last executing test programs:

8m3.878297903s ago: executing program 0 (id=517):
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000011aec0)={0x8, [], 0x7, "0dd3dd37761564"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000080)={0x300, 0x3000040, 0x8, 0x1b, 0xfe, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
getsockopt$netrom_NETROM_T1(0xffffffffffffffff, 0x103, 0x1, &(0x7f00000001c0), &(0x7f0000000280)=0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x1)
socket(0x1d, 0x6, 0xe)
mount(0x0, 0x0, &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000300)=ANY=[@ANYBLOB="75737271756f74612c75737271756f74615f626c6f636b5f686172646c696d69743d382c0035daf7c0213b202cab7020c755201786ad"])
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='mounts\x00')
read$FUSE(r4, &(0x7f0000001c40)={0x2020}, 0x2020)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0x6, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x94)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)

8m2.013323348s ago: executing program 0 (id=526):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="40000000100039042cbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="059800100020008008000100677265001400118005000a00000000000500130001000000"], 0x40}}, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_genetlink_get_family_id$tipc(0x0, r2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlockall(0x2)
shmctl$SHM_LOCK(0x0, 0xb)
syz_emit_ethernet(0x26, &(0x7f00000001c0)=ANY=[@ANYBLOB="015eb24f8d0280c2e34e2a183a4ad777fe80c20700000c000000c03edf79a751b81c3e53d8af7b00"/54], &(0x7f0000000280)={0x1, 0x1, [0xf64, 0xc83, 0x679, 0x8ab]})
syz_io_uring_setup(0x48ce, &(0x7f0000000140)={0x0, 0x5e99, 0x3000, 0x3, 0x19a}, &(0x7f0000000040), &(0x7f00000000c0))
r3 = epoll_create1(0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/wakeup_count', 0x141000, 0x20)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000200)={0xa0000019})
finit_module(r4, 0x0, 0x3)
ppoll(&(0x7f0000000340), 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
shmctl$SHM_UNLOCK(0x0, 0xc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r5=>0xffffffffffffffff})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r7=>0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="9eeb96be5f4f2f", @ANYRES16=r6, @ANYBLOB="f1e6ffffffff000000001300000008000300", @ANYRES32=r7, @ANYBLOB="04001300060012000200000006001000df0000000a000600ffffffffffff00000600be008f000000"], 0x44}}, 0x8050)

8m1.098645415s ago: executing program 0 (id=529):
r0 = syz_open_dev$vcsa(&(0x7f0000000040), 0x800, 0x408000)
r1 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$BPF_GET_MAP_INFO(0xf, 0xfffffffffffffffe, 0x8316141b038852a5)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000003c0)={@private0, <r2=>0x0}, &(0x7f0000000400)=0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX=r1, @ANYBLOB="0000000000000000000000bfa210000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1e000004000000000400010000000000000000000db505cfcf1425b4ae6cfe3d1a3ff36ced62706b31a2114bfc27278f4178b36527d9101bf5e8c428eba0a9e3c85ca76f85594437af1444b9f30f414d517d29bad6b4fc9f84222b45c5e5e313b7db5ed3661a284136229a4b8c22f081ddd95a45f6d8b9472f8700000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r4, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="23a613752df78ab2008100"], 0xb)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x2}, 0x8)
close(r6)
r7 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x40800)
ioctl$MON_IOCQ_RING_SIZE(r7, 0x9205)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000500)={'syztnl1\x00', &(0x7f0000000a80)={'ip_vti0\x00', <r8=>0x0, 0x7, 0x80, 0xaa2, 0xcc, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x65, 0x0, 0x2, 0x29, 0x0, @empty, @rand_addr=0x64010100}}}})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000006c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="78010000", @ANYRES16=r1, @ANYBLOB="02002bbd7000fedbdf250100000008000100", @ANYRES32=0x0, @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040008000000080007000000000008000100", @ANYRES32=r2, @ANYBLOB="9000028040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000000040008000600", @ANYRES32=r8, @ANYBLOB="4c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e6700000000"], 0x178}, 0x1, 0x0, 0x0, 0x40000}, 0x20000811)
r9 = syz_io_uring_setup(0x891, &(0x7f0000000140)={0x0, 0x8c36, 0x80, 0x2, 0xbfdffdfc}, &(0x7f0000000000)=<r10=>0x0, &(0x7f00000000c0)=<r11=>0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000380), 0xffffffffffffffff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x0, &(0x7f0000000080)=0x8, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
ioctl$TCFLSH(r9, 0x540b, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x11, 0xffffffffffffffff, 0x40266000)

8m0.576997684s ago: executing program 0 (id=530):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c00000010000104000000000000ffff7f00000087e954e4a31f787c11bc27525ed43b888a9a065cfd08778402000000343a4f2ce2b42ea8f74a55b04bfa4194d943837493f026eb908cff7f2f77f324fe5e2cd8b61d0bd8b8feaa89f2a903e66da214c6afbde410390187675ffc1ead34c791c68221cf1e46abc052324e93b1b78b43235a3a952fc1f3025006ccf60b51b451d2cf2cb34b98b5bdf24c931803e3253311d7aeab07b1eb3d2f84955e45e7b66c104ff6a7b482c2515845ace2934fa5b99d77a69f886a054c35c199e599b6dcfdef4c9906543a9b9350e7a9061490f439d602c920a9e416308d2395b492ed599c24973fa09a79a858a5cd2041f0bdc6cc6fc6bdf3e584be00c77ed053802df7b20906915c28adc5e6585e16ba459372aab7e5c6e7a5d3a16ffd499d038d54a9f41d21c1123c11918f4e81e85408fcb0862837f8d80d866c21eb2daa9221797a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062726964676500000400028008000300", @ANYRES32=0x0, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r9, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf2555000000080001005c00000008000300", @ANYRES32=r6], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x4040040)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1}, 0x0)
recvmmsg(r10, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40000000, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={<r11=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r11, 0xffffffffffffffff, 0x0)
fcntl$setlease(r1, 0x400, 0x2)
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r12, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r11, 0x84, 0x18, &(0x7f0000000180)={<r13=>0x0, 0x5}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r11, 0x84, 0x70, &(0x7f0000000340)={r13, @in={{0x2, 0x4e24, @local}}, [0x4, 0xffffffffffff7fff, 0xf5, 0x7fffffff, 0x9d, 0x80000000, 0x100000000, 0xf703, 0x9, 0xc92, 0x9, 0xfff, 0xed01, 0x4, 0x6]}, &(0x7f0000000240)=0xfc)
socket$nl_route(0x10, 0x3, 0x0)

8m0.359123281s ago: executing program 0 (id=532):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'wlan1\x00'}})
r1 = socket$inet(0x2, 0x3, 0x30)
getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000080)=0x2c) (fail_nth: 7)

8m0.067593081s ago: executing program 0 (id=533):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xf3a, 0x1)
splice(r3, 0x0, r2, 0x0, 0x203, 0x1d)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000000))
fcntl$lock(r0, 0x0, &(0x7f0000000080)={0x1, 0x0, 0x60d0})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40243, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
timer_create(0x7, &(0x7f0000000180)={0x0, 0x32, 0x1, @thr={&(0x7f0000000280)="f942186b3aae85a2b78cef0d01d580562bceb929f38638a8842821de178203316099cecdb2164af488dd12a9d9a96eeed60ffa47a69c1a8a275b16f40ae581dfce7169c3cf8e1f471b79bb4b89b0fa52c0fa818f96cc495d1982be58cb5177ff778e3f47d1bd840f133ccd6ec52a50c826e713d08c7e647809da7e46a958", &(0x7f00000003c0)="8447d8fca1d7df5c232595acd988e946e394e7889db91dc03f8ffead692b2abd8f527cb667dd115c3bfe8b2847db1b76fa02096393604dacbe2d7ce34f2416b93f724d68ae5868efdb4aeb826f4a26c139ab5604a415dc06189f6509b889759b4be7602828e70f76bfdbfdd59351aa69bf"}}, &(0x7f0000000340))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x802, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x222000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440), 0x6200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840), 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0x7, 0x2, 0x0, 0x8, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x3}, 0xe)
ioctl$TUNSETIFF(r4, 0x400454ca, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000540)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}, 0x2}, 0x18)
connect$can_j1939(r6, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x0, 0x1, 0x2}, 0xff}, 0x18)
sendmmsg(r6, &(0x7f0000003e40), 0x7, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180), 0x200002, 0x0)
openat$cgroup_subtree(r7, &(0x7f0000000500), 0x2, 0x0)
rmdir(&(0x7f0000000240)='./cgroup/../file0\x00')

8m0.022230484s ago: executing program 32 (id=533):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xf3a, 0x1)
splice(r3, 0x0, r2, 0x0, 0x203, 0x1d)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000000))
fcntl$lock(r0, 0x0, &(0x7f0000000080)={0x1, 0x0, 0x60d0})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40243, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
timer_create(0x7, &(0x7f0000000180)={0x0, 0x32, 0x1, @thr={&(0x7f0000000280)="f942186b3aae85a2b78cef0d01d580562bceb929f38638a8842821de178203316099cecdb2164af488dd12a9d9a96eeed60ffa47a69c1a8a275b16f40ae581dfce7169c3cf8e1f471b79bb4b89b0fa52c0fa818f96cc495d1982be58cb5177ff778e3f47d1bd840f133ccd6ec52a50c826e713d08c7e647809da7e46a958", &(0x7f00000003c0)="8447d8fca1d7df5c232595acd988e946e394e7889db91dc03f8ffead692b2abd8f527cb667dd115c3bfe8b2847db1b76fa02096393604dacbe2d7ce34f2416b93f724d68ae5868efdb4aeb826f4a26c139ab5604a415dc06189f6509b889759b4be7602828e70f76bfdbfdd59351aa69bf"}}, &(0x7f0000000340))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x802, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x222000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440), 0x6200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840), 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0x7, 0x2, 0x0, 0x8, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x3}, 0xe)
ioctl$TUNSETIFF(r4, 0x400454ca, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000540)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}, 0x2}, 0x18)
connect$can_j1939(r6, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x0, 0x1, 0x2}, 0xff}, 0x18)
sendmmsg(r6, &(0x7f0000003e40), 0x7, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180), 0x200002, 0x0)
openat$cgroup_subtree(r7, &(0x7f0000000500), 0x2, 0x0)
rmdir(&(0x7f0000000240)='./cgroup/../file0\x00')

