last executing test programs:

2m24.52388785s ago: executing program 0 (id=351):
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, <r0=>0x0})
prlimit64(r0, 0xe, &(0x7f0000000080)={0x8, 0x40000000000008f}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = fanotify_init(0x0, 0x1000)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='\xe9\x1fq\x89Y\x1e\x923aK/file0\x00', 0x181000, 0x0)
fanotify_mark(r1, 0x455, 0x8000001, r2, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000840)=@abs={0x1, 0x0, 0x4e22}, 0x27)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102391, 0x18ff7)
r5 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r5, &(0x7f0000000340)={0x2, 0x4e20, 0x0, @dev}, 0x1c)
r6 = syz_open_dev$video(&(0x7f0000000040), 0x4116, 0x0)
ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x10000000, 0x0, 0x32315559, 0x3, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x2}})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="059e53d05bd3bf0ac99651f9014920d85f9c3a48fb9d53d6f9821670c913c03c2d8e9bbf8bd8c4743d2664fa47a5100f03cdd0847972bbbea78727cbe2318c80861b2be522a6154c0a90ee68dbd68eb275689331882e142c79b3af4eca62a5a2cba780699cf7ba1e80e65d41e507f14b4c7acdada73290a395fd25f1fd827738ef644038b4d80d7008322696cfaad4f0d5816f86b0f102c036b04cd7f1f0452aed5d89cb05b216137fe4cb4ced73b7e3b3a280cfda11462a8a", @ANYRES32=r5, @ANYRES32=r0], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r7, <r8=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000040)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r8}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000680)=ANY=[@ANYRES64=r8, @ANYRESDEC=r0, @ANYBLOB="0000000001000000b70500000800000085000000a500000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
listen(r5, 0x8)
sendmsg$xdp(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x0)
iopl(0x3)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$binfmt_register(0xffffffffffffffff, &(0x7f00000008c0)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x3, 0x3a, '/d\xaa\xa1\x06\xac\x03\xcb|L\xf5\xb0\xa8@\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa7@', 0x3a, '\x00', 0x3a, '\xe9\x1fq\x89Y\x1e\x923aK/file0', 0x3a, [0x0, 0x4f, 0x43, 0x27, 0x43]}, 0x55)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r10, 0x0, 0x0}, 0x10)

2m23.843738411s ago: executing program 0 (id=353):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000720f6000000000000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000, @void, @value}, 0x94)

2m23.669880208s ago: executing program 0 (id=356):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
bpf$BPF_BTF_GET_NEXT_ID(0x7, &(0x7f00000000c0)={0x20ffffff}, 0x8)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000001440)={0xfdbc, 0x2, r2})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r2, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2b8000000000000})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000001500)={0x3}, 0x8)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000001580)=@o_path={&(0x7f00000014c0)='./file0\x00'}, 0x18)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000480), 0x10)
sendmsg$can_bcm(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)=ANY=[@ANYBLOB="0500"/15, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="000000010100ba"], 0x48}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a87013b98649805216631e20d07dff3ae567ca0d38a828542625fc6096aedc0ac5c144f0965071274bea051007e398cf9090c53d4b8b7dc784e3d83b78b007a43d744aa99d6a7c576e20b4281eff511122ccb399bcef0a0471639c81aab7445cebfc9b00b31fcbaf63086b3c16f51b593acee0b3a4830dd6af1accb15cc6163cabc01442527aa10000000000000000a4ba25997affe74ec552bf9deafbd63e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x101, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000015c0)=ANY=[@ANYRES32=r3, @ANYRES32, @ANYBLOB="360000000820008000000a00", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000002500)={&(0x7f0000001400)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000024c0)={&(0x7f00000025c0)=ANY=[@ANYBLOB="6010000001050000000000000000000005000006540201000100000009000000093604000200060073797a3000000000000000000000000000000000000000000000000000000000b9619fff70efdda90f2bb76f983d744eea612067cbab5ba6e03aeeb54db94ba7942b7d0964c0d53c5039caeb0f30aeb7ac8c73c090cf58195472e17d0104c200fbff0900010000000800000005781000030000007f0000000900000002000000010000000800050003000000ff7f00000000040000000000010000000010000000000000020000004000008000000000000100000200020001000000080000000800060001000000810000007f00ff07010000005508000005000800030000000200000006007f00010000000700000008008fd0010000000d0000000a0004000200000003000000f7ff000803000000000000002800010400000000030000000000080002000000080000000900400002000000ff0000004000020000000000001000003809080002000000ffffff7f09000300020000000200000009000500000000000a00000001005b0a000000000b0000000100370e000000000100010000007f0000000000ffffffff060008000200000000040000dc230900020000000600000004000200010000008000000084030400020000000900000005000800000000000c00000004000c00030000000300000001f0030003000000030000000300060000000000000000000200080003000000000000000800ff0f02000000fd0000000600ff0f0200000003000000f0000600020000000600000001000700030000000300000001000000000000000400000002001c0200000000040000005402010001000000050000000ee90500035e0c0073797a3100000000000000000000000000000000000000000000000000000000a72a6dc604e99090fcdbb4c87834f300ef412b24dc6b6b7760325df8806dea3b43f496f7b322d873bb949792491e85e14373961089fc964b928e0717868d6ab60b00030000000000df00000000000700000000000004000000000b0000000000cfa50000000008000000000080000000010100080000000018000000010001000200000002000000fbff2400020000000500000009000500000000000e000000c70004000200000002000000000003000000000008000000e30601000100000001000000080001800300000003000000e9ba00000000000002000000000004000200000008000000f9ff010002000000000000000104060001000000090000000000bfbf0100000006000000040002000100000001000000040009000300000001000000c8f70900010000003ef5fffff100050000000000fa3f00000000ef3cbeca20b000040000ff0009000000000046730000c9000300020000009c0f00000600ff030300000009000000230009000000000000000000ff07030002000000dcf7ffff400001000200000005000000010444b90000000001000000080001000100000037020000050000c003000000000000800800090002000000f6fffffff200725a00000000ff0700000600020001000000e3b600004000000001000000d0f8ffff06000d00010000000600000001000300020000000900000008000000020000000d0000000800030002000000130f00000800000002000000010400005402010003000000ffffffff0a0f46590500190073797a31000000000000000000000000000000000000000000000000000000003c0030d49f18ff70d3836c4ebe1d00a345c1dfa0198a5ad9c979d1ef466726fbadc423f558119586dec1e2e91b8a963f698cd89af4618662b2641bd15c2f3aca0d00060022d1832a000001002a76001002000000100000000001040001000000070000000700030001000000060000005c0b400003000000060000000400060003000000050000000000030003000000ffffffff0400030003000000fafffffff7fff8ff00000000000000005600090003000000ffffffff0d000d00030000000500000006000800ee389280720a00000300ff0f0000000005000000ff00070003000000040000000200fe750100000009000000410005000200000004000000f0008885030000000800000003000b00030000000700000002008677010000000180000002000100020000000100008016bb030001000000080000000200d40701000000e300000000040600030000007f000000fdff060000000000b10000000300632f02000000010000800200000003000000040000000800020002000000040000000200010000000000090000000180090003000000050000000104ff000300000009000000030027a003000000800000000200030003000000bf0700000400090001000000010000800100040002000000060000007fffd20003000000010000000800f8ff03000000090000000000010402000000ce0000000800400001000000bb18000003000900000000000b00000039f3001000000000000000005402010002000000020000000106080008000b0073797a300000000000000000000000000000000000000000000000000000000094ef606bd75a93484a371daeb5f21224c4956c1bf63f514e478874cb71e117febfa851b9de76022e7f0b95a34ea50b6522759d32dd73ba20a7196a58516e884c000000000100000001000000000408000000000000000000feffffff01000000020000000300ff010300000004000000080005000200000009000000ff01060001000000020000000d00ff0003000000010000006600fbff03000000ff0f0000ff000000030000000800000009000200010000000700000006005abb02000000a200000001006de801000000070000000900020003000000018000000200ff7f6e9df351060000000004060003000000040000000800ffff030000000400000009000000020000000b00000000188f0a03000000030000000001050001000000000000000d0004000100000057000000ff03090003000000002c02000200ff0f030000000400000003007f0b010000000200000009007f0002000000fd0500000200050003000000090000000900000002000000fdffffff0300ff0000000000f9ffffff900b04000100000001000000040001040000000008090000090006000300000020c4056861000000010000000900000000000800000000005c05000081000300010000000100000008000500030000000400000005000500020000000000008c0100040002000000ff000000010001040200000002000000b3f20700020000004f000000c7000500000000000200000000100e0001000000ffff00005402010000000000fffffeff7e0103000d000d0073797a3000000000000000000000000000000000000000000000000000000000e1741fc91c582b2d38865d795922756817cc5c004a2ef148748ec3dee1790fa2c3208bfab2123669b8466d24fb3ef91e7f7292f6c60e500f812f6fbd9e1f098303000500010000000100000009000300020000000500000006000600000000000900000006000a0002000000010000000100070003000000000000000d000400010000000300000003000500010000007f00000003000d0000000000050000000a000c000000000003000000080003000200000002000000ffff0100010000003000000002000e0000000000000000005d0000600000000000020000feff000802000000060000000900100000000000a092000060c1010001000000050000005a0007000200000000000100eb00ff0f01000000080000000c00000003000000040000000100fcff02000000020000000600010040d3745bffffff7fffff030003000000040000000000070000000000040000000000030000000000080000000300000003000000ffff00000900e30702000000080000000500520201000000e2000000ff00800001000000090000000000030003000000eb5f0000010018fe030000000100ffff1000090003000000070000000b000d00020000000000000005003f0000000000770000000e0000c0020000000001000078000c00010000006effffff0200050003000000050000001400080002000000010000000400080000000000060000000080010003000000ffffffff1000ad5a03000000070000005402010001000000440a0000fd02070002000e0073797a3100000000000000000000000000000000000000000000000000000000d27a868093dd28a94059e027b8132004346d590916508190d522e1e040ea5564e9b64db95d355eb1d426bdfa0007d89d40d0c5f4b28443e6b46f0fbb71ce94f30020070000000000050000001e06ae00030000000800000008002b0b01000000810000000080000003000000000000000800210001000000080000000400ff07010000000500000005000200010000002f080000010000020200000008000000ff07000102000000010000000300040001000000030000000200000000000000060000000800890a03000000020000000010004002000000010100000c00040001000000a3e5000061f8ffff0200000004000000100007000300000000000010090001800300000005000000920000fe02000000050000007f00070000000000030000001000000201000000c90f0000eeef080003000000e4f70000feff0300010000002ad80000070001010000000001000000f8ff080091823c69bf070000020000800100000008000000040009000100000000040000ff03d5f701000000ff0f00000400090001000000010000000000ffff030000000c00000001000c00020000000400000000000300030000000e000000ff01060000000000c3b9812962070a00010000005e0200003c0004000000000001f8ffff01000a00000000000010000001000200030000000800000080000e000100000006000000080006000200000007000000a80000000100000009000000f3630200020000009101000054020100000000000002000080f903000c000b0073797a3100000000000000000000000000000000000000000000000000000000b49a8d7f26a0e9fdf25e7f9f98f68e87776dbe43b5f7389dfcd89c39d7e601119266b3e157d88677c179e202fa996d0f971f73ae4b49ac0d31185b401cf825180600f8ff0100000000000100060000000100000081000000080004000300000005000000090000020200000003000000fb0df9ff01000000010000000000f7ff030000003f000000e9ff0400030000008ea700000b000200020000000800000000000100000000000500000002001ed60100000005000000050006000100000001010000010004000300000006000000990b400001000000020000000400090000000000060000009b060100020000003072000034613e0000000000faffffff01000000030000000002000007000900020000000400000000000200030000000100000057050600000000000c000000c90f020003000000010000000c00090001000000060000000600286c00000000050000005e8e02000000000064b8000002000d0001000000010000800d000500030000003f940000ac000500077c8500beb700000200000003000000460000000700030000000000dd3100000600090001000000010000000500da0000000000c4ff000001010400010000000400000090a502000300000001000000ffff0600000000000600000000000200000000000d0000000300010002000000ffffff7f0300030002000000060000000000018000000000ff070000a73ffaff00000000ff00000009006c0d030000000f000000743f37a4a11090785b0b6102edc68c73461b07f759a354d5e5a03d404b37c0c46c2bf0e1ec037f7a89f8fbf5169b88c23b69928d2855af1757f9198207a7620e439f4036dd387935cec9410bcdc8d2439a3b7295d2932807e48453c0112c9e8cc11605f991faeb6ff28a563f46ced9ca9f67"], 0x1060}, 0x1, 0x0, 0x0, 0x27ddba058da374f6}, 0x4000)
syz_usb_disconnect(r0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0xed, 0x3e, 0xc9, 0x8, 0xccd, 0xb3, 0x2dee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb0, 0x87, 0x1d}}]}}]}}, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x2, &(0x7f0000002540)=""/109, 0x6d)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f0000000300)={{}, "938cf3fc369253f6c31ab8a62012db893ae37c70e2b4ae9b7cc8f53f44a1d64d426b6e36a16da6080753966dd39648e33865e1f3259c9bcda3fc1d8ef001771531148cc0df2efe5cc45892c8c80489788c38b7b8f9ae4bd8f3435dd6eda5d3ed21fe2d8fe437ae289ea1f308446a2d5fa64547048053fbe56286f8cfc80a913c93740c650ec2d0663c9e27193f60b92994d1da8cf7e42ac30ac647b860d4c58c251127868ea2bafb871891eac93d55d7459afd5b1393f3af29f8683deaecf670918d4f5c4a6bba97b693ae31de8af809ddccdd4143d11cd0e6086e7a8478a6bd4f1f984ee212434152e26ee421360c5e29402924805a1c349a3d178188e477e2deba4ff55e728843b10f42d23d2eeecadc1ca843a24678f12e8f3b86d4f25f00f3b472a596d40c5abb20b1d6195a43284df1aa0da4bf404cc148e873e8a1d00e27c82c9b9d031baf6b7d17dfea9caccc08e3e8f1684b6ea3b5d73c6416b5e40957026c10a618e11a9adb059257223a780fc6d2ddeb29df729c3f792830b2ba0e9b0603380585c8f5f4fe32d2ac0d081f4cd6f96a49cc0a70da1ff9c52c92b7f4f9ce79a44d3727e1dd7600df3c7ff6ab0e45700248fd98dacb2e0007be069a61bbc32ff45b96e2d88d4afebcc0b45ba77709dbca8060823424eaa4465b1fbedd11b2795c89515b7cdaaf39d579907421d3d7d8d585f05f7f2cacf63a8dd19531aa911a001a7ac049a3fcf57814d8728ccd79a5d8bced288064ced56db8dd1b7d6f46ac447ddb40588b12484782882f6bf4d840334eec55495038e0a106f3dcb2981b12cc0e99b3e78f5a408a071bdb359641b6223568a78f8662fd927c8ac84058fce01f84bc4132bd6e7e5c76f23f1eecd4724fc555b45de2901b49342e707ce47efd734b9232e6c532ad4cbf7996f2737cf929d4a1536bf2128d23d323233934d897d9994728cec96ce8c1c9b50b432db1867352980f1a253a4dee85106d17a93bd55439f625377bbe374472ec6641a603c8af48577c455f8519c7c751f1ef1c836eea8d50c6bfd34b03e3a6144852aeec3e7040b3156643216799a93e1c9a32fa5d677740ebe697be97c078e3a9dacba8ec2d930d2ae9420c39e0650b4904191cd5ef447784de1413ffb3f7b1e7f8494d88ef1699ab2761fa8dccc029457f8a8c272246922da82bbf1d01d8125105f3c23f93272bcd4d25a7dcc96e7efdbaf0e5361494bdac589ec8343bc06b55a55c003f8266fcad6fc2f9f5524fd5f232d25f790923d1af6f7d946734a47756bd6e8e8ca1338bdff32faea695ee8f87bebaa018962cf050bee90af177c080ef2c1c1dca002407ebdea605d0fe77adbe63459ac22d8b33b2a9f62acda410c0887cde7c19c17e1969c276f4e667f72cfa0147aa3bcd35114d71439158c6d4cf713dc515eeb8b697c1a1decd112f755d08422127908ba76795f2dc4301a419a0e92adfa2fca664101ab61598c555c61244649efb9d48c476e6b73340c8fa95c1b3c00df5e75650c7aca8c9b85a5ad2b68ef8aac2a91141711686d69bcf065d344b18566361ad12a5115a5522f9aad36d43fc960ec25a0de875714a1a20f0a1e10bca3495bdf201bd3d11277336ec19dce8c4ec0945bc5ea65538820a4178da7f40e60a1392c7f5791b00a85e366d28802aefd8815b9b3ae6736e4e6f38adb0cac41dff70c24dffd37fd721e79c6e0188c04828fc3c4ebc653aa84d246246f1b6ccaa37b8e987823f90953a117401d2803d6dfbdbf06453b0002ff42441a5e08e1e6e7e40d3106e887d3f83d0b52be9f809a5155dee87ffdf658a0dc78fdae481a136f4a79ae224b681ba2d293187b486b89266b5f7369d894795744cdc37412c53eb6866abe59f40bb453c4d07904c86b0cf437ce074a716867ff4cc9b006e1b093de4e933e9c556d759a83e3579457acf7d13b4cad9edfd8ca919ece2718d7d480fa5833c566738d1b87d84fa86fcebe625e70a84026a859b512526272e9e00d4321274f95b560acdb63210d701a21ffecb733236d859232146bfc5600e7f79861eb1181482c6083498162a38a72cae84b5033585570bac2c1da055225dda572e1d49687fa24b6ad5fca14376b11be3e89f09b0c10d5932af0e29a1461879293eacfc877c23ef32a32fdd9ab93034684cd90e96d70000bf47664a754875acd92525c3e05d138feabe0c90dec60688a3e4e7d0b6d52615d76078e5face42483d02960f8076754f064cbe895bb3d4633c2e9b96a333e0f6edb2fed79513dc5fbec376e53134960b68b8654c05fc115e775e2a657474db505b49b49daae24e1a2ea5af200f5a2fea07b4a141de41a984d2e2e60a42cc00cc4def05f8467e8f47afabf41acf60d5c9162e64097f81fae42cf97ff5bb863bcd6d90a35102163435ed38552fd5df487e6b7d7669b870347cc2761c2c7473226b3c7a7eb3361bda893779b84ac128861448be5491d6423c39c31c1a278e25dd49a1a25707e2bc51305ccaf3b39c78b7867433576c5f0e6e98a318172d5722b70a62a1f29e16486afaf9864b4ad1e4d6d47f96684de7e449fe6c214d22ff2e1978c9930b30f224b7bc554d1c9fba3e5866a66c9a8a59fca0c385aafe71ffe4ca264f3540e2cb00946282aaacdb69b3a268742c35cf8cc0fdd56864d9d3d4b8347671f3c52cdce0e19200ad52d200579991d21676dece3196d4d2c10c641746f7b9329c29ed1e1683d6d8bd4a4cb5286c4187932c5300d7cb16f87fef70fa4307ec50962231a580f015ed69de6828a44c92a4c739e2877b5baf046b4c09f9aecd460a1596624c2afeb1c4d11ba068cada5a3cf4f702adbd17c5705d61c2cfc3920cb09ae37ab805e03d0ef52e8f20ea7ce71758d567dee35e712e283e26e975d2daa8bbf21dcd6d8de81fc1c93042dae9bf3ffbb71cd7be74187eaf8980cf29ef83019d36be7045bea02c8a6bb6a1a27a844dc6354ea7a4409aa5f557cc61c7978a16b5953cd17175c90131a685ee22d4fdca7e13db9cfb35fdaf5cb943b36ab461afda77ab17026cd6fa8e27b931e8481f347d84a3f2e2698477e77e08a7276d70f24afb70ac1179d3d768d08cdb8d95fe05f02684a1f37abf047353ee80951f59f3866ac167dd3689d96e6520a5914f70a4b5e3282db6df677418ce52dd03f5a7db5964e3c4d5958a54b38b5c642998d5fbab5775a4f5aed193abdc5d6d6897284942ed3e813d04c67164773023a48da93a15a463fcb2ea0d368debe9155cb7e978bbaad77e13194caa8357130632f33e571f24ab8e01ea505f3bed3ea364452639bdaeee38b247ac9137f94aa9563e3841552e0c01ac7e82bd46b1f9db7eec1c26a5ce180af8d49d6599a8f445184e0cbe6d22f54a400a18e2185ffea8a52d379ebc1d292306f62f83faa68a288a3e33f718275e906100d9f848b027e84a6011b340ae77c8a99fbed293873846ff8d14dc8dd4546d4dd4ff7ed5dacf70a5b4e43445d3f2853656fc6ab14fbda122fe93862955f68265b29fedb34239d9da08c06469e1bf080f49df15c6eacfaa7695c7be513733145ba9684c6018a3a25ce2ca712498768b28cc868fdef89185daaa1fbb7696ee154c53fd4660d572732a90dd3f5d464ae3ecc8d87614f6148e62ee5cb1b29d3153dac21eb7f68d51c2d378fd53ee8270d58cb3ae227adc56097ebf821b31c05cab4f77b809f2f9c80e3b62efd325d0e612e1e98d77ebd6d2e358660374fc0cacfc696903c5a3bf916917f2f6c8b08bef62d82829daac48a1d991656c3256d9f5e7981f75de0d7b76b4180d40d02dd697a34e022d6363fe52ca63cfaed8e88e551b094444b32a60e8ffde8aa3c972c9a5c6e217d531255bc9f245a27e63472170edbb33055823f502285584ae6dfed46df9ee3cad2d146c732121f93c3ee80dd4a17193c1c793cf91f617e78811b9c2e4448e2f81d11cecf331375ae7bb98a83a6906e7d1f9e3cc7827a5339da52637fecb4cd62d6cab817b04c29b349222857401c2543cf04567d3178309c9b515956106e96416d24252f27a5aa874a9ab632666835e475afed84abfa0a708c508704199b016e91c81231c6c9be59c047788cc99fcef201b63d5eb2e9b42dfbe1ed48bc016b513871cb6c5c35d554a16ed5c19f14d288865c8eaec061fb89f2ae04511a72f44b1acd75824ccf2504f95fe3ad74422d0bf74145ddad0b67ff554a601994eefa6aadd5c1ea5014deb4811eb6713e5d0faf9ee9024036f1f7c413a81714476e4eab7ffffae1d8c66897bc6955c64cef9c835f5de3c55be8233ad7cec5fd67e403066554ecb1691832bc315e60e2f31188dad56abec5d99e51c8e2d8f8a2e70c003528249a06e9b2638bac6fb1db9637decc3e1aee45b550c83009e74e18d834aa26903da14114aad4ac81bed48aabcb051b077ebe6f44e5d251a984221ef4f320aed25528f5e2469c0627f5bf6868eedae5c49f2f39647fd7824f94bc26bb961d466341177634d1cf7f3915b4f276582346c0a146e78983c5ba938985e31a6a4fb4a02421ef36ac5a2d3d0ea3df0611fe84ea4a6a066602ee1247466e54cb92daf48aa4ae7413237baf3f26153fd03b8f36c4d9ded88bcf344b3f99cdbcaec0efad5a53732fd95d48caf97147659dc9659c9c47b7562359aa75aa99c2d00b3d0272c98f43006b88d310c960b427be0c385e490b536caf41b27f435de8cd51249eebfd3b175dfa23c637fd64eff78e9a3c55c76774bc9c420d4a5b89b6816a89f2b1ad84e22067d4f49c1e9ac4883ff170c69fcd26c0b2931355c82ded18d39eb3122cd63de172ba944e1b3417c8bf5360303d0f1cbb70358076689b659c2d3641b1a07cb6df759e3310a477fc0c32e0d9ec5ac9ce58fe657e6ac0827bd5511ca9907af5c07e8d341b004549cbfc4b504ec5648db8cdd9411ce67dc412cd6a1780805cfc7c20d0145cae69cfc327e49a84ecaab7f3615dc75167911c6ec1313b8cc7a890462b1e6123e5ba055b5cd1714965f9d9023381d4d73b68fdc261e89214706a11c9f415586e93c59e4737123848f9b40f6cf01bd378386b397a5906a876d6340af5a3818e06439e09df272a50d43dd4ff7b5e4ff1e7d9e014793765dd45ac55b2495d82f4d9b9a3b1500361071d420f814a3e189b1fcc6ad4882c6c42f7e61b7c7e8fd8e54f54b43900e03a5c79987cebac078fc473772713e6fec4bf889864d716067dd3b12ce61a670bd3fbf28fcc9ec26c304dce3cf7e280c440ed076a1a0c1ad2f3c3120029a51d17906627b10f295505545f95b4846768b0ef7bff211a8d839b04754744dc3d2c7bbc44fd552f7c35d0a0a7969c4315e68ece01e0e82dc22e28332d368a8d461ee52964825d68ff77dfaee41bb77f3fe875c71135f99a2bc848dfdbf2044a0cdcd883d716febac4183ff6f37aa5ea23e312c9fd2cd39e528370139772b76e70794a9495df3ba002e38172c5d935dd5bc67de81a0e2e81482f54ab98bcd15b277a0700cb69d1f41d087ca73d7a745376815b407379d6d15291b5c6ebbbd92d2f0c3638949140e17ee92dd19b6492b29cf65204c94866c39439962b560c70ec070b658901154fffe993a2487b1e1cb69cabc195c6ad9014aebf3a4134d9dcc7cc7ac0c5c1a3a73730cccd761728da2e06bde0a6537844973d1ac7cfe8adb0e8ac3018045fbc3c203738f3d084ebafd041d949a1fe069dd1d65bab6ee3c83b043f22197f97ee4ba1fc1b2c9db188071cf92b7ff1c304fd43296e0503b9e461013b3c3"})
write$vga_arbiter(r5, 0x0, 0x15)
syz_usb_control_io$cdc_ecm(r4, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000140)=ANY=[@ANYBLOB="0017ebff0080"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x40, 0x11, 0x1a, {0x1a, 0x3, "9eeb6503f68a68df6da38f4cb4d0126faea1882002e81d1f"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001380)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="00300200000067188df1"], &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000240)={0x20, 0x80, 0x1c, {0x3, 0x5, 0x3, 0x2, 0x21, 0x1, 0x5, 0x7fffffff, 0x7, 0x2, 0x7, 0x1b2}}, &(0x7f0000000280)={0x20, 0x85, 0x4, 0x9}, &(0x7f00000002c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000001300)={0x20, 0x87, 0x2, 0x1000}, &(0x7f0000001340)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$hid(r4, 0x0, 0x0)

