0)

2.624667403s ago: executing program 1 (id=1412):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000000100))
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000240)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r5, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x100000b, 0x9, 0x0, 0x4000000000000002, 0x6, 0x8000000000, 0x80000000000000, 0x59, 0x0, 0x5, 0x0, 0x5, 0x6, 0x1000000000018, 0x7], 0xeeee0000, 0x89340})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002cbd7092bad6b86152069042032c6071a0c8800000120000010000000c00020002000000000000001c0007800c00018008000100", @ANYRES32=r6, @ANYBLOB="0c00018008000100", @ANYRES32=r6, @ANYBLOB="fa67d104ce7b4439a28cf7a1de3f8c20d3a9ee35ba20dd0d344bc624890675c89f8dcb29e85c9cd8bdeb2920fe09d25791fe85aaeee71e6e2a8b8f17777611e6c52d874ae23f3bc95a365c517e3e954bfa78d3587c43d355001e487bcca4a9c08706ac755f82a60a0cf702b47ad02f587f50665e3ac6532e6a0835a16595ebfe24c3009f7d9ec259dfca9a477eb1e2b62e12c337c7a89467a873aadc6d94d4af62a8c1f721b50da899e9f92ce1f5d86d44a4acda6e388bc62d84b466da2a4da8224d158c91af712a"], 0x3c}}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

2.140621495s ago: executing program 0 (id=1413):
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000080000000000000000000000850000002800000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000680)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000180)={"2486910284ed923431d4c5d5fbf514fd00", r6})
clock_gettime(0x0, &(0x7f0000000900)={<r7=>0x0, <r8=>0x0})
ppoll(&(0x7f00000008c0)=[{0xffffffffffffffff, 0x8040}, {0xffffffffffffffff, 0x100}, {r0, 0x1109}, {r3, 0x1240}, {r2, 0x4000}, {r4, 0x11}, {r1, 0x6032}, {r6, 0x400}], 0x8, &(0x7f0000000940)={r7, r8+10000000}, &(0x7f0000000980)={[0x7, 0x9]}, 0x8)
ioctl$SW_SYNC_IOC_INC(r2, 0x40045701, &(0x7f00000002c0)=0x3)

1.808887112s ago: executing program 2 (id=1414):
socket(0x15, 0x5, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/rt6_stats\x00')
pread64(r0, &(0x7f00000000c0)=""/144, 0x90, 0x3)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="b7000000000000006111900000e1f90006000000000000009500000000000000650881f86b2cc338df645e9fe3e06088f59a1804a0411223122b5edcdd5f6cd0ac52cd010001000000000042db7732b4e7f5318f7d072f289968935fe5143706d8a9dacef4e6fa9f392c0565078eba4f0c7243cfaf3983427c7250be5aeb541b4b317897bcfe86a812677427a0b5c59185db31"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48)
socket$kcm(0x2, 0xa, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
syz_emit_ethernet(0x9c, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100febfffff00000000010000001c0007800c00018008000100", @ANYRES32=r5, @ANYBLOB="830001700800cb", @ANYBLOB="0c00050037193c99a8772efb0c0002000100010000000000"], 0x48}}, 0x20000000)
ioctl$SNDCTL_SEQ_RESETSAMPLES(r0, 0x40045109, &(0x7f0000000180)=0x30ee712a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81e8943c, &(0x7f0000000d40))
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000050}, 0x20048045)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast2, 0x4e22, 0x3, 'rr\x00', 0x1e, 0x4, 0x68}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x12d5c, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e21, 0x3, 'lc\x00', 0x11, 0x3240, 0x3d}, {@loopback, 0x4e23, 0x4, 0x8628, 0x12d5c, 0x12d5c}}, 0x44)

1.735667115s ago: executing program 1 (id=1415):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000000000020000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
r4 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r6, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r3, r6, 0x25, 0x0, @val=@netkit={@void, @value=r3}}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r2, @ANYBLOB="46ff0f00000000001c00128009000100626f6e64000000000c000280050001"], 0x3c}, 0x1, 0x0, 0x0, 0x690}, 0x20048040)
kcmp$KCMP_EPOLL_TFD(0xffffffffffffffff, 0x0, 0x7, 0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r7 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7, 0xe}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x38, 0x2c, 0xd2b, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x2}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4084}, 0x0)
sendmsg$nl_route(r7, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="540000004200000a27bd7000fddbdf2500000000"], 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x814)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="80000000", @ANYRES16=0x0, @ANYBLOB="000229bdff030000df25040000004000078008000100a40f00000c00040001000000000000000c00030002080000000000000c000400000c0000800000000800010074000000080000002c0005801400028008000200040000000800010001000000140002800800020010000000080001"], 0x80}, 0x1, 0x0, 0x0, 0x200008c0}, 0x4008c50)
r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)=ANY=[@ANYBLOB="180100002f00010000000000fcdbdf250601f2800c"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
read$FUSE(r10, &(0x7f0000004140)={0x2020, 0x0, <r11=>0x0}, 0x2020)
syz_fuse_handle_req(r10, &(0x7f00000062c0)="23db5037805f177d136115e6a1a5903469af39c1fb9cb38215fe64cff9f2f0444a57e22b0cc5cb4f74c9792365400d9e1c68539ea5eff0a5ed0864814d39251bee8dfea69aa052d900bc0c792e1c9752b7d3a3222f6a1ad3e44c1f65617b128aea51911861ca36ba7c96b96b2fba0fdaa49ffb2612f3e81fe565327dd9965a60046442c9dcd0d552c6a00388be3b438a08883c7349761531880294ad9887db97d8c2f74921c57910cf1f5cc528e17bd5c3746b6202f26d621535aac5f7872c2cb3295e42524b5acb249b2d1ac1b53a4e31271decfca3fad2e2f740768adf00875c18cb7d115150f83ceb73f77a1f61f1666c2bb9f6bd9f0fb55b3a619446e32bae2a1d99aa49e5f3822e048f8be44b707f2db10d7916ec9a10a695d573d871cf24959c3d15e61344a68309d186956537c6ea8532fc2e1c7649f8409d8dcde4c8ee1530470ac9c870f9f1837574e444ba6addf5ddb2dec67c0e76df79f265b403818dddb4efc27c90985ed69a48b12056e548f9c99edf80d2b195d26acb1127661727a0600257f4b2546513d03930a0638a71bd3223e51fbb75c832ef737907f2f4d3f0505f431ea02783c798b5c4579c99961fb73dc623a0d99c1b306435464d413b537d42c6444851b36482597140b22fbc0ebc7e795b2f96739bf139f5823bc869ede547da4f394fa1b1787836095e1013264042e53d5006ea059d0488cb2f5ccd44b30d25ea53c2dda71d112d7d441dbfc9f8462c99c098b1958c80b237d83c32f2759c9a9c081d7d7666a477cfda59354309b09f2a8b9f6c3077b0df1e8d0c71ac07232de4f437107cb0eb9b47b2267efe31938a337cf11cadad72ced56895bb14763cca5bdadd245d801e829a1eb3bb4ed851a345918efd2dcf8d38f66badc773068e6a2ef59b2bb838abd8b043cf6ac54550f3fde1bbb9e761095e4b8ef1891757d376be1f778142610c0acbbfc697f51fbb7a1602ed46e82813c74f41ee2bae818174809f3692084bea7310ebec3d6166702ae62aad84313e19b4d145167185ea8d53cb21d099fb592d7d7f8bc305dd375b5c0cd73be44f49ff53cee220085d4706bbf50c6f63b02e7e805e8fa4c73046a57a8700886da29ea53e5a316e7b011c44a0f7be5cc5cb5641ba0069ff591eee18966c7f005ef40046a5fe2bf325b2545b009867761264aa9611d184fa372ba3c5c33d9a50717210f7cec7f6dc4418a87a797eb6aaf6ab3892bd3f559547c88d8c29646c8173fad1588f52beb34ff863be65e7ec1598cfb465f270bd5532fa7035aae077eedbc846058fa19f58ffb1cf0f1863f6d33f2e5c454d18b66be766ca369af2cc9656fa34c6c10e4d4da44ce5e2370aaf60c4e130da331d3489e8f44c600246323409fdd35d11da27128c9d64be65dd3a90c1546a6eb9185cb6d3a4a9cfad0e41ea03896fd2346f745eb3563d7a79fd345b037c040e56f0677840bf9b0d295bcfa98b931464c5ce9fcaf745720deac2d8b4edeffc0fe6f089ed7c3880959fcf8e31f7b7054bc4f5c9d3ed3f66c968d0bc20b2d66c374f030f3f1965f43a98519e527caf693362412d523eeb38c8b016ff77f78f833d7513e4b5a53d5ed5143916673f822ceac9967b8788bc6428283181eaf8d99e48286aacf4f658a903e9f08659450f7f9483807c2e013a1d9d199f18886a8cb4e14d41c71e5731455a4394551281eca12a1bb6ae717f5da2949175d0f1f3d718b761dfc1099c7d9d8928c899ac8e936e69d19fcbfcfdee83b68ef8e15eed41a8ac0d54aa92d7d2ee58bb4799f378225ec9ba4709e5ce2b77208ecc85c22c64967a9ef3360c54d311b8917ceb7b432c90cc5e98de9327c1400f8ec89261b1d77d8874b0bbdd2c5eb59df415705de52b08b0e12c07fb7367c6d461c19f282d51e482cb4fb9ceb0249ac2d6400ca170fbd6c0063224179c616bb030a5c10102aa2eea92f1e6f5828590b250b09e6d1a9535c298a68160b7c281fecdd295dc3396c4e6eb3395d5a677d5fa95a732dfdef81f4346545dd1a74bb3aa9b516699bdf0a59165077ab459a5ffe0dbb3ef8afa7a8382a8441e0c36ffabbed8f93f4bbeb97e5f6a704bf63a0de9ccf8fef643ebc530a80920931002003b027014de317c42f861d98ef4fef66d232d9706e6bd263347384dadadaa43a7e106bbb21bd822d468ace171b3f04b996112135b63dcbd612b5888ec40da583ab549c340ddaf5d7406c3e99322c68874214356c1fd9b5f84348e629cc3487a901d1b7a2fa531b1509ac1c93de3da9f1c3773e3a2aba2b29d2419f240ae6d24ed9f14bf0b9b0f1e740a2db06dab64d6386f950bff4e4c94160ef4b832bbde3af4937b7528658b5c16a51cb22193fe99385721ce5b048d9338e289dcb40683140c413eca52c8e4b64b306f47569477379c864cfb3aa3e349262407d3935ab9a0916eb0f6db2be71a7eb8f9968dfac44995d5bff8ef617fceeaa448f5e5f8d4b39e3512fe7ae9ee1d8a0d5912b6148969ab0325f3f76e2340fbd67ce156bdf638140b3ccdb08e5049db15957915cb05db8901249b10c59cc5c3ff836290e3334eee2df387e44c57b4d6198c3749f5dc57f6c3de115ced6b43cbddd762b58f1fb40b2baf3b381febdc073142e30d2e9a1a69e8d86314221e540f195509d223b206173dc5406865d8064817c30c284c034035a63190ab86df3bae4168c58e01d2251748fd5d9d610024129e83a5730fe83cf0918790e6854ab765c78649b91c06655f0cb9e26d8432df78bbadd99583b6a8afcf177ed6f339e08c0b36a16c6d31d8a24cb6f2bc3ba58d7711b6f8b988dc3e3144be619548457d4f40509f17eeb186cb93a2928ecb951593d1907c8bbb9f4c8999caba3059c8e73dce54ad6f87bcd51d559f7759902b14e68d3b845c0b179b38f4e6f0bd3a89cbcd5ebed9972102048647da1eda5c8456442369f4ae871d4037ba26f27d27371ce57e23adca5af8dc93f934f2ef8d69ad3b2db66657b3868dd839c2b522f5461f24407ef091b77242fc70a48b7eec45f3bcbcfbc6bdc36e4b67295020a345233a32a0a0af4d03a53ef67e69716d5ae35342722afbe7558946475a9ebf5b39c18558a0011f68bc8a78590b0cb63618379a512790c42d94bb239dd3ef5b8d1036cf0391aded8802a7a447c38f231ae611aeeab9bba44cd14369473758b64108d0bc9b6bc9e9b497c2d1d2acbae7c620a55c226cf371331688eaddec61fe961c5fcef71dad45820ed0ac8dc7641d82150f1318ac15aa41e7be585b6a50da1b3cd95239ee61cfde15aba80ae8ebc21ba4540883c6f44cd35b6b97da4640c97f5a2b6efa8d184fec823abc754ab8a0db6c45c2293e90d9c154c4a3e0b9ec2b6113ce6583b80f0d234dec9a9815067244733e2134b9ba93bb9692fb44200bb5501bb109f2401e8baaf0115d795bb0346dfafaf953bed8e9a52a5b9b02d490c55fd89daf311ad5e08b070a9571f696d6df4715c8b69b840e4e03d6f361326e20d9546c47b3a63163e7df9bd260621358c166177ee7c69ed63a8c43dd4a78543aa9f922c0ef527f4aa61ff65bb14595f518412ce25a1e103df89cd4b363593da16c11d80a23a9b5ad8e3a7be8f697cecf82c8fbd889a4f743c839b67f7ba5453b10bbf59b1e4f4e821872c061a4125c0c15c1ca5164efe61a58bb54dcedc849800a6021a448d4660c3b85e2362b7cd8ce95156fbf408a09a30a8ccfc3554004e9f9a35382907eec00617e2ae1f8803146bc8c28b4f3bf3c6b183ae9248e7f05c4adce3e0b7ff29252b5be9b19431e3fe612d471f52c5c34cc12c83049189f4d2e5ca516df78766ba3449d07ef9436c68052c986d9dde8802c931194e2ce34acb8cc26663a09348b15c6c145d26306bded0d1f482803ae6dee26562b03fcb183b69ee4a0491e8776ecdadfca395cb4eac2948d4d64321a4e669f2f663eb54f05f12ed9c685835c3e79f982152dbe701073b9a4ab2932b46ee2424a5e18bbe5f25ce0b898ff6937927f4670defe430ac86021226ae055daf39b535cdc0899fcc99d15e67d66bd2dd89bb21b8d2689a8af10a1b0bd44103c469922c36fc0228d7b6febf5e366dceecf8bb1db385c8ab95d86ff09b76c2fa6282de81fd6864c495a4c8295df61a2548e1b81c3e3f30d7a41216801d6c2d1743f66ae2055756083e8bf403d436b8244ac214f4d84a693d13f299ba267401d094f2df70840e8a980622794212f0992ecf5a47980ab2cf7d5a6f12b0a489af3c3c847ac59bc89f36fbb0e08bf283b68213a17de38b3a45eade6f0b198def408f7711c16367bcc0ded794a9a323c7e7f07fad96ea9c4d7344c26e43844a27c21076b8d7cd07677602d91eac825eb5fd0631755c2dd1dbf7bce3eb3c3f7377fc6080ecd0b894e29769845725943e25932d4249abb4ab78d4e2ff2e2df42c8d884cd6bd13886cef080c6491c217abae0eec6e9d4d49eab6657f15cfd38e6cd6d0bd33198c4685ab302d0f46e42f4a5d5bb7d2840a0a8817b98a856700d4de74351896fe7d7d5a0d1bc57fb4c828aa51f9637807aeb905780f239527ed4affd83f68be8b7ad1e10d9e797ba39cdee24f7be0a0ab0ac22ea3968dac61eb4bdd522c9ce570edf63a439abfd9954bf6a16c88d86157d05477200a83255cde279b454979cee4de00e81cb44acdc4295c877566a749ab5b91d250f03d46ecc14210c196700338eea028c930ce104f20a9e7fabb0ad1d314ec1a2d97d1d1b9e09114dee0e3e513eacede01971ff85dc98634156073df4e8acd6c3aadd615adaffa7a81573813bc4ca21886ddd532021bba5c84b34c34665534db48d61903a03c1cca4ed955ca92c1e33b7664b494e3db6d1e637a49e537808a2669ebeca301691acd4fab0af197b9c7db01b7862466b568ab3a4712a25210264fb297a6b679dfc3fceb65bddd1a23d5b507a0d6da83d73b716d971c5179a92e57b9b93451eb943845a549de737f2d082a83682c32649b4941e787758ead9d2c256b2b4ed1e0255952ce83cccecc39e5bbdd38490f1960b26e5379943be3d9a64b5149c84d577e5fd099560baa292befa06ce9065fb03ed432a9e055ca4ad0e952f8368b3d230fd5239726f79f4c98a0b4a9648382b245d324cb61049562f765f923fc657ef36747658494d78590a1e27a2d09856acf50c3b26271c6d5aa96e8ff9bdb9043859665e21ea53a050c335cac414bbf27b0328ac2c7450acb26b093bf232358afd1135ee50ac3fb26b5f0256ccdd37033c8a59740607cfd549d4c6540afe4a6b4425ae1f633872dcfb5da8d0547cf0c4888817b71fbc7c45b2a641e9c1a76b6a6be124402422ada35edc02ed997d6b87b361aee95a16d2c528d89a52fe40dfd83434969bd86f02e63fc1ae72941209af39a08cfbb4c320bc47d853f5dbaf0cd60ec54608aadbc382fa6b5cab3e9cac57bea26609f4c79f6a6b4eb4a9336fa95783b0c0c366f36d5d6b8310b3cfdb800207919a131bc7f984f7fa11fd0bf2c89e060e9d1286e453fe97363ef72bd6eba29a85ffeccdc3bee72e12284333a5a40622c01619558d2750fc45abfa22059ebdf743f8e50ad29770d19f84d8a34232d6918514769b3bb2a1ea5e59e9556332ba669675764458e9349a1835c501a93e91dd3b31018979880a9913f54ec1e8526b8cffcb776b97fbb9424faa5c5eb60d2ac74