7m0.8277286s ago: executing program 4 (id=865):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x38, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback=0xac1414aa}, {0x8, 0x2, @private}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x115}]}]}, 0x38}}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtaction={0x78, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x64, 0x1, [@m_sample={0x34, 0xc, 0x0, 0x0, {{0xb}, {0x4}, {0x6, 0x6, "9030"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x2c, 0x9, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x78}, 0x1, 0x2b1e}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
madvise(&(0x7f00006f3000/0x2000)=nil, 0x2000, 0x10)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r4, 0x1000000, 0x0)
socket$inet6_icmp(0xa, 0x2, 0x3a)
getsockopt$EBT_SO_GET_ENTRIES(r4, 0x0, 0x81, &(0x7f0000000100)={'broute\x00', 0x0, 0x3, 0x8c, [0x0, 0x6, 0x9, 0xbb9, 0xffffff80, 0x9], 0x3, &(0x7f0000000000)=[{}, {}, {}], &(0x7f0000000040)=""/140}, &(0x7f0000000280)=0x50)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$BTRFS_IOC_RM_DEV(r4, 0x5000940b, &(0x7f0000000a00)={{r5}, "68baf9576fb1bfbf241dddd88fb962e438e1253b79e2b2e484bcac3e1129ab34a406bef67644e9c384bd93aaf41b09b2047c806c42163c7799fcc9cff0718f9d3b95d2dfe271e1c03d2bbfeaa37c27b3f424af927c723630c465579b41b3edfc3668203bc558b1b6c52bf7ff121450243baf9a3da0dfea6743a9fc34369259b19131c2cc305fd6bca15164298c827e9f8539bbb64355f2c93cae574410ff7982d2ab42cda599abf978ac1731b8239954499758cfdc566a389f558654ec0d92c1590990777bf9ea01687b9116de7257370068cf393a2623882ebb0369ff79565c6ef79acf4650807b2465ccd0340d28269d0552458c9d9d49af1dfdb8481bdf30bf1ffa30a6fb55e684587c0ab4896f47170d9db98b70285a85d1fb5b9c52b2b303d69d5ce10bd8dbf78ea07124131d71732e57f49ec32f1d68e5ab36fa6cfcb3df43b61355c7edaecfebbd78f3fce4ab17618390df56e2509f24a74b96fa937a274ffd92bd5b55df73fbc40fe667146c64ce5f47b1c65c0eb120c7979cf2d07ef1971f7e78f4a92f251f260a7453674bae63cdd77f96c892728a1f7624e42d38c122a0e8e86504e916f879c0a890536dce8791406546fa488089aeb2d69fecede904ff3e3f9a7e73b090fee8f6d41c0c8a5e56fad76eece0acf28b0afe044b725f27a985945c0d355113f5be2c597ddf970a6abbfb3c2cb24016c878691b2c7e48e109ce1183ae93eb8edd71381f5a1740db6a135a2c9462a58ab70dfbf44b77d5b3f3ce56a5dbe165e687fbca20c361aa7358c7314c6e061c2f8d9dcd76116f1bca13bf9373f9f50d94e61a17d9e19147c37f8293ffd119b16eba0a46360e4d6511b8f3419e15066d7dfd3705f9decc5b4d8a76756f40da9b1f39d539919bb97223c4d58c9a8ae1cc45cabbb2a5a4d4fa71046195b56b422cefee177b04f0a2e18143b049605706be3274c3f24b98225c71b51c5b1f95c84f6e93ba73958c89d5eec2569817fcc0747889c0c627c4289c83419f1e2a01c11dadc5357a5085ad3d4d2a865aae2b8e31111c178c7ca3d1ab1bdeeddb862549e4a85705bda5dc4f8bdad70f54a735a45f5847809b03707516a1b0e5247cbc4de971e3c97fcae1b320d152e50c442dfcde37a19580522b4cdfa5ed2df47a2e0a9d694f8675207c325944429e17b1c8926ce900c2aaf59caf746d0fa05c30bda8130a4d2e36f70aa0b142f4267ee8e656722d786f93b57e265a03cb43646af89bd869d9998ab8ace2a2f9a96b824d4b38683c905de957020fe7ca176399bbb8f2c7777bc528af598317b185592982633b2ee967e2135faf0804641123062bb1f72b657e0bbe86c6bf715a047278b0fe09c3147d7a218801f1573536741df525aee03b0f26b396a5b5bfbb02ba94c75927e044b73a89e29c34110b24aa1d22409e18518840fcbab465f34b04c652df703c425d6900951013abd61c1a3d554fefb62e0d0a1e1f88f0597a16dfef7fa2f06cdde85ada9e9bd66b1177cb2954f925daef69419f9accc48b74892a818a01af801d92277be0f200143cc4003eda436409a9346269ded774e4907d3b21230ac4a937f17c854d900e4a7b1b554f52124b8be1293a7363df2d53da4dd122e93f4b5e815f64a3ba4d195655fbc0dab8f0536767f5d95ed3fbc61ed9fa89aad792b1c587ad92929e0940a04797331959fb9c14a9e9f3ad1922ad1519bd5753c11c311e74289d83049d53210cfbd179e2b88a9a28fde9b70cbc4174141c0ac20fa7d6f2f3abf7c2cb576ba027c31d986fff0a8516cf5b333e79857db554bb6e0b7428fed08d157b8c94dc11d7a9685fe6e8a8c0aad617dc95229ae8999973b354520f642eb7ced045e3b18dddbbb5fd1a81640d19a31dd42a244814b83cfe25d7808757ec0b81cd1c3e9d6fa652760608b04b94287598e521bd418bee14d454e610e7c361f1b4fe6d4e4d8b8640635f9ddf58ad1a1bbbfb4f2e442f1ccd006294800f29c282bfbbc58f2b0df9c77bc69c184ae8c7d1e6d9c43680739b9899d88c8183bf5067b8835370aa3b8be89ae6da953bc4d0d4dbc889a9a9f2e23bbeb1013f510e412158876397480719e501bbbdbab70a874ec2273bb17ff61ab66753c62df0f2d6b95ad30e0fcb293e2c7fa47ec79a9e696e70207124db8351ad1d461ad23b396f7db26f93ee8189e2c677c299bc6b54644e98d30253534e6bdb1ce00fe5f16cd4285038649714f11dd00d90a87a00f09f3edd8167eb997048df754ac573a94551d1dda6b6c658591fdde71b47181ea0a8744c7d88d0a491bbaa19c8e678ec8df191752ef6356817a8085129a4d5c615d16c0fd4875ea7c7a16530e2028e4b369574f55996269a56a7e7f7555bb95bfe9304215a878a1a9f96234805c74c98677bef4dc7ccc44abd379bd7741bf18a2cf3b3d1965bc8543bb8c60abef19e3e72b64c59295898f3250d388b10c44dcb32387c95bc6690eb2255eb07eafb0819396aecf17c755508d5f1db9120431a9458e8af172eced42da423c8d656362f8c214bfb000f29b2c5231a85c67641b6e7e422622bcb9140049b463a1939dfcbdae07c01d29d715574604a3d54fe999a7f1a69bedf5df5a60b290e28921c387f6cf39b9700a9d9d38bc1336577e449d0f9bf15ac041c203b440daedb4bf28f7017ee2dbeefd81165e27b3a230affb08e389764096e0a51901d02b01bbba67cb43af5cda03c54b738eb848357634a64679b65d9b349207ddf3a5393a50dcfd5e310470914d23d9924fac1f10c2a50b613e0c1dd14d46f840d5039d10bf0bd8503b4ec1da8b13fe4a853da7b1b26a89d494c588d7148a9589dc810f20e9a1f91d3778eb4f8375b4c929ee4e9d0b1a40345f1e10b50c6b5b3f5c8a36e8bb31da1c7dae5c0a0336b9e790fb88dbeafb0eb72f45cf527c489b8d3a4a85fd937c8b592c528067be98f62da471e8148f6d7f497d5622e3f290d4ef04b8f16b1901b2b898c55d3c491ed6cc1cf4a558dcc10e4d21dd6610cb772cdb556dd6f50ac92b78509683dc71c970aa2c526d4259ee4aefbc47b3dc592f12c65b34d57560419e4a2fb0dc0b541d3a265823bd2beab63207ca5d933ab21a44051a83464f8a129be0daded36b65a00e7d6395a317ac155e8f383b9bb55925a0e3db6b56c0ad410c9a3a1d2535243cba4ed25f841223595934c1986592c7c389d8b70f440acfe2936e87fe1cd83caded0f2f36ff7ea63f6d9ecd10a92d652bfe56731340832d679f09bad6dd05918927afeb2003f4500cf0e2cf3ce9892378e33f3b5c87f987ca04f29e4aaa94f501d22acf8b2e0eae9fc1581c5fda59b3850204efc9d098832f2e00dd13f4f20bc9e6356c63d6ba7d2d435c0e27505eaf260c29a66f3132be4034070f369d2621be12593d8716335c7ed499e692bcb6993add80f3d0b61ee5f7eb089db417d0f620347a1c6fd8aab559db464bc64cc9f123779ad8e906465dbe4e38c7040713454fb77cb13dc9adcddebf9b8cdc29a3ad27a3b2be3e7367d6c51c5ffe2b178ab2ea4c0f0b9f1d9760a859e023a05dbc15d945bc2efd613fdc9b149cd41e726958134708810f34ca4f76390d14d599517a348be0b46861504ba38d9e933db1f6414ebe4e028234032838c8cd15c8b82a5c89d9fca37840c300285d3c31910764ad11b3787ce30e4a54019e99b82721bf1f9a8baeabcebc07b0a7ad08d0f79f6ddf784e2be32e66dbb2d3638d1eedd9015d670942bf934c81fc5749b10a6a216385591dad252f4b1c2dcd07534cde99196ebd4b4ca3b374a9afe7c800ec770a7b5f8f587202dbe5457c5531685ec0981a61db1f39230ddaf1bc7812741ba8f285d8d7ff849f8e31d3175bfb60062d24c28a722b0cea9822d466e957002210b8ab6d2dd1d0152b70dd5621b4c8a7b1f770a9d5a09733e1048dd90ef27990ffaba1d95fffadefec194bf61e92eeea77592483ac18619bd74ecedcdb6713ebe840fef178b1ef8657700d659a22c5da3ee31b1bf22299a95942e15424c2f2ea3afdec5706c8ac4c279a741c696d1ed4a723df3826ea7a87c0edde3cf7602697d50f6e6d0c99bae59b4d62372e367a197a14f489cddeb14f23a1943341dd1e53fbf36a9a7506f472c3979c8efd3a18ede3f344dc789848f9bd18c2e622bf95adf7638e1b30d80ad7c1c22349714fd450c6d0cdf05184484bd37478749a561e7c53b2a3d458007b9d09c8582effd4109b6bf7a1bbe4f195e3c0b0f0234b630aa6a35346809ccb5883f0cb8f434b734da2eed741d63aaed5a0db3a66d5312a427ccf92fda0de4fbd071c9bc9d7a4453e4fedb9acd540fad896e62266fa344769f2f18aae743b28d99f55750cad8c66e3e0058bee26a53b602df9cf46d271fa10e0f1b9a60557f13e38b6f0a389be14e6a337e713b59cc2f7a9ad67670f30f6312d47008be27f3f7b79cc8b2d446604750c212679a2e8fd4e2346eb8905c4ccc9a7db706643481bd1437326d9cd0c0ef2e71c164fe46471ba7cb386a7c4ec297bb9f54890668ff1152c07f77cc484cc77ccdfa68328a6ef83d993d972cae67a10dbf024a0364e8d6766b2af274bd81774fc4555000aedaac01ee99bb4af68b0de8acccf8d0ac99226b52eecdebd2aaeafd94fbcb203dbe97f0c089a7b671b4c6fb4ad6a26d13ebca1a19610b6bc06a9790314da04c8b01772cad21e4831ea2850e732739274c4c58a66d8c939c2f5a45d9717c415109f480361b239dbf5f49c9904a8a0f91c0875409baed71568873aa1d2e862537ba5ff351f4d44c9b27c37b5e64ee9c063b54ab2d3c2f95d85922fe0b8866b94380ad0cb42c88b67f8ab79e06d4d2027e254d873a593545123289a97089ae69c6865e1b53a86548afe8ffef92de4f86d56bd10cde20737a30121fb0e12ddc470b7410a88d619d6246424bb645cdc3e038fb251c51f16f61090f160939af0f4be6e050fcc8b1846e26928f67b60ffbfff8511d22d83a6762ab1e971aeb27e119c0593129bd3dde1d2f17cc05c974cddd7f2ebd6c140de2bd3eca6ff9d26856b6a8855770885261e8541121525ccb5b8be5cc92bb47c933a3d48060ab3ccded42f87765ab95b17c8fc8525f05b00ea5e54b1dbf7dbf42d318d1769323f87dbea7733bade261bd605ac5692d9b76165d60331bb630641ab071c7df7ba7793affbbf015e9dd198f639f391cd0c12e23324efdf50e47020b7d528f46f9f69e5f93b46cd2dc4f66d64ea36d32d498b88c230ebf459941a7c2b39ee390376922114f8be0a29a4ba7b497e36e4076328452369b6fff6cc744561472a9a78a9c7857345e0fc7cf0851c0aa00be55dcb086f0b57380679d6434fb1e203ee781bdd87873f945406cc4ed11a4e4b06db652b940b0e782c06a83e93cb5ab657cdf49d2c4ddff67ed26fb0551a40e6ca56b7cb8d5b3591a905ccddbb344d5a5d6887117b21c5c3ac07893a9e0857e9a608d485808c6bdee919ad1fe837e6861733d5d99abd9c5220ab5b03d49ea8a89863c8f6dcf1f2cba5e06c8fcc2c8cc1b2f00beccc4b6a9eb3492e3de86ff34906a65891aa07427073d6e8f4aa623ffce9462a932aa658357f175446226a93cb1d8108940296e2474f426e5095448a52be0dcf1c63fb25bc91f39eb357b0f4ec5a60c95ce11ad56c6344dc787d74a703d903f81baeb0b791b1d0b20f4cc0c94fd614590714b5ab3835c4e09628706bc3247ff4c3a345a7bf9de83f00d9a43cd093ed6149c28ff4964164c4ae5618bd5f7cf1d97809588"})
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0205710, &(0x7f0000000240)={0x0, 0x6bf6, 0xfffffffe, 0x0, 0x5})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x5c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x7}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x6}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x9}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x2}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x5}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0xff}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x6334}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40020000}, 0x800)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="2100000000000000000000000000100000040000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000040000002000000001800000000000002000000000014ad5742309c317a79703922871720ba570fdca1ae7f2d7807d2668959f3e076c9bd20072854f97f0ff8c385c8b111ce8f1a5daa1ddd3d825d8a28509c767df0d9ac1129d4b5f016a15708e36c9f6de80340c635ec522e9912b7d890b0a1176e3587363e7bb245fb0906ffd0e16022d688a269af0d0e597c5307239fe576804f9e06e6edd72e414d86cfcdcc9e6cb0116757ea76848c0d52"], 0x48)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x6}, {0x6, 0x0, 0x0, 0x7fff8013}]})
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc01cf509, &(0x7f00000002c0)={r7, 0x0, 0x9, 0x780})
openat$procfs(0xffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800450000b000000020fc0290780000001ce0000300890b74e0000002640101004440cf80000000a6000000030000000900000008000000090000000200006d0e00002efa00000006000000070000000600000007000000038000000100000103442c6c33e000000200000010ac1414bb346fcc0eac14143800000006ac1e000100000001ffffffff000010009404000000830373000306907800f7006945f4fff60065000501890003ffffffffac1414aa182a85980dbe065e91f03fc2088d9be5309c1a6ab90b61b5ff6e8370aef7708229d46b622e4137fffc5c51fe51aa56e4679fd435c6f02c006fe1de7495"], 0x0)