2m17.335578401s ago: executing program 0 (id=372):
socket(0x2, 0x3, 0xff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xc, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
socket$packet(0x11, 0x2, 0x300)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r1, 0x29, 0x24, &(0x7f0000000000)=0x1, 0x4)

2m15.592308873s ago: executing program 0 (id=377):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071119100000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

2m14.855867s ago: executing program 0 (id=379):
socket$alg(0x26, 0x5, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000080)={@host})
socket$l2tp6(0xa, 0x2, 0x73)
mknod(&(0x7f0000000040)='./file0\x00', 0x10, 0x2040000)
r1 = syz_open_dev$vim2m(0x0, 0x10007fffffff, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001280)=ANY=[@ANYBLOB="840100001800010000000000000000001d0109004d000f8025b57e35619bf282cfcd8fba0cb7f2934efacde0a223b473fe77f3e5ba760d3793b2f943b7528ea34883bc4a506cf756740574b89d396af9b59638700500000005006f88d6e1db9b2f"], 0x184}}, 0x0)
write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x20942, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
syz_io_uring_setup(0x0, &(0x7f00000002c0), 0x0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r4, 0x0, 0x61, &(0x7f0000000400)=ANY=[], &(0x7f0000000340)=0x79)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0)

1m59.755729322s ago: executing program 32 (id=379):
socket$alg(0x26, 0x5, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000080)={@host})
socket$l2tp6(0xa, 0x2, 0x73)
mknod(&(0x7f0000000040)='./file0\x00', 0x10, 0x2040000)
r1 = syz_open_dev$vim2m(0x0, 0x10007fffffff, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001280)=ANY=[@ANYBLOB="840100001800010000000000000000001d0109004d000f8025b57e35619bf282cfcd8fba0cb7f2934efacde0a223b473fe77f3e5ba760d3793b2f943b7528ea34883bc4a506cf756740574b89d396af9b59638700500000005006f88d6e1db9b2f"], 0x184}}, 0x0)
write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x20942, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
syz_io_uring_setup(0x0, &(0x7f00000002c0), 0x0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r4, 0x0, 0x61, &(0x7f0000000400)=ANY=[], &(0x7f0000000340)=0x79)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='jfs\x00', 0x0, 0x0)

41.076965839s ago: executing program 2 (id=702):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$netlink(0x10, 0x3, 0xf)
r0 = socket$inet(0xa, 0x801, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000000c000500ff000000000000000c0002000000020000000000040007800c000800000000000008000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r3, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r0], 0x90}}, 0x0)

40.642209331s ago: executing program 2 (id=704):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x0, 0x3}}]}}]}}, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x49, &(0x7f0000000040)=0x1, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
sendto$inet6(r5, &(0x7f00000001c0)="270c76408cdae1bf39e59890d1d59ed205acbb2a1468012fe4b84751c3310283842fe54fe97635c67fa9085776129cdbdf1eb2ad6015781cf1ff2b92e4ac2bc341a550b25fdfb32236e2e653c60fa3024be8c7294bcf0735a0337d8292c6f24777a9ceb71517ab6f79cb860cdb8d0b80c01c661f", 0x74, 0x10000400, &(0x7f0000000240)={0xa, 0x4e20, 0x1, @remote, 0x5}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r5, 0x29, 0x3b, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x303, 0x3a}, "c4d65ab71f5ef2fe", "9e8ecc7bb5352776725e104757e7dc25c6519a85ef828f711330ff2bb17b5508", "dc5db43f"}, 0x38)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000006c0)='/proc/schedstat\x00', 0x0, 0x0)
connect$inet(r6, &(0x7f0000000080)={0x2, 0x2, @private=0xa210101}, 0x10)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000200000408000000000000000300000000000000000000000200000000000000"], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0600000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB="000000100000000000000000d9f68a75ee9337f2", @ANYRES32=0x0, @ANYRES32=r7, @ANYBLOB="000000000100"/28], 0x48)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r9, 0x89a1, &(0x7f0000000540)='veth0_to_bond\x00')
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0, <r11=>0x0}}, {{@in=@remote}, 0x0, @in6=@private1}}, &(0x7f00000004c0)=0xe4)
r12 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)={0x3, 0x4, 0x4, 0xa, 0x0, r8, 0xfff, '\x00', 0x0, r7, 0x4, 0x2, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x12, 0xeaa, 0x75, 0xedce, 0x800, 0xffffffffffffffff, 0x5, '\x00', r10, r7, 0x2, 0x2, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x5, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xc}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffc}]}, &(0x7f0000000100)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', r10, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000580)=[r8, r8, r9, r8, 0xffffffffffffffff, r8, r8, r12, r13], &(0x7f00000007c0)=[{0x1, 0x1, 0x8, 0x2}, {0x0, 0x5, 0x8, 0x5}, {0x3, 0x2, 0x3, 0x1}, {0x3, 0x4, 0xf, 0x1}, {0x1, 0x1, 0x8, 0x3}], 0x10, 0x9, @void, @value}, 0x94)
ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f00000000c0)={@local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x200, 0x7ff, 0x1, 0x500, 0x40, 0x50101, r10})
r15 = dup(r4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
rt_sigprocmask(0x2, &(0x7f0000003940)={[0x100000001]}, &(0x7f0000004100), 0x8)
ioctl$KVM_SET_MSRS(r15, 0xc008ae88, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000093000040"])
ioctl$VHOST_VSOCK_SET_GUEST_CID(r15, 0x4008af60, &(0x7f0000000080)={@local})
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000180)=ANY=[@ANYRES64, @ANYRESHEX=r11, @ANYRES64=r14], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

36.663627542s ago: executing program 2 (id=722):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0xffa1, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
chdir(0x0)

35.7062099s ago: executing program 2 (id=724):
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
clock_gettime(0x0, &(0x7f0000001980)={<r0=>0x0, <r1=>0x0})
recvmmsg(0xffffffffffffffff, &(0x7f00000018c0)=[{{&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/231, 0xe7}], 0x1, &(0x7f00000003c0)=""/220, 0xdc}, 0x8e}, {{&(0x7f0000000200)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000180)=[{&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/227, 0xe3}], 0x2}, 0x742}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000005c0)=""/36, 0x24}, {&(0x7f0000000600)=""/16, 0x10}, {&(0x7f0000000680)=""/71, 0x47}, {&(0x7f0000000700)=""/156, 0x9c}], 0x4, &(0x7f0000000800)=""/71, 0x47}, 0x800}], 0x3, 0x40, &(0x7f00000019c0)={r0, r1+10000000}) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0900000006000000040000"], 0x48)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$MAP_UPDATE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x3ff, r3, 0x0, 0x100000000000000}, 0x38) (async, rerun: 64)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) (async)
ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03) (async)
ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x200000a) (async)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)

34.469714414s ago: executing program 3 (id=730):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250000001000000007000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="1700000055002f03020000000000000007"], 0x38}}, 0x0)

34.189313363s ago: executing program 3 (id=732):
socket(0x2, 0x3, 0xff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0xc, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
socket$packet(0x11, 0x2, 0x300)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x16000)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r1, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)

33.547020506s ago: executing program 3 (id=735):
socket(0x2, 0x3, 0xff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@local, 0x4e23, 0x0, 0x0, 0x0, 0xa, 0x80, 0x80}, {}, {}, 0x20000}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb8, 0x1d, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x40000000}, {0x0, 0x0, 0x0, 0x3}}}, 0xb8}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xc, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r1, @ANYBLOB="0000000002000000b705000008000000850000005e00000095"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$packet(0x11, 0x2, 0x300)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x4, &(0x7f00000000c0)={0x0, 0x16, 0x0, @tid=r3}, &(0x7f0000000380))
r4 = inotify_init()
r5 = dup(r4)
r6 = fanotify_init(0x200, 0x0)
mount$9p_fd(0x20100000, &(0x7f0000000080)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f0000000180)={r8, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]})

31.448705254s ago: executing program 3 (id=742):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x300}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x38, 0x12, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x1}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}}, 0x20050800)

30.888064572s ago: executing program 2 (id=743):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r2, 0x0, 0x0, 0x2000000002, 0x0)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x24, 0x1, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_MARK_MASK={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x810)
syz_open_dev$vcsn(0x0, 0x1cb1, 0x40240)
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f0000000280)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffb})
unshare(0x22020400)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x228200, 0x0)
fgetxattr(r3, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x22020600)
unshare(0x2a020400)
r4 = socket$unix(0x1, 0x5, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r5, 0x0, 0x0)
connect$unix(r4, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)

30.887772621s ago: executing program 3 (id=744):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x10}) (async)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
getpeername$packet(r2, 0x0, 0x0) (async)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), r2) (async)
ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) (async)
close_range(r0, 0xffffffffffffffff, 0x0)

30.802235549s ago: executing program 3 (id=746):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = gettid()
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x8, 0x24, 0xfff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00')
syz_usb_connect(0x5, 0x36, &(0x7f0000002d00)={{0x12, 0x1, 0x201, 0x62, 0x2e, 0xc7, 0x40, 0x499, 0x1055, 0x6f3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0xe0, 0x3, [{{0x9, 0x4, 0x65, 0x9, 0x2, 0x1a, 0x1b, 0xf2, 0x3, [], [{{0x9, 0x5, 0x9, 0x2, 0x20, 0xc, 0x8, 0xff}}, {{0x9, 0x5, 0xc, 0x12, 0x40, 0x0, 0x9, 0x9}}]}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
read$char_usb(r7, &(0x7f0000000000)=""/178, 0xb2)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(r6, &(0x7f0000000180)=[{&(0x7f0000000440)=""/106, 0x6a}], 0x1, 0x40000100, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r8, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
r9 = dup3(r3, r0, 0x0)
ioctl$NBD_DO_IT(r9, 0xab03)
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0, 0x5f, 0x30, 0x61]}}, 0x0, 0x42, 0x0, 0x400001, 0x0, 0x0, @void, @value}, 0x28)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000000c0)={<r11=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r10, 0x4010641c, &(0x7f0000000140)={r11, &(0x7f0000000300)=""/212})
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0)

30.576388011s ago: executing program 2 (id=747):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = gettid()
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x8, 0x24, 0xfff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00')
syz_usb_connect(0x5, 0x36, &(0x7f0000002d00)={{0x12, 0x1, 0x201, 0x62, 0x2e, 0xc7, 0x40, 0x499, 0x1055, 0x6f3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0xe0, 0x3, [{{0x9, 0x4, 0x65, 0x9, 0x2, 0x1a, 0x1b, 0xf2, 0x3, [], [{{0x9, 0x5, 0x9, 0x2, 0x20, 0xc, 0x8, 0xff}}, {{0x9, 0x5, 0xc, 0x12, 0x40, 0x0, 0x9, 0x9}}]}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
read$char_usb(r7, &(0x7f0000000000)=""/178, 0xb2)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(r6, &(0x7f0000000180)=[{&(0x7f0000000440)=""/106, 0x6a}], 0x1, 0x40000100, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r8, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
r9 = dup3(r3, r0, 0x0)
ioctl$NBD_DO_IT(r9, 0xab03)
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0, 0x5f, 0x30, 0x61]}}, 0x0, 0x42, 0x0, 0x400001, 0x0, 0x0, @void, @value}, 0x28)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000000c0)={<r11=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r10, 0x4010641c, &(0x7f0000000140)={r11, &(0x7f0000000300)=""/212})
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0)

15.553729712s ago: executing program 33 (id=746):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = gettid()
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x8, 0x24, 0xfff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00')
syz_usb_connect(0x5, 0x36, &(0x7f0000002d00)={{0x12, 0x1, 0x201, 0x62, 0x2e, 0xc7, 0x40, 0x499, 0x1055, 0x6f3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0xe0, 0x3, [{{0x9, 0x4, 0x65, 0x9, 0x2, 0x1a, 0x1b, 0xf2, 0x3, [], [{{0x9, 0x5, 0x9, 0x2, 0x20, 0xc, 0x8, 0xff}}, {{0x9, 0x5, 0xc, 0x12, 0x40, 0x0, 0x9, 0x9}}]}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
read$char_usb(r7, &(0x7f0000000000)=""/178, 0xb2)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(r6, &(0x7f0000000180)=[{&(0x7f0000000440)=""/106, 0x6a}], 0x1, 0x40000100, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r8, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
r9 = dup3(r3, r0, 0x0)
ioctl$NBD_DO_IT(r9, 0xab03)
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0, 0x5f, 0x30, 0x61]}}, 0x0, 0x42, 0x0, 0x400001, 0x0, 0x0, @void, @value}, 0x28)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000000c0)={<r11=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r10, 0x4010641c, &(0x7f0000000140)={r11, &(0x7f0000000300)=""/212})
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0)

15.407996629s ago: executing program 34 (id=747):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
r5 = gettid()
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0x8, 0x24, 0xfff, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00')
syz_usb_connect(0x5, 0x36, &(0x7f0000002d00)={{0x12, 0x1, 0x201, 0x62, 0x2e, 0xc7, 0x40, 0x499, 0x1055, 0x6f3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0xe0, 0x3, [{{0x9, 0x4, 0x65, 0x9, 0x2, 0x1a, 0x1b, 0xf2, 0x3, [], [{{0x9, 0x5, 0x9, 0x2, 0x20, 0xc, 0x8, 0xff}}, {{0x9, 0x5, 0xc, 0x12, 0x40, 0x0, 0x9, 0x9}}]}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
read$char_usb(r7, &(0x7f0000000000)=""/178, 0xb2)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
preadv(r6, &(0x7f0000000180)=[{&(0x7f0000000440)=""/106, 0x6a}], 0x1, 0x40000100, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
preadv(r8, &(0x7f0000000200)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
r9 = dup3(r3, r0, 0x0)
ioctl$NBD_DO_IT(r9, 0xab03)
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20800, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0, 0x5f, 0x30, 0x61]}}, 0x0, 0x42, 0x0, 0x400001, 0x0, 0x0, @void, @value}, 0x28)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000000c0)={<r11=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r10, 0x4010641c, &(0x7f0000000140)={r11, &(0x7f0000000300)=""/212})
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x0, 0x0, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x0)

11.320178284s ago: executing program 1 (id=822):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380), 0x0, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000440), 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)=',', 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)
getsockopt$inet_opts(r3, 0x0, 0x4, 0x0, &(0x7f00000000c0))

10.359877254s ago: executing program 1 (id=823):
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, 0x0, &(0x7f0000001300), 0x0, &(0x7f0000000200)=ANY=[])
read$FUSE(r0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c00000010000304000000000000000004000000", @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000100000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)

