last executing test programs:

1m12.896948025s ago: executing program 0 (id=10):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001500)=[{{&(0x7f0000000600)=@can, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000bc0)="e7bc2f4799fe560c31cf5a20a1b22fb77ce7f19e605b6a8d2645af02e63f9a9d7ba31907ccc0f4aa71ec0762b3a8e3332f", 0x31}, {0x0}, {&(0x7f0000000d00)}, {0x0}, {&(0x7f00000011c0)}], 0x5}}], 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0x6, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0xb, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0x9000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x4, 0x81, 0x0, 0x6, 0x5}, {0xeeee8000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0xf3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x4, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x7, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0xa901, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c", 0xc7}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r3 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
ioctl$PAGEMAP_SCAN(r3, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8, 0x48, 0x7b, 0x33})
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0xc000)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
ioctl$SIOCAX25ADDUID(r6, 0x541b, &(0x7f0000000080)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xee01})
recvmsg(r2, 0x0, 0x0)

1m9.65489568s ago: executing program 2 (id=3):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x10, 0x140e, 0x300, 0x70bd24, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x40000}, 0x20008040)
socket(0x1e, 0x805, 0x0)
r3 = socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x2000000000000312, &(0x7f0000000480)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x2)
r5 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000400)={'\x00', 0x7, 0xe, 0x2000001, 0x5, 0x10})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x100a7c1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)

1m9.08350676s ago: executing program 0 (id=12):
r0 = fsopen(&(0x7f00000004c0)='befs\x00', 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(r1, 0xc, 0x0, &(0x7f0000000f80))
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001b80), 0x2, 0x0)
write$vga_arbiter(r5, &(0x7f0000001bc0)=@other={'unlock', ' ', 'none'}, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, 0x0, 0x800c000)
sendmsg$nl_route(r6, 0x0, 0x40000)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x96}]}}}}}}}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000003c0)='iochabset\xd9S\xdc\x85\xba\xbd\xd5\xb4B\x1b\x88$6\x85\\\xfe\x13\x1e\f\x14d\x04\x8e;\x9f\xa1/\xbe\xab\xc4\x82o\xe3c\xc5\xdd5\x1ca<\xdd\xd4\f\x14\xc2\xbd\xd2\x93H\x1a\xc3\x03\xf7\"\x16\xe2\xe6\xa5\xf7\ar\x0e\xedU\xb8!T\x13-\xef\x9fO\x1a\x03w\x99\xc5\xc3\x89\xd8\x99\xb6y\x18\x11\xb9\xf0\x17\x7fX\xfc\xb2\xc6\xc5\xbd\xde-\xdco*\xcd\xe8\xe9\x13\x04B\x9dw\xedH\xb0\xe0\x91\x04\xe6\t\xf1U\xb2Jn\x8da\xafv a\xee\xc3\xcf\x16+\xb4\xbbn \x1d<\xeeC\x1cv\'\xc8n\xd9.\xb8\xbe\xd7\xe0\xa8\xbb;\xf5\x1agV\xfcT\\\xb6\x7f\x9e|\xc5\xec6P\xd14\xfb\xe6~\xaa0\x955W6\xc8\x8d\x85\x86Q\x89\xf9\t3a\xed\xda\xb6\xc7\xf8\xa3\xcb>\x8a\xbd\x7fH\x80\x14', 0x0)

1m3.927142733s ago: executing program 0 (id=13):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x80, 0x0, 0x7ffc1ffb}]})
open_by_handle_at(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r4, 0x388, 0x41d9fda7)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_CONTINUE(r8, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000000)={0x1fa, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000800000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r9, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20)

1m2.421943852s ago: executing program 2 (id=14):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000100)={0x0, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0)

59.349600037s ago: executing program 0 (id=17):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
close(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
sched_setaffinity(0x0, 0x62, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000300)=""/102400, 0x19000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x2000300, 0x93, 0x0, &(0x7f0000000200)="85bf2878860d6b629b27e51b7375ee21d6b383a9d47b2048f96078d26634bb74abacad91881c61c508c19b7ed22a0fa4c6d4feb70e6a8fa608e1b04dfc6c51e4ed6f6c5c6d7522bd865d669785056f577beb0725d0973335f55e9557293479c9f1fa861268b6d5c754420ec4ea05804b7d5cf0fa3bc169bf93fa8618b2c5c6f390bf4874349b5d079b29c9459f12143b30e676", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50)
getpid()
r3 = syz_pidfd_open(0x0, 0x0)
setns(r3, 0x24020000)
r4 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = syz_pidfd_open(r4, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setns(r7, 0x24020000)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x262)

55.048819754s ago: executing program 0 (id=19):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x709)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x1, 0x0)
close(0x3)

54.498007716s ago: executing program 2 (id=20):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)

50.082466436s ago: executing program 2 (id=25):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
fanotify_init(0x202, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$vsock_stream(0x28, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='rdma.current\x00', 0x275a, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x1000000, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