7m0.738040299s ago: executing program 4 (id=867):
r0 = open$dir(&(0x7f0000000000)='.\x00', 0x40000, 0x81)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000180)})
r1 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f0000000280)={0x846e, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r3 = fanotify_init(0x8, 0x1000)
fanotify_mark(r3, 0x80, 0x8001008, r0, &(0x7f0000000040)='./file0\x00')
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r2, 0x0, 0x0, 0x80000)
modify_ldt$write2(0x11, &(0x7f0000000600)={0x3ff, 0x100000, 0x1000, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x10)
accept4(r4, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6(0xa, 0x1, 0x0)
openat$ptmx(0xffffff9c, 0x0, 0x200, 0x0)
r6 = syz_io_uring_setup(0x49a, &(0x7f0000000100)={0x0, 0x10079af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r7=>0x0, &(0x7f00000006c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0xc})
io_uring_enter(r6, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0)
io_uring_enter(r6, 0x627, 0x4c1, 0x43, 0x0, 0x0)

7m0.431145693s ago: executing program 4 (id=868):
syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x8001, 0x6, 0xfffa}, 0x1d, [0x8000, 0xc95a, 0xf, 0x9, 0x80, 0x3, 0x403, 0x7f, 0x6, 0x49, 0x39cc191b, 0x5f, 0x9, 0x5, 0xffff2d37, 0xfffffefd, 0x6, 0x3, 0x0, 0x5, 0x4, 0x4, 0x4, 0x3c5b, 0x1, 0x21, 0x5, 0x0, 0x1f461e2c, 0x12, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x0, 0xe, 0xfffffffd, 0x71, 0x7, 0x400b, 0x1, 0x7, 0x5, 0x3e, 0x200008f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0xd4, 0x1, 0x40], [0x10000007, 0xffff, 0x80000133, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2, 0x3, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x8, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x4, 0x8000, 0x2009, 0x0, 0xb, 0x806, 0x9, 0xff, 0x5, 0x5, 0x5f2e, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x3ff, 0x8000, 0x1, 0xfe000000, 0xffff, 0x5, 0x7d, 0x9, 0x3, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x2], [0x7, 0x4, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xe, 0x7fff, 0x0, 0x5, 0xb, 0x1, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x6, 0x86, 0x3, 0x9, 0x3e7, 0x2, 0x5, 0x2, 0x2, 0x3, 0x8, 0x4, 0x6d00, 0x6, 0x38, 0x800003, 0x200, 0xffff, 0x3, 0x3, 0x2950bfaf, 0x1000, 0xa2, 0x8007, 0x5, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x6, 0x0, 0x1, 0xffff, 0x100, 0x6, 0x1c, 0x120010, 0x3, 0x6, 0xa2ed, 0x4, 0x25], [0x9, 0xbb31, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0xfffffffe, 0x5, 0xce7, 0x80000000, 0x2, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xb, 0xffffeffe, 0xffff, 0x3, 0x7e, 0x100, 0x9602, 0xaf5, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x9, 0x1000, 0x3, 0x7, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x1, 0x204, 0xffff3441, 0x1000]}, 0x45c)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x1}], 0x1}, 0xfc)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, 0x0}, 0x4000080)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x240448c4)
ppoll(&(0x7f0000000140)=[{0xffffffffffffffff, 0x400}], 0x1, &(0x7f00000001c0), 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x1)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @any, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@private2, 0x800, 0x0, 0x2, 0x1}, 0x20)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x6)
close(r5)
socket$nl_route(0x10, 0x3, 0x0)

6m59.072632409s ago: executing program 4 (id=873):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="3c00000010000104000000000000ffff7f00000087e954e4a31f787c11bc27525ed43b888a9a065cfd08778402000000343a4f2ce2b42ea8f74a55b04bfa4194d943837493f026eb908cff7f2f77f324fe5e2cd8b61d0bd8b8feaa89f2a903e66da214c6afbde410390187675ffc1ead34c791c68221cf1e46abc052324e93b1b78b43235a3a952fc1f3025006ccf60b51b451d2cf2cb34b98b5bdf24c931803e3253311d7aeab07b1eb3d2f84955e45e7b66c104ff6a7b482c2515845ace2934fa5b99d77a69f886a054c35c199e599b6dcfdef4c9906543a9b9350e7a9061490f439d602c920a9e416308d2395b492ed599c24973fa09a79a858a5cd2041f0bdc6cc6fc6bdf3e584be00c77ed053802df7b20906915c28adc5e6585e16ba459372aab7e5c6e7a5d3a16ffd499d038d54a9f41d21c1123c11918f4e81e85408fcb0862837f8d80d866c21eb2daa9221797a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062726964676500000400028008000300", @ANYRES32=0x0, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r9, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf2555000000080001005c00000008000300", @ANYRES32=r6], 0x30}, 0x1, 0x0, 0x0, 0x40895}, 0x4040040)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1}, 0x0)
recvmmsg(r10, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40000000, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000040)={<r11=>0xffffffffffffffff, 0x0, 0x4, 0x8040000000000000})
close_range(r11, 0xffffffffffffffff, 0x0)
fcntl$setlease(r1, 0x400, 0x2)
r12 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r12, 0x84, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r11, 0x84, 0x18, &(0x7f0000000180)={<r13=>0x0, 0x5}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r11, 0x84, 0x70, &(0x7f0000000340)={r13, @in={{0x2, 0x4e24, @local}}, [0x4, 0xffffffffffff7fff, 0xf5, 0x7fffffff, 0x9d, 0x80000000, 0x100000000, 0xf703, 0x9, 0xc92, 0x9, 0xfff, 0xed01, 0x4, 0x6]}, &(0x7f0000000240)=0xfc)
socket$nl_route(0x10, 0x3, 0x0)

6m58.944231037s ago: executing program 4 (id=875):
creat(&(0x7f0000000040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x802, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000880)={'syz1\x00', {0x6}, 0x49, [0x0, 0x3, 0x403, 0x100000, 0x6, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x27c, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xfff, 0x0, 0x4, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x3, 0x3, 0xffffffd, 0x8, 0x0, 0xfffffffe, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x1000000a, 0x0, 0x0, 0x80000007, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x200], [0xf33, 0xa82, 0x1000, 0x1, 0x2, 0x733, 0x8, 0xedc0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0x8, 0x0, 0x2000000, 0x0, 0x0, 0x9, 0x0, 0xfffffff7, 0x0, 0x0, 0x79, 0x1, 0x0, 0x0, 0x0, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x378, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x8, 0x401, 0x0, 0x2, 0xfffffffc, 0x8000016, 0xfffffffd, 0x0, 0x800200, 0x0, 0x20], [0x0, 0x9890000, 0x0, 0x6, 0xfffffffc, 0x2, 0x3, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x6, 0x0, 0xfffffffe, 0x8, 0x0, 0x0, 0xfffffffe, 0xac, 0xfffffffd, 0x0, 0x3, 0x0, 0x400, 0x0, 0x2, 0x89, 0x0, 0x101, 0x0, 0xfffffff9, 0x4000, 0x20000, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80008003, 0x0, 0xfffffffe, 0xfffffffc, 0x0, 0x9, 0x0, 0x0, 0x8, 0x0, 0x1000, 0x0, 0x0, 0x351e, 0xfffffffe, 0xd, 0x0, 0x0, 0x6496, 0x8], [0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xd28, 0x200000, 0x0, 0x0, 0x10, 0x0, 0xfffffffd, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0xfffffffc, 0x4, 0x0, 0xfd30, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x3ff, 0x200000, 0x0, 0x0, 0x9, 0x0, 0x3, 0xfffffffc, 0xe6, 0x8000006, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x8000008, 0x4, 0x1, 0x2, 0x0, 0x100000, 0xffffff7c]}, 0x45c)
rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
pread64(r3, 0x0, 0x0, 0xce2)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
futex(&(0x7f0000000000)=0x2, 0xb, 0x2, 0x0, &(0x7f00000000c0)=0x2, 0x2)
futex(&(0x7f0000000100), 0x100, 0x2, 0x0, 0x0, 0x14fffdfe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
userfaultfd(0x801)
syz_io_uring_setup(0x81f, 0x0, &(0x7f00000002c0), 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x4e681, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

6m58.630399064s ago: executing program 4 (id=876):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x102)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_OPENAT2={0x1c, 0x30, 0x0, r2, &(0x7f00000001c0)={0x26000, 0x1c2, 0x26}, &(0x7f0000000200)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r3}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="340000003c0007010000000000000000017c00000400fc800c00018005fffc00800a000008000280040015800800050009000000"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
readv(r5, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1)
r6 = memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/O\x00\xd0\xa2\x82\x1eb;(\xc8\xd0\x16\xc4\x89\xf7\xb5\xff\xff\xff\xff\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\n68Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xb6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebW\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\x0f\x00\x00\x00\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xc5\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13EE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9ce\x8f\xe3\xe5\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x7)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000003d0007010000000000000000037c000014003780100003"], 0x28}}, 0xc000)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$team(&(0x7f0000000440), r7)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000940)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_PORT_LIST_GET(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000c40)=ANY=[@ANYBLOB=' \x00\x00@', @ANYRES16=r8, @ANYBLOB="39052bbd7000fddbdf250300000008000100", @ANYRES32=r9, @ANYBLOB="04000280"], 0x20}, 0x1, 0x0, 0x0, 0x20040840}, 0xc840)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="74000000020603000000000000000000000000000c00078008000b4000000005050001000600000005000500000000002c0007800500140008000000080013400000000408000b4000000000000014000800000008000940000000ff0900020073797a31000000000c000300686173683a697000"], 0x74}, 0x1, 0x0, 0x0, 0x20000008}, 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x5f, 0x0, 0x1, 0x0, 0x0, 0x4}, 0xc040)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
unshare(0x68040200)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc1}})
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

6m58.488297026s ago: executing program 33 (id=876):
creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x102)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_OPENAT2={0x1c, 0x30, 0x0, r2, &(0x7f00000001c0)={0x26000, 0x1c2, 0x26}, &(0x7f0000000200)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r3}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="340000003c0007010000000000000000017c00000400fc800c00018005fffc00800a000008000280040015800800050009000000"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
readv(r5, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1)
r6 = memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/O\x00\xd0\xa2\x82\x1eb;(\xc8\xd0\x16\xc4\x89\xf7\xb5\xff\xff\xff\xff\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\n68Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xb6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebW\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\x0f\x00\x00\x00\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xc5\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13EE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9ce\x8f\xe3\xe5\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x7)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000003d0007010000000000000000037c000014003780100003"], 0x28}}, 0xc000)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$team(&(0x7f0000000440), r7)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000940)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_PORT_LIST_GET(r7, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000c40)=ANY=[@ANYBLOB=' \x00\x00@', @ANYRES16=r8, @ANYBLOB="39052bbd7000fddbdf250300000008000100", @ANYRES32=r9, @ANYBLOB="04000280"], 0x20}, 0x1, 0x0, 0x0, 0x20040840}, 0xc840)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="74000000020603000000000000000000000000000c00078008000b4000000005050001000600000005000500000000002c0007800500140008000000080013400000000408000b4000000000000014000800000008000940000000ff0900020073797a31000000000c000300686173683a697000"], 0x74}, 0x1, 0x0, 0x0, 0x20000008}, 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x5f, 0x0, 0x1, 0x0, 0x0, 0x4}, 0xc040)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
unshare(0x68040200)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc1}})
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