10.047739499s ago: executing program 1 (id=824):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000080)=0xfffffff7, 0x4)
r1 = socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fff, &(0x7f0000006680))
socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000002e80)={0x0, 0x2c, &(0x7f0000002e40)=[@in={0x2, 0x4e20, @broadcast}, @in6={0xa, 0x4e23, 0x9, @mcast1, 0x9}]}, &(0x7f0000002ec0)=0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
getsockopt$inet6_int(r1, 0x29, 0x3e, 0x0, &(0x7f0000000040))
recvmmsg(r0, &(0x7f0000002a40)=[{{&(0x7f0000000000)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000780)=[{&(0x7f00000000c0)=""/208, 0xd0}, {&(0x7f0000000280)=""/147, 0x93}, {&(0x7f0000000340)=""/195, 0xc3}, {&(0x7f0000000440)=""/231, 0xe7}, {&(0x7f0000000540)=""/217, 0xd9}, {&(0x7f0000000640)=""/161, 0xa1}, {&(0x7f00000001c0)=""/111, 0x6f}, {&(0x7f0000000700)=""/125, 0x7d}], 0x8, &(0x7f0000000800)=""/164, 0xa4}, 0x3}, {{&(0x7f00000008c0)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000b00)=[{&(0x7f0000000940)=""/244, 0xf4}, {&(0x7f0000000a40)=""/141, 0x8d}], 0x2, &(0x7f0000000b40)=""/96, 0x60}, 0xfffffff0}, {{&(0x7f0000000bc0)=@in={0x2, 0x0, @multicast2}, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000c40)=""/140, 0x8c}, {&(0x7f0000000d00)=""/21, 0x15}], 0x2}, 0x4}, {{&(0x7f0000000d80)=@rc, 0x80, &(0x7f0000000e40)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000000e00)=""/7, 0x7}], 0x2, &(0x7f0000000e80)=""/134, 0x86}, 0x7}, {{&(0x7f0000000f40)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000002300)=[{&(0x7f0000001000)=""/245, 0xf5}, {&(0x7f0000001100)=""/95, 0x5f}, {&(0x7f0000002200)=""/203, 0xcb}, {&(0x7f0000001180)=""/3, 0x3}], 0x4, &(0x7f0000002340)=""/67, 0x43}, 0x9}, {{&(0x7f00000023c0)=@isdn, 0x80, &(0x7f0000002480)=[{&(0x7f0000002440)=""/36, 0x24}], 0x1}, 0x40}, {{&(0x7f00000024c0)=@rc, 0x80, &(0x7f00000026c0)=[{&(0x7f0000002540)=""/143, 0x8f}, {&(0x7f0000002600)=""/168, 0xa8}], 0x2, &(0x7f0000002700)=""/39, 0x27}, 0x9}, {{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000002740)=""/168, 0xa8}, {&(0x7f0000002800)=""/214, 0xd6}, {&(0x7f0000002900)=""/4, 0x4}], 0x3, &(0x7f0000002980)=""/154, 0x9a}, 0x101}], 0x8, 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000002c40)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
sendmsg$nl_generic(r2, &(0x7f0000002e00)={&(0x7f0000002c80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000002dc0)={&(0x7f0000002cc0)={0xf4, 0x2b, 0x8, 0x70bd26, 0x25dfdbfc, {0x20}, [@typed={0x14, 0x130, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @generic="d1c7c29f7380399ff7a2ad4268be8ab1382afc3b899a71e8818b3a80", @generic="d4feb831d3d8225baa3fd7f024e3ad9a75c0537bc9a96a68a03f2c1636969f20fb759edf1c48faae47626c4953557c028fb210bb150087561ec90692db5267ab37057635b0dd22d7af4ffc93d2c157de4642b2fa96ad64ac11aae51b578a9076221f33d9c44e410f10c0c419d4ba4eac7bcca1698f8c149896eb8023933a1fee4834c1e116927b9dd325f4d1629248fbbbb2384d87311d31b9695cba19be1f9973", @generic="26d9b85c081445b52db18a5b"]}, 0xf4}, 0x1, 0x0, 0x0, 0x4080}, 0x40815)
syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f0002000000090505"], 0x0)
sendmmsg$inet6(r0, &(0x7f0000000fc0)=[{{&(0x7f0000000240)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="24000000000000002900000032000000ff050000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="000000001800"], 0x40, 0x7ffffff7}}], 0x1, 0x20004080)

7.42925229s ago: executing program 5 (id=830):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000002700000000000000791200000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

7.364115443s ago: executing program 1 (id=831):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380), 0x0, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000440), 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)=',', 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)
getsockopt$inet_opts(r3, 0x0, 0x4, 0x0, &(0x7f00000000c0))

6.854918854s ago: executing program 5 (id=832):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) (async)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @rand_addr=0x64010102}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000280)=ANY=[@ANYBLOB="e0000002ac1414aa00"], 0x1c) (async)
syz_emit_ethernet(0x36, &(0x7f0000000740)=ANY=[@ANYBLOB="0180c2000b00000000000500000045000000029078000000e4d5000000000000000500000200010001000000000017cace000000b70000000000c9eb5474dd398ff3a06ec570d066cedb8e9a19818ca5a58864277de17d0804d4288e9337a27f7fbe0000000000"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$alg(0x26, 0x5, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) (async)
r5 = accept$alg(r1, 0x0, 0x0)
write$binfmt_script(r5, &(0x7f0000000600), 0xfec8) (async)
recvmmsg(r5, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000c0010002000040"])
r9 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r9, 0xc0045627, &(0x7f0000000000)=0x2) (async)
ioctl$VIDIOC_S_STD(r9, 0x40085618, &(0x7f0000000080)=0x3200e0)
socket$nl_generic(0x10, 0x3, 0x10)

6.13187338s ago: executing program 1 (id=833):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x400, 0x0)
unshare(0x2040400)
socket(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_lsm={0x1d, 0x3, &(0x7f00000008c0)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x2e, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x20)
mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x200000f, 0x11, r2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000000)=0x4000)
pselect6(0x40, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x0, 0x40, 0x8, 0x200, 0x1}, 0x0, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r4, r3, 0x2, 0x0, @void}, 0x10)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={<r7=>0x0, @dev, @broadcast}, &(0x7f0000000280)=0xc)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000340)={'tunl0\x00', &(0x7f00000002c0)={'ip_vti0\x00', r7, 0x0, 0x7800, 0x1, 0x0, {{0xd, 0x4, 0x0, 0x0, 0x34, 0x67, 0x0, 0x80, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100, {[@generic={0x88, 0xb, "d88cd6921ba4dfc7d5"}, @timestamp={0x44, 0xc, 0x8a, 0x0, 0xe, [0x6, 0x832]}, @timestamp={0x44, 0x8, 0x14, 0x0, 0x8, [0x2]}]}}}}})
bpf$LINK_DETACH(0x22, &(0x7f0000000380)=r5, 0x4)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f00000002c0), 0xed)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x9, 0x4000010, r8, 0x54ddc000)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000070961c40e90f55dbfb69010203010902120001000000000904f40000d4cb5c001b2c228a5d105c10b160545d7a044860a4562435403c57a9ca729f03ff94d0aea28de1613d0412510272b5ac3288a661a0986eb2a0bea23c6773fa9c63ccd80833e116862c230462bd3996dd261759f4dd4098de354e3cfca089c6b358fb17a91f7380b234e653ca74e4e8"], 0x0)
r10 = eventfd(0x2)
ioctl$SNDCTL_DSP_SUBDIVIDE(r8, 0xc0045009, &(0x7f0000000480)=0x7)
ioctl$KVM_IOEVENTFD(r9, 0x40a0ae49, &(0x7f0000000000)={0x4, 0x0, 0x0, r10, 0x100000})

4.951883206s ago: executing program 5 (id=835):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x40000, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1, 0x5}, {@dev, 0x659}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8000}, {@broadcast}, {@multicast1, 0xffd1fc}, {@private=0xfffffffd, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x4, 0x3, 0x0, [{@remote, 0xffffffff}, {@private=0xa010101, 0xfffffffe}, {@empty}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@multicast1, @loopback]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x0, 0x3}, 0x10)
recvmmsg(r4, &(0x7f0000004e40)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)=""/87, 0x57}], 0x1}}], 0x1, 0x0, &(0x7f0000005000)={0x0, 0x3938700})
r5 = memfd_secret(0x80000)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000500)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000013000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="00000000871006001c001a8018000480140009800800020000000000080001"], 0x3c}}, 0x0)
syz_io_uring_setup(0x4061, &(0x7f0000000100)={0x0, 0x24b2, 0x400, 0x0, 0x72, 0x0, r5}, 0x0, 0x0)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r7)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r9=>0x0]}, &(0x7f0000000240)=0x8)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r10, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r10, 0x84, 0x6f, &(0x7f0000000000)={<r11=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}}]}, &(0x7f00000003c0)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r10, 0x84, 0x85, &(0x7f0000000000)={r11, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
syz_emit_ethernet(0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="0180c200000050a245d5cde0080045000028000000000002907800000000ffffffff000000000000000a000100010000000000000000f00792b58ca73477741876be08feba2bde5c175a80dea4f3500c7729dbc25b766149dba1ce52c020fc483617d9632eb175cb2ec8395c22eaa4c645143f3b8b63db718cc7f1fc424e6f4474cd7d9003ff669780be84e3555ded4c003c88c396623e4bd16660fedd5c9a87756e29d3f2989157742faed68f07c697f1b04d79e850e404a3ac26f5632e"], 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000280)={r11, @in={{0x2, 0x0, @empty}}, 0x0, 0x6c1c, 0x40000000, 0x8, 0x2c}, 0x9c)
sendmsg$inet_sctp(r7, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x00', @ANYRES32=r9], 0x20, 0x6044}, 0x6)

4.583040566s ago: executing program 4 (id=837):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x1e9002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f"})
write$sndseq(r0, &(0x7f0000001200)=[{0x5, 0x3, 0x0, 0x0, @tick=0x21e639, {}, {}, @raw8={"14104da2c4516b845be2d30c"}}], 0x1c)

4.220129453s ago: executing program 4 (id=838):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="316f825a3d29f96a392ea917017b4cd300000000bee700d6dd1fb41a20baf7f7343067fd40cdd4f16742e94b000000005d0200b7f3028100ae8180db94b9de7456ae62b0e61861f615947de10ae3c4fa199fb5fe7766a0842912179154a96fa88e161d861e77a486e10d1d1d0b90c8997e6917226fe4bb5d77e85706336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d186ac9b2382a75ac68920ca3d542aece1ba7920a8f39b270458224e74a22fa1db2f647b55a4f113a476c5902ef0b35491d6cbe8a9ed5555060d3c3477891029d4a03c922", 0xe8}, {&(0x7f0000000f00)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df28a3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25cb51279b18c8e5bfbc52152be37f5e2b783e2149be25180430a", 0x80}, {&(0x7f0000000800)="6a8fa35a5ac69c3f3504610b7a65154b8a319d412cae86d445126356a7ea73e2cc685d4a2c125a1898bb727147075b79a19e162ca01c17cdb0398d7303a2955433e8f9de6d144dddc2ca170b10d505c3eb024dcacee0c139b5a9044f1f3a0fd4e958406a6ba551087ed89e2312e678f38707c8f37e5c8fe3cb977b7035046ea60fc263c1f72c13c1c7be3f14407e96c832dd5b10a03966185a38402e2cf26722ddeb0e262b9354a7db169109b0adec288e14e03b42147a29ba7f26c6886c05bea9ef56a3bb171e67a92b838a19c3a646fbd5bc79dadd977983eb0587e61bbc7a2d3f3fc63e5704464ed8e57027a8dc835d5f71cf96a13d0a6440492610145b7f71a28bbc1834493d9c63412a741186a0d3a3d18e00f622045954020e1d4bf3c51439ec5ea6c35004bb016ec740a9c2bbccd7daec478949021a69ce9a14bcff85d518579526d616f3ed024cf414e6673b800dc8e6d690b48d3c7430cdd4f51fa4707cad5d91f17a4bd1d72839f8cc3e155239b30c9fca6ac331621f45ae30b730736915456dd4e252c41449f33b07009c3d66163e23d1cabd19c8060364d5739f93af6a370c37780ae15b6d03d1", 0x1ad}], 0x3}}], 0x1, 0x0) (async)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)

4.169664058s ago: executing program 4 (id=839):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = epoll_create(0x5)
epoll_wait(r3, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x2)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x300, r4, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[], 0x50}, 0x1, 0xba01}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, &(0x7f00000000c0)={0x49e, 0x4, 0x5, 0x3, 0x6})

3.855724877s ago: executing program 4 (id=840):
io_uring_setup(0x1729, &(0x7f0000000280)={0x0, 0xeac5, 0x800, 0x400003, 0xc9})
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x1, 0x1, @thr={&(0x7f0000000000)="124308ed468d03eea9f828fec57deb1c780d5bd7bfb4b575eb1d7b94f5ee44c3b39ae5585c5c", &(0x7f0000000300)="a631dfda608e4c84fc7f56d692127ace5ba9c8da0453eb6ddfe3935847305394ed960b4fc366126485ff3d1ce72dc891898fe7c5c4117f921876d1338f56183f965b30a04a2c32b6581fafec7a9a6f"}}, &(0x7f0000000200))
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="58010000100011050000000000000000fe8000000000000000000000000000bb0000000000000000000000000000000100"/62, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000069a484107a148a814eaaf052426b848400000000000025bd7000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200017000100000000000000000000008beca5d471f56a19d7c940fd8c3054aa005cf70bbe0c618dbbb6c060ddc8026554312f611f63be7d7f84b25abb988730994d213fd89b117378272039912a68202881d4dd66f5de1f2985c4374d4c84abdd76e712526e53d25ed577186890f6ff557f0b504d414696e6ea0cfded1c2291280b517da9051f8d44b33aeac1f2c4cea45ecf2346ea8f7f9436081fdc2291f52de7182708caae63bac0ef49e47d6ca941e09f072cc98341666a8bbd"], 0x158}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="85000000600000009c0000000000200025000000fffffff19500000d000000004bea11fade2d6950bdaebf39f5d5e2c5dec1e666c3a573"], &(0x7f0000000040)='GPL\x00', 0x2, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f00000001c0)=0x9, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00B\x00', "006e34e400"}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
connect$inet6(r1, &(0x7f0000000300)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0xd1, &(0x7f0000000080), 0x4)

3.783074776s ago: executing program 5 (id=841):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key(&(0x7f0000000280)='encrypted\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380), 0x0, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000440), 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)=',', 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)
getsockopt$inet_opts(r3, 0x0, 0x4, 0x0, &(0x7f00000000c0))

2.690594409s ago: executing program 5 (id=842):
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xef032e26)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
getpeername(r3, &(0x7f0000000300)=@pptp={0x18, 0x2, {0x0, @initdev}}, &(0x7f0000000040)=0x80)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xd23}, 0x18}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES64=r0, @ANYBLOB="00000000000000005c001280110001006272696467655f736c6176650000000044000580050009000000000005002000010000000500"], 0x7c}}, 0x0)

2.480751971s ago: executing program 6 (id=800):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x2, 0x2, 0x1, 0x0, [@mcast2]}, 0x18)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x5411, &(0x7f0000000100)={'wlan0\x00'})
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)={0x118, r3, 0x10, 0x70bd27, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}]}, 0x118}, 0x1, 0x0, 0x0, 0x8000}, 0x40040)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040))
io_setup(0x2007, &(0x7f0000000200)=<r4=>0x0)
r5 = eventfd2(0x0, 0x0)
io_submit(r4, 0x2, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r5}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f00000001c0)="5f18ab32505b5506", 0x8}])
write$binfmt_misc(r0, &(0x7f0000000080)="c0402ca68bc5b866f927fc2e0ccedb94ec340c03e52ead6f0dab9d5528df7f2ee124ee37556462b5c2", 0x29)
shutdown(r0, 0x0)

2.400036453s ago: executing program 1 (id=843):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$igmp(0x2, 0x3, 0x2)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x200000000006, 0xc2, 0x0, 0x7ffc0002}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
keyctl$describe(0x6, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000540)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00')
preadv(r5, &(0x7f0000000340)=[{&(0x7f0000000380)=""/106, 0x6a}], 0x1, 0x4, 0x9)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r6 = gettid()
timer_create(0x2, &(0x7f0000000180)={0x0, 0x1e, 0x4, @tid=r6}, &(0x7f00000000c0))
timer_settime(0x0, 0x1, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000500)={<r7=>r0})
r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffffffffe]}, 0x8, 0x0)
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010003000000ff80835018400001020301090224000101ec00020904000802030102bc09210004000122d908090581030004cc090d"], &(0x7f00000004c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x81, 0xd, 0x4, 0x8, 0x4}, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="055d2e2c420f00010a1003020e000000000000000000000033caa175314cbd254b"], 0x3, [{0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x380a}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x41f}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x4c0a}}]})
readv(r8, &(0x7f0000000000)=[{&(0x7f0000002480)=""/231, 0xe7}], 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r9=>0x0})
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000004ee3cdf961d4575dee4a948cfa1e9889d646f8f20c4284585bc0cee87efaf58907189232"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r9, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x28, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000006540000000c0a01010000000000000000010000000900020073797a32000000002800038024000080090026400000000018000b80140001800a0001006c696d697400000004fe02800900010073797a30", @ANYRESOCT=r1, @ANYRESDEC, @ANYBLOB="3cb2789b36c9519e88c95dd74c656b958c56b9c66feaae98336230268a0775de28e65c2bb2bf91c438427ce43e95d55f6040f5ed094e59e18dfdc1d71fe2ca4d115c17c61e7f3ae7d4ccc58e4c277233920d0813da18856bbad6ead756ac523282dc3ac79bec6a781362541bdab9b9bf750c117c3038956fa4c36a4dfe2fe349f2717bca0ab061fbd181b1eb3a0e7eb34230c8974cff85e28d90c9c303439dac54fc5a8120ddff38236b5cd4c4a11536ca0894591f5971237ef7056d9ba8df678c7832a5e7346f9720e39ceedbae", @ANYRES8=r7, @ANYRES32=r10, @ANYRESOCT=r8, @ANYRESHEX=0x0, @ANYRES16=r9], 0xd8}}, 0x0)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESHEX=r4, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1414bb0000000000000000fdffffffffffffff32000000fe88000000000000000000000000000100000000000000d62b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000400000000000000000070001200726663343130362867636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000200100004000"/237], 0x160}}, 0x0)

2.295860422s ago: executing program 7 (id=801):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r2, 0x0, 0x0, 0x2000000002, 0x0)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd) (fail_nth: 4)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x12, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x24, 0x1, 0x1, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@CTA_MARK_MASK={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x810)
syz_open_dev$vcsn(0x0, 0x1cb1, 0x40240)
ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f0000000280)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffb})
unshare(0x22020400)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x228200, 0x0)
fgetxattr(r3, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x22020600)
unshare(0x2a020400)
r4 = socket$unix(0x1, 0x5, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r5, 0x0, 0x0)
connect$unix(r4, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)

1.715092466s ago: executing program 7 (id=844):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x40, 0x7fff0000}]})
lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x18000000000002a0, 0xd, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563", 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x57, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet(0x2, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r4, 0x3)
r5 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r6 = accept4(r4, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000002500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000001500), 0x588, 0x0)

1.280505071s ago: executing program 6 (id=845):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x200000c, 0x30, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, &(0x7f0000000140)=0x2, 0x0, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f00000002c0)=0x7e)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r5 = gettid()
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0)
write$rfkill(r6, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1}, 0x8)
write$rfkill(r6, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

1.156061293s ago: executing program 4 (id=846):
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x3882868, &(0x7f0000000340)={'trans=unix,', {[{@msize={'msize', 0x3d, 0x5}}, {@ignoreqv}, {@msize={'msize', 0x3d, 0x4b387188}}, {@dfltuid}, {@nodevmap}, {@nodevmap}, {@loose}, {@uname={'uname', 0x3d, '-,^+'}}, {@access_uid}], [{@smackfshat={'smackfshat', 0x3d, '+---('}}]}})

240.383591ms ago: executing program 6 (id=847):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="034886dd090032000300300045006000000001002f0081e903000000f63b00000022eb007d01ff02000000000000000000000000000199"], 0xfdef)

83.784659ms ago: executing program 4 (id=848):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = epoll_create(0x5)
epoll_wait(r3, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x9, 0x2)
r4 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x300, r4, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[], 0x50}, 0x1, 0xba01}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
ioctl$FS_IOC_FSGETXATTR(r4, 0x801c581f, &(0x7f00000000c0)={0x49e, 0x4, 0x5, 0x3, 0x6})