955bba4b5182571d0d9f84f0df1baa722b20a78c9c0011c667f688b58489c9e450d83e40ac5eb41c5564b6d76a226448abe4a3f499927074125aa9c0e7e704c36df5bb110a0f15f8433a470e81db414827d5ce21ca1da1c8d51d746d1e1ca110127c15e92afd75d3cd05ce0b632cfa03745de3cdd4b57373d46676583c89f045c26c6fc5793e5489555ced08f83ba351135834a2028113c319af30cc85bc01a7f8208822d7d607aed0d2e12c80aa009100441b75beaccfe0adbda7e8bb870edf4963158794c8c3a5baacf6eec7b5efaefb7602dab8409d161beeb281cba21f1da0ccdc092d0433fb940d79699ffeb87ea775829a6e7e3b308a2ee0b7aec8ac5f35eed61be374c7c77196f7119a8882deff68230f461cb917b0ccb2b8597efcbdd1003b7b77b2c601ebd4b45c35b8426f7b9138ab3df0ec00819604ab8e1e64cf2aa2282b1269585af127a268cd207f964edff172e555398a16df44bdc52889538c3a27f8fbfffb61f7aeb55b259952bbfea81d73058d8b0f78ece9dc08e660437d21d4e3ec38b19e5afda7a6e33023f9158db8a1c14dabd9b8b307ddc66927f7b19df5e0da2237d98ddd890b81f1963808977d02198e8ae2e97419dbb1f8e51cad36a3424b955500fbdaab6ff8dbf028708b1f951fe43864b59b6c2368b816c98023d4480a91b3f1059e9c214bf55a7f8c7da907f79ff5568fd787d3aa022ab9d03cde551f7e3295f02c4f3aa37e4cebdd968c0f82f09eb004fbdb1a4ef3a0d426691bde3964c29ea65622f5d3ffd854053545ba1ec164495e4bef4845439c058f9438d13be7922b656db499c246ee6176a15b97e6a68e42f0c703033b699504e1f92b43054c7237199bd013d96faab47433b6b3f91dc66368706439d4ef7da3942ce8b9c1c9a9d0643fc4540e7d3f1c3821267e866cacd3e904be9f9df80381eec09eb2b0d745ff03ffb199b917a14fdd8fbfbffe8bfb0cf7023aa7183301a8a41e7097ff9f5247f8b78f7d08bbfc596a81047807cf0929677222e7e9e921b294e04088c3746d8dc19294645f1c093a21b4c5e6d92e54dd90465b11dd5d9d42af849070edff4ec63970f4088daaa33afdebb28d01df5ee043a8150ab1b25d864ef31e20c84696596cfbea92d02ea29c4a3933c41ec68aee7d68d7eea7f30d8920e14e62be42bcf856d7a58f46fdb2438b023e974f77281c5a462553627e9614504cbd3f1cae6e0fd9f7e89d9bce48946d0508616fbe542303dc542982c61d7bb4afbf3e76bf1fb2381cdc99f2175ef944dcd826aabdca2b7678db5262733c69ce504c38e7deb7adfb9b6d8bb00d8e4251e0438417ea615cde58bd76c2427b3d7a0578bbbff9fde2abbc5d60307aff0050b18176158aaedb34e283886378ff798b4f74e0a0c95d64271f1916280dd247304d9201c67f5e2640d9706add8703cac81795a0190107e2bb2941ed13738595da1c86ba0f68e2283a435cb5f162c74071a13dfe2266d05abaef080dd6b1dade115e883e04f0bb4be4d91f535ae6f822b02e814e65d2b7807d199a23d3f26209f6c9f93602a3a93ccfdebb5f8161b7928059674e15820d1848a980c8d1af5a73aadc5c402fbb6e730ba51227913ca27f0d78d331d6325d0a7926c238296b2a22b10a69cdffeb087dfe175511ed8e2cde8d7dae140e4ce92f892b129d9940e4a30b19f822ef7611b8750eaea8e55502604b7d2358c09a217af8be6c86d67cf6ff6130c971c9765d56631fe6224fbe1e833d497b534fbf6b030af93691f59295279aa1bdfb5d5d9d4668d5aea70e2b8fc117df0042e91c7e6225f27329727ed6e14a87c7943c040dfee4e5c06a20251c39a45ab4865951b0daefb9c05571fdcc21d1761945bd2b8047ccedd6f1e708646fbe61e75bb2728e8cee893d7e6f642119e786155a6cbab057d6d83b77716145119e974ad7355179d2adc3d748fa249cb58e32e6791d646240c05da4427b2f359976c8fd1486c604cb7ee647e24633d8fca8314cf1f85110ca6351156a2b26e44b040f7d2810acd36f45a3969c1fafd1a7e0bc14fd9b26593375be8e750c3f6534ffb85904d15d75fba05dac4a673de97f7543ee931724cd35474cd7ff5cf3e8abaf206f3030e92895633fa9d8499ea763601560260109dad18bd64b990531fc5377e6eaa5da050b98e1c6515ea48c7de1a15b63283d4a694cbad379356bfdac50e6c343879e29f6b9ab425600d51f257ceb35d0ca00f83cf5bd734223de716747614666ba1f1a8fa756e5f3ff0fc94fa4bd4073bddb0098cf565ee40af5732ee9218d262e5b64ad6b8118c54eeaf7072f2e15514a401779b425fa89d8abb1750e56cc3108dffdcf2d3fd86b8af4560d56f7ff0702154211f9949e3992d93e66892b297fa2d4bfe18de3fd74e96c9d30eb14fd458fdbc9e9a34e00f3280dd732520147fa2a8fa83e91dd0687501466a300015bf888c03fc08190c2753d7719acf6f84885c4c5642f466c1984f15a7716a9b608ee5f1b395726bcc8519766667d24d11e396e62ea39640c9e73e4e9e9e5076d7019ca1bebbd7097807f46b3b6fcb96ed4b433b25ec551fb176a5fa252ed1d81b0350cfdfb8069c9916495bef3a262b6668910896c0b37eee40547c663a901e92f41b417ac50e88d058d021a8f9a5783bd936cca4962bec1c9886689cc547970f9215232596392515182e563f720bb79d29baaabf0e2697de6500bc677e346847011ee3450358c0b16ca528368b5cbb8df5ab974a3cef072d20c9906fa585e0f3083ec6d8507b8561f64e65aa1aecf825fc47ad1459c87771549fd5c9a9cc094e7b1179ee1e90eff7158f28f59f029d90e708f4ec50b4f67d8b4bb7140065528354a7e25d63e92977183a0284ec22aa923210f0bfea89cca53547137381e5de0f60bc484bc2daf129b0380244f1ed4bfb674eb2791e76dce33cae684ad36620d5d67cb587f840caed316b7439b0e8c3de0e065e62680f3997369be3466670278168c9a1a644d870e3a8d0a79b2b720e8c3c51bb9133532beee64319e98714bb2e6d5c0b723962d923b0ef454361d4b3cb470bf8c39031ed4a75267f499741be15aacac92d8e6afdcb01a2e7d2dbf549ceb2a2108c4079c620f05ca1bd31d631c2c8d35ca0d73155f56ed020c25e389db356edf510ae088d11b5e4fed51d0dce4d3aa04924b09c28200ede5bec1a8f38cc5f081055e0f28d75afc4d588ca0e828d00085d150beafdda17b8df9e7d9218ea7d81f2e076412901c5ae04d6929d717fea2fcc8e5a1e69dbd7b5258799a2fa5eb108b6cc35dfab599fb27e6d75f1030b83f452af8137830337141f031942eba83123d3f87b5f01623d4613e5a44b4952c300baf3d4d3dbbfb0ad024a19b3810a174ef8453d85a25822f66e45eba2490f29de1077683ccc32e3517f88b51e010672a982f7c8591450c9ab1573143aefb61c17ebb0c92dcb0494d116b970c2a827a6b3608ae10d583d1f7d092263fa873de9f31cd59bc9491ff012059b63a9120af89477f2ccc34eee7bd66de60af64730c879128b49d31da6400c2471e0d5abf707e560574b477b8e20ca45d92182d639eb434e14aea1a3f91ad8fb60e4859b77389753990513181ea3a82884235e8520294359435cfba220502b591fc28ac36ec697442657d290bd7aad7fce53a3f1766f2bf7d55c24d7c0e9c7a71d6f1282ea1478e0a36378b50e4fee281f686bc53f50138036e2a5d6199d40caff084fde7b63b3c0a47da0791107c3218330f7c2e2c7609aba202fae5290243b6033379eb15edc572eee452008e04c9b53efd5f3d88327317b38934745bc3de4c55bd818febc7a7953bf03c4029f77177c2a974310f0485aa46252f1000dc71934947287c38ea5854f29c7b82f630afb8caf1fd880670307b155a6e7feddc019cfbbbdc18f3bc03da3bd371d93ccbf56bcb39eea55c2d113efc148127c30089d21ce6a5088dbfbcf8f8d75c19456bc962c371548634a95382acb5a0886efc46a87bdc111dc0d1e54084cea0d58054f00762c91d7fe0f0fbcf4c280f29f9cd5999a5e8c6f507f8080d7c7ea9a8685be50722cf1a082f3728dec8d6152cdc72f8da6b1805643c042f4f6780ba79cc8a2165d9d7acec8ab2f421bc3e77b51c62c4bbb262b5674ea7d2dcf9acb894d050e91b052364322a5b08bd9667249571c004fb495da7e24fc5620adda3af6848ccf238911a52bdbff766e4e279ac274afa2c2302faba25b5fe98d972a04aa13f77c0c05d7dd82b0a19f1ded8cf5f99c80e392b0aab1264a29e9fbcf0b69f6b0a9f2332e09ab74dea7277106d0883bb264e279c67e5bc69009225bf4fd1a8532f9392a011b55a73a7cf8d16a59d695b2a65b57fad64a2041f8c28804ee1a48845c5dab757d04f1d95520aa9ddb69904d6529c0e14bd789dfe37067073b3e0e136ae2aebb1c34c55b94ce942f786be4b45f801f35f7c768d91a460b92ffa57ff675f0b4b00437a07f871a8650f21b2bf7c722c1d9e860e8955fef5699ee53a5f6fe46fb9e5e17a1c69fe2538af4718b7215ad2c00c3d420589a8653ee511b809945451fb8205b19ce377c8d0253b05493c557cf2bd8ef208e8fc01beceea1acca38d025f328f28d69bcfaa3adc6d9573a3832dc3f3c758fe08cf9cd0c32acfddae81b3682869e8aa9725b64336252aeb2ee8eb78f0721aa3158217a3009948adb297c5ea45ec26cb6d963c7be47ee1b93fa136ebe73a21936df0148fa311206f8bca2e80719aeca8745ff74ddaad5182644762c66333f942d9a93c467d5f9fd5d0dbbe57480362d4bb0f760294f4eba3e1b08047d256dbda157635d21a43aff3a71f6ad574b402bb36e5270d7ed082c6fbae07771721513ae9ddb22d23b00733046c898ee6ac05ef8a51ce41919e1f241cb98e0592ace68214620ba1a748ef81131661f58f1635713ca2873e150a3e848c8d2ebd039769fda112b73050efa4d1c35dbb46ca5a7b7ccbed1dcded36af272f6838b4c1e7e6778e7e9ca3d794f275d49c9e32e768097349118d2337e7c031ada38d0cc5c04c286ff93083f6d58d73a821118c93432fda9a8c76fa2cbcc093a7decac8e4f001ecc9f67faf1c2f102120f0618469cf653bbd5fcefd4ef2bae86dc4f5393b840f9f47140cf7f46a186c21878a43612a71d3b540b9994f010ab623f878264cf46c7366d0bec5d43d481b47846091fd3cda73a9a28ceb7f839eca695c9f084a16c812475f6575ef2368c88cc6655f47663ef69ce4779fe3ccc4dd85a07a9e4c6f39f42690d231f5727f45c247a53fd8df029fcefda4f328658435892519c17205a3c715ad6bb7387d09a5e387c83f008daf626f5977c66203af1143ef7b59ccd8e3c17bb156bca317861f0b9f222ea63c044075a3a74beaf05c23d0a75caa60397d831bbe507234fff154960faf0f02776d3f9038c955bf0c1ec9c92523cf0b855c18d6ac3b35d437796420ba3dfd581dc6adac64315c1cb1a2c3a45ec4655bb2bd6e0b4a3082281ed0697a213d1d93142e96b4fd57431d2f4547451d008ab58bcd9765ccf3ca3297becd5de9e2be0263cfca09935c9334b5e687bc7e7057dc2ed03873be22200c9fe32a9497dd00a336cf4c723ead302340b5cd1fef8cd88330a9089fc93af4ef739295b94407b291bf33f4f39c936736e1166106428f8796a4b92805f4dfcf46d8692b54e40a9e8584c0eaac4caada87bb33f553eafeef5051b889402176ab766936a38ddd7e5205d2c87e133a02e84ab24ba2d889a4c4db8cbe18b271455e84da716f4a32acdbc0a5aaba25a2ec757c73847dd1c4ccb2967c651e5257692a4553dde227846bfe2977021805f46a287c835ea8dc5", 0x2000, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x10, 0xffffffffffffffda, 0x3ff, {0x0, 0xb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r10, &(0x7f0000000180)={0x50, 0x0, r11, {0x7, 0x2b, 0xffffffde, 0x2040d00c, 0x0, 0xfffe, 0x2, 0x1, 0x0, 0x0, 0x100, 0x100}}, 0x50)

1.380665113s ago: executing program 3 (id=1416):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r5, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002cbd7092bad6b86152069042032c6071a0c8800000120000010000000c00020002000000000000001c0007800c00018008000100", @ANYRES32=r6, @ANYBLOB="0c00018008000100", @ANYRES32=r6, @ANYBLOB="fa67d104ce7b4439a28cf7a1de3f8c20d3a9ee35ba20dd0d344bc624890675c89f8dcb29e85c9cd8bdeb2920fe09d25791fe85aaeee71e6e2a8b8f17777611e6c52d874ae23f3bc95a365c517e3e954bfa78d3587c43d355001e487bcca4a9c08706ac755f82a60a0cf702b47ad02f587f50665e3ac6532e6a0835a16595ebfe24c3009f7d9ec259dfca9a477eb1e2b62e12c337c7a89467a873aadc6d94d4af62a8c1f721b50da899e9f92ce1f5d86d44a4acda6e388bc62d84b466da2a4da8224d158c91af712a"], 0x3c}}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

1.261330735s ago: executing program 0 (id=1417):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x10, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f0000000240)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r5, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002cbd7092bad6b86152069042032c6071a0c8800000120000010000000c00020002000000000000001c0007800c00018008000100", @ANYRES32=r6, @ANYBLOB="0c00018008000100", @ANYRES32=r6, @ANYBLOB="fa67d104ce7b4439a28cf7a1de3f8c20d3a9ee35ba20dd0d344bc624890675c89f8dcb29e85c9cd8bdeb2920fe09d25791fe85aaeee71e6e2a8b8f17777611e6c52d874ae23f3bc95a365c517e3e954bfa78d3587c43d355001e487bcca4a9c08706ac755f82a60a0cf702b47ad02f587f50665e3ac6532e6a0835a16595ebfe24c3009f7d9ec259dfca9a477eb1e2b62e12c337c7a89467a873aadc6d94d4af62a8c1f721b50da899e9f92ce1f5d86d44a4acda6e388bc62d84b466da2a4da8224d158c91af712a"], 0x3c}}, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)

829.540973ms ago: executing program 2 (id=1418):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000000000020000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
r2 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r1, r4, 0x25, 0x0, @val=@netkit={@void, @value=r1}}, 0x1c)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="80000000", @ANYRES16=0x0, @ANYBLOB="000229bdff030000df25040000004000078008000100a40f00000c00040001000000000000000c00030002080000000000000c000400000c0000800000000800010074000000080000002c0005801400028008000200040000000800010001000000140002800800020010000000080001"], 0x80}, 0x1, 0x0, 0x0, 0x200008c0}, 0x4008c50)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)=ANY=[@ANYBLOB="180100002f00010000000000fcdbdf250601f2800c"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

559.42946ms ago: executing program 2 (id=1419):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_io_uring_setup(0xf02, &(0x7f0000000440)={0x0, 0x0, 0xc00, 0x0, 0x100000, 0x0, 0x0}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000180)=<r4=>0x0)
syz_io_uring_submit(r2, r3, r4, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x48, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x40, 0x400040, 0x23456})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
io_uring_enter(r1, 0x1, 0xeed, 0x1, 0x0, 0x0) (fail_nth: 3)

0s ago: executing program 1 (id=1420):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="e03f030025"], 0x33fe0)

kernel console output (not intermixed with test programs):

in process `syz.0.661'.
[  201.063299][ T8460] vxfs: WRONG superblock magic 00000000 at 1
[  201.067499][ T8460] vxfs: WRONG superblock magic 00000000 at 8
[  201.071473][ T8460] vxfs: can't find superblock.
[  201.517405][ T8462] syzkaller0: entered promiscuous mode
[  201.519379][ T8462] syzkaller0: entered allmulticast mode
[  201.541042][ T8462] netlink: 'syz.1.663': attribute type 1 has an invalid length.
[  201.546173][ T8462] netlink: 224 bytes leftover after parsing attributes in process `syz.1.663'.
[  201.705644][ T8465] netlink: 'syz.2.664': attribute type 1 has an invalid length.
[  201.718266][ T8465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.664'.
[  201.724575][ T8465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.664'.
[  202.583519][ T2180] usb 8-1: 3:0: cannot get min/max values for control 2 (id 3)
[  202.587173][ T2180] usb 8-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  202.594262][ T2180] usb 8-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  202.602864][ T2180] usb 8-1: 3:0: failed to get current value for ch 0 (-71)
[  202.640536][ T8472] xt_CT: No such helper "pptp"
[  202.785993][ T8475] can0: slcan on ttyS3.