49.61317986s ago: executing program 0 (id=27):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x109140, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000440)=ANY=[@ANYRESHEX=r4], 0x110)
r5 = inotify_init1(0x0)
r6 = dup(r5)
openat(0xffffffffffffff9c, 0x0, 0x103a42, 0x32)
inotify_rm_watch(r6, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r6, 0x541b, &(0x7f0000000280))
ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r7)
socket$netlink(0x10, 0x3, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0x14, 0x1d, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x890}, 0x4850)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x160, 0x4c, 0x1a, 0x160, 0x73, 0x388, 0x258, 0x258, 0x388, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x130, 0x160, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@time={{0x38}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0x100, 0x228, 0x0, {}, [@common=@inet=@dscp={{0x28}}, @common=@srh={{0x30}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:hald_var_run_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
ioctl$TCSETS(r8, 0x40045431, 0x0)

47.767591721s ago: executing program 2 (id=30):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$cgroup2(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20080a1, 0x0)

45.012677074s ago: executing program 2 (id=34):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$ENABLE_STATS(0x20, &(0x7f0000000140), 0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000006680)={0x0, 0x0, &(0x7f0000006640)={&(0x7f00000065c0)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300004a000000850000006900000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x66, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x5884)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

32.701997122s ago: executing program 32 (id=27):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x109140, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000440)=ANY=[@ANYRESHEX=r4], 0x110)
r5 = inotify_init1(0x0)
r6 = dup(r5)
openat(0xffffffffffffff9c, 0x0, 0x103a42, 0x32)
inotify_rm_watch(r6, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r6, 0x541b, &(0x7f0000000280))
ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r7)
socket$netlink(0x10, 0x3, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtaction={0x14, 0x1d, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x890}, 0x4850)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x160, 0x4c, 0x1a, 0x160, 0x73, 0x388, 0x258, 0x258, 0x388, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x130, 0x160, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@time={{0x38}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0x100, 0x228, 0x0, {}, [@common=@inet=@dscp={{0x28}}, @common=@srh={{0x30}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:hald_var_run_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)
ioctl$TCSETS(r8, 0x40045431, 0x0)

27.300477661s ago: executing program 33 (id=34):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$ENABLE_STATS(0x20, &(0x7f0000000140), 0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000006680)={0x0, 0x0, &(0x7f0000006640)={&(0x7f00000065c0)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300004a000000850000006900000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x66, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x5884)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

24.926628958s ago: executing program 3 (id=52):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000005c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x56}, 0x94)
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'geneve0\x00'})
ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f041, 0x8e6})
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, &(0x7f0000000100)='barrier')
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000640)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(twofish-generic)\x00'}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67200000000000140600000fff07006706000020000000350200000ee60000bf25000000000000bd350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000014000000000000009500000000000000db13d5d8b740f2cdaabc8383c8f56b8c2b84a800ea6553f3ef4392b3815dcf00c3eebc52267b042d19d6e31e25e589d5f2692c75a547d6f186641ae8c557ccff3878a93b51a0389749df734f49ed5078b10f1e7f2b37626a3ace1ea89f7d2c570720a86853e26168761f0a53358f7ee2baa0e6a67a98a0d57ac09f36cfefbbc7492bbe"], &(0x7f0000000380)='GPL\x00', 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

21.110374279s ago: executing program 3 (id=55):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
openat$khugepaged_scan(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r2=>0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x3c, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'sit0\x00', r2, 0x0, 0x20, 0x0, 0x20, {{0x5, 0x4, 0x0, 0x38, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @remote, @remote}}}})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x2c, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @private=0xa010102}}}})
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x11, &(0x7f0000000640)=ANY=[@ANYBLOB="18020000000000000000000004000000850000007b000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000008c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000600)="87fc5d85da21530562070095c108", 0x0, 0x8011, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x40}, 0x50)

18.689729504s ago: executing program 4 (id=56):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000dc0), r1)
sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x240000c0}, 0x4)

18.347710969s ago: executing program 1 (id=57):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
close(0x3)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setrlimit(0x5, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r4, 0x40084149, &(0x7f0000000080))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)

15.29534622s ago: executing program 1 (id=58):
r0 = socket$kcm(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020)
keyctl$setperm(0x5, 0x0, 0x40808)
r4 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x3, 'dh\x00', 0x1, 0x80005, 0x6f}, 0x2c)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r8, 0xc0505510, &(0x7f0000000480)={0x3, 0x1, 0x0, 0x0, &(0x7f0000001c00)=[{}]})
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

15.109453119s ago: executing program 4 (id=59):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000840)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, 0x0, 0x0)

13.592776278s ago: executing program 3 (id=60):
r0 = syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315f9b10102"], 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000680)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, &(0x7f0000000140)={0x14, 0x0, 0x0}, 0x0)

13.118382943s ago: executing program 1 (id=61):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x4, 0xe4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x1400, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket(0xa, 0x3, 0x87)
ioctl$int_in(r1, 0x5452, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)
r2 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
close(0xffffffffffffffff)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r2, 0x0)
close(r2)
mknodat(0xffffffffffffff9c, &(0x7f00000003c0)='./file2\x00', 0x81c0, 0x0)

12.747206337s ago: executing program 4 (id=62):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r0, &(0x7f0000000040)=@other={'decodes', ' ', 'none'}, 0x66)

9.998702569s ago: executing program 1 (id=63):
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x842)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x2bb})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