0s ago: executing program 5 (id=849):
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x1, 0xff, 0x1f})
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0)
read$midi(r0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111)
ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x40008, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0xefff, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a0104000000000000000001f5ff0008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)

kernel console output (not intermixed with test programs):

fc00000
[  166.954321][   T29] audit: type=1326 audit(1733680253.187:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.3.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5c77fed9 code=0x7fc00000
[  166.975599][    C0] vkms_vblank_simulate: vblank timer overrun
[  166.982508][   T29] audit: type=1326 audit(1733680253.187:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7091 comm="syz.3.363" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5c77fed9 code=0x7fc00000
[  167.163382][ T7116] netlink: 'syz.2.367': attribute type 1 has an invalid length.
[  167.171196][ T7116] netlink: 224 bytes leftover after parsing attributes in process `syz.2.367'.
[  167.409924][ T7118] dccp_invalid_packet: P.Data Offset(0) too small
[  167.740272][ T7119] input: syz0 as /devices/virtual/input/input10
[  167.760113][ T5870] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  167.792197][ T5870] usb 1-1: USB disconnect, device number 6
[  168.009160][  T972] usb 2-1: new low-speed USB device number 10 using dummy_hcd
[  168.208842][  T972] usb 2-1: Invalid ep0 maxpacket: 32
[  168.875621][  T972] usb 2-1: new low-speed USB device number 11 using dummy_hcd
[  170.208774][  T972] usb 2-1: Invalid ep0 maxpacket: 32
[  170.214480][  T972] usb usb2-port1: attempt power cycle
[  170.375653][ T7149] netlink: 288 bytes leftover after parsing attributes in process `syz.0.379'.
[  170.845349][  T972] usb 2-1: new low-speed USB device number 12 using dummy_hcd
[  171.052748][  T972] usb 2-1: device descriptor read/8, error -71
[  171.292535][ T7161] netlink: 'syz.1.382': attribute type 1 has an invalid length.
[  171.300372][ T7161] netlink: 224 bytes leftover after parsing attributes in process `syz.1.382'.
[  172.061412][ T7166] input: syz0 as /devices/virtual/input/input11
[  173.235692][ T7187] netlink: 4 bytes leftover after parsing attributes in process `syz.4.388'.
[  173.526941][ T7195] netlink: 288 bytes leftover after parsing attributes in process `syz.1.392'.
[  173.791821][ T7197] blk_print_req_error: 56 callbacks suppressed
[  173.791877][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.807234][ T7197] buffer_io_error: 55 callbacks suppressed
[  173.807286][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.845113][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.854407][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.863590][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.872746][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.883364][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.892663][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.903871][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.913281][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.923370][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.932796][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.943127][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.952475][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.962189][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.971561][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  173.980399][ T7197] ldm_validate_partition_table(): Disk read failed.
[  173.988349][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  173.997668][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  174.007274][ T7197] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  174.016607][ T7197] Buffer I/O error on dev nbd1, logical block 0, async page read
[  174.026616][ T7197] Dev nbd1: unable to read RDB block 0
[  174.039275][ T7197]  nbd1: unable to read partition table
[  174.525736][ T7205] netlink: 'syz.2.394': attribute type 1 has an invalid length.
[  174.533609][ T7205] netlink: 224 bytes leftover after parsing attributes in process `syz.2.394'.
[  175.416519][ T7210] netlink: 84 bytes leftover after parsing attributes in process `syz.2.398'.
[  176.369383][ T7221] input: syz0 as /devices/virtual/input/input12
[  176.639022][   T25] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  176.721372][ T7228] [U] 
[  176.797771][   T25] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  176.812208][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  176.888309][   T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  176.958037][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.968838][   T25] usb 4-1: Product: syz
[  176.973054][   T25] usb 4-1: Manufacturer: syz
[  176.986399][   T25] usb 4-1: SerialNumber: syz
[  177.040938][   T25] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  178.752904][   T25] usb 4-1: USB disconnect, device number 9
[  178.789948][ T7251] netlink: 'syz.1.410': attribute type 29 has an invalid length.
[  178.800281][ T7251] netlink: 'syz.1.410': attribute type 29 has an invalid length.
[  178.815264][ T7251] netlink: 500 bytes leftover after parsing attributes in process `syz.1.410'.
[  178.942644][ T7252] netlink: 'syz.3.409': attribute type 1 has an invalid length.
[  178.950419][ T7252] netlink: 224 bytes leftover after parsing attributes in process `syz.3.409'.
[  180.528901][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  181.458962][    T9] usb 5-1: Using ep0 maxpacket: 8
[  181.468426][ T7264] netlink: 'syz.4.413': attribute type 5 has an invalid length.
[  184.284417][ T7281] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  184.640105][ T7296] netlink: 'syz.2.421': attribute type 1 has an invalid length.
[  184.647858][ T7296] netlink: 224 bytes leftover after parsing attributes in process `syz.2.421'.
[  185.795708][ T5818] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  185.805506][ T5818] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  185.817792][ T5818] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  185.827194][ T5818] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  185.835833][ T5818] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  185.843402][ T5818] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  186.294681][ T7305] chnl_net:caif_netlink_parms(): no params data found
[  186.433027][ T5823] Bluetooth: hci0: command 0x0406 tx timeout
[  186.444949][ T5823] Bluetooth: hci2: command 0x0406 tx timeout
[  186.457680][ T5823] Bluetooth: hci4: command 0x0406 tx timeout
[  186.468498][ T5823] Bluetooth: hci1: command 0x0406 tx timeout
[  186.476650][ T5823] Bluetooth: hci3: command 0x0406 tx timeout
[  187.208757][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  187.217356][    T9] usb 5-1: unable to read config index 0 descriptor/start: -32
[  187.225092][    T9] usb 5-1: chopping to 0 config(s)
[  187.230349][    T9] usb 5-1: can't read configurations, error -32
[  187.258800][    T8] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  187.357990][ T7305] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.369788][ T7305] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.377032][ T7305] bridge_slave_0: entered allmulticast mode
[  187.394493][ T7305] bridge_slave_0: entered promiscuous mode
[  187.401445][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  187.408660][ T7305] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.416516][ T7305] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.421015][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  187.430295][ T7305] bridge_slave_1: entered allmulticast mode
[  187.434918][    T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[  187.449865][ T7305] bridge_slave_1: entered promiscuous mode
[  187.465502][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  187.477980][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  187.488574][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  187.512860][    T8] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[  187.531453][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.540277][    T9] usb 5-1: device descriptor read/64, error -32
[  187.550063][ T7305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.555174][    T8] usb 2-1: Product: syz
[  187.572310][    T8] usb 2-1: Manufacturer: syz
[  187.575352][ T7305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.577245][    T8] usb 2-1: SerialNumber: syz
[  187.594325][    T8] usb 2-1: config 0 descriptor??
[  187.599504][ T5844] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  187.653032][    T8] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90)
[  187.668630][    T9] usb usb5-port1: attempt power cycle
[  187.713402][    T8] imon 2-1:0.0: unable to initialize intf0, err -90
[  187.730759][    T8] imon:imon_probe: failed to initialize context!
[  187.737136][    T8] imon 2-1:0.0: unable to register, err -19
[  187.759461][ T5844] usb 4-1: Using ep0 maxpacket: 16
[  187.842768][ T5844] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  187.861877][ T5844] usb 4-1: config 0 has no interface number 0
[  187.872007][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  187.885225][ T5844] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0xD has invalid maxpacket 512, setting to 64
[  187.892669][ T7305] team0: Port device team_slave_0 added
[  187.896751][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  187.913146][ T5844] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  187.924285][ T5827] Bluetooth: hci5: command tx timeout
[  187.934738][ T5844] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0xE has invalid maxpacket 512, setting to 64
[  187.946851][ T5844] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  187.948919][ T7305] team0: Port device team_slave_1 added
[  187.976482][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  188.047036][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has a duplicate endpoint with address 0x5, skipping
[  188.047165][ T7305] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.065177][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has an endpoint descriptor with address 0x21, changing to 0x1
[  188.096977][ T7305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.102168][    T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  188.122982][    C0] vkms_vblank_simulate: vblank timer overrun
[  188.138435][ T7305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.146855][ T5844] usb 4-1: config 0 interface 231 altsetting 0 endpoint 0x1 has invalid maxpacket 53326, setting to 64
[  188.166900][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has a duplicate endpoint with address 0x8, skipping
[  188.186844][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  188.197996][ T5844] usb 4-1: config 0 interface 231 altsetting 0 has 16 endpoint descriptors, different from the interface descriptor's value: 15
[  188.235804][ T7305] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.259863][ T5844] usb 4-1: New USB device found, idVendor=0403, idProduct=cc4a, bcdDevice=b5.23
[  188.287109][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.298926][ T7305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.324832][    C0] vkms_vblank_simulate: vblank timer overrun
[  188.350769][ T5844] usb 4-1: Product: syz
[  188.354995][ T5844] usb 4-1: Manufacturer: syz
[  188.365484][ T5844] usb 4-1: SerialNumber: syz
[  188.368790][ T7305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.157234][    T9] usb 5-1: device not accepting address 8, error -71
[  189.178992][ T5844] usb 4-1: config 0 descriptor??
[  189.184950][ T7324] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  189.338247][ T5871] usb 2-1: USB disconnect, device number 14
[  189.413687][ T7305] hsr_slave_0: entered promiscuous mode
[  189.427864][ T7305] hsr_slave_1: entered promiscuous mode
[  189.430438][ T7324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.477981][ T7305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  189.500548][ T7324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.518647][ T7305] Cannot create hsr debugfs directory
[  189.527782][ T5844] ftdi_sio 4-1:0.231: FTDI USB Serial Device converter detected
[  189.542411][ T5844] ftdi_sio ttyUSB0: unknown device type: 0xb523
[  189.605842][ T7340] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.998936][ T5827] Bluetooth: hci5: command tx timeout
[  190.076316][ T5844] usb 4-1: USB disconnect, device number 10
[  190.209513][ T5844] ftdi_sio 4-1:0.231: device disconnected
[  190.912498][ T7305] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  191.795362][ T7305] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  191.805381][ T7305] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  191.825826][ T7305] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  191.927216][ T7357] mmap: syz.3.440 (7357) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  192.083067][ T5827] Bluetooth: hci5: command tx timeout
[  192.193450][ T7366] netlink: 12 bytes leftover after parsing attributes in process `syz.1.443'.
[  192.238261][ T7305] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.257382][ T7305] 8021q: adding VLAN 0 to HW filter on device team0
[  192.635007][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.642191][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.903747][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.910925][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.193923][ T7383] netlink: 288 bytes leftover after parsing attributes in process `syz.1.448'.
[  193.882873][ T7391] blk_print_req_error: 6 callbacks suppressed
[  193.882893][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.882940][ T7391] buffer_io_error: 6 callbacks suppressed
[  193.882951][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883075][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883103][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883208][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883234][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883347][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883374][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883478][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883504][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883621][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883649][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883762][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883788][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883891][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.883917][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.883971][ T7391] ldm_validate_partition_table(): Disk read failed.
[  193.884034][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.884060][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.884162][ T7391] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  193.884188][ T7391] Buffer I/O error on dev nbd1, logical block 0, async page read
[  193.884429][ T7391] Dev nbd1: unable to read RDB block 0
[  193.884886][ T7391]  nbd1: unable to read partition table
[  194.171517][ T5827] Bluetooth: hci5: command tx timeout
[  194.379918][ T7305] 8021q: adding VLAN 0 to HW filter on device batadv0
[  194.470655][ T7402] netlink: 308 bytes leftover after parsing attributes in process `syz.4.451'.
[  195.127930][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  195.127985][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  195.478804][ T5869] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  195.620184][ T7305] veth0_vlan: entered promiscuous mode
[  195.631686][ T7305] veth1_vlan: entered promiscuous mode
[  195.657270][ T7305] veth0_macvtap: entered promiscuous mode
[  195.679493][ T7305] veth1_macvtap: entered promiscuous mode
[  195.698866][ T5871] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  195.705697][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.720123][ T5869] usb 3-1: Using ep0 maxpacket: 16
[  195.728646][ T5869] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  195.737499][ T5869] usb 3-1: config 0 has no interface number 0
[  195.739822][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.750824][ T5869] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  195.755098][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.770458][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.773818][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.782539][ T5869] usb 3-1: Product: syz
[  195.795226][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.795493][ T5869] usb 3-1: Manufacturer: syz
[  195.810462][ T5869] usb 3-1: SerialNumber: syz
[  195.815647][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.817913][ T5869] usb 3-1: config 0 descriptor??
[  195.830713][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.836266][ T5869] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  195.841931][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.859118][ T5871] usb 2-1: Using ep0 maxpacket: 8
[  195.864269][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  195.875940][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  195.893206][ T5871] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  195.902384][ T5871] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  195.920319][ T7305] batman_adv: batadv0: Interface activated: batadv_slave_0
[  195.927713][ T5871] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  195.957561][ T5871] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.967804][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.983114][ T5871] usb 2-1: Product: syz
[  195.988210][ T5871] usb 2-1: Manufacturer: syz
[  195.993562][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.005783][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.016049][ T5871] usb 2-1: SerialNumber: syz
[  196.022087][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.033945][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.044298][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.056204][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.066245][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.076855][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.086828][ T7305] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  196.097399][ T7305] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  196.109953][ T7305] batman_adv: batadv0: Interface activated: batadv_slave_1
[  196.186212][ T7305] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  196.195946][ T7305] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  196.204840][ T7305] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  196.216333][ T7305] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  196.297015][ T5871] usb 2-1: 0:2 : does not exist
[  196.349150][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.354728][ T5871] usb 2-1: USB disconnect, device number 15
[  196.372778][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.430711][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  196.439401][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  196.454844][ T7422] netlink: 84 bytes leftover after parsing attributes in process `syz.3.456'.
[  196.556688][ T7424] dccp_invalid_packet: P.Data Offset(0) too small
[  196.572956][ T6710] udevd[6710]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  197.669978][ T5869] gspca_spca1528: reg_w err -110
[  197.675037][ T5869] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[  198.055834][ T7437] sp0: Synchronizing with TNC
[  198.069404][ T7437] FAULT_INJECTION: forcing a failure.
[  198.069404][ T7437] name failslab, interval 1, probability 0, space 0, times 0
[  198.082413][ T7437] CPU: 0 UID: 0 PID: 7437 Comm: syz.4.460 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  198.093029][ T7437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  198.103102][ T7437] Call Trace:
[  198.106392][ T7437]  <TASK>
[  198.109333][ T7437]  dump_stack_lvl+0x241/0x360
[  198.114034][ T7437]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.119250][ T7437]  ? __pfx__printk+0x10/0x10
[  198.123858][ T7437]  ? __kmalloc_node_noprof+0xb9/0x4d0
[  198.129246][ T7437]  ? __pfx___might_resched+0x10/0x10
[  198.134546][ T7437]  ? stack_trace_save+0x118/0x1d0
[  198.139590][ T7437]  should_fail_ex+0x3b0/0x4e0
[  198.144283][ T7437]  should_failslab+0xac/0x100
[  198.148979][ T7437]  __kmalloc_node_noprof+0xe1/0x4d0
[  198.154194][ T7437]  ? __kvmalloc_node_noprof+0x72/0x190
[  198.159676][ T7437]  __kvmalloc_node_noprof+0x72/0x190
[  198.164975][ T7437]  translate_table+0x174/0x2260
[  198.169861][ T7437]  ? __pfx_translate_table+0x10/0x10
[  198.175162][ T7437]  ? __might_fault+0xaa/0x120
[  198.179852][ T7437]  ? __pfx_lock_release+0x10/0x10
[  198.184897][ T7437]  ? __might_fault+0xaa/0x120
[  198.189585][ T7437]  ? __might_fault+0xc6/0x120
[  198.194279][ T7437]  ? _copy_from_user+0x99/0xc0
[  198.199059][ T7437]  ? copy_from_sockptr_offset+0x6b/0xb0
[  198.204659][ T7437]  do_ipt_set_ctl+0xe3d/0x1250
[  198.209452][ T7437]  ? __pfx___mutex_trylock_common+0x10/0x10
[  198.215368][ T7437]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  198.220580][ T7437]  ? __pfx_lock_release+0x10/0x10
[  198.225618][ T7437]  ? rcu_is_watching+0x15/0xb0
[  198.230396][ T7437]  ? trace_contention_end+0x3c/0x120
[  198.235710][ T7437]  ? __mutex_unlock_slowpath+0x21e/0x790
[  198.241367][ T7437]  ? __pfx___mutex_lock+0x10/0x10
[  198.246407][ T7437]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  198.252433][ T7437]  nf_setsockopt+0x295/0x2c0
[  198.257052][ T7437]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  198.262962][ T7437]  do_sock_setsockopt+0x3af/0x720
[  198.268005][ T7437]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  198.273569][ T7437]  ? __fget_files+0x395/0x410
[  198.278261][ T7437]  ? __fget_files+0x2a/0x410
[  198.282869][ T7437]  __x64_sys_setsockopt+0x1ee/0x280
[  198.288083][ T7437]  do_syscall_64+0xf3/0x230
[  198.292603][ T7437]  ? clear_bhb_loop+0x35/0x90
[  198.297302][ T7437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.303214][ T7437] RIP: 0033:0x7fb80877fed9
[  198.307649][ T7437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.327274][ T7437] RSP: 002b:00007fb8095f8058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  198.335712][ T7437] RAX: ffffffffffffffda RBX: 00007fb808946080 RCX: 00007fb80877fed9
[  198.343699][ T7437] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  198.351700][ T7437] RBP: 00007fb8095f80a0 R08: 0000000000000350 R09: 0000000000000000
[  198.359786][ T7437] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  198.367764][ T7437] R13: 0000000000000000 R14: 00007fb808946080 R15: 00007fff1a5cecf8
[  198.375776][ T7437]  </TASK>
[  198.400045][ T7438] netlink: 32 bytes leftover after parsing attributes in process `syz.1.459'.
[  199.278266][ T7452] input: syz0 as /devices/virtual/input/input13
[  199.355259][ T7455] netlink: 'syz.1.462': attribute type 1 has an invalid length.
[  199.363231][ T7455] netlink: 224 bytes leftover after parsing attributes in process `syz.1.462'.
[  200.220916][ T7461] vlan2: entered promiscuous mode
[  200.266350][ T7461] bond0: (slave vlan2): Opening slave failed
[  200.274956][ T5869] usb 3-1: USB disconnect, device number 9
[  202.059255][ T7480] 9pnet_fd: Insufficient options for proto=fd
[  202.129567][ T7480] 9pnet_fd: Insufficient options for proto=fd
[  202.238828][ T7484] netlink: 'syz.5.470': attribute type 29 has an invalid length.
[  202.247985][ T7484] netlink: 'syz.5.470': attribute type 29 has an invalid length.
[  202.256488][ T7484] netlink: 500 bytes leftover after parsing attributes in process `syz.5.470'.
[  202.372824][ T7485] dccp_invalid_packet: P.Data Offset(0) too small
[  203.565707][ T7505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.667033][ T7536] vlan2: entered allmulticast mode
[  205.682314][ T7536] bond0: entered allmulticast mode
[  205.698828][ T7536] bond_slave_0: entered allmulticast mode
[  205.704614][ T7536] bond_slave_1: entered allmulticast mode
[  205.718843][ T7536] syz_tun: entered allmulticast mode
[  205.789531][ T7536] bond0: left allmulticast mode
[  205.796579][ T7536] bond_slave_0: left allmulticast mode
[  205.817889][ T7536] bond_slave_1: left allmulticast mode
[  205.831029][ T7536] syz_tun: left allmulticast mode
[  205.908986][   T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  206.298020][   T25] usb 4-1: Using ep0 maxpacket: 16
[  206.332682][   T25] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  206.368925][   T25] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  206.422792][   T25] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  206.456038][   T25] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  206.466423][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.476764][   T25] usb 4-1: Product: syz
[  206.484568][   T25] usb 4-1: Manufacturer: syz
[  206.494329][   T25] usb 4-1: SerialNumber: syz