[  203.108995][ T8481] can0 (unregistered): slcan off ttyS3.
[  203.138482][ T2180] usb 8-1: USB disconnect, device number 4
[  203.265123][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  203.740331][ T8506] can0: slcan on ttyS3.
[  203.888533][ T8506] can0 (unregistered): slcan off ttyS3.
[  204.735006][ T8517] syzkaller0: entered promiscuous mode
[  204.736959][ T8517] syzkaller0: entered allmulticast mode
[  205.111575][ T8521] ntfs3(nullb0): Primary boot signature is not NTFS.
[  205.115403][ T8521] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  205.663255][   T55] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  205.784015][ T8534] syzkaller0: entered promiscuous mode
[  205.815036][   T55] usb 5-1: unable to get BOS descriptor or descriptor too short
[  205.823310][   T55] usb 5-1: not running at top speed; connect to a high speed hub
[  205.827534][   T55] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  205.831063][   T55] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  205.836959][   T55] usb 5-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  205.841568][   T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.844824][   T55] usb 5-1: Product: syz
[  205.846331][   T55] usb 5-1: Manufacturer: syz
[  205.848198][   T55] usb 5-1: SerialNumber: syz
[  206.096615][ T8528] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  206.141783][ T8539] netlink: 'syz.3.682': attribute type 1 has an invalid length.
[  206.165276][ T8539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.682'.
[  206.167255][ T8536] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  206.187754][ T8539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.682'.
[  206.490836][ T8546] ntfs3(nullb0): Primary boot signature is not NTFS.
[  206.494482][ T8546] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  207.341215][ T8559] syzkaller0: entered promiscuous mode
[  207.352190][ T8559] 0: reclassify loop, rule prio 0, protocol 800
[  207.632651][ T8563] can0: slcan on ttyS3.
[  208.003269][ T8565] can0 (unregistered): slcan off ttyS3.
[  208.457731][   T55] usb 5-1: 3:0: cannot get min/max values for control 2 (id 3)
[  208.465568][   T55] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  208.473317][   T55] usb 5-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  208.479016][   T55] usb 5-1: 3:0: failed to get current value for ch 0 (-71)
[  208.516821][   T55] usb 5-1: USB disconnect, device number 9
[  208.806141][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  209.477419][ T8577] xt_CT: No such helper "pptp"
[  209.658035][ T8584] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  209.699000][ T8587] ntfs3(nullb0): Primary boot signature is not NTFS.
[  209.706997][ T8587] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  209.724358][ T8587] netlink: 16 bytes leftover after parsing attributes in process `syz.0.695'.
[  210.287145][ T8598] netlink: 2228 bytes leftover after parsing attributes in process `syz.1.697'.
[  210.315123][ T8598] vxfs: WRONG superblock magic 00000000 at 1
[  210.324554][ T8598] vxfs: WRONG superblock magic 00000000 at 8
[  210.331627][ T8598] vxfs: can't find superblock.
[  211.061849][ T8594] xt_CT: No such helper "pptp"
[  211.288449][ T8605] tipc: Started in network mode
[  211.290207][ T8605] tipc: Node identity 1a3f6948eb65, cluster identity 4711
[  211.295541][ T8605] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  211.354269][ T8605] syzkaller0: entered promiscuous mode
[  211.356268][ T8605] syzkaller0: entered allmulticast mode
[  211.369227][ T8605] tipc: Resetting bearer <eth:syzkaller0>
[  211.547047][ T8604] tipc: Resetting bearer <eth:syzkaller0>
[  212.122526][ T8623] xt_CT: No such helper "pptp"
[  212.469099][ T8625] slcan: can't register candev
[  212.685314][ T8634] netlink: 'syz.3.705': attribute type 1 has an invalid length.
[  213.698129][ T8604] tipc: Disabling bearer <eth:syzkaller0>
[  213.705429][   T55] tipc: Node number set to 4049234248
[  213.845267][ T8639] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  214.400095][ T8654] netlink: 2264 bytes leftover after parsing attributes in process `syz.0.708'.
[  214.417486][ T8654] vxfs: WRONG superblock magic 00000000 at 1
[  214.425924][ T8654] vxfs: WRONG superblock magic 00000000 at 8
[  214.429026][ T8654] vxfs: can't find superblock.
[  215.987267][ T8664] syzkaller0: entered promiscuous mode
[  215.993314][ T8664] syzkaller0: entered allmulticast mode
[  217.004302][ T8678] can0: slcan on ttyS3.
[  217.236658][ T8678] can0 (unregistered): slcan off ttyS3.
[  217.752121][ T8687] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  218.111231][ T8703] syzkaller0: entered promiscuous mode
[  218.113642][ T8703] syzkaller0: entered allmulticast mode
[  218.343760][   T55] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  218.496809][   T55] usb 6-1: unable to get BOS descriptor or descriptor too short
[  218.500121][   T55] usb 6-1: not running at top speed; connect to a high speed hub
[  218.503992][   T55] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  218.507667][   T55] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  218.513502][   T55] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  218.516631][   T55] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.519201][   T55] usb 6-1: Product: syz
[  218.520582][   T55] usb 6-1: Manufacturer: syz
[  218.522108][   T55] usb 6-1: SerialNumber: syz
[  218.654146][ T8707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.724'.
[  218.740857][ T8702] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  219.255402][ T8713] 8021q: adding VLAN 0 to HW filter on device bond3
[  219.463596][ T8713] netlink: 'syz.3.726': attribute type 1 has an invalid length.
[  219.489475][ T8713] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'.
[  219.492828][ T8713] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'.
[  220.984592][   T55] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  221.185839][   T55] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  221.190380][   T55] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  221.195738][   T55] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  221.223715][   T55] usb 6-1: USB disconnect, device number 5
[  221.238495][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  221.943288][ T8749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.737'.
[  222.244559][ T8757] netlink: 12 bytes leftover after parsing attributes in process `syz.1.741'.
[  223.397979][ T8770] can0: slcan on ttyS3.
[  223.790634][ T8789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.746'.
[  223.846102][ T8775] can0 (unregistered): slcan off ttyS3.
[  225.314016][ T8805] syzkaller0: entered promiscuous mode
[  225.329649][ T8805] 0: reclassify loop, rule prio 0, protocol 800
[  225.417314][ T8810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.753'.
[  225.918363][ T8819] syzkaller0: entered promiscuous mode
[  225.920284][ T8819] syzkaller0: entered allmulticast mode
[  225.931784][ T8819] netlink: 'syz.0.756': attribute type 1 has an invalid length.
[  225.938593][ T8819] netlink: 224 bytes leftover after parsing attributes in process `syz.0.756'.
[  225.968706][ T8820] netlink: 'syz.1.755': attribute type 1 has an invalid length.
[  226.024487][ T8820] 8021q: adding VLAN 0 to HW filter on device bond3
[  226.093746][ T8820] netlink: 'syz.1.755': attribute type 1 has an invalid length.
[  226.099318][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.755'.
[  226.102287][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.755'.
[  226.350131][ T8830] netlink: 2256 bytes leftover after parsing attributes in process `syz.0.757'.
[  226.382689][ T8830] vxfs: WRONG superblock magic 00000000 at 1
[  226.397081][ T8830] vxfs: WRONG superblock magic 00000000 at 8
[  226.402735][ T8830] vxfs: can't find superblock.
[  226.907940][ T8843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.761'.
[  226.929713][ T8843] netlink: 'syz.2.761': attribute type 1 has an invalid length.
[  226.938516][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.761'.
[  226.942283][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.761'.
[  227.357104][ T8846] xt_CT: No such helper "pptp"
[  227.363356][ T1354] usb 8-1: new full-speed USB device number 5 using dummy_hcd
[  227.536871][ T1354] usb 8-1: unable to get BOS descriptor or descriptor too short
[  227.546209][ T1354] usb 8-1: not running at top speed; connect to a high speed hub
[  227.558658][ T1354] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  227.568163][ T1354] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  227.577483][ T1354] usb 8-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  227.581798][ T1354] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.585611][ T1354] usb 8-1: Product: syz
[  227.587287][ T1354] usb 8-1: Manufacturer: syz
[  227.589243][ T1354] usb 8-1: SerialNumber: syz
[  227.825360][ T8856] syzkaller0: entered promiscuous mode
[  227.851100][ T8856] 0: reclassify loop, rule prio 0, protocol 800
[  227.864751][ T8844] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  227.964037][ T8859] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.084961][ T8859] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  228.298613][ T8859] netlink: 'syz.0.763': attribute type 1 has an invalid length.
[  228.385869][ T8859] netlink: 8 bytes leftover after parsing attributes in process `syz.0.763'.
[  228.404840][ T8859] netlink: 8 bytes leftover after parsing attributes in process `syz.0.763'.
[  228.803488][   T10] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  228.980835][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  229.013742][   T10] usb 6-1: not running at top speed; connect to a high speed hub
[  229.037252][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  229.049859][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  229.067944][   T10] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  229.071485][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.076166][   T10] usb 6-1: Product: syz
[  229.078233][   T10] usb 6-1: Manufacturer: syz
[  229.080662][   T10] usb 6-1: SerialNumber: syz
[  229.373856][ T1354] usb 8-1: 3:0: cannot get min/max values for control 2 (id 3)
[  229.376718][ T1354] usb 8-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  229.380664][ T1354] usb 8-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  229.392263][ T1354] usb 8-1: 3:0: failed to get current value for ch 0 (-71)
[  229.490260][ T8867] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  229.738577][ T1354] usb 8-1: USB disconnect, device number 5
[  229.792507][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.020637][ T8884] syzkaller0: entered promiscuous mode
[  231.036803][ T8884] 0: reclassify loop, rule prio 0, protocol 800
[  231.092404][ T8888] syzkaller0: entered promiscuous mode
[  231.099676][ T8888] 0: reclassify loop, rule prio 0, protocol 800
[  231.289330][   T10] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  231.298961][   T10] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  231.309252][   T10] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  231.316905][   T10] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  231.382963][   T10] usb 6-1: USB disconnect, device number 6
[  232.797939][ T8897] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  232.833823][ T8903] __nla_validate_parse: 2 callbacks suppressed
[  232.833842][ T8903] netlink: 2128 bytes leftover after parsing attributes in process `syz.0.773'.
[  232.847337][ T8903] vxfs: WRONG superblock magic 00000000 at 1
[  232.857398][ T8903] vxfs: WRONG superblock magic 00000000 at 8
[  232.863315][ T8903] vxfs: can't find superblock.
[  233.117539][ T8917] netlink: 'syz.1.777': attribute type 1 has an invalid length.
[  233.126212][ T8917] netlink: 224 bytes leftover after parsing attributes in process `syz.1.777'.
[  233.437332][ T8914] syzkaller0: entered promiscuous mode
[  233.439682][ T8914] syzkaller0: entered allmulticast mode
[  233.802958][ T8925] netlink: 12 bytes leftover after parsing attributes in process `syz.2.778'.
[  234.295159][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  234.938632][ T8937] syzkaller0: entered promiscuous mode
[  234.950630][ T8937] 0: reclassify loop, rule prio 0, protocol 800
[  237.512531][ T8955] xt_CT: No such helper "pptp"
[  238.428035][ T8948] netlink: 2128 bytes leftover after parsing attributes in process `syz.0.784'.
[  238.436463][ T8948] vxfs: WRONG superblock magic 00000000 at 1
[  238.439438][ T8948] vxfs: WRONG superblock magic 00000000 at 8
[  238.441739][ T8948] vxfs: can't find superblock.
[  240.133269][ T6021] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[  240.202232][ T8976] syzkaller0: entered promiscuous mode
[  240.215255][ T8976] 0: reclassify loop, rule prio 0, protocol 800
[  240.258570][ T8977] netlink: 12 bytes leftover after parsing attributes in process `syz.2.791'.
[  240.298442][ T6021] usb 8-1: unable to get BOS descriptor or descriptor too short
[  240.311814][ T6021] usb 8-1: not running at top speed; connect to a high speed hub
[  240.323959][ T8977] netlink: 84 bytes leftover after parsing attributes in process `syz.2.791'.
[  240.329005][ T6021] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  240.336886][ T6021] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  240.357433][ T6021] usb 8-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  240.367173][ T6021] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.376164][ T6021] usb 8-1: Product: syz
[  240.381924][ T6021] usb 8-1: Manufacturer: syz
[  240.399313][ T6021] usb 8-1: SerialNumber: syz
[  240.721103][ T8968] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  242.519495][ T6021] usb 8-1: 3:0: cannot get min/max values for control 2 (id 3)
[  242.526170][ T6021] usb 8-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  242.533420][ T6021] usb 8-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  242.552799][ T8998] netlink: 4 bytes leftover after parsing attributes in process `syz.2.796'.
[  242.558423][ T6021] usb 8-1: 3:0: failed to get current value for ch 0 (-71)
[  242.690585][ T6021] usb 8-1: USB disconnect, device number 6
[  242.870955][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  243.915262][ T9012] syzkaller0: entered promiscuous mode
[  243.924271][ T9012] 0: reclassify loop, rule prio 0, protocol 800
[  244.211477][ T9022] netlink: 12 bytes leftover after parsing attributes in process `syz.3.803'.
[  244.464117][   T10] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  244.572431][ T9027] syzkaller0: entered promiscuous mode
[  244.575822][ T9027] syzkaller0: entered allmulticast mode
[  244.582207][ T9027] netlink: 'syz.2.804': attribute type 1 has an invalid length.
[  244.585172][ T9027] netlink: 224 bytes leftover after parsing attributes in process `syz.2.804'.
[  244.672528][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  244.684219][   T10] usb 6-1: not running at top speed; connect to a high speed hub
[  244.728146][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  244.733833][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  244.772909][   T10] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  244.777787][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.786208][   T10] usb 6-1: Product: syz
[  244.789950][   T10] usb 6-1: Manufacturer: syz
[  244.792997][   T10] usb 6-1: SerialNumber: syz
[  245.207762][ T9017] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  245.676194][ T9037] can0: slcan on ttyS3.
[  245.855636][ T9037] can0 (unregistered): slcan off ttyS3.
[  245.905845][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.807'.
[  246.401190][   T10] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  246.405511][   T10] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  246.413227][   T10] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  246.422792][   T10] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  246.481281][   T10] usb 6-1: USB disconnect, device number 7
[  246.494060][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such device
[  246.661890][ T9058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.808'.
[  248.032731][ T9075] netlink: 12 bytes leftover after parsing attributes in process `syz.3.812'.
[  248.408451][ T9079] syzkaller0: entered promiscuous mode
[  248.410408][ T9079] syzkaller0: entered allmulticast mode
[  248.418149][ T9079] netlink: 'syz.2.813': attribute type 1 has an invalid length.
[  248.421774][ T9079] netlink: 224 bytes leftover after parsing attributes in process `syz.2.813'.
[  249.227778][ T9089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.816'.
[  249.774493][ T9091] netlink: 64 bytes leftover after parsing attributes in process `syz.3.817'.
[  250.738749][ T9103] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  250.924012][ T6021] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  251.110754][ T6021] usb 5-1: unable to get BOS descriptor or descriptor too short
[  251.118840][ T6021] usb 5-1: not running at top speed; connect to a high speed hub
[  251.129063][ T6021] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  251.135190][ T6021] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  251.150772][ T6021] usb 5-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  251.155725][ T6021] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.160814][ T6021] usb 5-1: Product: syz
[  251.162759][ T6021] usb 5-1: Manufacturer: syz
[  251.168821][ T6021] usb 5-1: SerialNumber: syz
[  251.631312][ T9101] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  251.757280][ T9113] netlink: 2128 bytes leftover after parsing attributes in process `syz.3.823'.
[  251.793456][ T9113] vxfs: WRONG superblock magic 00000000 at 1
[  251.813627][ T9113] vxfs: WRONG superblock magic 00000000 at 8
[  251.819316][ T9113] vxfs: can't find superblock.
[  252.593261][ T9116] syzkaller0: entered promiscuous mode
[  252.604592][ T9116] 0: reclassify loop, rule prio 0, protocol 800
[  252.743922][ T9119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.825'.
[  253.142968][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.827'.
[  253.361794][ T9127] xt_CT: No such helper "pptp"
[  253.576281][ T6021] usb 5-1: 3:0: cannot get min/max values for control 2 (id 3)
[  253.583308][ T6021] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  253.589935][ T6021] usb 5-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  253.599106][ T6021] usb 5-1: 3:0: failed to get current value for ch 0 (-71)
[  253.681696][ T6021] usb 5-1: USB disconnect, device number 10
[  253.738825][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  254.976604][ T9143] netlink: 28 bytes leftover after parsing attributes in process `syz.1.830'.
[  254.998047][ T9143] netlink: 'syz.1.830': attribute type 1 has an invalid length.
[  255.014688][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.830'.
[  255.022836][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.830'.
[  255.394690][   T24] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  255.546046][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  255.550054][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  255.556363][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  255.560604][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  255.569587][   T24] usb 5-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  255.572995][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.576312][   T24] usb 5-1: Product: syz
[  255.578365][   T24] usb 5-1: Manufacturer: syz
[  255.580379][   T24] usb 5-1: SerialNumber: syz
[  255.807751][ T9154] ntfs3(nullb0): Primary boot signature is not NTFS.
[  255.818418][ T9154] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  255.829471][ T9154] netlink: 'syz.1.834': attribute type 8 has an invalid length.
[  255.838259][ T9154] netlink: 4 bytes leftover after parsing attributes in process `syz.1.834'.