9.411050225s ago: executing program 3 (id=64):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x8, 0x40)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000400)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x7, 0x0, 0x2, 0x16, 0x15, "fee8a2ab78fc979fd1e00d96f72000000ba89de2b7fb0000e6a180b8785d960001000000000041eb8109af0000000000000000002900", "2809e8dbe10859894822ce0c00000000000097bdb201177d3d458dd4992861ac0000000000000000e0ff00000000000007000000000000001600", "f422741b13103e52f400003fe200e2ffffff00000000000000000000002000", [0x8, 0x1ff]}})
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc1105518, &(0x7f0000000480)={{0x5, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x80000, 0xf, 0x80000000000000, 0x592a, 0x9, 0x0, 0xfffffffe, 0x4, 0x7, 0x0, 0x7, 0x7ff, 0xfffffffe, 0xfffffffffffffffe, 0x40, 0x0, 0x4, 0x100000001, 0x8, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x20000000, 0x0, 0x2, 0x0, 0x2, 0x80000000000000, 0x0, 0xfffffffffffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x4, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0x49, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0xb5, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xde4, 0x7, 0x0, 0x100000000]})
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)='x', 0x1}], 0x1}}], 0x1, 0x0)
recvfrom(r2, 0x0, 0x0, 0x40002000, 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)

9.346909068s ago: executing program 1 (id=65):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae0100000092ea54c7be", 0x10)
accept$alg(r0, 0x0, 0x0)
sendmsg$alg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="fb08", 0x2}], 0x1, 0x0, 0x0, 0x4000881}, 0x240028c4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r2, 0x80506409, &(0x7f0000000180)={0x7, 0x40, 0x10, 0xd, 0x10, 0xfffffed8, 0x40, 0x0, 0x20, 0x1, 0x20, 0xffffffff, 0x0, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x6000, 0x100000b, 0x8012, r3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
clock_gettime(0x0, 0x0)
sendto$inet(r1, &(0x7f0000000140)='^', 0x1, 0x0, &(0x7f0000004ff0)={0x2, 0x4e23, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r1, 0xda90)
accept$inet(r1, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
r6 = accept4$alg(r5, 0x0, 0x0, 0x800)
io_setup(0xff, &(0x7f0000000380)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r6, 0x0}])
eventfd2(0x5, 0x801)
io_submit(r7, 0x0, &(0x7f0000000240))
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10)

9.257275827s ago: executing program 4 (id=66):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = gettid()
sched_setscheduler(r3, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x7}}, 0x14}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, 0x0, 0x9590f6cc3ea35512)
sendto(r0, &(0x7f0000000000)="7cd1e89831ce6a", 0x7, 0x4000080, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000001700)='net/vlan/config\x00')
preadv(r6, &(0x7f00000003c0)=[{&(0x7f0000000300)=""/105, 0x69}], 0x1, 0x3, 0xffffffbf)

6.949500955s ago: executing program 4 (id=67):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r0, 0x40087447, 0x0)
socket$packet(0x11, 0x3, 0x300)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6(0xa, 0x80002, 0x88)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x6, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x1, 0x9, 0xfffffffffffffffc, 0x0, 0x7fffffff}, 0x0, 0x0)

6.124825056s ago: executing program 3 (id=68):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f00000000c0)='.\x00', 0x5000009)
fallocate(r3, 0x0, 0x1000000, 0x3)
mmap(&(0x7f00002d6000/0xe000)=nil, 0xe000, 0xc, 0x11, r3, 0xffff9000)

517.699939ms ago: executing program 3 (id=69):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @empty, @void, {@arp={0x806, @ether_ipv4={0x6, 0x500, 0x6, 0x4, 0x0, @link_local, @dev={0xac, 0x14, 0x14, 0x28}, @link_local, @multicast2}}}}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x41032, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f000008c000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000060000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff28}, 0x68)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
getresuid(&(0x7f0000000200), &(0x7f0000000140), &(0x7f0000000180))
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = userfaultfd(0x801)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000009000010000000000000000000200000a140000001100010000000000000000000700000a"], 0x28}, 0x1, 0x0, 0x0, 0x4048041}, 0x8000)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
unshare(0x2c020400)
io_uring_enter(0xffffffffffffffff, 0x351e, 0x483, 0x0, 0x0, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f0000000100)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
ioctl$HCIINQUIRY(r2, 0x800448f0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x2f, 0x20, 0x270bd24, 0x25dfdbfd, {0x2}}, 0xfffffffffffffd7a}}, 0x0)

47.732907ms ago: executing program 4 (id=70):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x80000001]}, 0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7d, 0xffffffffffffffff, 0x8000, 0x400000000004, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x64000, 0xffffffffffffffff, 0x9, 0x13, 0xf, 0x80000006, 0x4000000000}, 0x0, 0x0)