6.196036121s ago: executing program 1 (id=3036):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r5 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f0000000140)={&(0x7f00000007c0)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x80000000}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000f40)="b8b28225cc772f31e7e8c7", 0xb}, {&(0x7f00000000c0)="ed97514514d96b4dd94672bd9b7d74918fa89ade54df9beaa95b352d9fe9d6639824", 0x22}], 0x2}, 0xc010)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x800)
kexec_load(0x10, 0x0, 0x0, 0x2a0000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES16=r6, @ANYBLOB="140419424cd6638dd5aa0998c46dcfbe88724816f0962ffd6a39ee526fc181607d612253f0d01e60bc6ba35719fbc5707982f1885bbb6ac99b834f9a2868f920c2f863caeb3cb1f86a3afeba4ef886665fc1ab02caf4a218b3c20df055f0891a9b9e57800668fa8abca2783cd859dd107048288f070bb631970606165cb1d4d6cafcb0a254b4f8c00967a3d831f7030d2e5cad6a004631937f11604564e27714c3e6206d1885b89610d29661a67c02d1cf22811890198f", @ANYRES64], 0x48}}, 0x4810)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)

5.695345932s ago: executing program 1 (id=3038):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffffffffe8d, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f600000000000000000001000000050005e900000000040180000000000000002573be94e4e08e2800000800030001000000c1c38b448f95b01f3a6381c98dd0b6fe0fad48bc578d8b0735d76bb7238cc4e5658d7d82a44df5a2ed64b6"], 0x30}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0, 0x80800)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005a80)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000001040)="1afa930cacb9483ba427fdebe35364652f11c890067ca57a50fcdad0b85702e5cc0b945016028a3cc74937f47b829ffb57197295d7a2d38761146d9d4c35dbef7bf484deb62ddaa8dcf89ed8b8ad859bbcbb4593668e5953f537a33f9a56eabd738803eb8c0b864dc8fcdae1d0f715c660d6d3f06789efb0d8b12fe29792fde455e9b5438ece90f64f47cb446e9bfb07c2e67799b96d7d4fb2f171a6e31a178fac90050470d75d8cf04b7c144928d9eff3058b39af2fe86bbeec1d595fa1d6a4767179d8f3ffd772c6b2c81a2e2b2ff16eee04798a5da71a36d642135c012a1889c8f54c6fa79fd700850aa0a242da0de1db416effebacf50b70745155816f6c1c4cea841ad36f624202e0c04da611f1d60ee3f3c8b92e9abb5433232844aa1baaba03981599e43f2ded4df3168a4dde0dc57bde58aff3e2984c686c311e47874a28b0ef899f990a98abc002b90719ea82620c66b8db5c964c996523e7bd798477dd4f25cb30f5a52c8ea87ac7829c72cf5c48f422fd402945e26cc4aa6faa11b43de6c9307dc67c9af69db6977f6d20c0c97e8e4df718cf554b0bfd516f445514316824e974ef5166910bbd3b080b764e12f5542ff11ff67250a3c078306dfed88764473ece74350e5113ea49a7a19add306b9ff3709eec943b0e8680c8eea9741dd23e3f377ef0e9d59efee73803e7293e1a870a2e46e2765c304350aa7ba907d4ad344f542919aea5fc25f9b3446b66436b4600e7b1a58d3ba1d06d0c9576e40c54caaa7a35a9f16dd6a2b49097ef76dcc41de089c4ab2763aefcdf5ed8aab0675f0bc68d908538b129632ca82871f8e165e442bef0e306e391bb53507434e4166fb91f001601be498448774c23a996406d55a170aa45a2065e61d2c967687e64ac5ff6ad3907727cd6e7474a6a022b26d2bd6b040528910794eaeb726ee91545a734bc289ff5c7f323c3abd70b001159c5ceb242c7e4880ad0a61426c67ffe52fd8160b53fe8f34c3174b88ef7ced5ab77cbd12e7f4de73d33aa7c478bf7839373f96d8367ee34607f7c227bd0b18fecb68bacbd8631e25b7b8119fec8af772f428b5f67bb362df271796b2a996faf920d5c6338c0e805ccff5cc7d057badcdf1b5f46d75a77585556cffb9cfd0364e885de2752956b80338132a3dea920b76b2834c47f61c5313203503eb96cb985f1d55ef673829cf5ad027fe49c1545bde3657fb8b12132e6e6a3df6165424b43c80938724e9ad255f16cac8c2168cd6399d883ee86afd833f0f974eb1fa8742efa42050fea8fd254dbe908058ed2b52bdb155c5c050e9dd451094df2055df14c21ab600f19beeb8e2c160b81245b83de617f91fea8e8f37231849728b19996db4746207fa0de84ca5f11dce363a0ab0bbc74a84998ab194384f4ca29ea684cc00122c1f08653bc393f5ed0ec66d1e4e2f7109fff9b0eedc2ed18b78a257516c26d83717d7e5e2d86d1b3eaaad92872f713d94c2ad76ece3a18b64803686a35eb487f0ed0e4c3efb267dcd698ea4672203627c415a5427e411e32686ba6c5d35ed2f333630a62d721627554fbba63738d322625b2208c3042f2d2fc3229077b88292965676957ae6d88b711ebf6db27579792b4b2a7f88b402c93203d2410dfaa28b6b90db232d73be2edd8d3c4c958dc8d050992a070c8847e3e15b12effcb9690c0571b4de91581660c5d9e663a4207bbdacb60261a7c3513758d58a4cef1c34bb62002a8ed8bfad19257618f1917fa88a73dcdb9a85101a14758274e65cbd1dd79e0ad4ec03c21d86ee03d98d37d916836dee9907b1bb05d0209a8f867e33da8c5c3e1c78097f792942cdd51a47469bfefe327bc66527ab8456c78a1a7fe1d6edfab7aa924550c6dc332908f5feec95f42ec9237d2f75032e4ff52689bd65ed7c2d3829cd624d9bda04c6633563d02a15e529b1e4190ca93dce17e952a12059b8e8a5e730892fc414f99cd8ae3e45ba488703dc1e1af04c358b3aee9fa3f0fdc76b906471378bfc15f37ffe644c84bd25c7b396e7764093e322c923f7d4e4ab1ecfb7c153c667587fd23b2c774bcaefb1079093c80d0fc24456ec2e1b17d0a11f44d19fbf8706ea1c002afc172318b9ccfa5a7b181217cf3467e76090448123d8eb6285d8cfc2deaaa4ce7fa0391a7e63ad6e6bbec958e2b2660e59a89209f3cc945f7a87c0a48c669842e037b4544bc39c36bcabaf3c87c29bcdd76e880bbb0e06f84054131b18b9529cf184cb2ba9217284326c368da0038ed1df8db20f0eb203273e6f40c37ae03d066234c7ecd6f76c26f90899812f2742a71db4a18ab8513dbd0f94cc7617d7d86baa6072126dfe7b962cc4143abb28a530237c0ce2ddbb3585401b19316e19af09df45c1b7636a18b5e48c65596f229caddc5b9a39b3e06c0869b4599c67e922ee6f5b20b8170d79e1b09457e594884304cb943fde6d86177e360ebed58b33631649d0809159cc5a6f41287399d01c2fd26c0a01c594255dc57d988bc0369cc19423f62e0d6174620569825117a6b005c7be6c59922683e5523cfd06dfb9b88c5c720dc91dc7a07296b1225b11ebd54c229fcf53f91fbdd3b6c5956b4c55bd38b4cf78ee20863edae292c5642d3f8e4bd7735e41d903473c4770463e44148e07586f1756d8926c90ac3ef01a4693ab7abc9cd078a2793325889ef27812aa61f517c1650b3d89b693a98374cc780a7e9f62762a52590058a626287224eb06ee51ae36126892e6fc7459026f801c6fae0ec5839cabbf2380a2328356da012363e90fd3403bc45fa90a1dfc72b0f2ca25f10c31108b7a60ffb3511249c42bfa8e151bb309e9fa16e489e39c40ff0b1b066e41b5edd18e68b56cbee088a47fafc38c2e46b89ebefb6be8e4bcf3e92fa36955f59c08eac92c213c33692ff9b98788fb223f0a3739532e14792a3a0cc9240094ba6799ee6a2d0c7212564829353debf03839b2d81dc60a084eded7bd2a80cd949945140a1209619150bb528832d7d45cbb77bc68c04cb0a5a806399f10f67a9c60f0f1114a9526bc1b23ff9496bd3bee6af45134b4761579e2343e3f0fd5463fcc865960c63b80aed40d969fd5315d1b90f731460b7a82dcd8825f0fc4ee95b0212be8216754ea13b2b853330afc9cb4610a5b7982a68fb79b4b2cd80928661b06c474caf4259d5619b2b8f8d8daa291ab7ca332e978ec95d02536747f54afce4897bffcb7a54c79c9fea5826d14ca004d8777a544f8716b414b45d213923c716889e0e242af576442a906904108d647c540bcc101d69612fcc7b1158e31da8dc6c66ed894bf6a9c4a87e91f880c8726de9ae82b3836776bc33ac9d1f9415dce5c324b787c3323df85e76aa7e3b75261c89f63216b966b770ae30c6a3ef2ddac1b27c14e9f443202e2951d0948c982c71e6eca1ed8fb17bd7d3d7f01806bf95e7e2a485a446249dc4f879f8a94bd1dfb0f457489e6f5067331a971c3cf637d349eef391a5942b6da5d1ec0a31452f5ee2f4882c0b3c3f59652a2d2a9d6a67759514172fdf2b5dc18469dc34f826b1d8dec6bcfb244aab936d99e7f30f3577a0507c5defc43321f02be525a118b5da64df45af052d3a419a58c398eb1e21b238f93da2326c8c59ab3fea82546f5878b3c54b8b5a541ebb97550c56a096a76f9e288d5cc3731f189f735368bed001c56e630c0a068ef89495e389b86e43a8e6ac8eccc7c7683ed93264c4bef3981ccdd8c0504c10a73d81c188c89c08a5b4d1d47fdc18a3c5d8cc29ed03adcc5f1b7fe0feb156f0a91bd68bb3d2c91d62d596e3d2ea84d243bd56d2a13c556a43f6c6c219830f256105e7a98ab1734ba0b5251b740134f86834896672e9421b4aba3c038ac4b58095709f85ed086add1998eff56ef2059dd65da8000ba424769570284d24da2763774083fbe4c74ccd324d8aaea1435cc85edd5499d44702e546250630afc490bda76c61ef7951d521f00111dd779ec7c57a7cdc7dc6ddf7c89ae8edf9489ff53b5dd587d260f1b702e7f6b9281f0d973a9cadf41c32819be32e40d08956f2c18a5a01e976a1c6bbb0b31bfda9f8df0cd680e3bf3134cde1df408f49eb8505471b16f0558e471921df2dbbe3e4605f5f713a9cb3c6eb1931a11932194d298aa828c02e3afbf6681406af7cc45b4c659ee03ca0c59b333264c29d2a4803cd816c3756aa3412064eda75ff59d2ab863d3b96e99342df08015cf18716db41a56b344bb1ceecf915a3b0e50a7894feb607d89e74d891ceaf3ed8ff6ab2c460dc5b93f32c87d97fd4e3953c7d5406102fc85fccaa9bdd47f35dc0f619032c3aa3f88bfb37af4488b36b643edc7ef8501fa3553651d3da06c1655c06671f60f3d100cad302bad541a7f3079433025d820e60ced466ba960c3b3c25b02898cf98efdb08bc85484162b51a74ab19a5e02106b3e285be7bf1145bc668d3658e7fddeea8e53910c17d17f5cdb8ff00f3c843292838b3a86f9c9478c96d9137a56fa82fecbab390f53409d241b9c74889d141db864e1b48d9cdad4f5f27e50774eb2768576b2dd8d035a824eba1a76b84d7d6d09448d5762fdd99d6c4427291cd3193fbd24ee2d46a54cba7a50a01a659ea5b1ebd0ef9237ef8d9fdc36f0f018a5892af0cf782ba4b6445a0795c3bd50095974a612ed6b1825a7abc2a4dd83343171f933feec0d2914568f966a960ab3e1ea03bd8f1f330c016b671f686aef918818214d523eba7f058c70f2c43759f5615cfe5d79da030aabbe0e6cb6a9c045b4f815d36c34615e9b67ad4880a57fdb34770db4ba46699d9e215aab800bbd020d68fe597708af11f6b6b6631e859d5776bf77bb66e60b5ed3f44f5ec9653e8eeed11e21e6396892f42fc8630cb5587f1cd8fb5c72756618512668a6e25e707191327349c11a81d314f6f740a0fda00051de407752deb1098016a7505cae237b4705cdc17af5fc5cbbe25b2f8a36f2e75b191f25b44887f883140e4d9462434c0a614e6c7e6ce285e7aef4211c91f8cc5e6a5f74eec33227fe69777043bfa661d046319b7998481e59560c8969f4d3205ef9d5dced6d75415714d69555831778780c40b7023a3c21cba2b5a21dc91278d17378aed7397c438be0706e82bae2764b7f22a78cac928092a8fc47b08e8f10b6c7f49bc026de1f231aad8947e235b29edea696747db15dd6295810ef7dc39c870f6323bcdc15dcb262cd1c2374f79356b3df74689701a8b2ee637fc80c9554571fb71b1f3ca50203c7d39ace0f4ed5689bc6bbe83ac9fa2e7c881ff193e8de73a19da1722cf240e46ab35ddde756880e20c8cecae3ead8eb0f6372e05cbd5fff8998415cb57ce625f36ee2089db149e1ee17eac0ed57eb39104819ea08fad0502829a34e22ea7f50bc94e69f6d19377ed4efc637cc50458280a8318aca67f3df3d5f7628d0fb35f7f6c240a09311a6399eb70abb0aa42a9e018f27456fe8a61e29f811a694721baf5b7efc931dd1b7f20c644816f2ee2287d5f81632300afbdfc0153584f7b4c8284e6b911543b2b082a00be377dd5ff275a2a1181f52a617aca29c25b5a779c2b94d38c07bdf0f5ba4b84cb552774b2b59335581438d7a68f04501594e6ba1bd56b15b2a2998525a4c6ce3235f708b4079b10064304dda735c765080f241c8681b8918081bae95e647720b04aa113", 0xfbf}], 0x1, 0x0, 0x0, 0x40001}}], 0x1, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ptrace(0x10, 0x1)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x98, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, r7, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1, [0x5, 0x4, 0x2, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x80000000}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
setsockopt$packet_add_memb(r5, 0x107, 0x1, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0xf, 0x0, &(0x7f0000000640))
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
sendfile(r9, r9, 0x0, 0x40008)