[  255.846138][ T9147] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  256.363562][ T2180] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  256.540075][   T24] usb 5-1: 3:0: cannot get min/max values for control 2 (id 3)
[  256.543796][   T24] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  256.545844][ T2180] usb 6-1: unable to get BOS descriptor or descriptor too short
[  256.547491][   T24] usb 5-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  256.550866][ T2180] usb 6-1: not running at top speed; connect to a high speed hub
[  256.554440][   T24] usb 5-1: 3:0: failed to get current value for ch 0 (-71)
[  256.557048][ T2180] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  256.562282][ T2180] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  256.569005][ T2180] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  256.572595][ T2180] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.575349][ T2180] usb 6-1: Product: syz
[  256.576786][ T2180] usb 6-1: Manufacturer: syz
[  256.578753][ T2180] usb 6-1: SerialNumber: syz
[  256.584521][   T24] usb 5-1: USB disconnect, device number 11
[  256.621536][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  256.844757][ T9158] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  257.224627][ T9169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.837'.
[  257.628549][ T2180] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  257.631676][ T2180] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  257.637708][ T2180] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  257.653912][ T2180] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  257.904437][ T2180] usb 6-1: USB disconnect, device number 8
[  257.971826][ T9173] ntfs3(nullb0): Primary boot signature is not NTFS.
[  257.976141][ T9173] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  258.030768][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  258.039550][ T9175] syzkaller0: entered promiscuous mode
[  258.048022][ T9175] 0: reclassify loop, rule prio 0, protocol 800
[  258.327454][ T9185] netlink: 28 bytes leftover after parsing attributes in process `syz.0.843'.
[  258.336767][ T9185] netlink: 'syz.0.843': attribute type 1 has an invalid length.
[  258.341717][ T9185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.843'.
[  258.345941][ T9185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.843'.
[  258.398366][ T9181] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  258.669547][ T9190] netlink: 2260 bytes leftover after parsing attributes in process `syz.2.844'.
[  258.687922][ T9190] vxfs: WRONG superblock magic 00000000 at 1
[  258.766645][ T9190] vxfs: WRONG superblock magic 00000000 at 8
[  258.777061][ T9190] vxfs: can't find superblock.
[  259.534179][ T9196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.845'.
[  260.596144][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  261.244836][ T9228] can0: slcan on ttyS3.
[  261.363692][ T9228] can0 (unregistered): slcan off ttyS3.
[  262.032466][ T9243] __nla_validate_parse: 1 callbacks suppressed
[  262.032482][ T9243] netlink: 28 bytes leftover after parsing attributes in process `syz.2.855'.
[  262.046586][ T9243] netlink: 'syz.2.855': attribute type 1 has an invalid length.
[  262.053668][ T9243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.855'.
[  262.060337][ T9243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.855'.
[  262.074047][ T9241] syzkaller0: entered promiscuous mode
[  262.076520][ T9241] syzkaller0: entered allmulticast mode
[  262.088960][ T9241] netlink: 'syz.3.858': attribute type 1 has an invalid length.
[  262.092649][ T9241] netlink: 224 bytes leftover after parsing attributes in process `syz.3.858'.
[  262.288379][ T9246] netlink: 2260 bytes leftover after parsing attributes in process `syz.1.856'.
[  262.293980][ T9246] vxfs: WRONG superblock magic 00000000 at 1
[  262.296243][ T9246] vxfs: WRONG superblock magic 00000000 at 8
[  262.298427][ T9246] vxfs: can't find superblock.
[  263.304576][ T9259] netlink: 12 bytes leftover after parsing attributes in process `syz.1.861'.
[  263.955806][ T9260] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  264.901262][ T9272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.860'.
[  267.593948][ T9287] syzkaller0: entered promiscuous mode
[  267.615468][ T9293] netlink: 2260 bytes leftover after parsing attributes in process `syz.0.869'.
[  267.629206][ T9293] vxfs: WRONG superblock magic 00000000 at 1
[  267.633631][ T9293] vxfs: WRONG superblock magic 00000000 at 8
[  267.636413][ T9293] vxfs: can't find superblock.
[  267.690848][ T9287] 0: reclassify loop, rule prio 0, protocol 800
[  271.070576][ T9322] netlink: 12 bytes leftover after parsing attributes in process `syz.3.875'.
[  271.365224][ T9312] can0: slcan on ttyS3.
[  271.705651][ T9324] can0 (unregistered): slcan off ttyS3.
[  271.943808][ T9329] netlink: 12 bytes leftover after parsing attributes in process `syz.0.873'.
[  272.172485][ T9330] syzkaller0: entered promiscuous mode
[  272.189226][ T9330] 0: reclassify loop, rule prio 0, protocol 800
[  273.082096][ T9340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.878'.
[  273.352881][ T9345] xt_CT: No such helper "pptp"
[  273.723282][ T6021] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  273.875325][ T6021] usb 7-1: unable to get BOS descriptor or descriptor too short
[  273.878610][ T6021] usb 7-1: not running at top speed; connect to a high speed hub
[  273.882820][ T6021] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  273.889209][ T6021] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  273.898749][ T6021] usb 7-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  273.902995][ T6021] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.911716][ T6021] usb 7-1: Product: syz
[  273.914567][ T6021] usb 7-1: Manufacturer: syz
[  273.916692][ T6021] usb 7-1: SerialNumber: syz
[  274.016169][ T9355] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'.
[  274.179097][ T9352] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  274.211629][ T9359] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  274.701235][ T6021] usb 7-1: 3:0: cannot get min/max values for control 2 (id 3)
[  274.705776][ T6021] usb 7-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  274.708867][ T6021] usb 7-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  274.712347][ T6021] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[  274.734741][ T6021] usb 7-1: USB disconnect, device number 6
[  274.749489][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  275.272683][ T9378] syzkaller0: entered promiscuous mode
[  275.275444][ T9378] syzkaller0: entered allmulticast mode
[  275.523457][ T9380] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  277.173937][ T6012] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  277.356567][ T6012] usb 7-1: unable to get BOS descriptor or descriptor too short
[  277.361305][ T6012] usb 7-1: not running at top speed; connect to a high speed hub
[  277.371925][ T6012] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  277.379058][ T6012] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  277.399771][ T6012] usb 7-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  277.409859][ T6012] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.416420][ T6012] usb 7-1: Product: syz
[  277.418348][ T6012] usb 7-1: Manufacturer: syz
[  277.419884][ T6012] usb 7-1: SerialNumber: syz
[  277.584821][ T9402] xt_CT: No such helper "pptp"
[  277.641976][ T9398] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  278.653921][ T9416] vxfs: WRONG superblock magic 00000000 at 1
[  278.658564][ T9416] vxfs: WRONG superblock magic 00000000 at 8
[  278.660925][ T9416] vxfs: can't find superblock.
[  279.113306][ T6012] usb 7-1: 3:0: cannot get min/max values for control 2 (id 3)
[  279.116119][ T6012] usb 7-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  279.119437][ T6012] usb 7-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  279.165230][ T6012] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[  279.354716][ T6012] usb 7-1: USB disconnect, device number 7
[  279.418250][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  279.521418][ T9420] can0: slcan on ttyS3.
[  279.773677][ T9418] can0 (unregistered): slcan off ttyS3.
[  279.915404][ T9429] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  280.854215][ T9442] xt_CT: No such helper "pptp"
[  281.914922][ T9479] vxfs: WRONG superblock magic 00000000 at 1
[  281.922954][ T9479] vxfs: WRONG superblock magic 00000000 at 8
[  281.925764][ T9479] vxfs: can't find superblock.
[  282.081872][ T9481] can0: slcan on ttyS3.
[  282.223767][ T9483] can0 (unregistered): slcan off ttyS3.
[  282.714656][ T9487] netlink: 'syz.3.909': attribute type 1 has an invalid length.
[  282.877827][ T9498] netlink: 'syz.3.909': attribute type 1 has an invalid length.
[  282.972049][ T9487] 8021q: adding VLAN 0 to HW filter on device bond4
[  283.014159][ T9487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.909'.
[  283.026876][ T9487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.909'.
[  283.216122][ T9509] netlink: 12 bytes leftover after parsing attributes in process `syz.1.912'.
[  283.415335][ T9508] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  284.358261][ T9515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.913'.
[  285.040851][ T9532] can0: slcan on ttyS3.
[  285.227988][ T9532] can0 (unregistered): slcan off ttyS3.
[  285.472636][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.3.918'.
[  285.513272][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  285.580003][ T9543] netlink: 84 bytes leftover after parsing attributes in process `syz.3.918'.
[  286.538034][ T9550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.919'.
[  287.059589][ T9565] netlink: 'syz.1.922': attribute type 1 has an invalid length.
[  287.110309][ T9565] 8021q: adding VLAN 0 to HW filter on device bond4
[  287.182889][ T9560] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  287.526354][ T9565] netlink: 'syz.1.922': attribute type 1 has an invalid length.
[  287.626765][ T9565] netlink: 8 bytes leftover after parsing attributes in process `syz.1.922'.
[  287.638196][ T9565] netlink: 8 bytes leftover after parsing attributes in process `syz.1.922'.
[  287.767684][ T9570] can0: slcan on ttyS3.
[  288.007752][ T9578] can0 (unregistered): slcan off ttyS3.
[  289.365448][ T9598] can0: slcan on ttyS3.
[  289.464310][ T9598] can0 (unregistered): slcan off ttyS3.
[  289.942659][ T9632] can0: slcan on ttyS3.
[  289.992574][ T9636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.931'.
[  290.065887][ T9632] can0 (unregistered): slcan off ttyS3.
[  290.768001][ T9646] netlink: 'syz.1.933': attribute type 1 has an invalid length.
[  290.827014][ T9646] 8021q: adding VLAN 0 to HW filter on device bond5
[  290.846857][ T9646] netlink: 'syz.1.933': attribute type 1 has an invalid length.
[  290.852436][ T9646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.933'.
[  290.856295][ T9646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.933'.
[  291.463235][ T6012] usb 8-1: new full-speed USB device number 7 using dummy_hcd
[  291.616098][ T6012] usb 8-1: unable to get BOS descriptor or descriptor too short
[  291.620498][ T6012] usb 8-1: not running at top speed; connect to a high speed hub
[  291.626722][ T6012] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  291.632256][ T6012] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  291.639621][ T6012] usb 8-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  291.643452][ T6012] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.646946][ T6012] usb 8-1: Product: syz
[  291.648851][ T6012] usb 8-1: Manufacturer: syz
[  291.650444][ T6012] usb 8-1: SerialNumber: syz
[  291.979617][ T9655] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  293.026652][ T9674] syzkaller0: entered promiscuous mode
[  293.042574][ T9674] 0: reclassify loop, rule prio 0, protocol 800
[  293.057111][ T9670] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  293.333121][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  293.683219][   T10] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  293.845945][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[  293.859682][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  293.982914][ T6012] usb 8-1: 3:0: cannot get min/max values for control 2 (id 3)
[  293.986785][ T6012] usb 8-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  293.991720][ T6012] usb 8-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  294.002346][ T6012] usb 8-1: 3:0: failed to get current value for ch 0 (-71)
[  294.100255][ T6012] usb 8-1: USB disconnect, device number 7
[  294.389657][   T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  294.458132][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  294.704331][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  294.730704][   T10] usb 5-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  294.735180][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.739138][   T10] usb 5-1: Product: syz
[  294.740992][   T10] usb 5-1: Manufacturer: syz
[  294.743255][   T10] usb 5-1: SerialNumber: syz
[  295.049379][ T9698] netlink: 'syz.1.945': attribute type 1 has an invalid length.
[  295.052413][ T9697] netlink: 'syz.2.944': attribute type 1 has an invalid length.
[  295.072037][ T9698] 8021q: adding VLAN 0 to HW filter on device bond6
[  295.138849][ T9703] netlink: 'syz.1.945': attribute type 1 has an invalid length.
[  295.214774][ T9697] 8021q: adding VLAN 0 to HW filter on device bond3
[  295.237255][ T9704] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  295.260424][ T9679] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  295.277284][ T9698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'.
[  295.288973][ T9698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.945'.
[  295.329522][ T9697] netlink: 'syz.2.944': attribute type 1 has an invalid length.
[  295.339769][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.944'.
[  295.344724][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.944'.
[  295.853255][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  296.088133][   T10] usb 5-1: 3:0: cannot get min/max values for control 2 (id 3)
[  296.100217][   T10] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  296.117408][   T10] usb 5-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  296.133816][   T10] usb 5-1: 3:0: failed to get current value for ch 0 (-71)
[  296.263174][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  296.354226][   T10] usb 5-1: USB disconnect, device number 12
[  296.388981][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  296.430596][ T9719] syzkaller0: entered promiscuous mode
[  296.493009][ T9719] 0: reclassify loop, rule prio 0, protocol 800
[  296.603595][ T5998] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  296.617838][ T9724] netlink: 12 bytes leftover after parsing attributes in process `syz.2.950'.
[  296.618308][ T9725] netlink: 12 bytes leftover after parsing attributes in process `syz.3.951'.
[  296.768501][ T5998] usb 6-1: unable to get BOS descriptor or descriptor too short
[  296.775432][ T5998] usb 6-1: not running at top speed; connect to a high speed hub
[  296.783025][ T5998] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  296.794110][ T5998] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  296.807344][ T5998] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  296.812365][ T5998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.819507][ T5998] usb 6-1: Product: syz
[  296.825488][ T5998] usb 6-1: Manufacturer: syz
[  296.827562][ T5998] usb 6-1: SerialNumber: syz
[  297.091409][ T9716] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  298.016229][ T9731] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  298.386879][ T9734] ntfs3(nullb0): Primary boot signature is not NTFS.
[  298.396764][ T9734] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  298.416258][ T9734] netlink: 36 bytes leftover after parsing attributes in process `syz.0.953'.
[  299.073929][  T853] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  299.285031][  T853] usb 7-1: unable to get BOS descriptor or descriptor too short
[  299.306644][  T853] usb 7-1: not running at top speed; connect to a high speed hub
[  299.325517][  T853] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  299.334786][  T853] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  299.495562][ T9745] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  299.508008][  T853] usb 7-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  299.538918][  T853] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.542750][  T853] usb 7-1: Product: syz
[  299.554093][  T853] usb 7-1: Manufacturer: syz
[  299.555826][  T853] usb 7-1: SerialNumber: syz
[  299.912914][ T9752] netlink: 'syz.1.957': attribute type 1 has an invalid length.
[  299.969941][ T9752] 8021q: adding VLAN 0 to HW filter on device bond7
[  300.022137][ T9752] netlink: 'syz.1.957': attribute type 1 has an invalid length.
[  300.044283][ T9752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.957'.
[  300.047655][ T9740] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  300.054662][ T9752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.957'.
[  300.140067][ T5998] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  300.144326][ T5998] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  300.148623][ T5998] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  300.153502][ T5998] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  300.200588][ T5998] usb 6-1: USB disconnect, device number 9
[  300.264254][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  300.399023][ T9762] syzkaller0: entered promiscuous mode
[  300.416886][ T9762] 0: reclassify loop, rule prio 0, protocol 800
[  301.513128][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  302.026142][ T9775] xt_CT: No such helper "pptp"
[  302.069184][  T853] usb 7-1: 3:0: cannot get min/max values for control 2 (id 3)
[  302.133691][  T853] usb 7-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  302.231213][  T853] usb 7-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  302.384752][ T9780] xt_CT: No such helper "pptp"
[  302.387551][  T853] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[  302.469880][  T853] usb 7-1: USB disconnect, device number 8
[  302.531984][ T9788] syzkaller0: entered promiscuous mode
[  302.535480][ T9788] syzkaller0: entered allmulticast mode
[  302.976446][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  303.291567][ T9798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.970'.
[  303.337117][ T9801] netlink: 'syz.3.971': attribute type 1 has an invalid length.
[  303.448388][ T9804] netlink: 'syz.3.971': attribute type 1 has an invalid length.
[  303.546173][ T9801] 8021q: adding VLAN 0 to HW filter on device bond5
[  303.586078][ T9801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.971'.
[  303.596178][ T9801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.971'.
[  304.458388][ T9809] xt_CT: No such helper "pptp"
[  305.003921][ T9823] xt_CT: No such helper "pptp"
[  305.302400][ T9830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.976'.
[  306.472514][ T9837] xt_CT: No such helper "pptp"
[  306.503203][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  306.718244][ T9851] can0: slcan on ttyS3.
[  306.913352][   T55] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  307.027032][ T9851] can0 (unregistered): slcan off ttyS3.
[  307.094911][   T55] usb 7-1: unable to get BOS descriptor or descriptor too short
[  307.105649][   T55] usb 7-1: not running at top speed; connect to a high speed hub
[  307.121596][   T55] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  307.143649][   T55] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  307.171174][   T55] usb 7-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  307.192918][   T55] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.205192][   T55] usb 7-1: Product: syz
[  307.215640][   T55] usb 7-1: Manufacturer: syz
[  307.222298][   T55] usb 7-1: SerialNumber: syz
[  307.560352][ T9849] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  309.580023][ T9860] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  309.641319][ T9869] fuse: Bad value for 'fd'
[  309.705411][ T9872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.985'.
[  309.943348][ T9874] netlink: 4 bytes leftover after parsing attributes in process `syz.3.984'.
[  310.365903][   T55] usb 7-1: 3:0: cannot get min/max values for control 2 (id 3)
[  310.368475][   T55] usb 7-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  310.385692][   T55] usb 7-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  310.398558][   T55] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[  310.668722][   T55] usb 7-1: USB disconnect, device number 9
[  310.856105][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  311.174767][ T9881] xt_CT: No such helper "pptp"
[  311.428032][ T9891] netlink: 12 bytes leftover after parsing attributes in process `syz.0.991'.
[  311.819222][ T9893] vxfs: WRONG superblock magic 00000000 at 1
[  311.822134][ T9893] vxfs: WRONG superblock magic 00000000 at 8
[  311.824768][ T9893] vxfs: can't find superblock.