0s ago: executing program 1 (id=71):
r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000280)={0x4, {"09000000d3f9c7e6eefae0000000e800", "3dfab043b5e9f9770000000018a800", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x1})
preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x401, 0x5)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.167' (ED25519) to the list of known hosts.
[  155.540682][ T5760] cgroup: Unknown subsys name 'net'
[  155.692028][ T5760] cgroup: Unknown subsys name 'cpuset'
[  155.707961][ T5760] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  161.116709][ T5760] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  165.143782][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  165.153020][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  165.162453][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  165.177854][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  165.224772][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  165.234873][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  165.243536][ T5790] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  165.254257][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  165.275279][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  165.295114][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  165.307246][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  165.313196][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  165.320361][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  165.330277][ T5074] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  165.340126][ T5074] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  165.342119][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  165.352404][ T5074] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  165.360648][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  165.363372][ T5074] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  165.403771][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  165.411685][ T5074] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  165.416441][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  165.440297][ T5781] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  165.482189][ T5785] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  165.506217][ T5785] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  166.833062][ T5778] chnl_net:caif_netlink_parms(): no params data found
[  166.873299][ T5780] chnl_net:caif_netlink_parms(): no params data found
[  166.931889][ T5784] chnl_net:caif_netlink_parms(): no params data found
[  167.050610][ T5789] chnl_net:caif_netlink_parms(): no params data found
[  167.237585][ T5783] chnl_net:caif_netlink_parms(): no params data found
[  167.338613][ T5785] Bluetooth: hci0: command tx timeout
[  167.413615][ T5785] Bluetooth: hci1: command tx timeout
[  167.498702][ T5785] Bluetooth: hci2: command tx timeout
[  167.504758][ T5790] Bluetooth: hci3: command tx timeout
[  167.575230][ T5785] Bluetooth: hci4: command tx timeout
[  167.640648][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.648565][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state
[  167.662570][ T5778] bridge_slave_0: entered allmulticast mode
[  167.673078][ T5778] bridge_slave_0: entered promiscuous mode
[  167.724157][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.731797][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state
[  167.763903][ T5778] bridge_slave_1: entered allmulticast mode
[  167.793773][ T5778] bridge_slave_1: entered promiscuous mode
[  168.008485][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.051784][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.062539][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.071420][ T5780] bridge_slave_0: entered allmulticast mode
[  168.081444][ T5780] bridge_slave_0: entered promiscuous mode
[  168.102811][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.138747][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.146747][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.155524][ T5784] bridge_slave_0: entered allmulticast mode
[  168.164361][ T5784] bridge_slave_0: entered promiscuous mode
[  168.175033][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.182455][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.190728][ T5780] bridge_slave_1: entered allmulticast mode
[  168.199326][ T5780] bridge_slave_1: entered promiscuous mode
[  168.275262][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.282716][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.290302][ T5784] bridge_slave_1: entered allmulticast mode
[  168.299613][ T5784] bridge_slave_1: entered promiscuous mode
[  168.378353][ T5778] team0: Port device team_slave_0 added
[  168.432154][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.440027][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.447986][ T5783] bridge_slave_0: entered allmulticast mode
[  168.456219][ T5783] bridge_slave_0: entered promiscuous mode
[  168.466890][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.474531][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.481871][ T5789] bridge_slave_0: entered allmulticast mode
[  168.490788][ T5789] bridge_slave_0: entered promiscuous mode
[  168.507798][ T5778] team0: Port device team_slave_1 added
[  168.545637][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.564636][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.575052][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.582461][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.590448][ T5783] bridge_slave_1: entered allmulticast mode
[  168.599029][ T5783] bridge_slave_1: entered promiscuous mode
[  168.608092][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.615580][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.623016][ T5789] bridge_slave_1: entered allmulticast mode
[  168.631609][ T5789] bridge_slave_1: entered promiscuous mode
[  168.676994][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  168.868246][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.905840][ T5780] team0: Port device team_slave_0 added
[  168.960343][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0
[  168.967522][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  168.993675][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  169.035902][ T5780] team0: Port device team_slave_1 added
[  169.049425][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  169.067408][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  169.079142][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1
[  169.086588][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  169.112940][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  169.131250][ T5784] team0: Port device team_slave_0 added
[  169.166740][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  169.184820][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  169.216300][ T5784] team0: Port device team_slave_1 added