5.264328945s ago: executing program 1 (id=3043):
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x4, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x3}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000005a40)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x4, 0x2}}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r7, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r8, &(0x7f00000027c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_CLOSE={0x13, 0x1c, 0x0, r9})
io_uring_enter(r0, 0x47ba, 0x3e82, 0x60, 0x0, 0x0)

4.999517624s ago: executing program 3 (id=3045):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x3, 0x7, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_FILTER={0x1c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, 0x3c}}, 0x4c850)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004801}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f00000001c0))

4.981041645s ago: executing program 5 (id=3046):
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6)
syz_open_dev$sg(0x0, 0x5, 0x484ec1)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x0, 0x8)
bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10)
r6 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

4.908522641s ago: executing program 3 (id=3047):
pipe(&(0x7f0000000080))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$usbmon(0x0, 0x3, 0x80400)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = socket(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r1, 0x0, 0x0, 0x800, &(0x7f0000000380)={0x2, 0x4e24, @local}, 0x10)
recvmsg(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x12160)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000380)="9007b5fb", 0x4)
syz_usbip_server_init(0x3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x4, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x0, 0xfffffffd, 0x4}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffea3}}, {0x4}}]}]}, 0x6c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c0003"], 0x528}}, 0xc000)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x1036, &(0x7f0000002880)=ANY=[@ANYBLOB], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3.941651131s ago: executing program 5 (id=3048):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c)
r1 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100}, 0x94)
r4 = open(0x0, 0x20240, 0x1fc)
ioctl$BLKTRACESTART(r4, 0x1274, 0x0)
getpeername(r3, 0x0, 0x0)
connect$pppl2tp(r2, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{0x100, 0x1}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$input_event(r1, &(0x7f0000000200)={{0x77359400}, 0x11, 0xae, 0x7fffffff}, 0xffffffe7)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r7 = fcntl$dupfd(r0, 0x406, r0)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
r8 = getpid()
fcntl$setownex(r7, 0xf, &(0x7f0000000000)={0x2, r8})
sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2000c855}, 0x1)

3.235479472s ago: executing program 1 (id=3049):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffffffffe8d, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="f600000000000000000001000000050005e900000000040180000000000000002573be94e4e08e2800000800030001000000c1c38b448f95b01f3a6381c98dd0b6fe0fad48bc578d8b0735d76bb7238cc4e5658d7d82a44df5a2ed64b6"], 0x30}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0, 0x80800)
r6 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bond0\x00', <r7=>0x0})
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005a80)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000001040)="1afa930cacb9483ba427fdebe35364652f11c890067ca57a50fcdad0b85702e5cc0b945016028a3cc74937f47b829ffb57197295d7a2d38761146d9d4c35dbef7bf484deb62ddaa8dcf89ed8b8ad859bbcbb4593668e5953f537a33f9a56eabd738803eb8c0b864dc8fcdae1d0f715c660d6d3f06789efb0d8b12fe29792fde455e9b5438ece90f64f47cb446e9bfb07c2e67799b96d7d4fb2f171a6e31a178fac90050470d75d8cf04b7c144928d9eff3058b39af2fe86bbeec1d595fa1d6a4767179d8f3ffd772c6b2c81a2e2b2ff16eee04798a5da71a36d642135c012a1889c8f54c6fa79fd700850aa0a242da0de1db416effebacf50b70745155816f6c1c4cea841ad36f624202e0c04da611f1d60ee3f3c8b92e9abb5433232844aa1baaba03981599e43f2ded4df3168a4dde0dc57bde58aff3e2984c686c311e47874a28b0ef899f990a98abc002b90719ea82620c66b8db5c964c996523e7bd798477dd4f25cb30f5a52c8ea87ac7829c72cf5c48f422fd402945e26cc4aa6faa11b43de6c9307dc67c9af69db6977f6d20c0c97e8e4df718cf554b0bfd516f445514316824e974ef5166910bbd3b080b764e12f5542ff11ff67250a3c078306dfed88764473ece74350e5113ea49a7a19add306b9ff3709eec943b0e8680c8eea9741dd23e3f377ef0e9d59efee73803e7293e1a870a2e46e2765c304350aa7ba907d4ad344f542919aea5fc25f9b3446b66436b4600e7b1a58d3ba1d06d0c9576e40c54caaa7a35a9f16dd6a2b49097ef76dcc41de089c4ab2763aefcdf5ed8aab0675f0bc68d908538b129632ca82871f8e165e442bef0e306e391bb53507434e4166fb91f001601be498448774c23a996406d55a170aa45a2065e61d2c967687e64ac5ff6ad3907727cd6e7474a6a022b26d2bd6b040528910794eaeb726ee91545a734bc289ff5c7f323c3abd70b001159c5ceb242c7e4880ad0a61426c67ffe52fd8160b53fe8f34c3174b88ef7ced5ab77cbd12e7f4de73d33aa7c478bf7839373f96d8367ee34607f7c227bd0b18fecb68bacbd8631e25b7b8119fec8af772f428b5f67bb362df271796b2a996faf920d5c6338c0e805ccff5cc7d057badcdf1b5f46d75a77585556cffb9cfd0364e885de2752956b80338132a3dea920b76b2834c47f61c5313203503eb96cb985f1d55ef673829cf5ad027fe49c1545bde3657fb8b12132e6e6a3df6165424b43c80938724e9ad255f16cac8c2168cd6399d883ee86afd833f0f974eb1fa8742efa42050fea8fd254dbe908058ed2b52bdb155c5c050e9dd451094df2055df14c21ab600f19beeb8e2c160b81245b83de617f91fea8e8f37231849728b19996db4746207fa0de84ca5f11dce363a0ab0bbc74a84998ab194384f4ca29ea684cc00122c1f08653bc393f5ed0ec66d1e4e2f7109fff9b0eedc2ed18b78a257516c26d83717d7e5e2d86d1b3eaaad92872f713d94c2ad76ece3a18b64803686a35eb487f0ed0e4c3efb267dcd698ea4672203627c415a5427e411e32686ba6c5d35ed2f333630a62d721627554fbba63738d322625b2208c3042f2d2fc3229077b88292965676957ae6d88b711ebf6db27579792b4b2a7f88b402c93203d2410dfaa28b6b90db232d73be2edd8d3c4c958dc8d050992a070c8847e3e15b12effcb9690c0571b4de91581660c5d9e663a4207bbdacb60261a7c3513758d58a4cef1c34bb62002a8ed8bfad19257618f1917fa88a73dcdb9a85101a14758274e65cbd1dd79e0ad4ec03c21d86ee03d98d37d916836dee9907b1bb05d0209a8f867e33da8c5c3e1c78097f792942cdd51a47469bfefe327bc66527ab8456c78a1a7fe1d6edfab7aa924550c6dc332908f5feec95f42ec9237d2f75032e4ff52689bd65ed7c2d3829cd624d9bda04c6633563d02a15e529b1e4190ca93dce17e952a12059b8e8a5e730892fc414f99cd8ae3e45ba488703dc1e1af04c358b3aee9fa3f0fdc76b906471378bfc15f37ffe644c84bd25c7b396e7764093e322c923f7d4e4ab1ecfb7c153c667587fd23b2c774bcaefb1079093c80d0fc24456ec2e1b17d0a11f44d19fbf8706ea1c002afc172318b9ccfa5a7b181217cf3467e76090448123d8eb6285d8cfc2deaaa4ce7fa0391a7e63ad6e6bbec958e2b2660e59a89209f3cc945f7a87c0a48c669842e037b4544bc39c36bcabaf3c87c29bcdd76e880bbb0e06f84054131b18b9529cf184cb2ba9217284326c368da0038ed1df8db20f0eb203273e6f40c37ae03d066234c7ecd6f76c26f90899812f2742a71db4a18ab8513dbd0f94cc7617d7d86baa6072126dfe7b962cc4143abb28a530237c0ce2ddbb3585401b19316e19af09df45c1b7636a18b5e48c65596f229caddc5b9a39b3e06c0869b4599c67e922ee6f5b20b8170d79e1b09457e594884304cb943fde6d86177e360ebed58b33631649d0809159cc5a6f41287399d01c2fd26c0a01c594255dc57d988bc0369cc19423f62e0d6174620569825117a6b005c7be6c59922683e5523cfd06dfb9b88c5c720dc91dc7a07296b1225b11ebd54c229fcf53f91fbdd3b6c5956b4c55bd38b4cf78ee20863edae292c5642d3f8e4bd7735e41d903473c4770463e44148e07586f1756d8926c90ac3ef01a4693ab7abc9cd078a2793325889ef27812aa61f517c1650b3d89b693a98374cc780a7e9f62762a52590058a626287224eb06ee51ae36126892e6fc7459026f801c6fae0ec5839cabbf2380a2328356da012363e90fd3403bc45fa90a1dfc72b0f2ca25f10c31108b7a60ffb3511249c42bfa8e151bb309e9fa16e489e39c40ff0b1b066e41b5edd18e68b56cbee088a47fafc38c2e46b89ebefb6be8e4bcf3e92fa36955f59c08eac92c213c33692ff9b98788fb223f0a3739532e14792a3a0cc9240094ba6799ee6a2d0c7212564829353debf03839b2d81dc60a084eded7bd2a80cd949945140a1209619150bb528832d7d45cbb77bc68c04cb0a5a806399f10f67a9c60f0f1114a9526bc1b23ff9496bd3bee6af45134b4761579e2343e3f0fd5463fcc865960c63b80aed40d969fd5315d1b90f731460b7a82dcd8825f0fc4ee95b0212be8216754ea13b2b853330afc9cb4610a5b7982a68fb79b4b2cd80928661b06c474caf4259d5619b2b8f8d8daa291ab7ca332e978ec95d02536747f54afce4897bffcb7a54c79c9fea5826d14ca004d8777a544f8716b414b45d213923c716889e0e242af576442a906904108d647c540bcc101d69612fcc7b1158e31da8dc6c66ed894bf6a9c4a87e91f880c8726de9ae82b3836776bc33ac9d1f9415dce5c324b787c3323df85e76aa7e3b75261c89f63216b966b770ae30c6a3ef2ddac1b27c14e9f443202e2951d0948c982c71e6eca1ed8fb17bd7d3d7f01806bf95e7e2a485a446249dc4f879f8a94bd1dfb0f457489e6f5067331a971c3cf637d349eef391a5942b6da5d1ec0a31452f5ee2f4882c0b3c3f59652a2d2a9d6a67759514172fdf2b5dc18469dc34f826b1d8dec6bcfb244aab936d99e7f30f3577a0507c5defc43321f02be525a118b5da64df45af052d3a419a58c398eb1e21b238f93da2326c8c59ab3fea82546f5878b3c54b8b5a541ebb97550c56a096a76f9e288d5cc3731f189f735368bed001c56e630c0a068ef89495e389b86e43a8e6ac8eccc7c7683ed93264c4bef3981ccdd8c0504c10a73d81c188c89c08a5b4d1d47fdc18a3c5d8cc29ed03adcc5f1b7fe0feb156f0a91bd68bb3d2c91d62d596e3d2ea84d243bd56d2a13c556a43f6c6c219830f256105e7a98ab1734ba0b5251b740134f86834896672e9421b4aba3c038ac4b58095709f85ed086add1998eff56ef2059dd65da8000ba424769570284d24da2763774083fbe4c74ccd324d8aaea1435cc85edd5499d44702e546250630afc490bda76c61ef7951d521f00111dd779ec7c57a7cdc7dc6ddf7c89ae8edf9489ff53b5dd587d260f1b702e7f6b9281f0d973a9cadf41c32819be32e40d08956f2c18a5a01e976a1c6bbb0b31bfda9f8df0cd680e3bf3134cde1df408f49eb8505471b16f0558e471921df2dbbe3e4605f5f713a9cb3c6eb1931a11932194d298aa828c02e3afbf6681406af7cc45b4c659ee03ca0c59b333264c29d2a4803cd816c3756aa3412064eda75ff59d2ab863d3b96e99342df08015cf18716db41a56b344bb1ceecf915a3b0e50a7894feb607d89e74d891ceaf3ed8ff6ab2c460dc5b93f32c87d97fd4e3953c7d5406102fc85fccaa9bdd47f35dc0f619032c3aa3f88bfb37af4488b36b643edc7ef8501fa3553651d3da06c1655c06671f60f3d100cad302bad541a7f3079433025d820e60ced466ba960c3b3c25b02898cf98efdb08bc85484162b51a74ab19a5e02106b3e285be7bf1145bc668d3658e7fddeea8e53910c17d17f5cdb8ff00f3c843292838b3a86f9c9478c96d9137a56fa82fecbab390f53409d241b9c74889d141db864e1b48d9cdad4f5f27e50774eb2768576b2dd8d035a824eba1a76b84d7d6d09448d5762fdd99d6c4427291cd3193fbd24ee2d46a54cba7a50a01a659ea5b1ebd0ef9237ef8d9fdc36f0f018a5892af0cf782ba4b6445a0795c3bd50095974a612ed6b1825a7abc2a4dd83343171f933feec0d2914568f966a960ab3e1ea03bd8f1f330c016b671f686aef918818214d523eba7f058c70f2c43759f5615cfe5d79da030aabbe0e6cb6a9c045b4f815d36c34615e9b67ad4880a57fdb34770db4ba46699d9e215aab800bbd020d68fe597708af11f6b6b6631e859d5776bf77bb66e60b5ed3f44f5ec9653e8eeed11e21e6396892f42fc8630cb5587f1cd8fb5c72756618512668a6e25e707191327349c11a81d314f6f740a0fda00051de407752deb1098016a7505cae237b4705cdc17af5fc5cbbe25b2f8a36f2e75b191f25b44887f883140e4d9462434c0a614e6c7e6ce285e7aef4211c91f8cc5e6a5f74eec33227fe69777043bfa661d046319b7998481e59560c8969f4d3205ef9d5dced6d75415714d69555831778780c40b7023a3c21cba2b5a21dc91278d17378aed7397c438be0706e82bae2764b7f22a78cac928092a8fc47b08e8f10b6c7f49bc026de1f231aad8947e235b29edea696747db15dd6295810ef7dc39c870f6323bcdc15dcb262cd1c2374f79356b3df74689701a8b2ee637fc80c9554571fb71b1f3ca50203c7d39ace0f4ed5689bc6bbe83ac9fa2e7c881ff193e8de73a19da1722cf240e46ab35ddde756880e20c8cecae3ead8eb0f6372e05cbd5fff8998415cb57ce625f36ee2089db149e1ee17eac0ed57eb39104819ea08fad0502829a34e22ea7f50bc94e69f6d19377ed4efc637cc50458280a8318aca67f3df3d5f7628d0fb35f7f6c240a09311a6399eb70abb0aa42a9e018f27456fe8a61e29f811a694721baf5b7efc931dd1b7f20c644816f2ee2287d5f81632300afbdfc0153584f7b4c8284e6b911543b2b082a00be377dd5ff275a2a1181f52a617aca29c25b5a779c2b94d38c07bdf0f5ba4b84cb552774b2b59335581438d7a68f04501594e6ba1bd56b15b2a2998525a4c6ce3235f708b4079b10064304dda735c765080f241c8681b8918081bae95e647720b04aa113", 0xfbf}], 0x1, 0x0, 0x0, 0x40001}}], 0x1, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ptrace(0x10, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x98, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x12, r7, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x1, [0x5, 0x4, 0x2, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x80000000}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0xc850}, 0x0)
setsockopt$packet_add_memb(r5, 0x107, 0x1, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0xf, 0x0, &(0x7f0000000640))
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
sendfile(r8, r8, 0x0, 0x40008)