[  312.653389][ T9898] xt_CT: No such helper "pptp"
[  312.849548][ T9901] syzkaller0: entered promiscuous mode
[  313.132618][ T9911] fuse: Bad value for 'fd'
[  313.258432][ T9915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'.
[  314.782381][ T9920] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  315.480403][ T9923] syzkaller0: entered promiscuous mode
[  315.506508][ T9923] 0: reclassify loop, rule prio 0, protocol 800
[  315.992853][ T9941] netlink: 2256 bytes leftover after parsing attributes in process `syz.0.1003'.
[  316.011467][ T9941] vxfs: WRONG superblock magic 00000000 at 1
[  316.030290][ T9941] vxfs: WRONG superblock magic 00000000 at 8
[  316.033915][ T9941] vxfs: can't find superblock.
[  316.322496][ T9932] can0: slcan on ttyS3.
[  316.449640][ T9932] can0 (unregistered): slcan off ttyS3.
[  316.958940][ T9949] syzkaller0: entered promiscuous mode
[  317.813961][ T9962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1007'.
[  319.165694][ T9974] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  319.391034][ T9979] syzkaller0: entered promiscuous mode
[  319.404383][ T9979] 0: reclassify loop, rule prio 0, protocol 800
[  319.671533][ T9984] netlink: 2256 bytes leftover after parsing attributes in process `syz.0.1013'.
[  319.683007][ T9984] vxfs: WRONG superblock magic 00000000 at 1
[  319.687857][ T9984] vxfs: WRONG superblock magic 00000000 at 8
[  319.690676][ T9984] vxfs: can't find superblock.
[  319.808674][ T9992] FAULT_INJECTION: forcing a failure.
[  319.808674][ T9992] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  319.816690][ T9992] CPU: 3 UID: 0 PID: 9992 Comm: syz.2.1015 Not tainted syzkaller #0 PREEMPT(full) 
[  319.816721][ T9992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  319.816734][ T9992] Call Trace:
[  319.816786][ T9992]  <TASK>
[  319.816795][ T9992]  dump_stack_lvl+0x100/0x190
[  319.817009][ T9992]  should_fail_ex.cold+0x5/0xa
[  319.817113][ T9992]  _copy_from_user+0x2e/0xd0
[  319.817256][ T9992]  get_compat_msghdr+0xb3/0x4b0
[  319.817361][ T9992]  ? __pfx_get_compat_msghdr+0x10/0x10
[  319.817389][ T9992]  ___sys_sendmsg+0x1b6/0x1e0
[  319.817418][ T9992]  ? __pfx____sys_sendmsg+0x10/0x10
[  319.817457][ T9992]  ? find_held_lock+0x2b/0x80
[  319.817583][ T9992]  __sys_sendmsg+0x170/0x220
[  319.817604][ T9992]  ? __pfx___sys_sendmsg+0x10/0x10
[  319.817625][ T9992]  ? __fget_files+0x21f/0x3d0
[  319.817723][ T9992]  ? ksys_write+0x1ac/0x250
[  319.817781][ T9992]  ? rcu_is_watching+0x12/0xc0
[  319.817869][ T9992]  __do_fast_syscall_32+0xe7/0x950
[  319.818050][ T9992]  ? lockdep_hardirqs_on+0x78/0x100
[  319.818088][ T9992]  do_fast_syscall_32+0x32/0x70
[  319.818107][ T9992]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  319.818139][ T9992] RIP: 0023:0xf6ffefcc
[  319.818156][ T9992] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  319.818174][ T9992] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  319.818197][ T9992] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  319.818209][ T9992] RDX: 000000000000c010 RSI: 0000000000000000 RDI: 0000000000000000
[  319.818221][ T9992] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  319.818232][ T9992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  319.818245][ T9992] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  319.818271][ T9992]  </TASK>
[  320.029476][ T9997] syzkaller0: entered promiscuous mode
[  320.039318][ T9997] 0: reclassify loop, rule prio 0, protocol 800
[  320.134662][ T9994] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  320.502275][T10004] netlink: 2256 bytes leftover after parsing attributes in process `syz.1.1018'.
[  320.514332][T10004] vxfs: WRONG superblock magic 00000000 at 1
[  320.518744][T10004] vxfs: WRONG superblock magic 00000000 at 8
[  320.522176][T10004] vxfs: can't find superblock.
[  320.819233][T10010] tmpfs: Bad value for 'mpol'
[  320.969585][T10013] syzkaller0: entered promiscuous mode
[  320.983350][T10013] syzkaller0: entered allmulticast mode
[  321.112414][T10014] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  321.704451][T10018] netlink: 'syz.3.1023': attribute type 1 has an invalid length.
[  321.778697][T10018] 8021q: adding VLAN 0 to HW filter on device bond6
[  321.867536][T10018] netlink: 'syz.3.1023': attribute type 1 has an invalid length.
[  322.019395][T10018] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1023'.
[  322.031237][T10018] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1023'.
[  322.046648][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  323.433330][   T24] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  323.610440][   T24] usb 7-1: unable to get BOS descriptor or descriptor too short
[  323.615100][   T24] usb 7-1: not running at top speed; connect to a high speed hub
[  323.624637][   T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  323.632259][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  323.668290][   T24] usb 7-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  323.679754][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.686042][   T24] usb 7-1: Product: syz
[  323.697888][   T24] usb 7-1: Manufacturer: syz
[  323.712951][   T24] usb 7-1: SerialNumber: syz
[  323.734006][   T55] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  323.943015][   T55] usb 6-1: unable to get BOS descriptor or descriptor too short
[  323.947264][   T55] usb 6-1: not running at top speed; connect to a high speed hub
[  323.988439][   T55] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  323.997040][   T55] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  324.015202][T10033] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  324.053378][   T55] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  324.060936][   T55] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.078425][   T55] usb 6-1: Product: syz
[  324.080742][   T55] usb 6-1: Manufacturer: syz
[  324.082798][   T55] usb 6-1: SerialNumber: syz
[  324.494853][T10042] netlink: 2260 bytes leftover after parsing attributes in process `syz.3.1029'.
[  324.525213][T10042] vxfs: WRONG superblock magic 00000000 at 1
[  324.540478][T10042] vxfs: WRONG superblock magic 00000000 at 8
[  324.542778][T10042] vxfs: can't find superblock.
[  324.567380][T10039] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  325.038026][T10049] syzkaller0: entered promiscuous mode
[  325.039995][T10049] syzkaller0: entered allmulticast mode
[  325.050533][T10047] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  326.078380][   T24] usb 7-1: 3:0: cannot get min/max values for control 2 (id 3)
[  326.088943][   T24] usb 7-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  326.104787][   T24] usb 7-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  326.116410][   T24] usb 7-1: 3:0: failed to get current value for ch 0 (-71)
[  326.235138][   T24] usb 7-1: USB disconnect, device number 10
[  326.572431][T10060] FAULT_INJECTION: forcing a failure.
[  326.572431][T10060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.610931][T10060] CPU: 1 UID: 0 PID: 10060 Comm: syz.0.1035 Not tainted syzkaller #0 PREEMPT(full) 
[  326.610950][T10060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  326.610957][T10060] Call Trace:
[  326.610962][T10060]  <TASK>
[  326.610967][T10060]  dump_stack_lvl+0x100/0x190
[  326.610984][T10060]  should_fail_ex.cold+0x5/0xa
[  326.611000][T10060]  _copy_from_user+0x2e/0xd0
[  326.611018][T10060]  __sys_bpf+0x243/0x4b90
[  326.611080][T10060]  ? __pfx___sys_bpf+0x10/0x10
[  326.611090][T10060]  ? get_pid_task+0x106/0x250
[  326.611133][T10060]  ? proc_fail_nth_write+0x9f/0x220
[  326.611192][T10060]  ? find_held_lock+0x2b/0x80
[  326.611208][T10060]  ? find_held_lock+0x2b/0x80
[  326.611223][T10060]  ? ksys_write+0x190/0x250
[  326.611237][T10060]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  326.611247][T10060]  ? kernel_write+0x633/0x6c0
[  326.611267][T10060]  ? fput+0x79/0x100
[  326.611281][T10060]  ? ksys_write+0x1ac/0x250
[  326.611294][T10060]  __ia32_sys_bpf+0x79/0xf0
[  326.611305][T10060]  ? lockdep_hardirqs_on+0x78/0x100
[  326.611321][T10060]  __do_fast_syscall_32+0xe7/0x950
[  326.611332][T10060]  ? lockdep_hardirqs_on+0x78/0x100
[  326.611349][T10060]  do_fast_syscall_32+0x32/0x70
[  326.611359][T10060]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.611373][T10060] RIP: 0023:0xf709efcc
[  326.611384][T10060] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  326.611399][T10060] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  326.611410][T10060] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000600
[  326.611416][T10060] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  326.611422][T10060] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  326.611428][T10060] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  326.611434][T10060] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  326.611447][T10060]  </TASK>
[  327.085393][T10068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1038'.
[  327.741630][   T55] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  327.748852][   T55] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  327.756853][   T55] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  327.790897][   T55] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  328.285461][   T55] usb 6-1: USB disconnect, device number 10
[  328.746981][T10079] netlink: 2260 bytes leftover after parsing attributes in process `syz.1.1040'.
[  328.756770][T10079] vxfs: WRONG superblock magic 00000000 at 1
[  328.762720][T10079] vxfs: WRONG superblock magic 00000000 at 8
[  328.765443][T10079] vxfs: can't find superblock.
[  329.042781][T10085] syzkaller0: entered promiscuous mode
[  329.049526][T10085] syzkaller0: entered allmulticast mode
[  329.202588][T10094] netlink: 'syz.2.1045': attribute type 1 has an invalid length.
[  329.285676][T10094] 8021q: adding VLAN 0 to HW filter on device bond4
[  329.320270][T10094] netlink: 'syz.2.1045': attribute type 1 has an invalid length.
[  329.329465][T10094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1045'.
[  329.338426][T10094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1045'.
[  329.383289][   T10] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  329.544102][   T10] usb 8-1: Using ep0 maxpacket: 32
[  329.576110][   T10] usb 8-1: unable to get BOS descriptor or descriptor too short
[  329.589634][   T10] usb 8-1: config 8 has an invalid interface number: 188 but max is 0
[  329.600644][   T10] usb 8-1: config 8 has no interface number 0
[  329.609915][   T10] usb 8-1: config 8 interface 188 has no altsetting 0
[  329.629500][   T10] usb 8-1: string descriptor 0 read error: -22
[  329.639483][   T10] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0102, bcdDevice=89.0e
[  329.643671][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.662195][   T10] dvb-usb: found a 'Terratec Cinergy S2 USB HD Rev.3' in warm state.
[  329.673166][  T853] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  329.683453][   T10] dw2102: su3000_power_ctrl: 1, initialized 0
[  329.687197][   T10] dvb-usb: bulk message failed: -22 (2/0)
[  329.704460][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  329.716055][   T10] dvbdev: DVB: registering new adapter (Terratec Cinergy S2 USB HD Rev.3)
[  329.721838][   T10] usb 8-1: media controller created
[  329.740834][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  329.747900][   T10] dw2102: i2c transfer failed.
[  329.751831][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  329.754655][   T10] dw2102: i2c transfer failed.
[  329.757410][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  329.761959][   T10] dw2102: i2c transfer failed.
[  329.764340][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  329.766613][   T10] dw2102: i2c transfer failed.
[  329.768730][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  329.772507][   T10] dw2102: i2c transfer failed.
[  329.774661][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  329.777931][   T10] dw2102: i2c transfer failed.
[  329.784692][   T10] dvb-usb: MAC address: 02:02:02:02:02:02
[  329.839005][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  329.844719][  T853] usb 5-1: unable to get BOS descriptor or descriptor too short
[  329.854446][  T853] usb 5-1: not running at top speed; connect to a high speed hub
[  329.869375][  T853] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  329.880607][  T853] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  329.894387][  T853] usb 5-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  329.902889][  T853] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.913434][  T853] usb 5-1: Product: syz
[  329.915765][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  329.917923][  T853] usb 5-1: Manufacturer: syz
[  329.919520][  T853] usb 5-1: SerialNumber: syz
[  329.922599][   T10] dw2102: command 0x0e transfer failed.
[  329.932903][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  329.949721][   T10] dw2102: command 0x0e transfer failed.
[  330.274914][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  330.287900][   T10] dw2102: command 0x0e transfer failed.
[  330.290533][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  330.306990][   T10] dw2102: command 0x0e transfer failed.
[  330.320944][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  330.336786][   T10] dw2102: command 0x51 transfer failed.
[  330.349931][T10100] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  330.405009][   T10] DVB: Unable to find symbol ds3000_attach()
[  330.407785][   T10] dvb-usb: no frontend was attached by 'Terratec Cinergy S2 USB HD Rev.3'
[  330.575655][   T10] rc_core: IR keymap rc-su3000 not found
[  330.578548][   T10] Registered IR keymap rc-empty
[  330.595016][   T10] rc rc0: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.3/usb8/8-1/rc/rc0
[  330.626078][   T10] input: Terratec Cinergy S2 USB HD Rev.3 as /devices/platform/dummy_hcd.3/usb8/8-1/rc/rc0/input6
[  330.665657][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  330.678225][   T10] dw2102: su3000_power_ctrl: 0, initialized 1
[  330.681456][   T10] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully initialized and connected.
[  330.834429][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  330.836613][    T9] dw2102: i2c transfer failed.
[  330.900198][T10111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1048'.
[  331.014107][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  331.017371][    T9] dw2102: i2c transfer failed.
[  331.193374][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  331.196664][    T9] dw2102: i2c transfer failed.
[  331.363394][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  331.367145][    T9] dw2102: i2c transfer failed.
[  331.533888][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  331.536125][    T9] dw2102: i2c transfer failed.
[  331.687186][T10115] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1049'.
[  331.693405][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  331.695939][    T9] dw2102: i2c transfer failed.
[  331.855329][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  331.857896][    T9] dw2102: i2c transfer failed.
[  332.013452][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  332.024735][    T9] dw2102: i2c transfer failed.
[  332.055977][   T29] usb 8-1: USB disconnect, device number 8
[  332.174378][  T853] usb 5-1: 3:0: cannot get min/max values for control 2 (id 3)
[  332.179583][  T853] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  332.188426][  T853] usb 5-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  332.198950][  T853] usb 5-1: 3:0: failed to get current value for ch 0 (-71)
[  332.237124][   T29] dvb-usb: Terratec Cinergy S2 USB HD Rev.3 successfully deinitialized and disconnected.
[  332.285902][  T853] usb 5-1: USB disconnect, device number 13
[  332.434337][T10120] can0: slcan on ttyS3.
[  333.253977][T10131] netlink: 2260 bytes leftover after parsing attributes in process `syz.0.1051'.
[  333.260664][T10131] vxfs: WRONG superblock magic 00000000 at 1
[  333.263929][T10131] vxfs: WRONG superblock magic 00000000 at 8
[  333.265942][T10131] vxfs: can't find superblock.
[  333.644613][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  333.704635][T10129] can0 (unregistered): slcan off ttyS3.
[  333.781076][T10136] syzkaller0: entered promiscuous mode
[  333.796756][T10136] 0: reclassify loop, rule prio 0, protocol 800
[  333.828187][T10135] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  333.993311][T10139] nvme_fabrics: unknown parameter or missing value '0x00000000000003c8' in ctrl creation request
[  334.231621][T10148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1057'.
[  334.250442][T10148] macsec1: entered promiscuous mode
[  334.253218][T10148] bridge0: entered promiscuous mode
[  334.255810][T10148] macsec1: entered allmulticast mode
[  334.258341][T10148] bridge0: entered allmulticast mode
[  334.265840][T10148] bridge0: port 3(macsec1) entered blocking state
[  334.273528][T10148] bridge0: port 3(macsec1) entered disabled state
[  334.282480][T10148] bridge0: left allmulticast mode
[  334.302612][T10149] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  334.303210][  T839] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  334.306312][T10149] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  334.329151][   T24] bridge0: left promiscuous mode
[  334.483301][  T839] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  334.494141][  T839] usb 7-1: config 0 has no interface number 0
[  334.504922][  T839] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  334.517964][  T839] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  334.522792][  T839] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  334.529521][  T839] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.540147][  T839] usb 7-1: config 0 descriptor??
[  334.552839][T10144] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  334.634053][  T839] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  334.903373][T10155] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  334.985437][T10158] syzkaller0: entered promiscuous mode
[  334.993727][T10158] syzkaller0: entered allmulticast mode
[  336.285326][T10167] loop9: detected capacity change from 0 to 524287999
[  336.439435][    C2] iowarrior 7-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  336.446442][   T55] usb 7-1: USB disconnect, device number 11
[  337.306866][T10182] syzkaller0: entered promiscuous mode
[  337.314101][T10182] 0: reclassify loop, rule prio 0, protocol 800
[  337.965817][T10189] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  338.396124][T10195] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1064'.
[  338.399969][T10195] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1064'.
[  338.915807][ T5962] Bluetooth: hci3: unexpected event for opcode 0x080c
[  338.919812][T10208] syzkaller0: entered promiscuous mode
[  338.921839][T10208] syzkaller0: entered allmulticast mode
[  339.039396][T10213] ntfs3(nullb0): Primary boot signature is not NTFS.
[  339.042795][T10213] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  339.060388][T10213] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1074'.
[  339.508424][T10227] syzkaller0: entered promiscuous mode
[  339.510884][T10227] syzkaller0: entered allmulticast mode
[  339.590660][T10232] input: syz1 as /devices/virtual/input/input7
[  339.726875][T10223] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  340.454865][T10252] syzkaller0: entered promiscuous mode
[  340.456705][T10252] syzkaller0: entered allmulticast mode
[  340.560120][T10250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1083'.
[  340.657436][T10255] syzkaller0: entered promiscuous mode
[  340.694915][T10253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1081'.