[  169.342513][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[  169.349651][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  169.376187][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  169.413785][ T5785] Bluetooth: hci0: command tx timeout
[  169.421548][ T5783] team0: Port device team_slave_0 added
[  169.435231][ T5789] team0: Port device team_slave_0 added
[  169.464221][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[  169.471304][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  169.497733][ T5785] Bluetooth: hci1: command tx timeout
[  169.499637][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  169.545292][ T5783] team0: Port device team_slave_1 added
[  169.557531][ T5789] team0: Port device team_slave_1 added
[  169.565522][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  169.572533][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  169.599094][ T5790] Bluetooth: hci3: command tx timeout
[  169.600935][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  169.605159][ T5785] Bluetooth: hci2: command tx timeout
[  169.653682][ T5785] Bluetooth: hci4: command tx timeout
[  169.712342][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  169.719891][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  169.746727][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  169.790071][ T5778] hsr_slave_0: entered promiscuous mode
[  169.798546][ T5778] hsr_slave_1: entered promiscuous mode
[  169.919918][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0
[  169.927449][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  169.953789][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  169.967545][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0
[  169.975070][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  170.001523][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  170.017789][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1
[  170.025148][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  170.051560][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  170.077094][ T5780] hsr_slave_0: entered promiscuous mode
[  170.085790][ T5780] hsr_slave_1: entered promiscuous mode
[  170.093068][ T5780] debugfs: 'hsr0' already exists in 'hsr'
[  170.099212][ T5780] Cannot create hsr debugfs directory
[  170.109118][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1
[  170.116391][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  170.142912][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  170.336681][ T5784] hsr_slave_0: entered promiscuous mode
[  170.346030][ T5784] hsr_slave_1: entered promiscuous mode
[  170.353814][ T5784] debugfs: 'hsr0' already exists in 'hsr'
[  170.359671][ T5784] Cannot create hsr debugfs directory
[  170.558860][ T5789] hsr_slave_0: entered promiscuous mode
[  170.567235][ T5789] hsr_slave_1: entered promiscuous mode
[  170.575174][ T5789] debugfs: 'hsr0' already exists in 'hsr'
[  170.581004][ T5789] Cannot create hsr debugfs directory
[  170.702095][ T5783] hsr_slave_0: entered promiscuous mode
[  170.710421][ T5783] hsr_slave_1: entered promiscuous mode
[  170.718288][ T5783] debugfs: 'hsr0' already exists in 'hsr'
[  170.724291][ T5783] Cannot create hsr debugfs directory
[  171.493702][ T5785] Bluetooth: hci0: command tx timeout
[  171.573738][ T5785] Bluetooth: hci1: command tx timeout
[  171.653712][ T5790] Bluetooth: hci3: command tx timeout
[  171.659412][ T5785] Bluetooth: hci2: command tx timeout
[  171.676517][ T5778] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  171.694971][ T5778] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  171.713150][ T5778] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  171.731733][ T5778] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  171.738880][ T5785] Bluetooth: hci4: command tx timeout
[  171.869567][ T5784] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  171.902687][ T5784] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  171.942160][ T5784] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  171.962444][ T5784] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  172.156579][ T5780] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  172.177043][ T5780] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  172.228947][ T5780] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  172.250993][ T5780] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  172.479051][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0
[  172.497245][ T5789] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  172.516561][ T5789] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  172.555245][ T5789] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  172.576416][ T5789] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  172.785760][ T5778] 8021q: adding VLAN 0 to HW filter on device team0
[  172.867143][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  172.874484][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  172.901348][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  172.960810][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  172.982931][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  173.001569][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  173.030596][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.038313][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.352220][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.467672][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.509182][ T5784] 8021q: adding VLAN 0 to HW filter on device team0
[  173.574556][ T5785] Bluetooth: hci0: command tx timeout
[  173.632666][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.640200][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.654268][ T5785] Bluetooth: hci1: command tx timeout
[  173.731354][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[  173.745080][ T5785] Bluetooth: hci2: command tx timeout
[  173.745839][ T5790] Bluetooth: hci3: command tx timeout
[  173.814786][ T5790] Bluetooth: hci4: command tx timeout
[  173.822858][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.830552][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.860223][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.867730][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.971114][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.978847][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.011279][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.189941][ T5789] 8021q: adding VLAN 0 to HW filter on device team0
[  174.248124][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.289767][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.297278][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.356852][  T141] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.364245][  T141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.467013][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.480367][ T5783] 8021q: adding VLAN 0 to HW filter on device team0
[  174.582069][ T1039] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.589628][ T1039] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.720562][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.728225][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  175.367366][ T5778] veth0_vlan: entered promiscuous mode