3.109317116s ago: executing program 5 (id=3050):
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6)
syz_open_dev$sg(0x0, 0x5, 0x484ec1)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x0, 0x8)
bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10)
r6 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8f}, 0x19)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

2.593847441s ago: executing program 2 (id=3051):
openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xfffffffe}], 0x0, 0x0, 0x0, 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000004c0)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4800)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/rt6_stats\x00')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x18, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r3=>0x0})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r5, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r5, 0x540a, 0x2)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

2.484111107s ago: executing program 3 (id=3052):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)=[{0x0}], 0x1}, 0x41)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x48810}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c00"], 0x110}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x834)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x9202}}, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x2}, 0x10}, 0x90)

2.377600482s ago: executing program 3 (id=3053):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x6, 0xc7, &(0x7f0000000580)=""/199, 0x21600, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x84, 0x20, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000940000/0x4000)=nil, 0x4000, 0xb635773f06ebbeef, 0x110, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x1c1082)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r4, 0xc0045543, &(0x7f0000000080))
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x4044080)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000000900)={0x2020}, 0x2020)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000340)={0x0, 0x0})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='gfs2meta\x00', 0x2208004, 0x0)
sched_getattr(0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r5, 0x400448ca, 0x0)
ioctl$sock_bt_hci(r5, 0x400448c9, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000000c0)="ca7aac43620767496beba12f3d4b91cc3c1951bdfc6ca667f1a9e80dfa8075d62e8b8ff8057c0a2c0cf90bdd2c04884c625d6e67e0ec", 0x36, 0xfffffffffffffffe)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x105400, 0x0)

2.296995896s ago: executing program 1 (id=3054):
openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xfffffffe}], 0x0, 0x0, 0x0, 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000004c0)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4800)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/rt6_stats\x00')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r3=>0x0})
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r5, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r5, 0x540a, 0x2)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

2.000527813s ago: executing program 5 (id=3055):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x34, r1, 0xc11, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_QOS_MAP={0x16, 0xc7, {[{0x0, 0x84}, {0x8, 0x2}, {0xe8, 0x2}, {0x3, 0x4}, {0x9}], "7ecd4163b8fccf09"}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) (fail_nth: 3)

1.996748589s ago: executing program 5 (id=3056):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x40001)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x252, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x3, 0x1, 0x2, 0x2, {0x9, 0x21, 0x7f, 0x80, 0x1, {0x22, 0x3f6}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x5, 0x7b, 0x5}}}}}]}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000580)={0x2, @sliced={0xff63, [0x0, 0x6, 0x7, 0xa, 0x1, 0x5, 0x7, 0x8, 0x9, 0x1, 0x1, 0x6, 0x0, 0x5, 0x113, 0xbe4c, 0x3, 0x40, 0x7, 0x7, 0x401, 0x3, 0x5, 0xffff, 0x4, 0x8, 0xfff8, 0xf, 0x800, 0x6, 0x2, 0x7ff, 0x4, 0x4, 0x100, 0x2, 0xc0, 0xff, 0x8000, 0x3, 0x4, 0x7fff, 0x4c, 0x2, 0xf8ff, 0x81, 0x2, 0x7fff], 0xe6}})
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000002c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, &(0x7f00000000c0)=0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x5, 0xb, 0x0, 0x0, @str='\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
ioctl$VFAT_IOCTL_READDIR_BOTH(r2, 0x82187201, &(0x7f0000000180)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
syz_usb_control_io$rtl8150(0xffffffffffffffff, &(0x7f0000000100)={0xc, &(0x7f0000000040)={0x0, 0x11, 0x30, {0x30, 0xe, "4fc032508092a7957dfc4f0861a93641a6557856cb43bab85ff93d5f4821a8496d990ca5b40c88f12a02edf17300"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xc13}}}, &(0x7f0000000540)={0x18, &(0x7f00000003c0)={0x0, 0x0, 0x3c, "e2092c7201db614267fcd9d9a3726c5f70e0d9eae30e04f427065a7530f856bc864dafa6b69113ca6bd22740ceb102bac82c14eb67f395cc795394cd"}, &(0x7f0000000440)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x5}, &(0x7f00000004c0)={0xc0, 0x5, 0x4, "c29e63f3"}, &(0x7f0000000500)={0x40, 0x5, 0x3, "bf1b15"}})

1.592517702s ago: executing program 2 (id=3057):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r5 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, &(0x7f0000000140)={&(0x7f00000007c0)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x80000000}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000f40)="b8b28225cc772f31e7e8c7", 0xb}, {&(0x7f00000000c0)="ed97514514d96b4dd94672bd9b7d74918fa89ade54df9beaa95b352d9fe9d6639824", 0x22}], 0x2}, 0xc010)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x800)
kexec_load(0x10, 0x0, 0x0, 0x2a0000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES16=r6, @ANYBLOB="140419424cd6638dd5aa0998c46dcfbe88724816f0962ffd6a39ee526fc181607d612253f0d01e60bc6ba35719fbc5707982f1885bbb6ac99b834f9a2868f920c2f863caeb3cb1f86a3afeba4ef886665fc1ab02caf4a218b3c20df055f0891a9b9e57800668fa8abca2783cd859dd107048288f070bb631970606165cb1d4d6cafcb0a254b4f8c00967a3d831f7030d2e5cad6a004631937f11604564e27714c3e6206d1885b89610d29661a67c02d1cf22811890198f", @ANYRES64], 0x48}}, 0x4810)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)

1.526106885s ago: executing program 3 (id=3058):
socket$nl_route(0x10, 0x3, 0x0)
chdir(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x101, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b000000ffffffe3000000005442a07365367ea9", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x2000000000000083, &(0x7f0000000380)=ANY=[@ANYRESOCT=r2, @ANYRES32=r3, @ANYRES64=r0, @ANYRES64=r2, @ANYRES16=r1, @ANYRES8=r0, @ANYRES64=r0, @ANYRESOCT=r2], &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
shmget(0x1, 0x1000, 0x200, &(0x7f0000fff000/0x1000)=nil)
r4 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0)
setrlimit(0x7, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0xf)
fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, 0x0, 0x0, 0x0)
setreuid(0xee01, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r5 = getpid()
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r6 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r6, 0x1, 0x25, &(0x7f00000002c0), 0x8)
r7 = syz_pidfd_open(r5, 0x0)
setns(r7, 0x24020000)
syz_clone(0x120e1100, 0x0, 0x13, 0x0, 0x0, 0x0)

1.266383696s ago: executing program 1 (id=3059):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe5c, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x48885}, 0x20008040)
sendmsg$NFNL_MSG_CTHELPER_DEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a800000002090102000000000000000002000008080006400000000108000540000000190800064000000001680002000c000280050001008800000014000180080001006401010208000200ac1414aa2c00018014000300fc00000000000000000000000000000114000400fe8000000000000000000000000000050c00028005000100110000000c000280050001003a7ce583eb287c06000000060900010073797a3100000000"], 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x891)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
shutdown(r1, 0x0)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, 0x0, 0x4000004)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
timer_create(0x3, 0x0, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
setrlimit(0xf, &(0x7f00000000c0)={0x0, 0x3})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5d371c61f550e9d86aabda45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b2267bd8f803ea38f10a6e9c4a49bf23525e08c12d229211fe4d88cf1440f29accfa50f327ac1fb20d7f164100111bd21fca713b2475f1c997f3000000000080c426bcec79c6bc83ce4e6cbb17c01be69db342192d0a716cc24710d23321441f475ec485d642b61c6bd907071dbbe37c0b78f60fd2ad0d13ca62d9d9aafb01c3920b64cb5e023810e2de4327f90c389ce36d90ff9f3cb9d8cd2260d05a8126943a3df17157470595c68ac8df7fea6d42ecb2cdb65b4f2aef0db2b2de949a6d4ec37f2fd693ae44944041a64fe6336aba1c66b1b95d2edbc40364a049616ae962d75eae619548aa86bd5f0bad56e7ad7de2ee5e6f3b42e3a27094b6b5face99456d9af1926b21d37faf7612d9752cf58e6424decd530b5419e117ec08647566b1bdd75d6a9a1e600aaf0f42ce94b4725d4c2da80150dc34e5975d6904f061ed9a7608959f2d24ee6ec4f2395d16e02f53c746f74b12013f738d76456c3407188eff97f31ca36e5d79e1f1c7c3b688ee21d37ba5ebf4afc2a61f16"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x55}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe06, 0x1000000, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff430500001100630377fbac141414e000000162079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
ppoll(&(0x7f0000000040)=[{r1, 0x6014}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x240c0880)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000003740)='ns/mnt\x00')
ioctl$NS_GET_OWNER_UID(r3, 0xb704, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x6, 0x4, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r7, 0x0, 0x0}, 0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