[  341.310629][T10273] netlink: 'syz.1.1090': attribute type 1 has an invalid length.
[  341.334912][T10273] 8021q: adding VLAN 0 to HW filter on device bond8
[  341.347847][T10264] can0: slcan on ttyS3.
[  341.354507][T10276] syzkaller0: entered promiscuous mode
[  341.354929][T10273] netlink: 'syz.1.1090': attribute type 1 has an invalid length.
[  341.364251][T10273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1090'.
[  341.373044][T10273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1090'.
[  341.425390][T10264] can0 (unregistered): slcan off ttyS3.
[  341.949378][ T5962] Bluetooth: hci0: unexpected event for opcode 0x8519
[  342.009380][T10294] syzkaller0: entered promiscuous mode
[  343.677701][T10296] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  344.666830][T10302] FAULT_INJECTION: forcing a failure.
[  344.666830][T10302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.671787][T10302] CPU: 3 UID: 0 PID: 10302 Comm: syz.3.1098 Not tainted syzkaller #0 PREEMPT(full) 
[  344.671804][T10302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  344.671812][T10302] Call Trace:
[  344.671817][T10302]  <TASK>
[  344.671824][T10302]  dump_stack_lvl+0x100/0x190
[  344.671850][T10302]  should_fail_ex.cold+0x5/0xa
[  344.671877][T10302]  _copy_from_user+0x2e/0xd0
[  344.671904][T10302]  __sys_bpf+0x243/0x4b90
[  344.671923][T10302]  ? __pfx___sys_bpf+0x10/0x10
[  344.671934][T10302]  ? get_pid_task+0x106/0x250
[  344.671955][T10302]  ? proc_fail_nth_write+0x9f/0x220
[  344.671972][T10302]  ? find_held_lock+0x2b/0x80
[  344.672081][T10302]  ? find_held_lock+0x2b/0x80
[  344.672094][T10302]  ? ksys_write+0x190/0x250
[  344.672112][T10302]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  344.672160][T10302]  ? kernel_write+0x633/0x6c0
[  344.672180][T10302]  ? fput+0x79/0x100
[  344.672198][T10302]  ? ksys_write+0x1ac/0x250
[  344.672211][T10302]  __ia32_sys_bpf+0x79/0xf0
[  344.672221][T10302]  ? lockdep_hardirqs_on+0x78/0x100
[  344.672241][T10302]  __do_fast_syscall_32+0xe7/0x950
[  344.672251][T10302]  ? lockdep_hardirqs_on+0x78/0x100
[  344.672268][T10302]  do_fast_syscall_32+0x32/0x70
[  344.672279][T10302]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  344.672293][T10302] RIP: 0023:0xf7fa3fcc
[  344.672303][T10302] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  344.672314][T10302] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  344.672326][T10302] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080
[  344.672332][T10302] RDX: 0000000000000028 RSI: 0000000000000000 RDI: 0000000000000000
[  344.672339][T10302] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  344.672345][T10302] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  344.672351][T10302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  344.672364][T10302]  </TASK>
[  344.891033][T10310] syzkaller0: entered promiscuous mode
[  344.937987][T10317] netlink: 'syz.1.1102': attribute type 1 has an invalid length.
[  344.963697][T10317] 8021q: adding VLAN 0 to HW filter on device bond9
[  345.001641][T10317] netlink: 'syz.1.1102': attribute type 1 has an invalid length.
[  345.010783][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1102'.
[  345.015448][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1102'.
[  345.028704][T10322] FAULT_INJECTION: forcing a failure.
[  345.028704][T10322] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  345.034933][T10322] CPU: 0 UID: 0 PID: 10322 Comm: syz.3.1104 Not tainted syzkaller #0 PREEMPT(full) 
[  345.034959][T10322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  345.034993][T10322] Call Trace:
[  345.035001][T10322]  <TASK>
[  345.035008][T10322]  dump_stack_lvl+0x100/0x190
[  345.035035][T10322]  should_fail_ex.cold+0x5/0xa
[  345.035059][T10322]  _copy_from_user+0x2e/0xd0
[  345.035088][T10322]  get_compat_msghdr+0xb3/0x4b0
[  345.035107][T10322]  ? __pfx_get_compat_msghdr+0x10/0x10
[  345.035134][T10322]  ___sys_sendmsg+0x1b6/0x1e0
[  345.035158][T10322]  ? __pfx____sys_sendmsg+0x10/0x10
[  345.035190][T10322]  ? find_held_lock+0x2b/0x80
[  345.035228][T10322]  __sys_sendmsg+0x170/0x220
[  345.035246][T10322]  ? __pfx___sys_sendmsg+0x10/0x10
[  345.035263][T10322]  ? __fget_files+0x21f/0x3d0
[  345.035289][T10322]  ? ksys_write+0x1ac/0x250
[  345.035310][T10322]  ? rcu_is_watching+0x12/0xc0
[  345.035340][T10322]  __do_fast_syscall_32+0xe7/0x950
[  345.035359][T10322]  ? lockdep_hardirqs_on+0x78/0x100
[  345.035387][T10322]  do_fast_syscall_32+0x32/0x70
[  345.035404][T10322]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  345.035453][T10322] RIP: 0023:0xf7fa3fcc
[  345.035468][T10322] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  345.035485][T10322] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  345.035504][T10322] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  345.035515][T10322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  345.035525][T10322] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  345.035535][T10322] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  345.035546][T10322] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  345.035569][T10322]  </TASK>
[  345.364503][T10326] FAULT_INJECTION: forcing a failure.
[  345.364503][T10326] name failslab, interval 1, probability 0, space 0, times 1
[  345.369832][T10326] CPU: 1 UID: 0 PID: 10326 Comm: syz.3.1105 Not tainted syzkaller #0 PREEMPT(full) 
[  345.369849][T10326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  345.369876][T10326] Call Trace:
[  345.369885][T10326]  <TASK>
[  345.369892][T10326]  dump_stack_lvl+0x100/0x190
[  345.369912][T10326]  should_fail_ex.cold+0x5/0xa
[  345.369931][T10326]  should_failslab+0xc2/0x120
[  345.369991][T10326]  __kvmalloc_node_noprof+0xfa/0xa00
[  345.370030][T10326]  ? traverse.part.0.constprop.0+0x397/0x650
[  345.370050][T10326]  traverse.part.0.constprop.0+0x397/0x650
[  345.370065][T10326]  ? irqentry_exit+0x246/0x790
[  345.370086][T10326]  ? lockdep_hardirqs_on+0x78/0x100
[  345.370108][T10326]  seq_read_iter+0x93f/0x1270
[  345.370128][T10326]  proc_reg_read_iter+0x11b/0x310
[  345.370145][T10326]  do_iter_readv_writev+0x60d/0x920
[  345.370160][T10326]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  345.370177][T10326]  ? rw_verify_area+0xce/0x6d0
[  345.370190][T10326]  vfs_readv+0x4d3/0x8d0
[  345.370208][T10326]  ? __pfx_vfs_readv+0x10/0x10
[  345.370233][T10326]  ? __fget_files+0x21f/0x3d0
[  345.370252][T10326]  ? do_preadv+0x1ac/0x270
[  345.370263][T10326]  do_preadv+0x1ac/0x270
[  345.370277][T10326]  ? __pfx_do_preadv+0x10/0x10
[  345.370289][T10326]  ? ksys_write+0x1ac/0x250
[  345.370303][T10326]  ? rcu_is_watching+0x12/0xc0
[  345.370321][T10326]  __do_fast_syscall_32+0xe7/0x950
[  345.370334][T10326]  ? lockdep_hardirqs_on+0x78/0x100
[  345.370354][T10326]  do_fast_syscall_32+0x32/0x70
[  345.370367][T10326]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  345.370385][T10326] RIP: 0023:0xf7fa3fcc
[  345.370396][T10326] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  345.370408][T10326] RSP: 002b:00000000f542450c EFLAGS: 00000292 ORIG_RAX: 000000000000014d
[  345.370422][T10326] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800001c0
[  345.370430][T10326] RDX: 0000000000000001 RSI: 00000000000000c6 RDI: 0000000000000003
[  345.370437][T10326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  345.370444][T10326] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  345.370451][T10326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  345.370467][T10326]  </TASK>
[  345.758145][T10330] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1107'.
[  345.763711][T10330] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1107'.
[  345.800232][T10332] FAULT_INJECTION: forcing a failure.
[  345.800232][T10332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  345.816715][T10332] CPU: 0 UID: 0 PID: 10332 Comm: syz.1.1108 Not tainted syzkaller #0 PREEMPT(full) 
[  345.816740][T10332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  345.816750][T10332] Call Trace:
[  345.816757][T10332]  <TASK>
[  345.816763][T10332]  dump_stack_lvl+0x100/0x190
[  345.816786][T10332]  should_fail_ex.cold+0x5/0xa
[  345.816809][T10332]  _copy_to_user+0x32/0xd0
[  345.816836][T10332]  simple_read_from_buffer+0xcb/0x170
[  345.816857][T10332]  proc_fail_nth_read+0x1af/0x230
[  345.816882][T10332]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  345.816907][T10332]  ? rw_verify_area+0xce/0x6d0
[  345.816924][T10332]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  345.816948][T10332]  vfs_read+0x1e4/0xb30
[  345.816970][T10332]  ? __pfx_vfs_read+0x10/0x10
[  345.816987][T10332]  ? find_held_lock+0x2b/0x80
[  345.817010][T10332]  ? __fget_files+0x215/0x3d0
[  345.817050][T10332]  ? __fget_files+0x21f/0x3d0
[  345.817076][T10332]  ksys_read+0x12a/0x250
[  345.817094][T10332]  ? __pfx_ksys_read+0x10/0x10
[  345.817111][T10332]  ? rcu_is_watching+0x12/0xc0
[  345.817132][T10332]  ? rcu_is_watching+0x12/0xc0
[  345.817153][T10332]  do_int80_emulation+0x141/0x700
[  345.817173][T10332]  asm_int80_emulation+0x1a/0x20
[  345.817190][T10332] RIP: 0023:0xf7155cab
[  345.817203][T10332] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  345.817217][T10332] RSP: 002b:00000000f54164bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  345.817234][T10332] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54165d0
[  345.817244][T10332] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  345.817253][T10332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  345.817262][T10332] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  345.817271][T10332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  345.817286][T10332]  </TASK>
[  345.957756][T10336] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  345.963747][ T5962] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  345.972151][ T5962] Bluetooth: hci0: Injecting HCI hardware error event
[  346.062120][T10340] netlink: 'syz.1.1111': attribute type 1 has an invalid length.
[  346.077410][   T62] Bluetooth: hci0: hardware error 0x00
[  346.112590][T10340] 8021q: adding VLAN 0 to HW filter on device bond10
[  346.148675][T10342] vlan6: entered allmulticast mode
[  346.153284][T10342] macsec0: entered allmulticast mode
[  346.156388][T10342] veth1_macvtap: entered allmulticast mode
[  346.516236][T10358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1115'.
[  348.125092][   T62] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  349.375395][T10380] xt_CT: No such helper "pptp"
[  350.095373][T10403] netlink: 2260 bytes leftover after parsing attributes in process `syz.2.1127'.
[  350.106209][T10403] vxfs: WRONG superblock magic 00000000 at 1
[  350.110637][T10403] vxfs: WRONG superblock magic 00000000 at 8
[  350.113298][T10403] vxfs: can't find superblock.
[  351.502744][T10410] syz.1.1128 (10410): drop_caches: 2
[  353.116495][T10436] xt_CT: No such helper "pptp"
[  353.332388][T10444] tipc: Can't bind to reserved service type 2
[  353.394078][T10448] FAULT_INJECTION: forcing a failure.
[  353.394078][T10448] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.410970][T10448] CPU: 3 UID: 0 PID: 10448 Comm: syz.2.1138 Not tainted syzkaller #0 PREEMPT(full) 
[  353.410998][T10448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  353.411008][T10448] Call Trace:
[  353.411014][T10448]  <TASK>
[  353.411021][T10448]  dump_stack_lvl+0x100/0x190
[  353.411053][T10448]  should_fail_ex.cold+0x5/0xa
[  353.411077][T10448]  _copy_from_user+0x2e/0xd0
[  353.411104][T10448]  __sys_bpf+0x243/0x4b90
[  353.411127][T10448]  ? __pfx___sys_bpf+0x10/0x10
[  353.411140][T10448]  ? get_pid_task+0x106/0x250
[  353.411166][T10448]  ? proc_fail_nth_write+0x9f/0x220
[  353.411192][T10448]  ? find_held_lock+0x2b/0x80
[  353.411218][T10448]  ? find_held_lock+0x2b/0x80
[  353.411238][T10448]  ? ksys_write+0x190/0x250
[  353.411262][T10448]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  353.411285][T10448]  ? kernel_write+0x633/0x6c0
[  353.411315][T10448]  ? fput+0x79/0x100
[  353.411336][T10448]  ? ksys_write+0x1ac/0x250
[  353.411357][T10448]  __ia32_sys_bpf+0x79/0xf0
[  353.411373][T10448]  ? lockdep_hardirqs_on+0x78/0x100
[  353.411398][T10448]  __do_fast_syscall_32+0xe7/0x950
[  353.411414][T10448]  ? lockdep_hardirqs_on+0x78/0x100
[  353.411438][T10448]  do_fast_syscall_32+0x32/0x70
[  353.411456][T10448]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  353.411477][T10448] RIP: 0023:0xf6ffefcc
[  353.411491][T10448] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  353.411505][T10448] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  353.411523][T10448] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800007c0
[  353.411532][T10448] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  353.411542][T10448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  353.411552][T10448] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  353.411561][T10448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  353.411583][T10448]  </TASK>
[  354.667642][T10468] netlink: 2264 bytes leftover after parsing attributes in process `syz.2.1143'.
[  354.838309][T10471] ntfs3(nullb0): Primary boot signature is not NTFS.
[  354.841676][T10471] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  356.047915][T10480] xt_CT: No such helper "pptp"
[  356.756383][T10477] can0: slcan on ttyS3.
[  356.854335][T10477] can0 (unregistered): slcan off ttyS3.
[  357.133237][   T39] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  357.296323][   T39] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  357.306494][   T39] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  357.339168][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  357.364392][   T39] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  357.389570][   T39] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  357.409870][   T39] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  357.425484][   T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.453933][   T39] usb 7-1: config 0 descriptor??
[  357.471917][T10491] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  357.944233][   T39] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd
[  357.996891][   T39] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  358.209527][   T10] usb 7-1: USB disconnect, device number 12
[  358.226411][T10515] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  358.251609][T10516] netlink: 2260 bytes leftover after parsing attributes in process `syz.0.1152'.
[  358.271806][T10516] /dev/nullb0: Can't open blockdev
[  358.290181][T10515] netlink: 212916 bytes leftover after parsing attributes in process `syz.1.1153'.
[  358.370698][T10519] fido_id[10519]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb7/report_descriptor': No such file or directory
[  358.840997][T10528] netlink: 'syz.2.1155': attribute type 1 has an invalid length.
[  359.141885][T10528] 8021q: adding VLAN 0 to HW filter on device bond5
[  359.213043][T10528] netlink: 'syz.2.1155': attribute type 1 has an invalid length.
[  359.235889][T10528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1155'.
[  359.247329][T10528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1155'.
[  359.314826][T10534] netlink: 2264 bytes leftover after parsing attributes in process `syz.3.1156'.
[  360.056507][T10536] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1158'.
[  361.475722][T10555] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1162'.
[  361.522748][T10557] ntfs3(nullb0): Primary boot signature is not NTFS.
[  361.525644][T10557] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  361.530057][T10557] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1163'.
[  361.579506][T10559] syzkaller0: entered promiscuous mode
[  361.585469][T10559] 0: reclassify loop, rule prio 0, protocol 800
[  361.894037][T10549] xt_CT: No such helper "pptp"
[  362.168030][T10567] binder: 10566:10567 ioctl c01c586a 80000100 returned -22
[  362.481188][T10568] hub 8-0:1.0: USB hub found
[  362.489607][T10568] hub 8-0:1.0: 1 port detected
[  364.133269][ T2180] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  364.297296][ T2180] usb 6-1: unable to get BOS descriptor or descriptor too short
[  364.313623][ T2180] usb 6-1: not running at top speed; connect to a high speed hub
[  364.325278][ T2180] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.333620][ T2180] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  364.362909][ T2180] usb 6-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  364.367419][ T2180] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.385109][ T2180] usb 6-1: Product: syz
[  364.387565][ T2180] usb 6-1: Manufacturer: syz
[  364.389959][ T2180] usb 6-1: SerialNumber: syz
[  364.648365][T10588] ntfs3(nullb0): Primary boot signature is not NTFS.
[  364.651079][T10588] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  364.652204][T10583] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  364.658452][T10588] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1172'.
[  365.087922][T10594] syzkaller0: entered promiscuous mode
[  365.104357][T10594] 0: reclassify loop, rule prio 0, protocol 800
[  365.586263][ T2180] usb 6-1: 3:0: cannot get min/max values for control 2 (id 3)
[  365.590311][ T2180] usb 6-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  365.594734][ T2180] usb 6-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  365.604297][ T2180] usb 6-1: 3:0: failed to get current value for ch 0 (-71)
[  365.640527][ T2180] usb 6-1: USB disconnect, device number 11
[  365.658167][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  366.003199][ T6012] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  366.169117][ T6012] usb 8-1: unable to get BOS descriptor or descriptor too short
[  366.174906][ T6012] usb 8-1: not running at top speed; connect to a high speed hub
[  366.185730][ T6012] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.194673][ T6012] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  366.207257][ T6012] usb 8-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  366.213543][ T6012] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.218828][ T6012] usb 8-1: Product: syz
[  366.220893][ T6012] usb 8-1: Manufacturer: syz
[  366.223529][ T6012] usb 8-1: SerialNumber: syz
[  366.493386][T10604] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  366.733745][T10609] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  367.562908][T10618] random: crng reseeded on system resumption
[  367.642410][T10618] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.645691][T10618] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.654613][T10618] bridge0: entered promiscuous mode
[  368.745224][ T6012] usb 8-1: 3:0: cannot get min/max values for control 2 (id 3)
[  368.748302][ T6012] usb 8-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  368.752334][ T6012] usb 8-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  368.756226][ T6012] usb 8-1: 3:0: failed to get current value for ch 0 (-71)
[  368.771169][T10623] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  368.817926][ T6012] usb 8-1: USB disconnect, device number 9
[  368.855766][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  369.461811][T10634] xt_CT: No such helper "pptp"
[  369.510155][T10635] xt_CT: No such helper "pptp"
[  370.407284][T10647] ntfs3(nullb0): Primary boot signature is not NTFS.