[  175.509742][ T5778] veth1_vlan: entered promiscuous mode
[  175.550073][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  176.011712][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[  176.021684][ T5778] veth0_macvtap: entered promiscuous mode
[  176.106103][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0
[  176.168009][ T5778] veth1_macvtap: entered promiscuous mode
[  176.437111][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0
[  176.522608][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1
[  176.621210][ T1039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  176.636450][ T1039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  176.665018][ T1039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  176.718328][ T1039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  176.814369][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0
[  176.851153][ T5789] veth0_vlan: entered promiscuous mode
[  177.001920][ T5780] veth0_vlan: entered promiscuous mode
[  177.091124][ T5789] veth1_vlan: entered promiscuous mode
[  177.198632][ T5780] veth1_vlan: entered promiscuous mode
[  177.433760][ T5784] veth0_vlan: entered promiscuous mode
[  177.547622][ T5784] veth1_vlan: entered promiscuous mode
[  177.567890][ T5783] veth0_vlan: entered promiscuous mode
[  177.702414][ T5789] veth0_macvtap: entered promiscuous mode
[  177.747585][ T5789] veth1_macvtap: entered promiscuous mode
[  177.782988][ T5783] veth1_vlan: entered promiscuous mode
[  177.855223][ T5780] veth0_macvtap: entered promiscuous mode
[  177.932967][ T5780] veth1_macvtap: entered promiscuous mode
[  177.966267][ T5784] veth0_macvtap: entered promiscuous mode
[  177.998255][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.070809][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.080157][ T5784] veth1_macvtap: entered promiscuous mode
[  178.167567][   T53] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.217248][   T53] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.229751][   T53] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.273925][   T53] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.324434][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.387983][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.413137][ T5783] veth0_macvtap: entered promiscuous mode
[  178.478982][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.512518][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.616994][ T5783] veth1_macvtap: entered promiscuous mode
[  178.667057][ T1134] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.735543][ T1134] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.785051][ T1134] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.818441][ T1134] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.858614][ T1134] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.881465][ T1134] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.924640][ T1134] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.947473][ T1134] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  179.018733][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.158832][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.283080][   T35] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  179.358128][   T35] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  179.389243][   T35] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  179.429686][   T35] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.631297][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.680405][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.877166][  T141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.937468][  T141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  181.474040][ T5778] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  185.014902][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.022907][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.259257][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  185.293780][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.855292][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  186.193872][  T500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.201874][  T500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.484997][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.501708][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.692526][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.784908][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  186.971331][  T500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  186.980538][  T500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  187.175046][ T1039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  187.183039][ T1039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  190.139398][ T5996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  190.279025][ T5996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.873726][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  193.975250][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  194.289237][ T6009] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  194.796670][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  195.104169][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  196.433527][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  196.535482][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  196.944440][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  197.354652][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  197.988470][   T29] audit: type=1326 audit(1775785364.289:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  198.117545][  T982] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  199.209102][   T29] audit: type=1326 audit(1775785364.289:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  199.914443][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  200.175721][   T29] audit: type=1326 audit(1775785364.289:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  200.436221][   T29] audit: type=1326 audit(1775785364.289:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  200.476032][  T982] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  200.493664][  T982] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  200.502930][  T982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.538078][   T29] audit: type=1326 audit(1775785364.289:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  200.591852][ T5831] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  200.598979][  T982] usb 3-1: config 0 descriptor??
[  200.637581][   T29] audit: type=1326 audit(1775785364.309:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  200.665584][  T982] pwc: Askey VC010 type 2 USB webcam detected.
[  200.721835][   T29] audit: type=1326 audit(1775785364.309:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  200.780485][   T29] audit: type=1326 audit(1775785364.309:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  200.817291][ T5831] usb 4-1: Using ep0 maxpacket: 16