[  207.296558][ T7553] netlink: 16 bytes leftover after parsing attributes in process `syz.1.490'.
[  207.303713][   T25] usb 4-1: 0:2 : does not exist
[  207.336996][   T25] usb 4-1: USB disconnect, device number 11
[  207.600519][ T5972] udevd[5972]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  209.388217][ T7585] netlink: 308 bytes leftover after parsing attributes in process `syz.2.498'.
[  212.668837][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  213.324721][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  213.346663][    T9] usb 4-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=40.85
[  213.363523][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.486391][ T7622] 9pnet_fd: Insufficient options for proto=fd
[  214.181024][    T9] usb 4-1: config 0 descriptor??
[  214.204602][    T9] comedi comedi0: Wrong number of endpoints
[  214.245464][    T9] dt9812 4-1:0.0: driver 'dt9812' failed to auto-configure device.
[  214.293458][ T7624] netlink: 288 bytes leftover after parsing attributes in process `syz.4.510'.
[  214.324426][   T25] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  214.420208][ T7624] syz.4.510: attempt to access beyond end of device
[  214.420208][ T7624] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  214.433183][ T7624] syz.4.510: attempt to access beyond end of device
[  214.433183][ T7624] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  214.446067][ T7624] Mount JFS Failure: -5
[  214.450235][ T7624] jfs_mount failed w/return code = -5
[  214.468820][   T25] usb 3-1: device descriptor read/64, error -71
[  214.582634][ T7628] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  214.729157][   T25] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  215.123005][   T25] usb 3-1: device descriptor read/64, error -71
[  215.282880][   T25] usb usb3-port1: attempt power cycle
[  215.338040][ T5870] usb 4-1: USB disconnect, device number 12
[  215.683490][   T25] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  215.727703][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.5.513'.
[  215.909395][   T25] usb 3-1: device not accepting address 12, error -71
[  217.126573][ T7659] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  217.637027][ T7666] pim6reg1: entered promiscuous mode
[  217.675029][ T7666] pim6reg1: entered allmulticast mode
[  218.501210][ T7681] x_tables: duplicate underflow at hook 1
[  220.883900][ T7701] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  220.899823][ T7701] netlink: 8 bytes leftover after parsing attributes in process `syz.1.528'.
[  221.841699][ T5193] udevd[5193]: worker [6573] /devices/virtual/block/nbd0 is taking a long time
[  223.045924][ T7711] vlan2: entered promiscuous mode
[  223.111573][ T7711] bond0: (slave vlan2): Opening slave failed
[  223.806371][ T7726] netlink: 48 bytes leftover after parsing attributes in process `syz.4.537'.
[  224.444029][ T7721] vlan2: entered allmulticast mode
[  224.465332][ T7721] bond0: entered allmulticast mode
[  224.498078][ T7721] bond_slave_0: entered allmulticast mode
[  224.524136][ T7721] bond_slave_1: entered allmulticast mode
[  224.543838][ T7721] bond0: left allmulticast mode
[  224.549640][ T7721] bond_slave_0: left allmulticast mode
[  224.555264][ T7721] bond_slave_1: left allmulticast mode
[  224.818834][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  224.818876][   T29] audit: type=1326 audit(1733680312.387:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  224.869002][   T29] audit: type=1326 audit(1733680312.387:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  224.899533][   T29] audit: type=1326 audit(1733680312.387:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  224.928984][   T29] audit: type=1326 audit(1733680312.387:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  224.952619][   T29] audit: type=1326 audit(1733680312.387:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  224.974533][   T29] audit: type=1326 audit(1733680312.387:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  224.996420][   T29] audit: type=1326 audit(1733680312.387:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  225.019394][   T29] audit: type=1326 audit(1733680312.387:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  225.042533][   T29] audit: type=1326 audit(1733680312.387:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  225.068840][   T29] audit: type=1326 audit(1733680312.387:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e9137fed9 code=0x7fc00000
[  225.829890][ T7749] IPv6: NLM_F_REPLACE set, but no existing node found!
[  228.401309][ T7777] =======================================================
[  228.401309][ T7777] WARNING: The mand mount option has been deprecated and
[  228.401309][ T7777]          and is ignored by this kernel. Remove the mand
[  228.401309][ T7777]          option from the mount to silence this warning.
[  228.401309][ T7777] =======================================================
[  228.490664][ T7780] netlink: 76 bytes leftover after parsing attributes in process `syz.5.553'.
[  228.531121][ T7777] overlayfs: conflicting lowerdir path
[  230.190401][ T5868] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  230.201428][ T7824] netlink: 288 bytes leftover after parsing attributes in process `syz.3.565'.
[  230.332116][ T7827] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  230.377465][ T5868] usb 3-1: config 0 has an invalid interface number: 204 but max is 1
[  230.392797][ T5868] usb 3-1: config 0 has no interface number 1
[  230.485560][ T5868] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=b9.bf
[  230.558415][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.618033][ T7824] syz.3.565: attempt to access beyond end of device
[  230.618033][ T7824] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  230.630897][ T7824] syz.3.565: attempt to access beyond end of device
[  230.630897][ T7824] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  230.643762][ T7824] Mount JFS Failure: -5
[  230.647903][ T7824] jfs_mount failed w/return code = -5
[  230.732208][ T5868] usb 3-1: Product: syz
[  230.744009][ T5868] usb 3-1: Manufacturer: syz
[  230.794446][ T5868] usb 3-1: SerialNumber: syz
[  230.872278][ T5868] usb 3-1: config 0 descriptor??
[  230.965942][ T5868] snd-usb-audio 3-1:0.204: probe with driver snd-usb-audio failed with error -22
[  231.105044][ T5868] usb 3-1: USB disconnect, device number 14
[  231.347842][ T5972] udevd[5972]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.204/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.808764][ T5871] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  232.051574][ T7876] netlink: 84 bytes leftover after parsing attributes in process `syz.1.576'.
[  232.188841][ T5871] usb 6-1: Using ep0 maxpacket: 16
[  232.239031][ T5871] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.258909][ T5871] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  232.272023][ T5871] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  232.288757][ T5871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.342004][ T5871] usb 6-1: config 0 descriptor??
[  232.409943][ T7884] input: syz0 as /devices/virtual/input/input14
[  232.939792][ T5868] IPVS: starting estimator thread 0...
[  233.132862][ T7892] IPVS: using max 18 ests per chain, 43200 per kthread
[  233.143621][ T5871] HID 045e:07da: Invalid code 65791 type 1
[  233.297648][ T5871] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0004/input/input15
[  233.314257][ T7847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  233.323066][ T7847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  233.415449][ T7895] netlink: 288 bytes leftover after parsing attributes in process `syz.4.579'.
[  233.475176][ T5871] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  233.621566][ T7895] syz.4.579: attempt to access beyond end of device
[  233.621566][ T7895] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  233.649054][ T7895] syz.4.579: attempt to access beyond end of device
[  233.649054][ T7895] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  233.678958][ T7895] Mount JFS Failure: -5
[  233.683197][ T7895] jfs_mount failed w/return code = -5
[  233.825209][ T7904] netlink: 288 bytes leftover after parsing attributes in process `syz.1.581'.
[  234.743730][   T25] usb 6-1: USB disconnect, device number 2
[  235.139513][ T7912] blk_print_req_error: 6 callbacks suppressed
[  235.139529][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  235.336303][ T7922] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  235.832455][ T7912] buffer_io_error: 6 callbacks suppressed
[  235.832475][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  235.991338][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.046948][ T7930] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave
[  236.075327][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.114702][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.134658][ T7930] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1)
[  236.150288][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.178459][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.193152][ T7939] pim6reg: entered allmulticast mode
[  236.206579][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.222146][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.223498][ T7931] pim6reg: left allmulticast mode
[  236.232218][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'.
[  236.258337][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.288278][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.306228][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.318965][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.334714][ T7938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.588'.
[  236.343897][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.362037][ T7938] netlink: 32 bytes leftover after parsing attributes in process `syz.2.588'.
[  236.373206][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.413441][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.440517][ T5827] block nbd3: Receive control failed (result -107)
[  236.449544][ T7912] ldm_validate_partition_table(): Disk read failed.
[  236.479655][ T7938] nbd3: detected capacity change from 0 to 256
[  236.488587][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.491989][ T5972] block nbd3: Dead connection, failed to find a fallback
[  236.509285][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.691423][ T7912] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  236.714732][ T7912] Buffer I/O error on dev nbd1, logical block 0, async page read
[  236.723661][ T7912] Dev nbd1: unable to read RDB block 0
[  236.731480][ T7912]  nbd1: unable to read partition table
[  237.270684][ T7956] netlink: 700 bytes leftover after parsing attributes in process `syz.3.593'.
[  237.673889][ T7956] veth3: entered promiscuous mode
[  237.688398][ T7963] sp0: Synchronizing with TNC
[  237.695782][ T7963] SET target dimension over the limit!
[  239.128805][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  240.668908][    T9] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  240.677822][    T9] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  241.095772][    T9] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  242.445055][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.484368][    T9] usb 3-1: can't set config #220, error -71
[  242.492739][    T9] usb 3-1: USB disconnect, device number 15
[  242.504626][ T8006] capability: warning: `syz.3.605' uses 32-bit capabilities (legacy support in use)
[  242.672064][ T8016] input: syz0 as /devices/virtual/input/input16
[  242.675630][ T8015] vlan2: entered promiscuous mode
[  242.699417][ T8015] bond0: (slave vlan2): Opening slave failed
[  243.598337][ T5867] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  243.755833][ T5867] usb 6-1: unable to get BOS descriptor or descriptor too short
[  243.989606][ T5867] usb 6-1: config 3 has an invalid interface number: 101 but max is 0
[  244.013689][ T5867] usb 6-1: config 3 has no interface number 0
[  244.026146][ T5867] usb 6-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  244.036687][ T5867] usb 6-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  244.054084][ T5867] usb 6-1: config 3 interface 101 has no altsetting 0
[  244.066455][ T5867] usb 6-1: string descriptor 0 read error: -22
[  244.095337][ T5867] usb 6-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  244.117283][ T8037] vlan2: entered allmulticast mode
[  244.123241][ T8037] bond0: entered allmulticast mode
[  244.126771][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.128408][ T8037] bond_slave_0: entered allmulticast mode
[  244.142371][ T8037] bond_slave_1: entered allmulticast mode
[  244.148129][ T8037] syz_tun: entered allmulticast mode
[  244.167672][ T8037] bond0: left allmulticast mode
[  244.172789][ T8037] bond_slave_0: left allmulticast mode
[  244.178547][ T8037] bond_slave_1: left allmulticast mode
[  244.209444][ T8012] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  244.210026][ T8034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.613'.
[  244.218930][ T8012] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  244.238787][ T8037] syz_tun: left allmulticast mode
[  244.271881][ T5867] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  244.315717][ T8034] bridge_slave_1: left allmulticast mode
[  244.328552][ T8034] bridge_slave_1: left promiscuous mode
[  244.331559][ T5867] snd-usb-audio 6-1:3.101: probe with driver snd-usb-audio failed with error -2
[  244.334746][ T8034] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.365394][ T8043] fuse: Unknown parameter ''
[  244.377620][ T8034] bridge_slave_0: left allmulticast mode
[  244.393698][ T8034] bridge_slave_0: left promiscuous mode
[  244.404519][ T8034] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.432687][ T6710] udevd[6710]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:3.101/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  244.504294][ T8049] netlink: 700 bytes leftover after parsing attributes in process `syz.4.619'.
[  244.559300][ T8017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.576939][ T8017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  244.660574][ T8050] block nbd5: NBD_DISCONNECT
[  244.665255][ T8050] block nbd5: Disconnected due to user request.
[  244.685219][ T8050] block nbd5: shutting down sockets
[  244.734764][ T5868] usb 6-1: USB disconnect, device number 3
[  244.754340][ T8049] veth3: entered promiscuous mode
[  244.888381][   T29] kauditd_printk_skb: 1004 callbacks suppressed
[  244.888400][   T29] audit: type=1326 audit(1733680332.467:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8053 comm="syz.4.620" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb80877fed9 code=0x0
[  246.302207][ T8071] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  246.834596][ T8082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.627'.
[  246.840166][ T8078] netlink: 100 bytes leftover after parsing attributes in process `syz.5.629'.
[  246.883567][ T8078] netlink: 20 bytes leftover after parsing attributes in process `syz.5.629'.
[  246.889323][ T8082] netlink: 4 bytes leftover after parsing attributes in process `syz.4.627'.
[  246.919164][ T8082] netlink: 32 bytes leftover after parsing attributes in process `syz.4.627'.
[  247.083417][ T5827] block nbd4: Receive control failed (result -107)
[  247.220639][ T8082] nbd4: detected capacity change from 0 to 256
[  247.408756][ T6710] block nbd4: Dead connection, failed to find a fallback
[  248.012944][ T8095] vlan2: entered allmulticast mode
[  248.057330][ T8095] bond0: entered allmulticast mode
[  248.079337][ T8095] bond_slave_0: entered allmulticast mode
[  248.108850][ T8095] bond_slave_1: entered allmulticast mode
[  248.130500][ T8095] bond0: left allmulticast mode
[  248.135476][ T8095] bond_slave_0: left allmulticast mode
[  248.145968][ T8095] bond_slave_1: left allmulticast mode
[  248.288876][ T5868] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  248.438917][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  248.616842][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  248.625940][    T9] usb 5-1: config 3 has an invalid interface number: 101 but max is 0
[  248.644922][ T5868] usb 6-1: Using ep0 maxpacket: 16
[  248.646035][    T9] usb 5-1: config 3 has no interface number 0
[  249.586239][    T9] usb 5-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  249.596276][    T9] usb 5-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  249.606271][    T9] usb 5-1: config 3 interface 101 has no altsetting 0
[  249.616631][    T9] usb 5-1: string descriptor 0 read error: -22
[  249.623010][    T9] usb 5-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  249.632316][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.899268][ T8106] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  249.906574][ T8106] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  249.981915][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  250.055131][    T9] snd-usb-audio 5-1:3.101: probe with driver snd-usb-audio failed with error -2
[  250.226133][ T5820] udevd[5820]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:3.101/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  250.255061][ T8125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.313366][ T8125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.322787][ T8129] netlink: 'syz.2.643': attribute type 27 has an invalid length.
[  250.369586][ T8106] block nbd4: NBD_DISCONNECT
[  250.383820][ T5868] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  250.393584][ T5868] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  250.410887][ T5868] usb 6-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=f6.59
[  250.421975][ T5868] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.431375][ T5868] usb 6-1: Product: syz
[  250.435566][ T5868] usb 6-1: Manufacturer: syz
[  250.440266][ T5868] usb 6-1: SerialNumber: syz
[  250.449062][ T8106] block nbd4: Send disconnect failed -32
[  250.454752][ T8106] block nbd4: shutting down sockets
[  250.821542][ T5868] usb 6-1: config 0 descriptor??
[  251.048844][ T6710] blk_print_req_error: 6 callbacks suppressed
[  251.048865][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.078946][ T6710] buffer_io_error: 6 callbacks suppressed
[  251.078966][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.184501][ T5868] usb 6-1: USB disconnect, device number 4
[  251.279970][   T26] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.299716][ T8132] netlink: 'syz.2.643': attribute type 27 has an invalid length.
[  251.301886][   T26] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.320307][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.322200][ T8140] netlink: 'syz.5.647': attribute type 29 has an invalid length.
[  251.329782][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.345235][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.355447][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.364235][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.373428][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.381370][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.390679][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.398585][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.407760][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.415907][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.425073][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.432946][ T6710] ldm_validate_partition_table(): Disk read failed.
[  251.439944][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.449096][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.458940][ T6710] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  251.468157][ T6710] Buffer I/O error on dev nbd4, logical block 0, async page read
[  251.476342][ T6710] Dev nbd4: unable to read RDB block 0
[  251.482324][ T6710]  nbd4: unable to read partition table
[  251.516120][ T8140] netlink: 'syz.5.647': attribute type 29 has an invalid length.
[  251.547452][ T8140] netlink: 500 bytes leftover after parsing attributes in process `syz.5.647'.
[  251.595740][ T6710] ldm_validate_partition_table(): Disk read failed.
[  251.604661][ T6710] Dev nbd4: unable to read RDB block 0
[  251.616608][ T6710]  nbd4: unable to read partition table
[  251.705626][ T8147] netlink: 308 bytes leftover after parsing attributes in process `syz.3.646'.
[  252.288797][ T8102] ldm_validate_partition_table(): Disk read failed.
[  252.295847][ T8102] Dev nbd4: unable to read RDB block 0
[  252.302049][ T8102]  nbd4: unable to read partition table
[  252.310106][ T5869] usb 5-1: USB disconnect, device number 10
[  252.660455][ T8162] vlan2: entered promiscuous mode
[  252.673264][ T8162] bond0: (slave vlan2): Opening slave failed
[  254.548917][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  254.648329][ T8200] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  255.247021][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  255.277959][    T9] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  255.296785][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.377664][    T9] usb 5-1: config 0 descriptor??
[  255.405416][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  255.418382][ T8211] 9pnet_fd: Insufficient options for proto=fd
[  255.426463][ T8209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.662'.
[  255.775998][ T8220] ldm_validate_partition_table(): Disk read failed.
[  255.783229][ T8220] Dev nbd2: unable to read RDB block 0
[  255.794173][ T8220]  nbd2: unable to read partition table
[  255.923806][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  255.930846][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  255.937871][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  255.948759][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  256.057712][ T5867] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  256.077537][    T8] usb 2-1: new low-speed USB device number 16 using dummy_hcd
[  256.170148][ T8193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  256.185868][ T8193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  256.221886][ T5867] usb 3-1: unable to get BOS descriptor or descriptor too short
[  256.240124][ T5867] usb 3-1: config 3 has an invalid interface number: 101 but max is 0
[  256.248337][ T5867] usb 3-1: config 3 has no interface number 0
[  256.277830][ T5867] usb 3-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  256.290507][ T5867] usb 3-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  256.418101][    T9] pwc: recv_control_msg error -71 req 04 val 1000
[  256.424987][    T9] pwc: recv_control_msg error -71 req 04 val 1300
[  256.431913][    T9] pwc: recv_control_msg error -71 req 04 val 1400
[  256.445844][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  256.458866][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  256.550941][    T8] usb 2-1: config 0 has no interfaces?
[  256.570938][    T8] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1ab5, bcdDevice= 2.00
[  256.603739][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  256.666800][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  256.721931][ T5867] usb 3-1: config 3 interface 101 has no altsetting 0
[  256.738060][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.766789][ T5867] usb 3-1: string descriptor 0 read error: -22
[  256.772184][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  256.785108][ T5867] usb 3-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  256.813631][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.817578][    T8] usb 2-1: config 0 descriptor??
[  256.840413][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  256.946624][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  257.230533][ T8220] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  257.246050][ T8220] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  257.302086][ T5867] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  257.338450][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  257.350818][ T5868] usb 2-1: USB disconnect, device number 16
[  257.358813][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  257.369075][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  257.394903][ T5867] snd-usb-audio 3-1:3.101: probe with driver snd-usb-audio failed with error -2
[  257.410063][    T9] pwc: Registered as video103.
[  257.422945][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input17
[  257.468034][    T9] usb 5-1: USB disconnect, device number 11
[  257.620148][ T8253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.630786][ T8254] FAULT_INJECTION: forcing a failure.
[  257.630786][ T8254] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.658568][ T8253] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.671402][ T8254] CPU: 0 UID: 0 PID: 8254 Comm: syz.5.673 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  257.682031][ T8254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  257.691416][ T8240] udevd[8240]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:3.101/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  257.692087][ T8254] Call Trace:
[  257.711264][ T8254]  <TASK>
[  257.714215][ T8254]  dump_stack_lvl+0x241/0x360
[  257.714753][ T8220] block nbd2: Cannot use ioctl interface on a netlink controlled device.
[  257.718906][ T8254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.718938][ T8254]  ? __pfx__printk+0x10/0x10
[  257.718964][ T8254]  ? snprintf+0xda/0x120
[  257.718986][ T8254]  should_fail_ex+0x3b0/0x4e0
[  257.719009][ T8254]  _copy_to_user+0x31/0xb0
[  257.719035][ T8254]  simple_read_from_buffer+0xca/0x150
[  257.719059][ T8254]  proc_fail_nth_read+0x1e9/0x250
[  257.730937][ T8220] block nbd2: NBD_DISCONNECT
[  257.732637][ T8254]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.737223][ T8220] block nbd2: Send disconnect failed -32
[  257.741515][ T8254]  ? rw_verify_area+0x55e/0x6f0
[  257.741544][ T8254]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.741565][ T8254]  vfs_read+0x1fc/0xb70
[  257.741591][ T8254]  ? __pfx___mutex_lock+0x10/0x10
[  257.741615][ T8254]  ? __pfx_vfs_read+0x10/0x10
[  257.741640][ T8254]  ? __fget_files+0x2a/0x410
[  257.741661][ T8254]  ? __fget_files+0x395/0x410
[  257.741678][ T8254]  ? __fget_files+0x2a/0x410
[  257.741705][ T8254]  ksys_read+0x18f/0x2b0
[  257.741732][ T8254]  ? __pfx_ksys_read+0x10/0x10
[  257.823999][ T8254]  ? do_syscall_64+0x100/0x230
[  257.828773][ T8254]  ? do_syscall_64+0xb6/0x230
[  257.833451][ T8254]  do_syscall_64+0xf3/0x230
[  257.837953][ T8254]  ? clear_bhb_loop+0x35/0x90
[  257.842638][ T8254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.848539][ T8254] RIP: 0033:0x7f05c5d7e8ec
[  257.852952][ T8254] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  257.872557][ T8254] RSP: 002b:00007f05c6b2c050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  257.880969][ T8254] RAX: ffffffffffffffda RBX: 00007f05c5f46080 RCX: 00007f05c5d7e8ec
[  257.889021][ T8254] RDX: 000000000000000f RSI: 00007f05c6b2c0b0 RDI: 0000000000000003
[  257.896985][ T8254] RBP: 00007f05c6b2c0a0 R08: 0000000000000000 R09: 0000000000000000
[  257.904957][ T8254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.912931][ T8254] R13: 0000000000000001 R14: 00007f05c5f46080 R15: 00007ffcdd65e5d8
[  257.920915][ T8254]  </TASK>
[  257.966755][ T5867] usb 3-1: USB disconnect, device number 16
[  258.079408][ T8258] netlink: 288 bytes leftover after parsing attributes in process `syz.1.676'.
[  258.319716][ T8263] blk_print_req_error: 59 callbacks suppressed
[  258.319834][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.337041][ T8263] buffer_io_error: 59 callbacks suppressed
[  258.337131][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.353370][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.354298][   T29] audit: type=1326 audit(1733680345.907:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8259 comm="syz.5.677" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f05c5d7fed9 code=0x0
[  258.384569][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.393288][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.402639][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.412102][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.424117][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.433606][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.442876][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.452522][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.461919][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.471280][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.480623][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.489609][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.498792][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.507165][ T8263] ldm_validate_partition_table(): Disk read failed.
[  258.517611][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.528728][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.571035][ T8263] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  258.580403][ T8263] Buffer I/O error on dev nbd1, logical block 0, async page read
[  258.590942][ T8263] Dev nbd1: unable to read RDB block 0
[  258.598432][ T8263]  nbd1: unable to read partition table
[  259.327746][ T8281] netlink: 288 bytes leftover after parsing attributes in process `syz.4.682'.
[  259.978873][ T8286] netlink: 700 bytes leftover after parsing attributes in process `syz.1.683'.
[  260.087787][ T8286] veth5: entered promiscuous mode
[  260.400855][ T8300] ldm_validate_partition_table(): Disk read failed.
[  260.409669][ T8300] Dev nbd1: unable to read RDB block 0
[  260.415657][ T8300]  nbd1: unable to read partition table
[  260.605284][ T8306] netlink: 288 bytes leftover after parsing attributes in process `syz.4.691'.
[  260.708992][ T5868] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  260.974306][ T8307] netlink: 165 bytes leftover after parsing attributes in process `syz.5.690'.
[  262.177955][ T5868] usb 2-1: unable to get BOS descriptor or descriptor too short
[  262.193266][ T8315] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  262.680533][ T5868] usb 2-1: config 3 has an invalid interface number: 101 but max is 0
[  262.689074][ T5868] usb 2-1: config 3 has no interface number 0
[  262.690737][ T8319] netlink: 'syz.4.694': attribute type 29 has an invalid length.
[  262.695247][ T5868] usb 2-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  262.712964][ T5868] usb 2-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  262.723803][ T5868] usb 2-1: config 3 interface 101 has no altsetting 0
[  262.843804][ T8319] netlink: 'syz.4.694': attribute type 29 has an invalid length.
[  262.876131][ T8319] netlink: 500 bytes leftover after parsing attributes in process `syz.4.694'.
[  263.061067][ T8330] netlink: 12 bytes leftover after parsing attributes in process `syz.4.700'.
[  263.112816][   T25] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  263.166508][ T5868] usb 2-1: string descriptor 0 read error: -22
[  263.174844][ T5868] usb 2-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  263.213427][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.225931][ T8300] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  263.237206][ T8300] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  263.248188][ T5868] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  263.479492][    T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  263.903793][ T5868] snd-usb-audio 2-1:3.101: probe with driver snd-usb-audio failed with error -2
[  263.915312][   T25] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  263.924202][   T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  263.934394][   T25] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  263.998074][ T6710] udevd[6710]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:3.101/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  264.018936][ T5870] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  264.058587][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  264.065273][ T5868] usb 2-1: USB disconnect, device number 17
[  264.074269][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  264.080461][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  264.099033][    T9] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice=cd.0d
[  264.108377][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.117758][    T9] usb 5-1: Product: syz
[  264.142329][   T25] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  264.148755][    T9] usb 5-1: Manufacturer: syz
[  264.152857][   T25] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  264.165226][    T9] usb 5-1: SerialNumber: syz
[  264.175535][ T8336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.702'.
[  264.184103][    T9] usb 5-1: config 0 descriptor??
[  264.188981][   T25] usb 4-1: Product: syz
[  264.193483][   T25] usb 4-1: Manufacturer: syz
[  264.197064][    T9] option 5-1:0.0: GSM modem (1-port) converter detected
[  264.220448][   T25] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  264.249127][ T8336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.702'.
[  264.253827][ T8338] vlan2: entered allmulticast mode
[  264.259886][ T8336] netlink: 32 bytes leftover after parsing attributes in process `syz.2.702'.
[  264.269185][ T8338] bond0: entered allmulticast mode
[  264.277196][ T8338] bond_slave_0: entered allmulticast mode
[  264.281491][ T5870] usb 6-1: not running at top speed; connect to a high speed hub
[  264.289604][ T8338] bond_slave_1: entered allmulticast mode
[  264.292217][ T5870] usb 6-1: config 1 interface 0 has no altsetting 0
[  264.304428][ T8338] bond0: left allmulticast mode
[  264.306177][ T5870] usb 6-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.40
[  264.320568][ T5827] block nbd2: Receive control failed (result -107)
[  264.320626][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.335699][ T5870] usb 6-1: Product: 䲘⠢⽦税衝鼦ᇬၦ킈㔘鞜緙뫟蹲璪쥩㛺何䤗䑀⾥鶡钳펂柡溸ꊗﰆ皓녔ࢆ铌쏮橸蟅䗿鄿鏂㣊ﰹࠉ䕕≤詆ᘤ聆ѕ匟ޢ컹탱왑긭赱豇솏ਕ깣뷤頊햯텻⢌孰︭﬋鏗ힰ읊殅ꇵ蟱⎼畦珲눍ᩦ䔕傈漡⭛䉀藸피쎐ᤦ띴
[  264.342168][ T8338] bond_slave_0: left allmulticast mode
[  264.372308][ T8338] bond_slave_1: left allmulticast mode
[  264.377013][ T5870] usb 6-1: Manufacturer: ⊎뢨骷႔諒뼅埯世焫ꄩ᯸듲놓혢㱝未慶쒑ܜ壘Ⳛ뉽칔엠㻛ꔘᱯ诳⁗⇡태갾걪
[  264.391318][ T8336] nbd2: detected capacity change from 0 to 256
[  264.400210][ T6710] block nbd2: Dead connection, failed to find a fallback
[  264.407398][ T5870] usb 6-1: SerialNumber: ᐊ
[  264.445805][    T8] usb 4-1: USB disconnect, device number 13
[  264.456148][ T5869] usb 5-1: USB disconnect, device number 12
[  264.465710][ T5869] option 5-1:0.0: device disconnected
[  264.606218][ T8341] netlink: 288 bytes leftover after parsing attributes in process `syz.1.705'.
[  264.693822][ T8341] blk_print_req_error: 22 callbacks suppressed
[  264.693837][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.709414][ T8341] buffer_io_error: 22 callbacks suppressed
[  264.709430][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.723182][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.732279][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.740167][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.749247][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.757119][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.766886][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.774793][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.783961][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.791896][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.800987][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.808904][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.817956][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.825856][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.834950][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.842815][ T8341] ldm_validate_partition_table(): Disk read failed.
[  264.849545][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.858580][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.867071][ T8341] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  264.876160][ T8341] Buffer I/O error on dev nbd1, logical block 0, async page read
[  264.884172][ T8341] Dev nbd1: unable to read RDB block 0
[  264.890137][ T8341]  nbd1: unable to read partition table
[  264.939251][ T5870] usbhid 6-1:1.0: can't add hid device: -71
[  264.948895][ T5870] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  265.016678][ T5870] usb 6-1: USB disconnect, device number 5
[  265.033435][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  265.074798][ T8349] process 'syz.1.707' launched './file2' with NULL argv: empty string added
[  265.342937][ T8353] vlan2: entered promiscuous mode
[  265.348595][ T8353] bond0: (slave vlan2): Opening slave failed
[  265.530344][    T9] usb 3-1: Using ep0 maxpacket: 32
[  265.549054][    T9] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  265.571954][    T9] usb 3-1: config 0 has no interface number 0
[  265.597390][    T9] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  265.606968][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.615246][    T9] usb 3-1: Product: syz
[  265.619649][    T9] usb 3-1: Manufacturer: syz
[  265.624489][    T9] usb 3-1: SerialNumber: syz
[  265.634828][    T9] usb 3-1: config 0 descriptor??
[  265.643108][    T9] radio-si470x 3-1:0.35: could not find interrupt in endpoint
[  265.650825][    T9] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -5
[  265.954091][ T8342] tls_set_device_offload_rx: netdev not found
[  266.115654][ T8376] vlan2: entered allmulticast mode
[  266.123108][ T8376] bond0: entered allmulticast mode
[  266.128485][ T8376] bond_slave_0: entered allmulticast mode
[  266.134401][ T8376] bond_slave_1: entered allmulticast mode
[  266.200962][    T9] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[  266.219149][    T9] usbhid 3-1:0.35: couldn't find an input interrupt endpoint
[  266.348264][ T8376] bond0: left allmulticast mode
[  266.362731][ T8376] bond_slave_0: left allmulticast mode
[  266.368237][ T8376] bond_slave_1: left allmulticast mode
[  266.926079][ T8389] block nbd1: NBD_DISCONNECT
[  266.931008][ T8389] block nbd1: Send disconnect failed -32
[  266.950453][ T8385] xt_bpf: check failed: parse error
[  266.981101][ T8391] FAULT_INJECTION: forcing a failure.
[  266.981101][ T8391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  267.012923][ T8391] CPU: 1 UID: 0 PID: 8391 Comm: syz.4.717 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  267.023568][ T8391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  267.033652][ T8391] Call Trace:
[  267.036952][ T8391]  <TASK>
[  267.039905][ T8391]  dump_stack_lvl+0x241/0x360
[  267.044617][ T8391]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.049849][ T8391]  ? __pfx__printk+0x10/0x10
[  267.054465][ T8391]  ? __pfx_lock_release+0x10/0x10
[  267.059524][ T8391]  should_fail_ex+0x3b0/0x4e0
[  267.064234][ T8391]  _copy_from_user+0x2f/0xc0
[  267.068861][ T8391]  copy_msghdr_from_user+0xae/0x680
[  267.074098][ T8391]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  267.079925][ T8391]  ? __fget_files+0x2a/0x410
[  267.084516][ T8391]  ? __fget_files+0x2a/0x410
[  267.089115][ T8391]  __sys_sendmsg+0x209/0x350
[  267.093701][ T8391]  ? __pfx_lock_release+0x10/0x10
[  267.098722][ T8391]  ? __pfx___sys_sendmsg+0x10/0x10
[  267.103835][ T8391]  ? __pfx_vfs_write+0x10/0x10
[  267.108625][ T8391]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  267.114949][ T8391]  ? do_syscall_64+0x100/0x230
[  267.119718][ T8391]  ? do_syscall_64+0xb6/0x230
[  267.124414][ T8391]  do_syscall_64+0xf3/0x230
[  267.128943][ T8391]  ? clear_bhb_loop+0x35/0x90
[  267.133640][ T8391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.139544][ T8391] RIP: 0033:0x7fb80877fed9
[  267.143965][ T8391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.163576][ T8391] RSP: 002b:00007fb809619058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  267.172000][ T8391] RAX: ffffffffffffffda RBX: 00007fb808945fa0 RCX: 00007fb80877fed9
[  267.179976][ T8391] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004
[  267.187940][ T8391] RBP: 00007fb8096190a0 R08: 0000000000000000 R09: 0000000000000000
[  267.195904][ T8391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.203869][ T8391] R13: 0000000000000000 R14: 00007fb808945fa0 R15: 00007fff1a5cecf8
[  267.211847][ T8391]  </TASK>
[  267.358943][    T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  268.324100][ T5869] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  268.623951][    T9] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  268.636817][    T8] usb 3-1: USB disconnect, device number 17
[  268.644288][    T9] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  268.654231][    T9] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  268.664042][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.780639][ T8385] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  268.796837][    T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  268.907331][ T5869] usb 2-1: Using ep0 maxpacket: 8
[  268.946766][ T5869] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.962964][ T5869] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.981312][ T5869] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  268.989643][ T8413] vlan2: entered allmulticast mode
[  269.003200][    T9] usb 6-1: USB disconnect, device number 6
[  269.058463][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.060338][ T8413] bond0: entered allmulticast mode
[  269.095852][ T5869] usb 2-1: config 0 descriptor??
[  269.147444][ T8413] bond_slave_0: entered allmulticast mode
[  269.155025][ T8413] bond_slave_1: entered allmulticast mode
[  269.214750][ T8413] bond0: left allmulticast mode
[  269.220791][ T8413] bond_slave_0: left allmulticast mode
[  269.228350][ T8413] bond_slave_1: left allmulticast mode
[  269.261450][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  269.694384][ T5869] kone 0003:1E7D:2CED.0005: report_id 1944628200 is invalid
[  269.728182][ T5869] kone 0003:1E7D:2CED.0005: item 0 4 1 8 parsing failed
[  269.784754][ T5869] kone 0003:1E7D:2CED.0005: parse failed
[  269.806500][ T5869] kone 0003:1E7D:2CED.0005: probe with driver kone failed with error -22
[  270.124200][ T5870] usb 2-1: USB disconnect, device number 18
[  270.221470][ T8432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.726'.
[  270.231252][ T8432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  270.240870][ T8432] netlink: 'syz.3.726': attribute type 13 has an invalid length.
[  270.249784][ T8432] netlink: 'syz.3.726': attribute type 11 has an invalid length.
[  270.511370][ T8436] vlan2: entered promiscuous mode
[  270.902385][ T8444] sp0: Synchronizing with TNC
[  270.910162][ T8444] SET target dimension over the limit!
[  271.741879][ T8456] netlink: 168 bytes leftover after parsing attributes in process `syz.3.735'.
[  271.766172][ T8451] nbd: couldn't find device at index -1627389952
[  272.979027][ T5868] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  273.158942][ T5868] usb 2-1: Using ep0 maxpacket: 8
[  273.216988][ T5868] usb 2-1: too many configurations: 249, using maximum allowed: 8
[  273.298340][ T5868] usb 2-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=b3.ff
[  273.336787][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=2
[  273.347278][ T5868] usb 2-1: Product: syz
[  273.352830][ T5868] usb 2-1: Manufacturer: syz
[  273.364593][ T5868] usb 2-1: SerialNumber: syz
[  273.388178][ T5868] usb 2-1: config 0 descriptor??
[  274.051569][ T5868] mdc800 2-1:0.0: probe fails -> wrong Number of Configuration
[  274.094268][ T5868] usb 2-1: USB disconnect, device number 19
[  274.751865][ T8497] FAULT_INJECTION: forcing a failure.
[  274.751865][ T8497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.786018][ T8497] CPU: 0 UID: 0 PID: 8497 Comm: syz.1.750 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  274.796659][ T8497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  274.806744][ T8497] Call Trace:
[  274.810042][ T8497]  <TASK>
[  274.813000][ T8497]  dump_stack_lvl+0x241/0x360
[  274.817718][ T8497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.823030][ T8497]  ? __pfx__printk+0x10/0x10
[  274.827661][ T8497]  ? snprintf+0xda/0x120
[  274.831929][ T8497]  should_fail_ex+0x3b0/0x4e0
[  274.836628][ T8497]  _copy_to_user+0x31/0xb0
[  274.841076][ T8497]  simple_read_from_buffer+0xca/0x150
[  274.846555][ T8497]  proc_fail_nth_read+0x1e9/0x250
[  274.851602][ T8497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.857172][ T8497]  ? rw_verify_area+0x55e/0x6f0
[  274.862046][ T8497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  274.867622][ T8497]  vfs_read+0x1fc/0xb70
[  274.871898][ T8497]  ? __pfx___mutex_lock+0x10/0x10
[  274.876953][ T8497]  ? __pfx_vfs_read+0x10/0x10
[  274.881663][ T8497]  ? __fget_files+0x2a/0x410
[  274.886281][ T8497]  ? __fget_files+0x395/0x410
[  274.890974][ T8497]  ? __fget_files+0x2a/0x410
[  274.895580][ T8497]  ksys_read+0x18f/0x2b0
[  274.899819][ T8497]  ? __pfx_ksys_read+0x10/0x10
[  274.904585][ T8497]  ? do_syscall_64+0x100/0x230
[  274.909352][ T8497]  ? do_syscall_64+0xb6/0x230
[  274.914033][ T8497]  do_syscall_64+0xf3/0x230
[  274.918535][ T8497]  ? clear_bhb_loop+0x35/0x90
[  274.923301][ T8497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.929316][ T8497] RIP: 0033:0x7f2e1897e8ec
[  274.933753][ T8497] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  274.953387][ T8497] RSP: 002b:00007f2e19799050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  274.961827][ T8497] RAX: ffffffffffffffda RBX: 00007f2e18b45fa0 RCX: 00007f2e1897e8ec
[  274.969820][ T8497] RDX: 000000000000000f RSI: 00007f2e197990b0 RDI: 0000000000000004
[  274.977812][ T8497] RBP: 00007f2e197990a0 R08: 0000000000000000 R09: 0000000000000000
[  274.983382][ T8499] dccp_invalid_packet: P.Data Offset(0) too small
[  274.985782][ T8497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.000181][ T8497] R13: 0000000000000000 R14: 00007f2e18b45fa0 R15: 00007ffd6baf3c68
[  275.008268][ T8497]  </TASK>
[  275.018823][ T5867] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  275.439075][ T5867] usb 4-1: unable to get BOS descriptor or descriptor too short
[  275.738948][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  276.121551][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  276.132750][    T9] usb 3-1: config 3 has an invalid interface number: 101 but max is 0
[  276.443537][ T5867] usb 4-1: config 3 has an invalid interface number: 101 but max is 0
[  276.451968][ T5867] usb 4-1: config 3 has no interface number 0
[  276.458401][ T5867] usb 4-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  276.468507][ T5867] usb 4-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  276.478647][ T5867] usb 4-1: config 3 interface 101 has no altsetting 0
[  276.491071][ T5867] usb 4-1: string descriptor 0 read error: -22
[  276.688251][    T9] usb 3-1: config 3 has no interface number 0
[  276.694757][    T9] usb 3-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32
[  276.704932][    T9] usb 3-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64
[  276.715076][    T9] usb 3-1: config 3 interface 101 has no altsetting 0
[  276.950202][    T9] usb 3-1: string descriptor 0 read error: -22
[  276.973423][    T9] usb 3-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  277.002971][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.033873][ T8495] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  277.050927][ T8495] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  277.089956][ T5867] usb 4-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a
[  277.099130][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.109984][ T8490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  277.117246][ T8490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  277.144010][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  277.175593][    T9] snd-usb-audio 3-1:3.101: probe with driver snd-usb-audio failed with error -2
[  277.575250][ T5867] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  277.697890][ T8515] vlan2: entered promiscuous mode
[  277.708364][ T8515] bond0: (slave vlan2): Opening slave failed
[  277.730784][ T5867] snd-usb-audio 4-1:3.101: probe with driver snd-usb-audio failed with error -2
[  277.752290][ T8240] udevd[8240]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:3.101/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  277.827792][ T6278] udevd[6278]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:3.101/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  278.028934][ T5870] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  278.176093][ T8529] netlink: 288 bytes leftover after parsing attributes in process `syz.5.761'.
[  278.189059][ T5870] usb 2-1: Using ep0 maxpacket: 32
[  278.221305][ T5870] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  278.231811][ T5867] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  278.248214][ T8530] syz.5.761: attempt to access beyond end of device
[  278.248214][ T8530] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[  278.251758][ T5870] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13
[  278.268313][ T8530] syz.5.761: attempt to access beyond end of device
[  278.268313][ T8530] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0
[  278.270581][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.291385][ T8530] Mount JFS Failure: -5
[  278.293495][ T5870] usb 2-1: Product: syz
[  278.298120][ T8530] jfs_mount failed w/return code = -5
[  278.300255][ T5870] usb 2-1: Manufacturer: syz
[  278.300276][ T5870] usb 2-1: SerialNumber: syz
[  278.302450][ T5870] usb 2-1: config 0 descriptor??
[  278.341694][ T5870] pvrusb2: Hardware description: Terratec Grabster AV400
[  278.410338][ T5867] usb 5-1: Using ep0 maxpacket: 16
[  278.415726][ T5870] pvrusb2: **********
[  278.420874][ T5870] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  278.431932][ T5870] pvrusb2: Important functionality might not be entirely working.