[  370.411615][T10647] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  370.421688][T10647] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1189'.
[  370.733244][   T39] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  370.758517][T10650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1190'.
[  370.893245][   T39] usb 7-1: Using ep0 maxpacket: 8
[  370.900943][   T39] usb 7-1: config index 0 descriptor too short (expected 74, got 45)
[  370.905286][   T39] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  370.913259][   T39] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  370.922251][   T39] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  370.933179][   T39] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  370.939753][   T39] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  370.947838][T10650] bond11: entered promiscuous mode
[  370.950315][T10650] bond11: entered allmulticast mode
[  370.950538][   T39] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  370.960717][   T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.998041][T10650] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1190'.
[  371.001338][T10650] netlink: 'syz.1.1190': attribute type 2 has an invalid length.
[  371.093838][T10660] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  371.193973][   T39] usb 7-1: usb_control_msg returned -32
[  371.196053][   T39] usbtmc 7-1:16.0: can't read capabilities
[  371.487464][T10664] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  371.547338][T10664] netlink: 212916 bytes leftover after parsing attributes in process `syz.3.1195'.
[  371.606954][T10666] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -71
[  371.624371][T10666] usbtmc 7-1:16.0: usb_control_msg returned -32
[  371.935080][T10671] syzkaller0: entered promiscuous mode
[  371.939277][T10671] syzkaller0: entered allmulticast mode
[  372.100277][T10673] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  372.785778][T10678] xt_CT: No such helper "pptp"
[  373.514793][    T9] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  373.676476][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  373.680866][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  373.685896][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  373.690934][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  373.703202][    T9] usb 5-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  373.708558][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.715320][    T9] usb 5-1: Product: syz
[  373.716732][    T9] usb 5-1: Manufacturer: syz
[  373.721623][    T9] usb 5-1: SerialNumber: syz
[  373.746896][  T839] usb 7-1: USB disconnect, device number 13
[  374.054167][T10689] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  374.360685][T10701] syzkaller0: entered promiscuous mode
[  374.364109][T10701] syzkaller0: entered allmulticast mode
[  374.414205][T10697] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  374.418156][T10697] overlayfs: overlapping lowerdir path
[  374.753296][T10704] can0: slcan on ttyS3.
[  374.839350][T10708] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  374.844262][T10704] can0 (unregistered): slcan off ttyS3.
[  375.811285][T10726] netlink: 'syz.0.1212': attribute type 1 has an invalid length.
[  375.839830][T10726] 8021q: adding VLAN 0 to HW filter on device bond2
[  375.912898][T10730] netlink: 'syz.0.1212': attribute type 1 has an invalid length.
[  376.037538][T10732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1212'.
[  376.041526][T10732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1212'.
[  376.913547][    T9] usb 5-1: 3:0: cannot get min/max values for control 2 (id 3)
[  376.916085][    T9] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  376.919170][    T9] usb 5-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  376.922506][    T9] usb 5-1: 3:0: failed to get current value for ch 0 (-71)
[  376.942278][    T9] usb 5-1: USB disconnect, device number 14
[  377.990876][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  378.259689][T10749] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1216'.
[  378.313924][ T6037] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  378.327319][T10749] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1216'.
[  378.402779][T10751] can0: slcan on ttyS3.
[  378.483211][ T6037] usb 6-1: Using ep0 maxpacket: 32
[  378.497636][ T6037] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  378.507333][T10751] can0 (unregistered): slcan off ttyS3.
[  378.508888][ T6037] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  378.514415][ T6037] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  378.523259][ T6037] usb 6-1: Product: syz
[  378.524881][ T6037] usb 6-1: Manufacturer: syz
[  378.530921][ T6037] usb 6-1: SerialNumber: syz
[  378.559491][ T6037] usb 6-1: config 0 descriptor??
[  378.563596][T10743] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  378.568088][ T6037] hub 6-1:0.0: bad descriptor, ignoring hub
[  378.570760][ T6037] hub 6-1:0.0: probe with driver hub failed with error -5
[  379.240682][T10743] usb 6-1: reset high-speed USB device number 12 using dummy_hcd
[  379.405611][T10743] usb 6-1: device firmware changed
[  379.428787][    T9] usb 6-1: USB disconnect, device number 12
[  379.518869][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1219'.
[  379.543270][ T5748] usb 8-1: new full-speed USB device number 10 using dummy_hcd
[  379.573256][    T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  379.743249][    T9] usb 6-1: Using ep0 maxpacket: 32
[  379.746604][    T9] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  379.752398][    T9] usb 6-1: string descriptor 0 read error: -22
[  379.755503][    T9] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  379.758851][    T9] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  379.762852][    T9] usb 6-1: config 0 descriptor??
[  379.765882][T10766] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  379.769987][    T9] hub 6-1:0.0: bad descriptor, ignoring hub
[  379.772189][    T9] hub 6-1:0.0: probe with driver hub failed with error -5
[  379.975045][T10785] syz.2.1221 (10785): drop_caches: 2
[  380.165963][ T5748] usb 8-1: unable to get BOS descriptor or descriptor too short
[  380.170146][ T5748] usb 8-1: not running at top speed; connect to a high speed hub
[  380.175333][ T5748] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.180735][ T5748] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  380.187286][ T5748] usb 8-1: New USB device found, idVendor=200c, idProduct=1018, bcdDevice= 0.40
[  380.191607][ T5748] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.196211][ T5748] usb 8-1: Product: syz
[  380.198200][ T5748] usb 8-1: Manufacturer: syz
[  380.200365][ T5748] usb 8-1: SerialNumber: syz
[  380.293877][ T6037] usb 6-1: USB disconnect, device number 13
[  380.517271][T10769] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  380.974325][T10797] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  381.444343][ T5748] usb 8-1: 3:0: cannot get min/max values for control 2 (id 3)
[  381.448554][ T5748] usb 8-1: Warning! Unlikely small volume range (=1), linear volume or custom curve?
[  381.452745][ T5748] usb 8-1: [3] FU [LFE Playback Volume] ch = 1, val = 0/1/1
[  381.457816][ T5748] usb 8-1: 3:0: failed to get current value for ch 0 (-71)
[  381.507169][ T5748] usb 8-1: USB disconnect, device number 10
[  381.602219][T10808] syzkaller0: entered promiscuous mode
[  381.607653][T10808] syzkaller0: entered allmulticast mode
[  381.656085][ T6073] udevd[6073]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.748566][T10810] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  381.842109][T10813] can0: slcan on ttyS3.
[  382.428367][T10813] can0 (unregistered): slcan off ttyS3.
[  382.454341][T10824] xt_CT: No such helper "pptp"
[  383.052036][T10838] netlink: 2264 bytes leftover after parsing attributes in process `syz.3.1232'.
[  383.059106][T10838] vxfs: WRONG superblock magic 00000000 at 1
[  383.062140][T10838] vxfs: WRONG superblock magic 00000000 at 8
[  383.064502][T10838] vxfs: can't find superblock.
[  383.152362][T10842] syzkaller0: entered promiscuous mode
[  383.165176][T10842] 0: reclassify loop, rule prio 0, protocol 800
[  383.324971][T10845] syzkaller0: entered promiscuous mode
[  383.389538][T10849] netlink: 'syz.2.1236': attribute type 1 has an invalid length.
[  383.416981][T10849] 8021q: adding VLAN 0 to HW filter on device bond6
[  383.420301][T10845] 0: reclassify loop, rule prio 0, protocol 800
[  383.439642][T10849] netlink: 'syz.2.1236': attribute type 1 has an invalid length.
[  383.446887][T10849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1236'.
[  383.451936][T10849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1236'.
[  383.477002][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[  384.108384][T10861] xt_CT: No such helper "pptp"
[  384.499588][T10869] syz.1.1239 (10869): drop_caches: 2
[  385.468279][T10877] syz.1.1241 (10877): drop_caches: 2
[  386.987138][T10892] syz.0.1242 (10892): drop_caches: 2
[  387.487529][T10903] netlink: 'syz.3.1248': attribute type 1 has an invalid length.
[  387.501113][T10903] 8021q: adding VLAN 0 to HW filter on device bond7
[  387.537308][T10903] netlink: 'syz.3.1248': attribute type 1 has an invalid length.
[  387.542099][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1248'.
[  387.548349][T10903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1248'.
[  387.734875][T10910] xt_CT: No such helper "pptp"
[  388.615171][T10918] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1252'.
[  388.641043][T10918] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1252'.
[  389.750425][T10937] syz.1.1257 (10937): drop_caches: 2
[  390.810127][T10946] netlink: 'syz.1.1259': attribute type 1 has an invalid length.
[  390.828961][T10946] 8021q: adding VLAN 0 to HW filter on device bond12
[  390.864396][T10946] netlink: 'syz.1.1259': attribute type 1 has an invalid length.
[  390.869991][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1259'.
[  390.874861][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1259'.
[  391.560681][T10951] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  391.916701][T10955] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  392.784514][T10980] netlink: 'syz.1.1270': attribute type 1 has an invalid length.
[  392.824807][T10980] 8021q: adding VLAN 0 to HW filter on device bond13
[  392.847176][T10980] netlink: 'syz.1.1270': attribute type 1 has an invalid length.
[  392.854269][T10980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1270'.
[  392.858321][T10980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1270'.
[  393.497793][T10985] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1272'.
[  393.502233][T10985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1272'.
[  393.507179][T10985] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1272'.
[  393.554985][T10983] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1271'.
[  393.561110][T10989] loop6: detected capacity change from 0 to 8
[  393.570700][T10988] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  393.625465][T10983] bond8: entered promiscuous mode
[  393.627980][T10983] bond8: entered allmulticast mode
[  393.653127][T10983] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1271'.
[  393.656607][T10983] netlink: 'syz.3.1271': attribute type 2 has an invalid length.
[  394.610145][T11002] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  394.613627][T11002] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  394.615849][T11002] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  395.717744][T11033] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  395.954440][   T62] Bluetooth: hci1: command 0x0419 tx timeout
[  396.048551][T11038] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1286'.
[  396.066562][T11038] bond3: entered promiscuous mode
[  396.068340][T11038] bond3: entered allmulticast mode
[  396.072454][T11038] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1286'.
[  396.076838][T11038] netlink: 'syz.0.1286': attribute type 2 has an invalid length.
[  396.201544][T11046] syzkaller0: entered promiscuous mode
[  396.555201][ T6021] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  396.693363][ T5962] Bluetooth: hci2: command 0x0419 tx timeout
[  396.696109][   T62] Bluetooth: hci3: command 0x0419 tx timeout
[  396.715205][ T6021] usb 6-1: Using ep0 maxpacket: 8
[  396.721735][ T6021] usb 6-1: config index 0 descriptor too short (expected 74, got 45)
[  396.725495][ T6021] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  396.730246][ T6021] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  396.735224][ T6021] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  396.740133][ T6021] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  396.747156][ T6021] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  396.753297][ T6021] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  396.757142][ T6021] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.992939][ T6021] usb 6-1: usb_control_msg returned -32
[  396.995011][ T6021] usbtmc 6-1:16.0: can't read capabilities
[  397.339787][T11063] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -71
[  399.259472][T11074] xt_CT: No such helper "pptp"
[  400.004856][  T839] usb 6-1: USB disconnect, device number 14
[  400.144390][T11079] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  400.446337][T11098] syzkaller0: entered promiscuous mode
[  400.813205][T11104] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  401.338869][T11108] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1302'.
[  401.648341][T11113] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1302'.
[  401.652369][T11113] netlink: 'syz.3.1302': attribute type 2 has an invalid length.
[  402.530123][T11118] netlink: 2264 bytes leftover after parsing attributes in process `syz.0.1303'.
[  402.589261][T11119] /dev/nullb0: Can't open blockdev
[  403.483358][ T6021] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  403.660294][T10735] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  403.673271][ T6021] usb 5-1: Using ep0 maxpacket: 8
[  403.686109][ T6021] usb 5-1: config index 0 descriptor too short (expected 74, got 45)
[  403.693733][ T6021] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  403.698695][ T6021] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  403.713485][ T6021] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  403.723235][ T6021] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  403.729475][ T6021] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.753377][ T6021] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  403.757274][ T6021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.824837][T10735] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  403.828721][T10735] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  403.833809][T10735] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  403.838170][T10735] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  403.844344][T10735] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  403.848906][T10735] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  403.852362][T10735] usb 7-1: Product: syz
[  403.854441][T10735] usb 7-1: Manufacturer: syz
[  403.876008][T10735] cdc_wdm 7-1:1.0: skipping garbage
[  403.878904][T10735] cdc_wdm 7-1:1.0: skipping garbage
[  403.893241][T10735] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  403.896328][T10735] cdc_wdm 7-1:1.0: Unknown control protocol
[  404.013511][ T6021] usb 5-1: usb_control_msg returned -32
[  404.018803][ T6021] usbtmc 5-1:16.0: can't read capabilities
[  404.100353][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.103664][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.106538][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.109380][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.112460][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.115519][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.118593][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.121481][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.124419][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.126548][T11108] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR
[  404.128379][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.128656][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.135688][T11110] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR
[  404.137946][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.138223][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.147117][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.150571][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.153694][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.156617][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.159437][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.162528][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  404.165857][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  404.169578][T10735] usb 7-1: USB disconnect, device number 14
[  404.172218][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  404.428700][T11133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1308'.
[  404.454494][T11133] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1308'.
[  405.565830][T11144] syzkaller0: entered promiscuous mode
[  405.583746][T11144] 0: reclassify loop, rule prio 0, protocol 800
[  405.957896][T11156] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  406.070420][T11158] netlink: 2264 bytes leftover after parsing attributes in process `syz.3.1312'.
[  406.085669][T11152] vxfs: WRONG superblock magic 00000000 at 1
[  406.089480][T11152] vxfs: WRONG superblock magic 00000000 at 8
[  406.091915][T11152] vxfs: can't find superblock.
[  406.148902][T11146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1311'.
[  406.190016][T11146] bond14: entered promiscuous mode
[  406.202434][T11146] bond14: entered allmulticast mode
[  406.357717][T10735] usb 5-1: USB disconnect, device number 15
[  406.454549][T11162] syzkaller0: entered promiscuous mode
[  406.652660][T11170] netlink: 2264 bytes leftover after parsing attributes in process `syz.1.1315'.
[  406.663401][T11170] vxfs: WRONG superblock magic 00000000 at 1
[  406.666976][T11170] vxfs: WRONG superblock magic 00000000 at 8
[  406.669536][T11170] vxfs: can't find superblock.
[  407.441635][   T29] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  407.629035][   T29] usb 8-1: Using ep0 maxpacket: 8
[  407.642786][   T29] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[  407.645747][   T29] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  407.650238][   T29] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  407.673953][   T29] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  407.685136][   T29] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  407.701379][   T29] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  407.720275][   T29] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  407.734033][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.909412][T11176] slcan: can't register candev
[  407.981797][   T29] usb 8-1: usb_control_msg returned -32
[  407.984132][   T29] usbtmc 8-1:16.0: can't read capabilities
[  408.372521][T11180] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -71
[  409.228098][T11186] slcan: can't register candev
[  410.065619][   T29] usb 8-1: USB disconnect, device number 11
[  410.907054][T11199] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1321'.
[  410.965734][T11199] bond7: entered promiscuous mode
[  410.974126][T11199] bond7: entered allmulticast mode
[  411.055234][T11205] syzkaller0: entered promiscuous mode
[  411.062398][T11205] 0: reclassify loop, rule prio 0, protocol 800
[  411.585343][T11223] Bluetooth: MGMT ver 1.23
[  411.756690][T11227] netlink: 'syz.3.1329': attribute type 1 has an invalid length.
[  411.798319][T11227] 8021q: adding VLAN 0 to HW filter on device bond9
[  411.841363][T11227] netlink: 'syz.3.1329': attribute type 1 has an invalid length.
[  411.849009][T11227] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1329'.
[  411.852997][T11227] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1329'.
[  413.536323][T11237] FAT-fs (sr0): bogus number of reserved sectors
[  413.540602][T11237] FAT-fs (sr0): Can't find a valid FAT filesystem
[  414.454081][T11245] syzkaller0: entered promiscuous mode
[  414.456120][T11245] syzkaller0: entered allmulticast mode
[  415.278331][T11239] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1331'.
[  415.756764][T11258] bond15: entered promiscuous mode
[  415.773705][T11258] bond15: entered allmulticast mode
[  415.999980][T11239] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1331'.
[  416.004257][T11265] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  416.472991][T11284] netlink: 2264 bytes leftover after parsing attributes in process `syz.0.1342'.
[  416.481697][T11284] vxfs: WRONG superblock magic 00000000 at 1
[  416.485088][T11284] vxfs: WRONG superblock magic 00000000 at 8
[  416.488241][T11284] vxfs: can't find superblock.
[  417.582986][T11298] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  417.774382][T11304] can0: slcan on ttyS3.
[  417.903786][T11304] can0 (unregistered): slcan off ttyS3.