[  201.709255][  T982] pwc: recv_control_msg error -32 req 02 val 2b00
[  201.802426][   T29] audit: type=1326 audit(1775785364.309:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6014 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f30cd59c819 code=0x7ffc0000
[  201.851298][  T982] pwc: recv_control_msg error -32 req 02 val 2700
[  201.945047][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.957597][ T5831] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  201.981708][ T5831] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  201.995394][  T982] pwc: recv_control_msg error -32 req 02 val 2c00
[  202.222450][  T982] pwc: recv_control_msg error -32 req 04 val 1000
[  202.264462][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.877922][  T982] pwc: recv_control_msg error -32 req 04 val 1300
[  202.974482][ T5831] usb 4-1: config 0 descriptor??
[  204.204772][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  204.218600][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  204.555376][ T6034] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18'.
[  204.696295][ T5910] udevd[5910]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  205.210369][  T982] pwc: recv_control_msg error -71 req 04 val 1400
[  205.301691][  T982] pwc: recv_control_msg error -71 req 02 val 2000
[  205.403064][ T5831] usb 4-1: can't set config #0, error -71
[  205.429215][ T5831] usb 4-1: USB disconnect, device number 2
[  205.533037][  T982] pwc: recv_control_msg error -71 req 02 val 2100
[  205.585443][ T6040] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  205.842046][  T982] pwc: recv_control_msg error -71 req 04 val 1500
[  205.904041][  T982] pwc: recv_control_msg error -71 req 02 val 2500
[  205.974219][  T982] pwc: recv_control_msg error -71 req 02 val 2400
[  206.023139][  T982] pwc: recv_control_msg error -71 req 02 val 2600
[  206.086619][  T982] pwc: recv_control_msg error -71 req 02 val 2900
[  206.134464][  T982] pwc: recv_control_msg error -71 req 02 val 2800
[  206.190267][  T982] pwc: recv_control_msg error -71 req 04 val 1100
[  206.242581][  T982] pwc: recv_control_msg error -71 req 04 val 1200
[  206.249645][ T5898] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  206.314841][  T982] pwc: Registered as video103.
[  208.038159][  T982] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5
[  208.097240][ T5898] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  208.344761][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  208.633186][ T5898] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  209.447577][  T982] usb 3-1: USB disconnect, device number 2
[  209.485474][ T5898] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  209.553948][ T5898] usb 2-1: config 0 interface 0 has no altsetting 0
[  210.348457][ T5898] usb 2-1: unable to read config index 1 descriptor/start: -71
[  210.367249][ T5898] usb 2-1: can't read configurations, error -71
[  210.542610][ T6068] netlink: 44 bytes leftover after parsing attributes in process `syz.4.23'.
[  212.220727][ T6077] =======================================================
[  212.220727][ T6077] WARNING: The mand mount option has been deprecated and
[  212.220727][ T6077]          and is ignored by this kernel. Remove the mand
[  212.220727][ T6077]          option from the mount to silence this warning.
[  212.220727][ T6077] =======================================================
[  212.316496][   T29] audit: type=1326 audit(1775785378.599:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6074 comm="syz.3.29" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3ef59c819 code=0x0
[  212.368268][ T6080] overlayfs: overlapping lowerdir path
[  212.535456][ T6079] Cannot find add_set index 0 as target
[  213.264215][ T6086] trusted_key: encrypted_key: key user:syz not found
[  218.185516][ T5898] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  218.436137][ T5898] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  218.497206][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  218.554354][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  218.600698][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  218.617733][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  218.681332][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  218.733835][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  218.795032][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  218.823651][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  218.873844][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  218.925112][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  218.942685][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  218.985904][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  219.015672][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  219.047967][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  219.093593][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  219.136918][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  219.203640][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  219.224542][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  219.262205][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  219.324415][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  219.376288][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  219.423333][ T5898] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  219.443895][ T5898] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  219.503624][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[  219.530823][ T5898] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  219.553931][ T5898] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  219.590910][ T5898] usb 5-1: Product: syz
[  219.613753][ T5898] usb 5-1: Manufacturer: syz
[  219.618554][ T5898] usb 5-1: SerialNumber: syz
[  219.714336][ T5898] usb 5-1: config 0 descriptor??
[  219.835470][ T5898] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  219.966655][ T5898] usb 5-1: USB disconnect, device number 2
[  220.060971][ T5898] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  223.320572][ T6123] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  223.347448][ T6123] CIFS mount error: No usable UNC path provided in device string!
[  223.347448][ T6123] 
[  223.358298][ T6123] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  234.383749][ T5840] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  234.873758][ T5840] usb 4-1: device descriptor read/all, error -71
[  236.270099][ T6158] vivid-006: disconnect
[  236.882828][ T6151] vivid-006: reconnect