1.114162502s ago: executing program 2 (id=3060):
syz_emit_ethernet(0xae, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000308", 0x78, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b52ab", 0x0, 0x2b, 0x0, @private0, @private0, [@srh={0x0, 0x4, 0x4, 0x2, 0x1, 0x0, 0x0, [@private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}, @dstopts={0x88, 0x2, '\x00', [@hao={0xc9, 0x10, @remote}]}]}}}}}}}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000006000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES32=r1, @ANYRES8=r0], 0x3c}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000)
write(r1, &(0x7f0000000240)="14000000140005b7ffccca38b9000000060860eb", 0x14)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={0x3c, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000040)=0x8)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, 0x0, 0x0, 0x0}})

1.062086395s ago: executing program 2 (id=3061):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r5 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
getdents(0xffffffffffffffff, &(0x7f00000001c0)=""/24, 0x18)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, 0x0, 0xc010)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x800)
kexec_load(0x10, 0x0, 0x0, 0x2a0000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES16=r6, @ANYBLOB="140419424cd6638dd5aa0998c46dcfbe88724816f0962ffd6a39ee526fc181607d612253f0d01e60bc6ba35719fbc5707982f1885bbb6ac99b834f9a2868f920c2f863caeb3cb1f86a3afeba4ef886665fc1ab02caf4a218b3c20df055f0891a9b9e57800668fa8abca2783cd859dd107048288f070bb631970606165cb1d4d6cafcb0a254b4f8c00967a3d831f7030d2e5cad6a004631937f11604564e27714c3e6206d1885b89610d29661a67c02d1cf22811890198f", @ANYRES64], 0x48}}, 0x4810)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)

641.072135ms ago: executing program 5 (id=3062):
timer_create(0x1, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x6)
syz_open_dev$sg(0x0, 0x5, 0x484ec1)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$ax25(0x3, 0x0, 0x8)
bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000))
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10)
r6 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8f}, 0x19)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

630.098937ms ago: executing program 2 (id=3063):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, 0x0, 0x0, &(0x7f00000001c0))
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r5, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800)

504.162653ms ago: executing program 3 (id=3064):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
r5 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
getdents(0xffffffffffffffff, &(0x7f00000001c0)=""/24, 0x18)
r7 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r7, 0x0, 0xc010)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="2e00000011008188040f80ec59acbc0413a1810031000000000f000000028002002d1f00"/46, 0x2e}], 0x1}, 0x800)
kexec_load(0x10, 0x0, 0x0, 0x2a0000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES16=r6, @ANYBLOB="140419424cd6638dd5aa0998c46dcfbe88724816f0962ffd6a39ee526fc181607d612253f0d01e60bc6ba35719fbc5707982f1885bbb6ac99b834f9a2868f920c2f863caeb3cb1f86a3afeba4ef886665fc1ab02caf4a218b3c20df055f0891a9b9e57800668fa8abca2783cd859dd107048288f070bb631970606165cb1d4d6cafcb0a254b4f8c00967a3d831f7030d2e5cad6a004631937f11604564e27714c3e6206d1885b89610d29661a67c02d1cf22811890198f", @ANYRES64], 0x48}}, 0x4810)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)

0s ago: executing program 2 (id=3065):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
timer_create(0x2, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f018581c0bc0065666765f36f0f33f0100a660f3a0cb9000000752066b9800000c00f3a32c632c6004000a50f01d70f0901", 0x32}], 0x1, 0x54, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r1, 0x84, 0x82, &(0x7f00000002c0)="1a00000002000000", 0x8)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x900000001, 0x800000000, 0x45b, 0x0, 0x0, 0x7, 0x5, 0x0, 0xfc, 0xfffffffdfffffffc, 0xfdfffffffffffffc, 0x0, 0x9, 0x4000000000000004, 0x767], 0xeeef0000, 0x80082})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
io_setup(0x2, &(0x7f0000000040)=<r5=>0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x4e20, 0x8, @mcast2, 0x8}}}, &(0x7f0000000040)=0x84)
io_submit(r5, 0x1, &(0x7f00000002c0)=[0x0])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

kernel console output (not intermixed with test programs):