[  278.440913][ T5870] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  278.456559][ T5867] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  278.471075][ T5870] pvrusb2: **********
[  278.505350][ T5867] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  278.519052][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.538069][ T5867] usb 5-1: Product: syz
[  278.539605][ T8516] 9pnet_fd: Insufficient options for proto=fd
[  278.542677][ T5867] usb 5-1: Manufacturer: syz
[  278.554528][ T5867] usb 5-1: SerialNumber: syz
[  278.613805][ T8521] netlink: 20 bytes leftover after parsing attributes in process `syz.1.756'.
[  278.633852][ T5867] r8152-cfgselector 5-1: Unknown version 0x0000
[  278.996424][ T8525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.011541][ T8525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.201121][ T5867] r8152-cfgselector 5-1: Unknown version 0x0000
[  279.221167][ T5867] r8152-cfgselector 5-1: bad CDC descriptors
[  279.226324][ T8538] vlan2: entered allmulticast mode
[  279.233010][ T5867] r8152-cfgselector 5-1: USB disconnect, device number 13
[  279.241411][ T8538] bond0: entered allmulticast mode
[  279.246650][ T8538] bond_slave_0: entered allmulticast mode
[  279.260879][ T8538] bond_slave_1: entered allmulticast mode
[  279.276107][ T8538] bond0: left allmulticast mode
[  279.282117][ T8538] bond_slave_0: left allmulticast mode
[  279.287633][ T8538] bond_slave_1: left allmulticast mode
[  279.738886][ T5869] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  279.776836][ T8545] dccp_invalid_packet: P.Data Offset(0) too small
[  279.901367][ T5869] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  279.912673][ T5869] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30
[  279.936979][ T5869] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  279.962708][ T5869] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.973096][ T5869] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254
[  279.986720][ T5869] usb 6-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  280.016382][ T5869] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.033371][ T5869] usb 6-1: config 0 descriptor??
[  280.235033][ T5870] usb 2-1: USB disconnect, device number 20
[  280.242622][ T5870] pvrusb2: Device being rendered inoperable
[  280.987082][ T8555] netlink: 'syz.1.768': attribute type 4 has an invalid length.
[  281.144669][ T5869] hid-u2fzero 0003:20A0:4287.0006: hidraw0: USB HID vff.fd Device [HID 20a0:4287] on usb-dummy_hcd.5-1/input0
[  281.173711][ T5869] hid-u2fzero 0003:20A0:4287.0006: NitroKey U2F LED initialised
[  281.181755][ T5869] hid-u2fzero 0003:20A0:4287.0006: NitroKey U2F RNG initialised
[  281.220325][ T8540] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  281.281598][   T25] usb 6-1: USB disconnect, device number 7
[  282.154903][ T8570] netlink: 700 bytes leftover after parsing attributes in process `syz.5.774'.
[  282.178241][ T8570] veth3: entered promiscuous mode
[  282.235798][ T8572] dccp_invalid_packet: P.Data Offset(100) too large
[  282.321418][ T5844] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  282.378852][ T5869] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  282.484061][ T5844] usb 5-1: Using ep0 maxpacket: 16
[  282.489393][    T9] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  282.503879][ T5844] usb 5-1: unable to get BOS descriptor or descriptor too short
[  282.514519][ T5844] usb 5-1: unable to read config index 0 descriptor/start: -71
[  282.522482][ T5844] usb 5-1: can't read configurations, error -71
[  282.559376][ T5869] usb 2-1: Using ep0 maxpacket: 32
[  282.565940][ T5869] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  282.575158][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.585838][ T5869] usb 2-1: config 0 descriptor??
[  282.596246][ T5869] gspca_main: nw80x-2.14.0 probing 055f:d001
[  282.641102][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[  282.650702][    T9] usb 6-1: not running at top speed; connect to a high speed hub
[  282.660086][    T9] usb 6-1: config 9 has an invalid interface number: 5 but max is 0
[  282.668219][    T9] usb 6-1: config 9 has no interface number 0
[  282.674790][    T9] usb 6-1: config 9 interface 5 altsetting 9 has an endpoint descriptor with address 0xD7, changing to 0x87
[  282.687004][    T9] usb 6-1: config 9 interface 5 altsetting 9 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  282.698074][    T9] usb 6-1: config 9 interface 5 has no altsetting 0
[  282.709505][    T9] usb 6-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8
[  282.718605][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.726791][    T9] usb 6-1: Product: syz
[  282.731072][    T9] usb 6-1: Manufacturer: syz
[  282.735689][    T9] usb 6-1: SerialNumber: syz
[  282.946297][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.955165][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.056839][    T9] usb 6-1: USB disconnect, device number 8
[  283.635601][ T5869] gspca_nw80x: reg_r err -71
[  283.650568][ T5869] nw80x 2-1:0.0: probe with driver nw80x failed with error -71
[  283.667294][ T5869] usb 2-1: USB disconnect, device number 21
[  283.750155][ T8579] erspan1: entered promiscuous mode
[  283.888956][ T5844] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  284.029007][ T5844] usb 5-1: device descriptor read/64, error -71
[  284.119285][ T8583] netlink: 16 bytes leftover after parsing attributes in process `syz.5.779'.
[  284.268798][ T5844] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  284.362459][ T8585] : entered promiscuous mode
[  284.418943][ T5844] usb 5-1: device descriptor read/64, error -71
[  284.529487][ T5844] usb usb5-port1: attempt power cycle
[  284.698929][  T972] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  284.885627][  T972] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  284.895550][ T5844] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  284.908126][  T972] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  284.920423][  T972] usb 2-1: New USB device found, idVendor=eb1a, idProduct=e303, bcdDevice=fc.a0
[  284.935523][  T972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.945131][  T972] usb 2-1: Product: syz
[  284.955887][  T972] usb 2-1: Manufacturer: syz
[  284.960659][  T972] usb 2-1: SerialNumber: syz
[  284.969688][  T972] usb 2-1: config 0 descriptor??
[  284.978597][  T972] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (eb1a:e303, interface 0, class 0)
[  284.994171][  T972] em28xx 2-1:0.0: Video interface 0 found: bulk
[  285.009959][ T5844] usb 5-1: device descriptor read/8, error -71
[  285.268988][ T5844] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  285.277166][  T972] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  285.329520][ T5844] usb 5-1: device descriptor read/8, error -71
[  285.424364][  T972] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  285.438758][  T972] em28xx 2-1:0.0: board has no eeprom
[  285.457970][ T5844] usb usb5-port1: unable to enumerate USB device
[  285.518809][  T972] em28xx 2-1:0.0: Identified as Kaiomy TVnPC U2 (card=63)
[  285.525989][  T972] em28xx 2-1:0.0: analog set to bulk mode.
[  285.534092][ T5869] em28xx 2-1:0.0: Registering V4L2 extension
[  285.542397][  T972] usb 2-1: USB disconnect, device number 22
[  285.551766][  T972] em28xx 2-1:0.0: Disconnecting em28xx
[  285.601119][ T5869] i2c i2c-1: Invalid 7-bit I2C address 0x00
[  285.628321][ T5869] tuner: 1-0061: Tuner -1 found with type(s) Radio TV.
[  285.657799][ T5869] DVB: Unable to find symbol xc2028_attach()
[  285.664483][ T5869] tuner: 1-0061: Tuner has no way to set tv freq
[  285.671095][ T5869] em28xx 2-1:0.0: Config register raw data: 0xffffffed
[  285.677987][ T5869] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  285.685312][ T5869] em28xx 2-1:0.0: No AC97 audio processor
[  285.693457][ T5869] tuner: 1-0061: Tuner has no way to set tv freq
[  285.707955][ T5869] videodev: could not get a free minor
[  285.714203][ T5869] em28xx 2-1:0.0: can't register radio device
[  285.720390][ T5869] em28xx 2-1:0.0: V4L2 device video103 deregistered
[  285.734263][ T5869] em28xx 2-1:0.0: Registering input extension
[  285.740488][ T5844] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  285.748309][  T972] em28xx 2-1:0.0: Closing input extension
[  285.762422][  T972] em28xx 2-1:0.0: Freeing device
[  285.913329][ T5844] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  285.923588][ T5844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.931813][ T5844] usb 6-1: Product: syz
[  285.954966][ T5844] usb 6-1: Manufacturer: syz
[  286.019179][ T5844] usb 6-1: SerialNumber: syz
[  286.095644][ T5844] usb 6-1: config 0 descriptor??
[  286.285794][ T8611] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  286.379261][ T5844] usb-storage 6-1:0.0: USB Mass Storage device detected
[  286.570335][ T5844] usb 6-1: USB disconnect, device number 9
[  286.716211][ T8619] netlink: 84 bytes leftover after parsing attributes in process `syz.1.790'.
[  286.743929][ T8621] trusted_key: encrypted_key: insufficient parameters specified
[  286.813933][ T8623] vlan0: entered allmulticast mode
[  286.819842][ T8623] bond0: entered allmulticast mode
[  286.824964][ T8623] bond_slave_0: entered allmulticast mode
[  286.835035][ T8623] bond_slave_1: entered allmulticast mode
[  286.842231][ T8623] bond0: left allmulticast mode
[  286.847117][ T8623] bond_slave_0: left allmulticast mode
[  286.853482][ T8623] bond_slave_1: left allmulticast mode
[  287.112861][ T5844] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  287.290330][ T5844] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.302289][ T5844] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.312113][ T5844] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  287.321313][ T5844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.332835][ T5844] usb 5-1: config 0 descriptor??
[  287.348831][ T5870] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  287.498791][ T5870] usb 2-1: Using ep0 maxpacket: 32
[  287.505746][ T5870] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  287.514445][ T5870] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  287.525935][ T5870] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  287.537070][ T5870] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  287.551886][ T5870] usb 2-1: config 0 interface 0 has no altsetting 0
[  287.563441][ T5870] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  287.572561][ T5870] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  287.586174][ T5870] usb 2-1: Product: syz
[  287.590458][ T5870] usb 2-1: Manufacturer: syz
[  287.595061][ T5870] usb 2-1: SerialNumber: syz
[  287.609461][ T5870] usb 2-1: config 0 descriptor??
[  287.617087][ T5870] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  287.628647][ T5870] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  287.762259][ T5844] usbhid 5-1:0.0: can't add hid device: -32
[  287.768397][ T5844] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  287.830107][ T8627] sp0: Synchronizing with TNC
[  287.836979][ T8627] SET target dimension over the limit!
[  289.001691][ T5844] usb 2-1: USB disconnect, device number 23
[  289.029520][ T5844] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  290.219501][ T5822] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  290.230979][ T5822] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  290.246316][ T5822] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  290.254797][ T5822] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  290.265024][ T5822] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  290.272848][ T5822] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  290.480514][ T5827] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  290.505963][ T5827] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  290.514117][ T5827] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  290.522206][ T5827] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  290.533826][ T5827] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  290.541367][ T5827] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  290.689456][ T8657] chnl_net:caif_netlink_parms(): no params data found
[  290.847431][ T8680] sctp: [Deprecated]: syz.5.808 (pid 8680) Use of int in max_burst socket option deprecated.
[  290.847431][ T8680] Use struct sctp_assoc_value instead
[  290.951009][ T5869] usb 5-1: USB disconnect, device number 20
[  291.042430][ T8657] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.069034][ T8657] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.129641][ T8657] bridge_slave_0: entered allmulticast mode
[  291.136661][ T8657] bridge_slave_0: entered promiscuous mode
[  291.144706][ T8657] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.151901][ T8657] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.159151][ T8657] bridge_slave_1: entered allmulticast mode
[  291.166134][ T8657] bridge_slave_1: entered promiscuous mode
[  291.209753][ T8657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.242244][ T8663] chnl_net:caif_netlink_parms(): no params data found
[  291.278458][ T8657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.513992][ T8657] team0: Port device team_slave_0 added
[  291.535124][ T8697] netlink: 288 bytes leftover after parsing attributes in process `syz.4.813'.
[  291.554182][ T8657] team0: Port device team_slave_1 added
[  292.319258][ T5827] Bluetooth: hci6: command tx timeout
[  292.522134][ T8657] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.640503][ T5827] Bluetooth: hci7: command tx timeout
[  293.165069][ T8657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.278760][ T8657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  293.311436][ T8657] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.318409][ T8657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.399303][ T8657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.459182][ T8663] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.466308][ T8663] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.486083][ T8663] bridge_slave_0: entered allmulticast mode
[  293.510285][ T8715] netlink: 700 bytes leftover after parsing attributes in process `syz.4.818'.
[  293.519946][ T8663] bridge_slave_0: entered promiscuous mode
[  293.529603][ T8663] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.536707][ T8663] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.549171][ T8663] bridge_slave_1: entered allmulticast mode
[  293.556186][ T8663] bridge_slave_1: entered promiscuous mode
[  293.576781][ T8714] pimreg: entered allmulticast mode
[  293.594965][ T8715] veth5: entered promiscuous mode
[  293.612295][ T8663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.626119][ T8714] netlink: 12 bytes leftover after parsing attributes in process `syz.1.817'.
[  293.643212][ T8714] pimreg: left allmulticast mode
[  293.697593][ T8663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  293.819654][ T8657] hsr_slave_0: entered promiscuous mode
[  293.826444][ T8657] hsr_slave_1: entered promiscuous mode
[  293.832979][ T8657] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  293.849269][ T5844] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  293.884492][ T8657] Cannot create hsr debugfs directory
[  293.895271][ T8722] netlink: 763 bytes leftover after parsing attributes in process `syz.4.821'.
[  293.943220][ T8663] team0: Port device team_slave_0 added
[  293.952604][ T8663] team0: Port device team_slave_1 added
[  294.026457][ T5844] usb 6-1: config 0 has an invalid interface number: 127 but max is 1
[  294.034845][ T5844] usb 6-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 225
[  294.047509][ T5844] usb 6-1: config 0 has no interface number 1
[  294.053957][ T5844] usb 6-1: config 0 interface 127 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  294.067566][ T5844] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 29
[  294.400612][ T5827] Bluetooth: hci6: command tx timeout
[  294.445577][ T8663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.516871][ T8663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.657963][ T8663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  294.680004][ T5844] usb 6-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  294.709216][ T5844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.717267][ T5844] usb 6-1: Product: syz
[  294.722419][ T5827] Bluetooth: hci7: command tx timeout
[  294.742162][ T8663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  294.751987][ T5844] usb 6-1: Manufacturer: syz
[  294.768896][ T5844] usb 6-1: SerialNumber: syz
[  294.776912][ T8663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.806099][ T5844] usb 6-1: config 0 descriptor??
[  294.810893][ T8663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.814412][ T5844] usb-storage 6-1:0.127: USB Mass Storage device detected
[  294.847994][ T5844] usb-storage 6-1:0.127: Quirks match for vid 1908 pid 1315: 20000
[  294.864587][ T8728] vlan0: entered allmulticast mode
[  294.871455][ T8728] bond0: entered allmulticast mode
[  294.876602][ T8728] bond_slave_0: entered allmulticast mode
[  294.882412][ T8728] bond_slave_1: entered allmulticast mode
[  294.897704][ T8728] bond0: left allmulticast mode
[  294.899727][ T5844] usb-storage 6-1:0.0: USB Mass Storage device detected
[  294.914007][ T8728] bond_slave_0: left allmulticast mode
[  294.922720][ T8728] bond_slave_1: left allmulticast mode
[  294.925215][ T5844] usb-storage 6-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  295.092420][ T8663] hsr_slave_0: entered promiscuous mode
[  295.108204][ T8663] hsr_slave_1: entered promiscuous mode
[  295.115581][ T8663] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  295.123827][ T8663] Cannot create hsr debugfs directory
[  295.363504][ T8657] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  295.384987][ T8657] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  295.414287][ T8657] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  295.454215][ T8657] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  295.543234][ T8663] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  295.602288][ T8663] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  295.614447][ T8663] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  295.649058][ T5868] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  295.839120][ T5868] usb 2-1: Using ep0 maxpacket: 8
[  295.877394][ T8663] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  295.925878][ T5868] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  296.086420][ T5868] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  296.284277][ T5868] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  296.297906][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.341131][ T5868] usbtmc 2-1:16.0: bulk endpoints not found
[  296.375867][ T8657] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.419464][ T8657] 8021q: adding VLAN 0 to HW filter on device team0
[  296.447055][ T8636] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.454263][ T8636] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.529116][ T5827] Bluetooth: hci6: command tx timeout
[  296.543359][ T8636] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.550557][ T8636] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.584067][ T5870] usb 2-1: USB disconnect, device number 24
[  296.623618][ T8663] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.704294][ T8663] 8021q: adding VLAN 0 to HW filter on device team0
[  296.738136][ T5867] usb 6-1: USB disconnect, device number 10
[  296.803064][ T5827] Bluetooth: hci7: command tx timeout
[  296.846612][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.853770][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.875801][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.882976][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.107614][ T8751] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  297.757382][ T8657] 8021q: adding VLAN 0 to HW filter on device batadv0
[  298.041199][ T8663] 8021q: adding VLAN 0 to HW filter on device batadv0
[  298.948814][ T8761] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  299.121915][ T5827] Bluetooth: hci6: command tx timeout
[  299.127769][ T5827] Bluetooth: hci7: command tx timeout
[  299.591751][ T8791] netlink: 'syz.4.834': attribute type 2 has an invalid length.
[  299.633167][ T8657] veth0_vlan: entered promiscuous mode
[  299.660972][ T8657] veth1_vlan: entered promiscuous mode
[  299.723714][ T8663] veth0_vlan: entered promiscuous mode
[  299.742757][ T8657] veth0_macvtap: entered promiscuous mode
[  299.749107][    T9] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  299.764822][ T8657] veth1_macvtap: entered promiscuous mode
[  299.773295][ T8663] veth1_vlan: entered promiscuous mode
[  299.803646][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.814567][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.826147][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.837234][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.847636][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.858791][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.869441][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.881351][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.894200][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.907130][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.917266][    T9] usb 2-1: config 0 has an invalid interface number: 244 but max is 0
[  299.925729][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  299.926477][    T9] usb 2-1: config 0 has no interface number 0
[  299.938532][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  299.945740][    T9] usb 2-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  299.961989][ T8657] batman_adv: batadv0: Interface activated: batadv_slave_0
[  299.962122][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.978491][    T9] usb 2-1: Product: syz
[  299.999215][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.010597][    T9] usb 2-1: Manufacturer: syz
[  300.013892][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.029155][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.032539][    T9] usb 2-1: SerialNumber: syz
[  300.040044][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.054368][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.063309][    T9] usb 2-1: config 0 descriptor??
[  300.075033][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.083305][    T9] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state.
[  300.094268][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  300.101414][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.118156][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  300.129069][    T9] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB)
[  300.138482][    T9] usb 2-1: media controller created
[  300.149035][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.156936][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  300.167962][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.179136][    T9] cxusb: set interface failed
[  300.183921][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  300.186806][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.211845][ T8657] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.228110][ T8657] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.228154][    T9] DVB: Unable to find symbol mt352_attach()
[  300.240846][ T8657] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.256971][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  300.264734][    T9] zl10353_read_register: readreg error (reg=127, ret==-121)
[  300.274650][    T9] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB'
[  300.284010][ T8663] veth0_macvtap: entered promiscuous mode
[  300.332178][ T8663] veth1_macvtap: entered promiscuous mode
[  300.351212][ T8657] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.370606][ T8657] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.388904][ T8657] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.408054][ T8657] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.421963][    T9] rc_core: IR keymap rc-dvico-mce not found
[  300.431633][    T9] Registered IR keymap rc-empty
[  300.448832][    T9] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  300.471673][    T9] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input19
[  300.486437][    T9] dvb-usb: schedule remote query interval to 100 msecs.
[  300.490162][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.511089][    T9] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected.