[  238.816799][ T6161] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  241.044577][ T6156] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  241.290896][ T5785] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  241.434060][ T5785] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  241.466357][ T5785] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  241.507744][ T5785] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  241.528745][ T5785] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  241.632139][ T5790] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  241.652896][ T5790] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  241.669879][ T5790] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  241.724235][ T5790] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  241.762802][ T5790] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  243.714549][ T5785] Bluetooth: hci5: command tx timeout
[  243.893965][ T5785] Bluetooth: hci6: command tx timeout
[  245.668825][ T6191] IPVS: dh: FWM 3 0x00000003 - no destination available
[  245.785933][ T5785] Bluetooth: hci5: command tx timeout
[  246.075664][ T5898] IPVS: starting estimator thread 0...
[  246.102594][ T5785] Bluetooth: hci6: command tx timeout
[  246.234331][ T6192] IPVS: using max 240 ests per chain, 12000 per kthread
[  247.195785][ T5898] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  247.876616][ T5785] Bluetooth: hci5: command tx timeout
[  248.137780][ T5785] Bluetooth: hci6: command tx timeout
[  249.116429][ T5898] usb 4-1: no configurations
[  249.170672][ T5898] usb 4-1: can't read configurations, error -22
[  249.994230][ T5898] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  250.024480][ T5785] Bluetooth: hci5: command tx timeout
[  250.223815][ T5785] Bluetooth: hci6: command tx timeout
[  251.488853][ T6218] ieee802154 phy0 wpan0: encryption failed: -22
[  259.556959][ T6170] chnl_net:caif_netlink_parms(): no params data found
[  260.138898][ T6203] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.258920][ T6247] =====================================================
[  260.269115][ T6247] BUG: KMSAN: uninit-value in dvb_demux_read+0x580/0xa40
[  260.276946][ T6247]  dvb_demux_read+0x580/0xa40
[  260.281773][ T6247]  vfs_readv+0x931/0xf30
[  260.286337][ T6247]  __x64_sys_preadv+0x2a3/0x510
[  260.291375][ T6247]  x64_sys_call+0x3220/0x3ea0
[  260.296670][ T6247]  do_syscall_64+0x134/0xf80
[  260.301443][ T6247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  260.307629][ T6247] 
[  260.310042][ T6247] Uninit was created at:
[  260.314567][ T6247]  __alloc_frozen_pages_noprof+0x6f7/0x1020
[  260.320577][ T6247]  alloc_pages_mpol+0x328/0x860
[  260.327898][ T6247]  alloc_pages_noprof+0x101/0x290
[  260.337050][ T6247]  __vmalloc_node_range_noprof+0xa97/0x2d80
[  260.343124][ T6247]  __vmalloc_noprof+0x128/0x1f0
[  260.349885][ T6247]  vmalloc_array_noprof+0x48/0x80
[  260.355221][ T6247]  dvb_dmxdev_init+0xd8/0x680
[  260.360044][ T6247]  vidtv_bridge_probe+0x1bfd/0x2690
[  260.365594][ T6247]  platform_probe+0x213/0x370
[  260.370455][ T6247]  really_probe+0x4d5/0xe40
[  260.378418][ T6247]  __driver_probe_device+0x25e/0x370
[  260.383991][ T6247]  driver_probe_device+0x70/0x8f0
[  260.389158][ T6247]  __driver_attach+0x541/0xaa0
[  260.394150][ T6247]  bus_for_each_dev+0x33b/0x580
[  260.399170][ T6247]  driver_attach+0x51/0x70
[  260.403937][ T6247]  bus_add_driver+0x54f/0xdb0
[  260.408775][ T6247]  driver_register+0x42e/0x6a0
[  260.413860][ T6247]  __platform_driver_register+0x65/0x80
[  260.419596][ T6247]  vidtv_bridge_init+0x73/0x100
[  260.425283][ T6247]  do_one_initcall+0x237/0xbb0
[  260.431641][ T6247]  do_initcall_level+0x157/0x350
[  260.440698][ T6247]  do_initcalls+0x176/0x310
[  260.447007][ T6247]  do_basic_setup+0x1d/0x30
[  260.451658][ T6247]  kernel_init_freeable+0x213/0x460
[  260.457122][ T6247]  kernel_init+0x2f/0x5e0
[  260.461578][ T6247]  ret_from_fork+0x20f/0x910
[  260.466418][ T6247]  ret_from_fork_asm+0x1a/0x30
[  260.471435][ T6247] 
[  260.473953][ T6247] CPU: 1 UID: 0 PID: 6247 Comm: syz.1.71 Not tainted syzkaller #0 PREEMPT(full) 
[  260.483209][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  260.494607][ T6247] =====================================================
[  260.501605][ T6247] Disabling lock debugging due to kernel taint
[  260.584563][ T6247] Kernel panic - not syncing: kmsan.panic set ...
[  260.591171][ T6247] CPU: 0 UID: 0 PID: 6247 Comm: syz.1.71 Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  260.602033][ T6247] Tainted: [B]=BAD_PAGE
[  260.606259][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  260.616450][ T6247] Call Trace:
[  260.619820][ T6247]  <TASK>
[  260.622828][ T6247]  __dump_stack+0x26/0x30
[  260.627327][ T6247]  dump_stack_lvl+0x50/0x1c0
[  260.632083][ T6247]  ? dump_stack+0x12/0x25
[  260.636596][ T6247]  dump_stack+0x1e/0x25
[  260.640950][ T6247]  vpanic+0x7b4/0x1430
[  260.645233][ T6247]  panic+0x15d/0x160
[  260.649350][ T6247]  kmsan_report+0x31a/0x320
[  260.654152][ T6247]  ? __msan_warning+0x1b/0x30
[  260.659008][ T6247]  ? dvb_demux_read+0x580/0xa40
[  260.664028][ T6247]  ? vfs_readv+0x931/0xf30
[  260.668590][ T6247]  ? __x64_sys_preadv+0x2a3/0x510
[  260.673836][ T6247]  ? x64_sys_call+0x3220/0x3ea0
[  260.679039][ T6247]  ? do_syscall_64+0x134/0xf80
[  260.684252][ T6247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.690467][ T6247]  ? __rcu_read_unlock+0x6c/0xd0
[  260.695583][ T6247]  ? aa_file_perm+0x4b9/0x2870
[  260.700533][ T6247]  ? aa_file_perm+0x4f0/0x2870
[  260.705555][ T6247]  ? stack_depot_save_flags+0x35/0x790
[  260.711179][ T6247]  ? kmsan_get_metadata+0xf1/0x160
[  260.716418][ T6247]  ? kmsan_get_metadata+0xf1/0x160
[  260.721654][ T6247]  ? kmsan_get_metadata+0xf1/0x160
[  260.726983][ T6247]  ? kmsan_get_metadata+0xf1/0x160
[  260.732341][ T6247]  ? kmsan_get_metadata+0x146/0x160
[  260.737902][ T6247]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  260.744887][ T6247]  ? __pfx_dvb_demux_read+0x10/0x10
[  260.750284][ T6247]  ? kmsan_get_metadata+0x146/0x160
[  260.755636][ T6247]  __msan_warning+0x1b/0x30
[  260.760309][ T6247]  dvb_demux_read+0x580/0xa40
[  260.765149][ T6247]  ? __pfx_dvb_demux_read+0x10/0x10
[  260.770491][ T6247]  vfs_readv+0x931/0xf30
[  260.774955][ T6247]  ? kmsan_get_metadata+0xf1/0x160
[  260.780205][ T6247]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  260.786161][ T6247]  __x64_sys_preadv+0x2a3/0x510
[  260.791317][ T6247]  x64_sys_call+0x3220/0x3ea0
[  260.796159][ T6247]  do_syscall_64+0x134/0xf80
[  260.800914][ T6247]  ? clear_bhb_loop+0x50/0xa0
[  260.805740][ T6247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.811780][ T6247] RIP: 0033:0x7ff9c419c819
[  260.816296][ T6247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  260.836063][ T6247] RSP: 002b:00007ff9c510c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  260.844655][ T6247] RAX: ffffffffffffffda RBX: 00007ff9c4415fa0 RCX: 00007ff9c419c819
[  260.852833][ T6247] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003
[  260.860902][ T6247] RBP: 00007ff9c4232c91 R08: 0000000000000005 R09: 0000000000000000
[  260.869009][ T6247] R10: 0000000000000401 R11: 0000000000000246 R12: 0000000000000000
[  260.877077][ T6247] R13: 00007ff9c4416038 R14: 00007ff9c4415fa0 R15: 00007ffc15bf5268
[  260.885191][ T6247]  </TASK>
[  260.888643][ T6247] Kernel Offset: disabled
[  260.893008][ T6247] Rebooting in 86400 seconds..