[  418.023280][T11319] syzkaller0: entered promiscuous mode
[  418.031374][T11319] 0: reclassify loop, rule prio 0, protocol 800
[  418.113497][T11303] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1348'.
[  418.200362][T11303] bond8: entered promiscuous mode
[  418.208687][T11303] bond8: entered allmulticast mode
[  418.223427][T11303] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1348'.
[  418.233423][T11303] netlink: 'syz.2.1348': attribute type 2 has an invalid length.
[  418.254413][T11330] netlink: 'syz.1.1353': attribute type 1 has an invalid length.
[  418.391940][T11330] 8021q: adding VLAN 0 to HW filter on device bond16
[  418.448432][T11330] netlink: 'syz.1.1353': attribute type 1 has an invalid length.
[  418.667720][T11345] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1355'.
[  418.756194][T11345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1355'.
[  418.800931][T11332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'.
[  418.805478][T11332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'.
[  418.806958][T11330] 8021q: adding VLAN 0 to HW filter on device bond17
[  419.258316][T11356] ip6t_REJECT: ECHOREPLY is not supported
[  419.504417][   T24] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  419.768741][T11366] syz.3.1359 (11366): drop_caches: 2
[  419.775590][T11361] syz.2.1358 (11361): drop_caches: 2
[  420.082217][   T24] usb 6-1: config 0 has an invalid interface number: 255 but max is 0
[  420.484944][   T24] usb 6-1: config 0 has no interface number 0
[  420.487858][   T24] usb 6-1: too many endpoints for config 0 interface 255 altsetting 0: 130, using maximum allowed: 30
[  420.498836][   T24] usb 6-1: config 0 interface 255 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  420.506211][   T24] usb 6-1: config 0 interface 255 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130
[  420.510780][   T24] usb 6-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00
[  420.515455][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.522550][   T24] usb 6-1: config 0 descriptor??
[  420.543617][T11370] syz.3.1360 (11370): drop_caches: 2
[  420.947578][T11378] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1362'.
[  420.985390][T11356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.023002][T11356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.402745][   T24] usbhid 6-1:0.255: can't add hid device: -71
[  421.406658][   T24] usbhid 6-1:0.255: probe with driver usbhid failed with error -71
[  421.431155][   T24] usb 6-1: USB disconnect, device number 15
[  421.622850][T11390] netlink: 'syz.3.1365': attribute type 1 has an invalid length.
[  421.787366][T11396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1366'.
[  421.809393][T11390] 8021q: adding VLAN 0 to HW filter on device bond10
[  421.918708][T11390] netlink: 'syz.3.1365': attribute type 1 has an invalid length.
[  421.989864][T11390] 8021q: adding VLAN 0 to HW filter on device bond11
[  422.037620][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1365'.
[  422.047020][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1365'.
[  422.493189][T11400] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  422.646554][T11406] syz.1.1368 (11406): drop_caches: 2
[  423.700912][T11420] netlink: 2264 bytes leftover after parsing attributes in process `syz.1.1370'.
[  423.714492][T11420] vxfs: WRONG superblock magic 00000000 at 1
[  423.718079][T11420] vxfs: WRONG superblock magic 00000000 at 8
[  423.721032][T11420] vxfs: can't find superblock.
[  424.213320][ T6021] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  424.393169][ T6021] usb 8-1: Using ep0 maxpacket: 8
[  424.398509][ T6021] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[  424.401707][ T6021] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  424.423584][ T6021] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  424.427402][ T6021] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  424.431053][ T6021] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  424.435622][ T6021] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  424.440841][ T6021] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  424.444597][ T6021] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.655149][ T6021] usb 8-1: usb_control_msg returned -32
[  424.664062][ T6021] usbtmc 8-1:16.0: can't read capabilities
[  424.682796][ T6021] usb 8-1: USB disconnect, device number 12
[  424.725484][T11438] can0: slcan on ttyS3.
[  424.787842][T11437] xt_CT: No such helper "pptp"
[  424.904773][T11442] can0 (unregistered): slcan off ttyS3.
[  425.963518][T11459] can0: slcan on ttyS3.
[  426.109999][T11459] can0 (unregistered): slcan off ttyS3.
[  427.128765][T11495] netlink: 2264 bytes leftover after parsing attributes in process `syz.0.1383'.
[  427.136560][T11495] vxfs: WRONG superblock magic 00000000 at 1
[  427.139056][T11495] vxfs: WRONG superblock magic 00000000 at 8
[  427.143308][T11495] vxfs: can't find superblock.
[  428.167435][T11520] fuse: Bad value for 'group_id'
[  428.169206][T11520] fuse: Bad value for 'group_id'
[  428.476608][T11534] can0: slcan on ttyS3.
[  428.483493][T11531] xt_CT: No such helper "pptp"
[  428.583938][T11534] can0 (unregistered): slcan off ttyS3.
[  428.991362][T11540] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1391'.
[  429.166288][T11545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1393'.
[  429.269153][T11551] syz.3.1392 (11551): drop_caches: 2
[  429.821762][T11560] syz.1.1394 (11560): drop_caches: 2
[  429.964487][   T62] Bluetooth: hci1: command 0x0419 tx timeout
[  430.250316][T11568] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  430.748101][T11574] can0: slcan on ttyS3.
[  430.898337][T11576] can0 (unregistered): slcan off ttyS3.
[  431.334388][T11591] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1400'.
[  432.183476][T11602] ceph: No mds server is up or the cluster is laggy
[  432.206507][T11603] xt_CT: No such helper "pptp"
[  432.275161][T11607] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1403'.
[  432.288735][ T6037] libceph: connect (1)[c::]:6789 error -101
[  432.310536][ T6037] libceph: mon0 (1)[c::]:6789 connect error
[  433.320286][T11620] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1409'.
[  433.344456][T11613] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  434.738719][T11641] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1414'.
[  434.742058][T11641] nbd: must specify a size in bytes for the device
[  435.101520][T11643] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1415'.
[  435.132205][T11643] bond18: entered promiscuous mode
[  435.143421][T11643] bond18: entered allmulticast mode
[  435.814991][T11653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1418'.
[  435.846713][T11653] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1418'.
[  435.850524][T11653] netlink: 'syz.2.1418': attribute type 2 has an invalid length.
[  435.883640][T11643] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1415'.
[  435.888059][T11643] netlink: 'syz.1.1415': attribute type 2 has an invalid length.
[  436.368450][T11665] FAULT_INJECTION: forcing a failure.
[  436.368450][T11665] name failslab, interval 1, probability 0, space 0, times 0
[  436.375113][T11665] CPU: 0 UID: 0 PID: 11665 Comm: syz.2.1419 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  436.375138][T11665] Tainted: [L]=SOFTLOCKUP
[  436.375147][T11665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  436.375170][T11665] Call Trace:
[  436.375205][T11665]  <TASK>
[  436.375211][T11665]  dump_stack_lvl+0x100/0x190
[  436.375381][T11665]  should_fail_ex.cold+0x5/0xa
[  436.375489][T11665]  should_failslab+0xc2/0x120
[  436.375578][T11665]  __kmalloc_cache_noprof+0x7a/0x6f0
[  436.375636][T11665]  ? __io_uring_add_tctx_node+0x1ac/0x4c0
[  436.375742][T11665]  __io_uring_add_tctx_node+0x1ac/0x4c0
[  436.375771][T11665]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[  436.375800][T11665]  ? __fget_files+0x21f/0x3d0
[  436.375853][T11665]  __io_uring_add_tctx_node_from_submit+0x89/0x130
[  436.375885][T11665]  __do_sys_io_uring_enter+0x1656/0x1b50
[  436.375909][T11665]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  436.376123][T11665]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  436.376142][T11665]  ? __fget_files+0x21f/0x3d0
[  436.376179][T11665]  ? fput+0x79/0x100
[  436.376232][T11665]  ? ksys_write+0x1ac/0x250
[  436.376277][T11665]  ? rcu_is_watching+0x12/0xc0
[  436.376350][T11665]  __do_fast_syscall_32+0xe7/0x950
[  436.376369][T11665]  ? lockdep_hardirqs_on+0x78/0x100
[  436.376401][T11665]  do_fast_syscall_32+0x32/0x70
[  436.376422][T11665]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  436.376448][T11665] RIP: 0023:0xf6ffefcc
[  436.376465][T11665] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  436.376484][T11665] RSP: 002b:00000000f530750c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  436.376506][T11665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001
[  436.376518][T11665] RDX: 0000000000000eed RSI: 0000000000000001 RDI: 0000000000000000
[  436.376532][T11665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  436.376544][T11665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.376556][T11665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  436.376583][T11665]  </TASK>
[  436.378357][T11665] ------------[ cut here ]------------
[  436.468979][T11665] !test_bit(IO_WQ_BIT_EXIT, &wq->state)
[  436.468992][T11665] WARNING: io_uring/io-wq.c:1396 at io_wq_put_and_exit+0x8a7/0x9d0, CPU#0: syz.2.1419/11665
[  436.474950][T11665] Modules linked in:
[  436.476831][T11665] CPU: 0 UID: 0 PID: 11665 Comm: syz.2.1419 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  436.481655][T11665] Tainted: [L]=SOFTLOCKUP
[  436.483971][T11665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  436.488390][T11665] RIP: 0010:io_wq_put_and_exit+0x8a7/0x9d0
[  436.490812][T11665] Code: ff e8 bd 7a 16 fd 44 0f b6 74 24 78 31 ff 44 89 f6 e8 fd 74 16 fd 45 84 f6 0f 85 1a fd ff ff e9 67 fd ff ff e8 9a 7a 16 fd 90 <0f> 0b 90 e9 00 f8 ff ff e8 ec 3d 83 fd e9 72 f8 ff ff 48 8b 3c 24
[  436.498613][T11665] RSP: 0000:ffffc90002fdfbb8 EFLAGS: 00010293
[  436.501250][T11665] RAX: 0000000000000000 RBX: ffff88801345e000 RCX: ffffffff84f24486
[  436.504755][T11665] RDX: ffff888025f3a500 RSI: ffffffff84f24c86 RDI: ffff888025f3a500
[  436.508018][T11665] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  436.511269][T11665] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920005fbf99
[  436.514807][T11665] R13: 0000000000000000 R14: ffff888025f3ae68 R15: ffff8880219d1818
[  436.518775][T11665] FS:  0000000000000000(0000) GS:ffff8880970e2000(0063) knlGS:00000000f5307b40
[  436.522536][T11665] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  436.525209][T11665] CR2: 00000000f5306ff4 CR3: 0000000075ba7000 CR4: 0000000000352ef0
[  436.528529][T11665] Call Trace:
[  436.529859][T11665]  <TASK>
[  436.531054][T11665]  ? dump_stack_lvl+0x17c/0x190
[  436.533021][T11665]  ? __pfx_io_wq_put_and_exit+0x10/0x10
[  436.535049][T11665]  ? rcu_is_watching+0x12/0xc0
[  436.537024][T11665]  ? trace_kmalloc+0xe3/0x110
[  436.538702][T11665]  ? __kmalloc_cache_noprof+0x298/0x6f0
[  436.540789][T11665]  ? __io_uring_add_tctx_node+0x1ac/0x4c0
[  436.543688][T11665]  __io_uring_add_tctx_node+0x3e8/0x4c0
[  436.546338][T11665]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[  436.549033][T11665]  ? __fget_files+0x21f/0x3d0
[  436.551300][T11665]  __io_uring_add_tctx_node_from_submit+0x89/0x130
[  436.554046][T11665]  __do_sys_io_uring_enter+0x1656/0x1b50
[  436.556291][T11665]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  436.558773][T11665]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  436.561509][T11665]  ? __fget_files+0x21f/0x3d0
[  436.563653][T11665]  ? fput+0x79/0x100
[  436.565037][T11665]  ? ksys_write+0x1ac/0x250
[  436.566497][T11665]  ? rcu_is_watching+0x12/0xc0
[  436.568082][T11665]  __do_fast_syscall_32+0xe7/0x950
[  436.569752][T11665]  ? lockdep_hardirqs_on+0x78/0x100
[  436.571433][T11665]  do_fast_syscall_32+0x32/0x70
[  436.573277][T11665]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  436.575809][T11665] RIP: 0023:0xf6ffefcc
[  436.577566][T11665] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  436.584047][T11665] RSP: 002b:00000000f530750c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  436.587061][T11665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001
[  436.590307][T11665] RDX: 0000000000000eed RSI: 0000000000000001 RDI: 0000000000000000
[  436.594197][T11665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  436.597637][T11665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.600745][T11665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  436.604112][T11665]  </TASK>
[  436.605496][T11665] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  436.608752][T11665] CPU: 0 UID: 0 PID: 11665 Comm: syz.2.1419 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  436.613295][T11665] Tainted: [L]=SOFTLOCKUP
[  436.614963][T11665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  436.618566][T11665] Call Trace:
[  436.619926][T11665]  <TASK>
[  436.621217][T11665]  dump_stack_lvl+0x100/0x190
[  436.623397][T11665]  vpanic+0x552/0x970
[  436.625457][T11665]  ? __pfx_vpanic+0x10/0x10
[  436.627581][T11665]  panic+0xd1/0xe0
[  436.629042][T11665]  ? __pfx_panic+0x10/0x10
[  436.630789][T11665]  ? check_panic_on_warn+0x1f/0x90
[  436.632807][T11665]  check_panic_on_warn.cold+0x19/0x34
[  436.634795][T11665]  ? io_wq_put_and_exit+0x8a7/0x9d0
[  436.636761][T11665]  __warn.cold+0x191/0x328
[  436.638583][T11665]  __report_bug+0x296/0x3d0
[  436.640511][T11665]  ? io_wq_put_and_exit+0x8a7/0x9d0
[  436.642681][T11665]  ? __pfx___report_bug+0x10/0x10
[  436.644834][T11665]  ? __pfx___schedule+0x10/0x10
[  436.647114][T11665]  ? io_wq_put_and_exit+0x8a7/0x9d0
[  436.649251][T11665]  report_bug+0xb2/0x220
[  436.651029][T11665]  ? io_wq_put_and_exit+0x8a7/0x9d0
[  436.653254][T11665]  handle_bug+0x16a/0x2a0
[  436.655048][T11665]  exc_invalid_op+0x17/0x50
[  436.656565][T11665]  asm_exc_invalid_op+0x1a/0x20
[  436.658476][T11665] RIP: 0010:io_wq_put_and_exit+0x8a7/0x9d0
[  436.660634][T11665] Code: ff e8 bd 7a 16 fd 44 0f b6 74 24 78 31 ff 44 89 f6 e8 fd 74 16 fd 45 84 f6 0f 85 1a fd ff ff e9 67 fd ff ff e8 9a 7a 16 fd 90 <0f> 0b 90 e9 00 f8 ff ff e8 ec 3d 83 fd e9 72 f8 ff ff 48 8b 3c 24
[  436.668540][T11665] RSP: 0000:ffffc90002fdfbb8 EFLAGS: 00010293
[  436.671168][T11665] RAX: 0000000000000000 RBX: ffff88801345e000 RCX: ffffffff84f24486
[  436.674451][T11665] RDX: ffff888025f3a500 RSI: ffffffff84f24c86 RDI: ffff888025f3a500
[  436.678118][T11665] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  436.681135][T11665] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920005fbf99
[  436.683741][T11665] R13: 0000000000000000 R14: ffff888025f3ae68 R15: ffff8880219d1818
[  436.686511][T11665]  ? io_wq_put_and_exit+0xa6/0x9d0
[  436.688393][T11665]  ? io_wq_put_and_exit+0x8a6/0x9d0
[  436.690261][T11665]  ? io_wq_put_and_exit+0x8a6/0x9d0
[  436.692221][T11665]  ? dump_stack_lvl+0x17c/0x190
[  436.693975][T11665]  ? __pfx_io_wq_put_and_exit+0x10/0x10
[  436.695844][T11665]  ? rcu_is_watching+0x12/0xc0
[  436.697668][T11665]  ? trace_kmalloc+0xe3/0x110
[  436.699674][T11665]  ? __kmalloc_cache_noprof+0x298/0x6f0
[  436.701859][T11665]  ? __io_uring_add_tctx_node+0x1ac/0x4c0
[  436.704057][T11665]  __io_uring_add_tctx_node+0x3e8/0x4c0
[  436.706336][T11665]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[  436.708967][T11665]  ? __fget_files+0x21f/0x3d0
[  436.711230][T11665]  __io_uring_add_tctx_node_from_submit+0x89/0x130
[  436.713584][T11665]  __do_sys_io_uring_enter+0x1656/0x1b50
[  436.715384][T11665]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  436.717607][T11665]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  436.719590][T11665]  ? __fget_files+0x21f/0x3d0
[  436.721034][T11665]  ? fput+0x79/0x100
[  436.722335][T11665]  ? ksys_write+0x1ac/0x250
[  436.723801][T11665]  ? rcu_is_watching+0x12/0xc0
[  436.725430][T11665]  __do_fast_syscall_32+0xe7/0x950
[  436.727694][T11665]  ? lockdep_hardirqs_on+0x78/0x100
[  436.729999][T11665]  do_fast_syscall_32+0x32/0x70
[  436.732047][T11665]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  436.734540][T11665] RIP: 0023:0xf6ffefcc
[  436.736190][T11665] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  436.743199][T11665] RSP: 002b:00000000f530750c EFLAGS: 00000292 ORIG_RAX: 00000000000001aa
[  436.745903][T11665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001
[  436.748550][T11665] RDX: 0000000000000eed RSI: 0000000000000001 RDI: 0000000000000000
[  436.751040][T11665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  436.753627][T11665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.756438][T11665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  436.759439][T11665]  </TASK>
[  436.761732][T11665] Kernel Offset: disabled
[  436.763160][T11665] Rebooting in 86400 seconds..