[  300.521729][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.545524][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.557740][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.570056][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.594105][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.612901][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.624151][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.632028][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  300.642153][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.655292][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.665448][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.676095][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.686078][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  300.698365][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.716502][ T8663] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.748798][ T5869] dvb-usb: bulk message failed: -22 (1/0)
[  300.795041][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.828738][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.838581][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.849984][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.865118][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.868792][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  300.875817][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.907182][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.931031][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.959031][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.977727][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.988336][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  300.999182][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.009096][    T8] dvb-usb: bulk message failed: -22 (1/0)
[  301.017661][ T8663] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.028488][ T8663] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.049918][ T8663] batman_adv: batadv0: Interface activated: batadv_slave_1
[  301.086861][ T8663] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  301.089046][ T8809] netlink: 4 bytes leftover after parsing attributes in process `syz.4.839'.
[  301.106530][ T8663] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  301.115522][ T8663] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  301.129011][ T5869] dvb-usb: bulk message failed: -22 (1/0)
[  301.137269][ T8663] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  301.201325][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.220042][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.239076][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  301.349889][ T5914] dvb-usb: bulk message failed: -22 (1/0)
[  301.406650][ T7129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.425056][ T7129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.635358][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  301.749770][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.365052][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  302.457123][ T5867] usb 2-1: USB disconnect, device number 25
[  302.583751][ T7129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.596115][ T7129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.674457][ T5867] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected.
[  302.769233][   T29] audit: type=1326 audit(1733680390.357:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  302.858754][   T29] audit: type=1326 audit(1733680390.377:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  302.881784][ T8824] netlink: 92 bytes leftover after parsing attributes in process `syz.5.842'.
[  302.905180][ T8834] FAULT_INJECTION: forcing a failure.
[  302.905180][ T8834] name failslab, interval 1, probability 0, space 0, times 0
[  302.922761][ T8834] CPU: 1 UID: 0 PID: 8834 Comm: syz.7.801 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  302.933390][ T8834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  302.943474][ T8834] Call Trace:
[  302.946490][   T29] audit: type=1326 audit(1733680390.377:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  302.946749][ T8834]  <TASK>
[  302.971134][ T8834]  dump_stack_lvl+0x241/0x360
[  302.975842][ T8834]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.981078][ T8834]  ? __pfx__printk+0x10/0x10
[  302.985702][ T8834]  should_fail_ex+0x3b0/0x4e0
[  302.990399][ T8834]  should_failslab+0xac/0x100
[  302.995101][ T8834]  kmem_cache_alloc_node_noprof+0x77/0x380
[  303.000927][ T8834]  ? __alloc_skb+0x1c3/0x440
[  303.005531][ T8834]  ? rcu_is_watching+0x15/0xb0
[  303.010321][ T8834]  __alloc_skb+0x1c3/0x440
[  303.014755][ T8834]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  303.020754][ T8834]  ? __pfx___alloc_skb+0x10/0x10
[  303.025709][ T8834]  ? hci_sock_sendmsg+0x617/0x11c0
[  303.028768][   T29] audit: type=1326 audit(1733680390.377:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  303.030822][ T8834]  ? __pfx___mutex_lock+0x10/0x10
[  303.030853][ T8834]  hci_mgmt_cmd+0x1c1/0x11d0
[  303.061911][ T8834]  hci_sock_sendmsg+0x7b8/0x11c0
[  303.066874][ T8834]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  303.073671][ T8834]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  303.079068][ T8834]  ? get_pid_task+0x23/0x1f0
[  303.083688][ T8834]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  303.089076][ T8834]  __sock_sendmsg+0x221/0x270
[  303.093795][ T8834]  sock_write_iter+0x2d7/0x3f0
[  303.098579][ T8834]  ? __pfx_sock_write_iter+0x10/0x10
[  303.103903][ T8834]  ? bpf_lsm_file_permission+0x9/0x10
[  303.109326][ T8834]  ? security_file_permission+0x74/0x280
[  303.114261][   T29] audit: type=1326 audit(1733680390.377:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  303.114965][ T8834]  vfs_write+0xaeb/0xd30
[  303.140661][ T8834]  ? __pfx_sock_write_iter+0x10/0x10
[  303.145970][ T8834]  ? __pfx_vfs_write+0x10/0x10
[  303.150765][ T8834]  ? __fget_files+0x2a/0x410
[  303.155382][ T8834]  ? __fget_files+0x2a/0x410
[  303.160003][ T8834]  ksys_write+0x18f/0x2b0
[  303.164361][ T8834]  ? __pfx_ksys_write+0x10/0x10
[  303.169239][ T8834]  ? do_syscall_64+0x100/0x230
[  303.174077][ T8834]  ? do_syscall_64+0xb6/0x230
[  303.178791][ T8834]  do_syscall_64+0xf3/0x230
[  303.183322][ T8834]  ? clear_bhb_loop+0x35/0x90
[  303.188023][ T8834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.193942][ T8834] RIP: 0033:0x7fb11f77fed9
[  303.198377][ T8834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.209256][   T29] audit: type=1326 audit(1733680390.377:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  303.217988][ T8834] RSP: 002b:00007fb12061e058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  303.247885][ T8834] RAX: ffffffffffffffda RBX: 00007fb11f945fa0 RCX: 00007fb11f77fed9
[  303.255880][ T8834] RDX: 000000000000000d RSI: 0000000020000000 RDI: 0000000000000005
[  303.263873][ T8834] RBP: 00007fb12061e0a0 R08: 0000000000000000 R09: 0000000000000000
[  303.271869][ T8834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  303.279861][ T8834] R13: 0000000000000000 R14: 00007fb11f945fa0 R15: 00007ffccb0a7648
[  303.287882][ T8834]  </TASK>
[  303.328863][   T29] audit: type=1326 audit(1733680390.377:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  303.367042][   T29] audit: type=1326 audit(1733680390.377:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  303.389293][   T29] audit: type=1326 audit(1733680390.377:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  303.411352][   T29] audit: type=1326 audit(1733680390.377:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8828 comm="syz.1.843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2e1897fed9 code=0x7ffc0000
[  304.182154][ T8850] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  304.190619][ T8850] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  304.432666][ T8850] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  304.438852][ T8850] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  304.565361][ T8850] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  304.571733][ T8850] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  304.627631][ T8850] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  304.633826][ T8850] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  304.657659][ T8850] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  304.663809][ T8850] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  304.689345][ T8850] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  304.695425][ T8850] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  304.756398][ T8850] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  304.762642][ T8850] Bluetooth: hci6: Error when powering off device on rfkill (-4)
[  304.792555][ T8850] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  304.798917][ T8850] Bluetooth: hci7: Error when powering off device on rfkill (-4)
[  305.216543][   T30] INFO: task udevd:6573 blocked for more than 144 seconds.
[  305.223960][   T30]       Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  305.238798][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  305.247509][   T30] task:udevd           state:D stack:21040 pid:6573  tgid:6573  ppid:5193   flags:0x00004002
[  305.257827][   T30] Call Trace:
[  305.259453][ T8861] netlink: 4 bytes leftover after parsing attributes in process `syz.4.848'.
[  305.261188][   T30]  <TASK>
[  305.272974][   T30]  __schedule+0x17fb/0x4be0
[  305.277514][   T30]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  305.283945][   T30]  ? __pfx___schedule+0x10/0x10
[  305.288943][   T30]  ? __blk_flush_plug+0x449/0x500
[  305.293994][   T30]  ? __pfx_lock_release+0x10/0x10
[  305.299369][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  305.305739][   T30]  ? schedule+0x90/0x320
[  305.310082][   T30]  schedule+0x14b/0x320
[  305.315912][   T30]  schedule_timeout+0x15a/0x290
[  305.320951][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  305.326351][   T30]  ? __pfx_process_timeout+0x10/0x10
[  305.331709][   T30]  ? prepare_to_wait_event+0x3bd/0x400
[  305.337206][   T30]  nbd_queue_rq+0x7d9/0x2ef0
[  305.341878][   T30]  ? validate_chain+0x11e/0x5920
[  305.346844][   T30]  ? __pfx_validate_chain+0x10/0x10
[  305.352365][   T30]  ? mark_lock+0x9a/0x360
[  305.356732][   T30]  ? __pfx_nbd_queue_rq+0x10/0x10
[  305.361969][   T30]  ? __lock_acquire+0x1397/0x2100
[  305.367042][   T30]  ? __pfx_autoremove_wake_function+0x10/0x10
[  305.373242][   T30]  blk_mq_dispatch_rq_list+0xad3/0x19d0
[  305.378998][   T30]  ? sbitmap_get+0x289/0x3f0
[  305.383628][   T30]  ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10
[  305.389724][   T30]  ? __blk_mq_alloc_driver_tag+0x32d/0x730
[  305.395582][   T30]  __blk_mq_sched_dispatch_requests+0xb8a/0x1840
[  305.402002][   T30]  ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10
[  305.408844][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  305.413898][   T30]  ? __pfx___might_resched+0x10/0x10
[  305.420205][   T30]  ? sbitmap_any_bit_set+0x155/0x190
[  305.425533][   T30]  ? blk_mq_hw_queue_need_run+0x14d/0x6d0
[  305.432270][   T30]  blk_mq_sched_dispatch_requests+0xd6/0x190
[  305.438310][   T30]  ? blk_mq_run_hw_queue+0x32b/0x500
[  305.443708][   T30]  blk_mq_run_hw_queue+0x354/0x500
[  305.448897][   T30]  blk_mq_flush_plug_list+0x118e/0x1870
[  305.454482][   T30]  ? blk_add_rq_to_plug+0x308/0x4b0
[  305.459798][   T30]  ? __pfx_blk_mq_flush_plug_list+0x10/0x10
[  305.465715][   T30]  ? blk_mq_submit_bio+0xf74/0x2390
[  305.471152][   T30]  __blk_flush_plug+0x420/0x500
[  305.476036][   T30]  ? __pfx___blk_flush_plug+0x10/0x10
[  305.481537][   T30]  __submit_bio+0x46a/0x560
[  305.486070][   T30]  ? __pfx___submit_bio+0x10/0x10
[  305.491206][   T30]  ? blk_add_trace_bio+0x2c/0x2f0
[  305.496253][   T30]  ? blk_add_trace_bio+0x1e6/0x2f0
[  305.501454][   T30]  submit_bio_noacct_nocheck+0x4d3/0xe30
[  305.507105][   T30]  ? bio_associate_blkg_from_css+0x182/0xc70
[  305.513146][   T30]  ? __pfx___might_resched+0x10/0x10
[  305.518458][   T30]  ? __pfx_submit_bio_noacct_nocheck+0x10/0x10
[  305.526236][   T30]  block_read_full_folio+0x93b/0xcd0
[  305.532520][   T30]  ? __pfx_blkdev_get_block+0x10/0x10
[  305.537920][   T30]  ? __pfx_block_read_full_folio+0x10/0x10
[  305.543835][   T30]  ? folio_add_lru+0x1cd/0x4f0
[  305.548622][   T30]  filemap_read_folio+0x14b/0x630
[  305.553751][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  305.559365][   T30]  ? __pfx_filemap_read_folio+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  305.564942][   T30]  do_read_cache_folio+0x3f5/0x850
[  305.570145][   T30]  ? __pfx_blkdev_read_folio+0x10/0x10
[  305.575632][   T30]  read_part_sector+0xb3/0x330
[  305.580491][   T30]  adfspart_check_ICS+0xd9/0x9a0
[  305.585459][   T30]  ? __pfx_vsnprintf+0x10/0x10
[  305.590315][   T30]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  305.595891][   T30]  ? snprintf+0xda/0x120
[  305.600456][   T30]  ? alloc_pages_mpol_noprof+0x417/0x680
[  305.606241][   T30]  ? vsnprintf+0x1cc3/0x1da0
[  305.610922][   T30]  ? vsnprintf+0x184/0x1da0
[  305.615448][   T30]  ? __pfx_snprintf+0x10/0x10
[  305.620184][   T30]  ? __kasan_kmalloc+0x98/0xb0
[  305.625803][   T30]  bdev_disk_changed+0x72c/0x13f0
[  305.631776][   T30]  ? __pfx___might_resched+0x10/0x10
[  305.637110][   T30]  ? __pfx_bdev_disk_changed+0x10/0x10
[  305.642662][   T30]  ? wait_on_inode+0xc1/0x230
[  305.647375][   T30]  ? __pfx_wait_on_inode+0x10/0x10
[  305.652594][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  305.657823][   T30]  blkdev_get_whole+0x2d2/0x450
[  305.662754][   T30]  bdev_open+0x2d4/0xc50
[  305.667032][   T30]  blkdev_open+0x389/0x4f0
[  305.671549][   T30]  ? __pfx_blkdev_open+0x10/0x10
[  305.676517][   T30]  do_dentry_open+0xbe1/0x1b70
[  305.681642][   T30]  vfs_open+0x3e/0x330
[  305.685747][   T30]  path_openat+0x2c84/0x3590
[  305.690617][   T30]  ? __pfx_path_openat+0x10/0x10
[  305.695604][   T30]  do_filp_open+0x27f/0x4e0
[  305.700211][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  305.705256][   T30]  ? do_raw_spin_lock+0x14f/0x370
[  305.710545][   T30]  do_sys_openat2+0x13e/0x1d0
[  305.715246][   T30]  ? __might_fault+0xaa/0x120
[  305.719984][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  305.726877][   T30]  ? rcu_is_watching+0x15/0xb0
[  305.731721][   T30]  ? __rseq_handle_notify_resume+0x34d/0x14e0
[  305.737829][   T30]  __x64_sys_openat+0x247/0x2a0
[  305.742808][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[  305.748209][   T30]  ? do_syscall_64+0x100/0x230
[  305.753073][   T30]  ? do_syscall_64+0xb6/0x230
[  305.757779][   T30]  do_syscall_64+0xf3/0x230
[  305.762683][   T30]  ? clear_bhb_loop+0x35/0x90
[  305.767388][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.773394][   T30] RIP: 0033:0x7f70a29169a4
[  305.777828][   T30] RSP: 002b:00007ffe46bf1310 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  305.786353][   T30] RAX: ffffffffffffffda RBX: 000055b46c92ff60 RCX: 00007f70a29169a4
[  305.794496][   T30] RDX: 00000000000a0800 RSI: 000055b46c91c550 RDI: 00000000ffffff9c
[  305.802606][   T30] RBP: 000055b46c91c550 R08: 0000000000000001 R09: 7fffffffffffffff
[  305.810660][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800
[  305.818658][   T30] R13: 000055b46c93c320 R14: 0000000000000001 R15: 000055b46c91b910
[  305.827601][   T30]  </TASK>
[  305.831588][   T30] 
[  305.831588][   T30] Showing all locks held in the system:
[  305.839844][   T30] 1 lock held by khungtaskd/30:
[  305.844718][   T30]  #0: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[  305.854870][   T30] 2 locks held by kworker/u8:4/71:
[  305.860259][   T30] 2 locks held by kworker/u8:5/1128:
[  305.865571][   T30] 2 locks held by kworker/u8:7/3460:
[  305.870959][   T30] 2 locks held by getty/5574:
[  305.875648][   T30]  #0: ffff888030c2e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  305.885544][   T30]  #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00
[  305.895808][   T30] 1 lock held by syz-executor/5819:
[  305.901063][   T30]  #0: ffff8880b863e758 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  305.911108][   T30] 3 locks held by udevd/5972:
[  305.915789][   T30]  #0: ffff888025b344c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  305.925503][   T30]  #1: ffff88801e7f2710 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  305.935998][   T30]  #2: ffff888025be51f8 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  305.945978][   T30] 3 locks held by udevd/6573:
[  305.950778][   T30]  #0: ffff888025a574c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  305.960122][   T30]  #1: ffff88801eb6df10 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  305.969746][   T30]  #2: ffff888025b18bb8 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  305.978828][   T30] 3 locks held by udevd/6710:
[  305.983517][   T30]  #0: ffff888025b334c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  305.992830][   T30]  #1: ffff88801e7f2390 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500
[  306.002438][   T30]  #2: ffff888025bb92b8 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0
[  306.011540][   T30] 2 locks held by syz.0.379/7149:
[  306.016574][   T30]  #0: ffff88805aed60e0 (&type->s_umount_key#51/1){+.+.}-{4:4}, at: alloc_super+0x221/0x9d0
[  306.026783][   T30]  #1: ffff888025a574c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  306.036579][   T30] 1 lock held by syz.3.746/8487:
[  306.042558][   T30]  #0: ffff888025b344c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  306.051939][   T30] 1 lock held by syz.2.747/8489:
[  306.056886][   T30]  #0: ffff888025b334c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  306.066232][   T30] 4 locks held by syz-executor/8657:
[  306.071609][   T30] 2 locks held by syz.5.842/8825:
[  306.076654][   T30] 1 lock held by syz.1.843/8838:
[  306.081714][   T30]  #0: ffffffff8e93cfb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830
[  306.092742][   T30] 1 lock held by syz.7.844/8841:
[  306.097703][   T30] 1 lock held by syz.4.848/8862:
[  306.102712][   T30]  #0: ffffffff8e93cfb8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x381/0x830
[  306.113737][   T30] 
[  306.116079][   T30] =============================================
[  306.116079][   T30] 
[  306.124646][   T30] NMI backtrace for cpu 1
[  306.129008][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  306.139524][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  306.149597][   T30] Call Trace:
[  306.152877][   T30]  <TASK>
[  306.155806][   T30]  dump_stack_lvl+0x241/0x360
[  306.160491][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  306.165695][   T30]  ? __pfx__printk+0x10/0x10
[  306.170299][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  306.175239][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  306.180704][   T30]  ? _printk+0xd5/0x120
[  306.184860][   T30]  ? __pfx__printk+0x10/0x10
[  306.189447][   T30]  ? __wake_up_klogd+0xcc/0x110
[  306.194298][   T30]  ? __pfx__printk+0x10/0x10
[  306.198886][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  306.203908][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  306.209890][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  306.215869][   T30]  watchdog+0xff6/0x1040
[  306.220110][   T30]  ? watchdog+0x1ea/0x1040
[  306.224524][   T30]  ? __pfx_watchdog+0x10/0x10
[  306.229196][   T30]  kthread+0x2f0/0x390
[  306.233259][   T30]  ? __pfx_watchdog+0x10/0x10
[  306.237931][   T30]  ? __pfx_kthread+0x10/0x10
[  306.242524][   T30]  ret_from_fork+0x4b/0x80
[  306.246945][   T30]  ? __pfx_kthread+0x10/0x10
[  306.251531][   T30]  ret_from_fork_asm+0x1a/0x30
[  306.256326][   T30]  </TASK>
[  306.261053][   T30] Sending NMI from CPU 1 to CPUs 0:
[  306.266353][    C0] NMI backtrace for cpu 0
[  306.266366][    C0] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  306.266387][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  306.266398][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  306.266428][    C0] RIP: 0010:arch_stack_walk+0x76/0x150
[  306.266448][    C0] Code: 00 00 48 c7 45 a8 00 00 00 00 48 c7 45 a0 00 00 00 00 48 c7 45 98 00 00 00 00 48 c7 45 90 00 00 00 00 48 c7 45 88 00 00 00 00 <48> c7 45 80 00 00 00 00 48 c7 85 78 ff ff ff 00 00 00 00 48 c7 85
[  306.266463][    C0] RSP: 0018:ffffc90000107580 EFLAGS: 00000282
[  306.266476][    C0] RAX: f94a74171ccbb600 RBX: ffffc90000107670 RCX: 0000000000000000
[  306.266489][    C0] RDX: ffff88801bef3c00 RSI: ffffc90000107660 RDI: ffffffff818b36a0
[  306.266502][    C0] RBP: ffffc90000107610 R08: dffffc0000000000 R09: 0000000000000000
[  306.266514][    C0] R10: ffffc90000107700 R11: ffffffff818b36a0 R12: ffff88801bef3c00
[  306.266527][    C0] R13: ffffffff818b36a0 R14: ffffc90000107660 R15: 0000000000000000
[  306.266540][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  306.266555][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  306.266566][    C0] CR2: 000055556ce03808 CR3: 000000000e736000 CR4: 00000000003526f0
[  306.266581][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  306.266597][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  306.266606][    C0] Call Trace:
[  306.266612][    C0]  <NMI>
[  306.266619][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  306.266640][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  306.266659][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  306.266677][    C0]  ? nmi_handle+0x2a/0x5a0
[  306.266702][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  306.266725][    C0]  ? nmi_handle+0x14f/0x5a0
[  306.266742][    C0]  ? nmi_handle+0x2a/0x5a0
[  306.266760][    C0]  ? arch_stack_walk+0x76/0x150
[  306.266777][    C0]  ? default_do_nmi+0x63/0x160
[  306.266796][    C0]  ? exc_nmi+0x123/0x1f0
[  306.266813][    C0]  ? end_repeat_nmi+0xf/0x53
[  306.266827][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  306.266852][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  306.266878][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  306.266902][    C0]  ? arch_stack_walk+0x76/0x150
[  306.266920][    C0]  ? arch_stack_walk+0x76/0x150
[  306.266939][    C0]  ? arch_stack_walk+0x76/0x150
[  306.266957][    C0]  </NMI>
[  306.266962][    C0]  <TASK>
[  306.266974][    C0]  stack_trace_save+0x118/0x1d0
[  306.266998][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  306.267020][    C0]  ? stack_trace_save+0x118/0x1d0
[  306.267044][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  306.267065][    C0]  ? arch_stack_walk+0x11c/0x150
[  306.267086][    C0]  kasan_save_track+0x3f/0x80
[  306.267132][    C0]  __kasan_kmalloc+0x98/0xb0
[  306.267156][    C0]  __kmalloc_node_track_caller_noprof+0x28b/0x4c0
[  306.267175][    C0]  ? __alloc_skb+0x1f3/0x440
[  306.267193][    C0]  ? __alloc_skb+0x1f3/0x440
[  306.267208][    C0]  kmalloc_reserve+0x111/0x2a0
[  306.267226][    C0]  __alloc_skb+0x1f3/0x440
[  306.267242][    C0]  ? kasan_quarantine_put+0xdc/0x230
[  306.267266][    C0]  ? __pfx___alloc_skb+0x10/0x10
[  306.267283][    C0]  ? kmem_cache_free+0x195/0x410
[  306.267300][    C0]  ? nsim_dev_trap_report_work+0x7cc/0xb50
[  306.267325][    C0]  nsim_dev_trap_report_work+0x261/0xb50
[  306.267355][    C0]  ? process_scheduled_works+0x976/0x1840
[  306.267379][    C0]  process_scheduled_works+0xa66/0x1840
[  306.267420][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  306.267448][    C0]  ? assign_work+0x364/0x3d0
[  306.267472][    C0]  worker_thread+0x870/0xd30
[  306.267494][    C0]  ? __kthread_parkme+0x169/0x1d0
[  306.267512][    C0]  ? __pfx_worker_thread+0x10/0x10
[  306.267526][    C0]  kthread+0x2f0/0x390
[  306.267543][    C0]  ? __pfx_worker_thread+0x10/0x10
[  306.267558][    C0]  ? __pfx_kthread+0x10/0x10
[  306.267576][    C0]  ret_from_fork+0x4b/0x80
[  306.267595][    C0]  ? __pfx_kthread+0x10/0x10
[  306.267612][    C0]  ret_from_fork_asm+0x1a/0x30
[  306.267642][    C0]  </TASK>
[  306.268364][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  306.668357][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0
[  306.678850][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  306.688896][   T30] Call Trace:
[  306.692167][   T30]  <TASK>
[  306.695092][   T30]  dump_stack_lvl+0x241/0x360
[  306.699771][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  306.704967][   T30]  ? __pfx__printk+0x10/0x10
[  306.709549][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  306.715531][   T30]  ? vscnprintf+0x5d/0x90
[  306.719857][   T30]  panic+0x349/0x880
[  306.723749][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  306.729900][   T30]  ? __pfx_panic+0x10/0x10
[  306.734308][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  306.739678][   T30]  ? __irq_work_queue_local+0x137/0x410
[  306.745219][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  306.750591][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  306.756743][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  306.762912][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  306.769060][   T30]  watchdog+0x1035/0x1040
[  306.773384][   T30]  ? watchdog+0x1ea/0x1040
[  306.777803][   T30]  ? __pfx_watchdog+0x10/0x10
[  306.782476][   T30]  kthread+0x2f0/0x390
[  306.786891][   T30]  ? __pfx_watchdog+0x10/0x10
[  306.791558][   T30]  ? __pfx_kthread+0x10/0x10
[  306.796141][   T30]  ret_from_fork+0x4b/0x80
[  306.800551][   T30]  ? __pfx_kthread+0x10/0x10
[  306.805131][   T30]  ret_from_fork_asm+0x1a/0x30
[  306.809898][   T30]  </TASK>
[  306.813176][   T30] Kernel Offset: disabled
[  306.817489][   T30] Rebooting in 86400 seconds..