/virtual/input/input81
[  528.297199][T15307] binder: 15306:15307 ioctl c0306201 800003c0 returned -14
[  528.328521][   T10] usb 10-1: Found UVC 0.00 device syz (8086:0b07)
[  528.331959][   T10] usb 10-1: No valid video chain found.
[  528.335257][   T10] usb 10-1: USB disconnect, device number 10
[  528.492635][T15231] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  528.501383][T15231] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  528.512331][T15231] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  528.519569][T15231] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  528.657410][T15231] 8021q: adding VLAN 0 to HW filter on device bond0
[  528.671157][T15231] 8021q: adding VLAN 0 to HW filter on device team0
[  528.686543][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  528.689677][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  528.694334][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  528.697261][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  528.714699][T15231] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  528.722005][T15231] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  528.773544][   T88] veth1_macvtap: left promiscuous mode
[  528.777573][   T88] veth0_macvtap: left promiscuous mode
[  528.779385][   T88] veth1_vlan: left promiscuous mode
[  528.781578][   T88] veth0_vlan: left promiscuous mode
[  528.815318][ T5988] Bluetooth: hci0: command tx timeout
[  528.841773][T15344] ptrace attach of "/syz-executor exec"[15123] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  529.168081][T15343] ptrace attach of "/syz-executor exec"[14567] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  529.915239][ T5988] Bluetooth: hci4: command tx timeout
[  530.529749][T15231] 8021q: adding VLAN 0 to HW filter on device batadv0
[  530.581494][T15231] veth0_vlan: entered promiscuous mode
[  530.590649][T15231] veth1_vlan: entered promiscuous mode
[  530.611648][T15231] veth0_macvtap: entered promiscuous mode
[  530.618991][T15231] veth1_macvtap: entered promiscuous mode
[  530.628988][T15231] batman_adv: batadv0: Interface activated: batadv_slave_0
[  530.634964][T15231] batman_adv: batadv0: Interface activated: batadv_slave_1
[  530.642716][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  530.644840][T15357] block nbd2: shutting down sockets
[  530.646611][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  530.653234][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  530.657266][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  530.700011][T15365] EXT4-fs: Conflicting test_dummy_encryption options
[  530.726463][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.730092][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.833492][ T1204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  530.837059][ T1204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  530.865363][ T5988] Bluetooth: hci0: command tx timeout
[  530.890042][T15368] FAULT_INJECTION: forcing a failure.
[  530.890042][T15368] name failslab, interval 1, probability 0, space 0, times 0
[  530.897321][T15368] CPU: 2 UID: 0 PID: 15368 Comm: syz.3.2517 Not tainted syzkaller #0 PREEMPT(full) 
[  530.897361][T15368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  530.897372][T15368] Call Trace:
[  530.897380][T15368]  <TASK>
[  530.897387][T15368]  dump_stack_lvl+0x16c/0x1f0
[  530.897417][T15368]  should_fail_ex+0x512/0x640
[  530.897445][T15368]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  530.897467][T15368]  should_failslab+0xc2/0x120
[  530.897490][T15368]  __kmalloc_cache_noprof+0x6a/0x3e0
[  530.897510][T15368]  ? cfg80211_sinfo_alloc_tid_stats+0xa6/0x170
[  530.897538][T15368]  cfg80211_sinfo_alloc_tid_stats+0xa6/0x170
[  530.897565][T15368]  sta_set_sinfo+0x307f/0x67e0
[  530.897602][T15368]  ? kasan_save_track+0x14/0x30
[  530.897626][T15368]  __sta_info_destroy_part2+0x2da/0x540
[  530.897656][T15368]  __sta_info_flush+0x521/0x740
[  530.897687][T15368]  ? __pfx___sta_info_flush+0x10/0x10
[  530.897721][T15368]  ieee80211_ibss_disconnect+0x165/0x8f0
[  530.897747][T15368]  ieee80211_ibss_leave+0x4a/0x160
[  530.897768][T15368]  cfg80211_leave_ibss+0x1ac/0x480
[  530.897792][T15368]  cfg80211_change_iface+0x419/0xdc0
[  530.897819][T15368]  nl80211_set_interface+0x911/0xcb0
[  530.897847][T15368]  ? __pfx_nl80211_set_interface+0x10/0x10
[  530.897875][T15368]  ? nl80211_pre_doit+0x71e/0xb10
[  530.897894][T15368]  ? nl80211_pre_doit+0x1b0/0xb10
[  530.897920][T15368]  genl_family_rcv_msg_doit+0x206/0x2f0
[  530.897944][T15368]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  530.897973][T15368]  ? bpf_lsm_capable+0x9/0x10
[  530.897990][T15368]  ? security_capable+0x7e/0x260
[  530.898011][T15368]  ? ns_capable+0xd7/0x110
[  530.898033][T15368]  genl_rcv_msg+0x55c/0x800
[  530.898055][T15368]  ? __pfx_genl_rcv_msg+0x10/0x10
[  530.898074][T15368]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  530.898094][T15368]  ? __pfx_nl80211_set_interface+0x10/0x10
[  530.898125][T15368]  ? __pfx_nl80211_post_doit+0x10/0x10
[  530.898152][T15368]  netlink_rcv_skb+0x155/0x420
[  530.898180][T15368]  ? __pfx_genl_rcv_msg+0x10/0x10
[  530.898200][T15368]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  530.898239][T15368]  ? netlink_deliver_tap+0x1ae/0xd30
[  530.898286][T15368]  genl_rcv+0x28/0x40
[  530.898303][T15368]  netlink_unicast+0x5aa/0x870
[  530.898332][T15368]  ? __pfx_netlink_unicast+0x10/0x10
[  530.898359][T15368]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  530.898392][T15368]  netlink_sendmsg+0x8d1/0xdd0
[  530.898423][T15368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  530.898455][T15368]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  530.898480][T15368]  ____sys_sendmsg+0xa95/0xc70
[  530.898505][T15368]  ? __pfx_____sys_sendmsg+0x10/0x10
[  530.898525][T15368]  ? get_compat_msghdr+0x11a/0x170
[  530.898562][T15368]  ___sys_sendmsg+0x134/0x1d0
[  530.898590][T15368]  ? __pfx____sys_sendmsg+0x10/0x10
[  530.898627][T15368]  ? find_held_lock+0x2b/0x80
[  530.898661][T15368]  __sys_sendmsg+0x16d/0x220
[  530.898687][T15368]  ? __pfx___sys_sendmsg+0x10/0x10
[  530.898726][T15368]  ? rcu_is_watching+0x12/0xc0
[  530.898749][T15368]  __do_fast_syscall_32+0x7c/0x300
[  530.898770][T15368]  do_fast_syscall_32+0x32/0x80
[  530.898788][T15368]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  530.898810][T15368] RIP: 0023:0xf7f88579
[  530.898825][T15368] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  530.898841][T15368] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  530.898859][T15368] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  530.898870][T15368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  530.898881][T15368] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  530.898891][T15368] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  530.898901][T15368] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  530.898924][T15368]  </TASK>
[  531.010439][T15374] loop7: detected capacity change from 0 to 16384
[  531.011786][    C2] vkms_vblank_simulate: vblank timer overrun
[  531.040867][    C2] vkms_vblank_simulate: vblank timer overrun
[  531.043352][    C2] hpet_rtc_timer_reinit: 364 callbacks suppressed
[  531.043362][    C2] hpet: Lost 8 RTC interrupts
[  531.077016][   T88] IPVS: stop unused estimator thread 0...
[  531.270797][T15387] gfs2: gfs2 mount does not exist
[  531.601539][T15394] 9pnet_fd: Insufficient options for proto=fd
[  531.962278][   T40] audit: type=1326 audit(1758992737.545:3697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f64598 code=0x7ffc0000
[  531.969147][   T40] audit: type=1326 audit(1758992737.545:3698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f64598 code=0x7ffc0000
[  531.975958][   T40] audit: type=1326 audit(1758992737.545:3699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  531.983178][   T40] audit: type=1326 audit(1758992737.545:3700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  531.991034][ T5988] Bluetooth: hci4: command tx timeout
[  531.993206][   T40] audit: type=1326 audit(1758992737.545:3701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  532.001347][   T40] audit: type=1326 audit(1758992737.545:3702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  532.012986][T15389] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  532.018243][   T40] audit: type=1326 audit(1758992737.545:3703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  532.052451][   T40] audit: type=1326 audit(1758992737.545:3704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  532.061600][   T40] audit: type=1326 audit(1758992737.545:3705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15406 comm="syz.1.2559" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  532.180916][T15418] bridge_slave_0: left allmulticast mode
[  532.185205][T15418] bridge_slave_0: left promiscuous mode
[  532.187358][T15418] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.304538][T15425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2561'.
[  532.363000][T15427] loop0: detected capacity change from 0 to 2560
[  532.368871][T15427] buffer_io_error: 286 callbacks suppressed
[  532.368881][T15427] Buffer I/O error on dev loop0, logical block 0, lost async page write
[  532.377530][T14457] Buffer I/O error on dev loop0, logical block 3, async page read
[  532.504932][T15418] bridge_slave_1: left allmulticast mode
[  532.507565][T15418] bridge_slave_1: left promiscuous mode
[  532.509496][T15418] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.518336][T15418] bond0: (slave bond_slave_0): Releasing backup interface
[  532.523016][T15418] bond0: (slave bond_slave_1): Releasing backup interface
[  532.530762][T15418] team0: Port device team_slave_0 removed
[  532.538690][T15418] team0: Port device team_slave_1 removed
[  532.541011][T15418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  532.543808][T15418] batman_adv: batadv0: Removing interface: batadv_slave_0
[  532.549621][T15418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  532.552013][T15418] batman_adv: batadv0: Removing interface: batadv_slave_1
[  532.572167][T15414] team0: Mode changed to "loadbalance"
[  532.675367][T15430] overlayfs: statfs failed on './file0'
[  533.537091][T15432] tunl0: entered promiscuous mode
[  533.542623][T15432] netlink: 'syz.5.2565': attribute type 4 has an invalid length.
[  533.546026][T15432] netlink: 9 bytes leftover after parsing attributes in process `syz.5.2565'.
[  533.610189][   T24] kernel write not supported for file /dsp1 (pid: 24 comm: kworker/2:0)
[  533.822876][T15444] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2569'.
[  533.829562][T15443] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2569'.
[  533.885502][   T24] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  534.050052][   T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  534.055037][   T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  534.065357][ T5988] Bluetooth: hci4: command tx timeout
[  534.069124][   T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  534.078389][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.096465][T15440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  534.112027][   T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  534.374054][ T6044] usb 6-1: USB disconnect, device number 38
[  534.743097][T15466] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  534.745703][T15466] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  534.749293][T15466] vhci_hcd vhci_hcd.0: Device attached
[  535.038385][ T6044] usb 48-1: SetAddress Request (21) to port 0
[  535.040888][ T6044] usb 48-1: new SuperSpeed USB device number 21 using vhci_hcd
[  535.176633][T15475] overlayfs: conflicting lowerdir path
[  535.276425][T12563] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  535.331151][T15467] vhci_hcd: connection reset by peer
[  535.343581][ T6116] vhci_hcd: stop threads
[  535.353826][ T6116] vhci_hcd: release socket
[  535.356333][ T6116] vhci_hcd: disconnect device
[  535.955264][   T24] usb 7-1: new full-speed USB device number 19 using dummy_hcd
[  536.106671][   T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  536.109907][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  536.113644][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  536.117146][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  536.123656][   T24] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  536.127591][   T24] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  536.130757][   T24] usb 7-1: Manufacturer: syz
[  536.134265][   T24] usb 7-1: config 0 descriptor??
[  536.186798][T15487] ptrace attach of "/syz-executor exec"[15231] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  536.405618][   T24] rc_core: IR keymap rc-hauppauge not found
[  536.433599][    C2] hpet_rtc_timer_reinit: 582 callbacks suppressed
[  536.433613][    C2] hpet: Lost 1 RTC interrupts
[  536.440799][   T24] Registered IR keymap rc-empty
[  536.442403][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.455278][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.476880][   T24] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  536.482313][   T24] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input82
[  536.488139][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.505201][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.525292][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.545297][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.565220][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.585244][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.611348][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.625263][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.647043][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.665765][   T24] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  536.687520][   T24] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  536.691496][   T24] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  536.708261][   T24] usb 7-1: USB disconnect, device number 19
[  536.891606][T15503] netlink: zone id is out of range
[  536.893814][T15503] netlink: zone id is out of range
[  536.896617][T15503] netlink: zone id is out of range
[  536.898857][T15503] netlink: zone id is out of range
[  536.901580][T15503] netlink: zone id is out of range
[  536.903737][T15503] netlink: zone id is out of range
[  536.906159][T15503] netlink: zone id is out of range
[  536.908299][T15503] netlink: zone id is out of range
[  536.910268][T15503] netlink: zone id is out of range
[  536.912032][T15503] netlink: zone id is out of range
[  538.049234][T15536] ptrace attach of "/syz-executor exec"[15231] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  538.815004][T15521] lo speed is unknown, defaulting to 1000
[  539.213604][    T9] usb 8-1: new full-speed USB device number 24 using dummy_hcd
[  539.260534][T15554] ptrace attach of "/syz-executor exec"[9237] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5c
[  539.335607][T15559] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2594'.
[  539.371171][    C0] vkms_vblank_simulate: vblank timer overrun
[  539.377345][T15559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2594'.
[  539.456236][    T9] usb 8-1: not running at top speed; connect to a high speed hub
[  539.459958][    T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  539.468333][    T9] usb 8-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.40
[  539.471220][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.473764][    T9] usb 8-1: Product: syz
[  539.475433][    T9] usb 8-1: Manufacturer: syz
[  539.477389][    T9] usb 8-1: SerialNumber: syz
[  539.482344][T15550] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  539.618848][T15570] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2599'.
[  539.766314][    T9] usbhid 8-1:1.0: can't add hid device: -71
[  539.768333][    T9] usbhid 8-1:1.0: probe with driver usbhid failed with error -71
[  539.793763][    T9] usb 8-1: USB disconnect, device number 24
[  539.866987][T15579] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  539.869938][T15579] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  539.878849][T15579] vhci_hcd vhci_hcd.0: Device attached
[  539.949121][T15581] vhci_hcd: connection closed
[  539.954450][T15578] tmpfs: Unknown parameter 'hash'
[  539.964880][   T95] vhci_hcd: stop threads
[  539.974703][   T95] vhci_hcd: release socket
[  540.136129][   T95] vhci_hcd: disconnect device
[  540.155241][ T6044] usb 48-1: device descriptor read/8, error -110
[  540.205308][  T841] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  540.212993][  T841] usb 41-1: enqueue for inactive port 0
[  540.305707][  T841] vhci_hcd: vhci_device speed not set
[  540.350699][T15589] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2601'.
[  540.440979][T15592] input: syz1 as /devices/virtual/input/input83
[  540.566776][ T6044] usb usb48-port1: attempt power cycle
[  541.396124][ T6044] usb usb48-port1: unable to enumerate USB device
[  541.704175][T15606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2608'.
[  541.760661][T15608] syz_tun: entered allmulticast mode
[  541.767857][T15607] syz_tun: left allmulticast mode
[  541.937296][T15615] gfs2: gfs2 mount does not exist
[  542.065405][  T841] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  542.208136][T15619] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  542.210466][T15619] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  542.213743][T15619] vhci_hcd vhci_hcd.0: Device attached
[  542.237793][  T841] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.241184][  T841] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  542.244650][  T841] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  542.352513][T15620] vhci_hcd: connection closed
[  542.353718][ T1147] vhci_hcd: stop threads
[  542.357831][ T1147] vhci_hcd: release socket
[  542.362184][ T1147] vhci_hcd: disconnect device
[  542.407039][ T6018] vhci_hcd: vhci_device speed not set
[  542.696229][T15615] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  543.494924][  T841] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  543.502651][  T841] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  543.512137][  T841] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  543.514786][  T841] usb 6-1: Manufacturer: syz
[  543.520343][  T841] usb 6-1: config 0 descriptor??
[  543.669385][T15654] affs: No valid root block on device nbd3
[  543.680804][T15650] autofs: Bad value for 'uid'
[  543.682863][T15650] autofs: Bad value for 'uid'
[  543.716948][T15659] netlink: 'syz.2.2624': attribute type 2 has an invalid length.
[  543.786133][  T841] rc_core: IR keymap rc-hauppauge not found
[  543.788647][  T841] Registered IR keymap rc-empty
[  543.798320][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.835393][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.856142][  T841] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  543.864068][  T841] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input84
[  543.874125][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.895249][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.915593][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.945364][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.965238][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  543.985778][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  544.015228][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  544.035915][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  544.055194][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  544.085208][  T841] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  544.106712][  T841] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  544.110352][  T841] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  544.116978][  T841] usb 6-1: USB disconnect, device number 39
[  544.218781][T15669] FAULT_INJECTION: forcing a failure.
[  544.218781][T15669] name failslab, interval 1, probability 0, space 0, times 0
[  544.223927][T15669] CPU: 2 UID: 0 PID: 15669 Comm: syz.5.2627 Not tainted syzkaller #0 PREEMPT(full) 
[  544.223950][T15669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  544.223962][T15669] Call Trace:
[  544.223969][T15669]  <TASK>
[  544.223977][T15669]  dump_stack_lvl+0x16c/0x1f0
[  544.224014][T15669]  should_fail_ex+0x512/0x640
[  544.224041][T15669]  ? __pfx_skb_network_protocol+0x10/0x10
[  544.224065][T15669]  should_failslab+0xc2/0x120
[  544.224092][T15669]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  544.224116][T15669]  ? skb_clone+0x190/0x3f0
[  544.224145][T15669]  skb_clone+0x190/0x3f0
[  544.224174][T15669]  dev_queue_xmit_nit+0x3e7/0xca0
[  544.224208][T15669]  dev_hard_start_xmit+0x5c3/0x740
[  544.224232][T15669]  ? skb_clone+0x190/0x3f0
[  544.224261][T15669]  __dev_queue_xmit+0xa46/0x4490
[  544.224296][T15669]  ? __pfx___dev_queue_xmit+0x10/0x10
[  544.224346][T15669]  ? __skb_clone+0x570/0x760
[  544.224379][T15669]  netlink_deliver_tap+0xa87/0xd30
[  544.224414][T15669]  netlink_unicast+0x64c/0x870
[  544.224446][T15669]  ? __pfx_netlink_unicast+0x10/0x10
[  544.224474][T15669]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  544.224509][T15669]  netlink_sendmsg+0x8d1/0xdd0
[  544.224540][T15669]  ? __pfx_netlink_sendmsg+0x10/0x10
[  544.224570][T15669]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  544.224597][T15669]  ____sys_sendmsg+0xa95/0xc70
[  544.224622][T15669]  ? __pfx_____sys_sendmsg+0x10/0x10
[  544.224642][T15669]  ? get_compat_msghdr+0x11a/0x170
[  544.224679][T15669]  ___sys_sendmsg+0x134/0x1d0
[  544.224707][T15669]  ? __pfx____sys_sendmsg+0x10/0x10
[  544.224750][T15669]  ? find_held_lock+0x2b/0x80
[  544.224785][T15669]  __sys_sendmsg+0x16d/0x220
[  544.224813][T15669]  ? __pfx___sys_sendmsg+0x10/0x10
[  544.224850][T15669]  ? rcu_is_watching+0x12/0xc0
[  544.224874][T15669]  __do_fast_syscall_32+0x7c/0x300
[  544.224895][T15669]  do_fast_syscall_32+0x32/0x80
[  544.224914][T15669]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  544.224937][T15669] RIP: 0023:0xf7f02579
[  544.224952][T15669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  544.224970][T15669] RSP: 002b:00000000f53f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  544.224992][T15669] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[  544.225003][T15669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  544.225015][T15669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  544.225026][T15669] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  544.225037][T15669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  544.225061][T15669]  </TASK>
[  544.327045][    C2] hpet: Lost 6 RTC interrupts
[  544.423541][T15672] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  544.425763][T15672] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  544.428419][T15672] vhci_hcd vhci_hcd.0: Device attached
[  544.491028][T15673] vhci_hcd: connection closed
[  544.493822][ T7294] vhci_hcd: stop threads
[  544.501792][ T7294] vhci_hcd: release socket
[  544.503717][ T7294] vhci_hcd: disconnect device
[  544.836957][T15700] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2634'.
[  545.935213][   T24] usb 6-1: new full-speed USB device number 40 using dummy_hcd
[  546.087168][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  546.092150][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  546.096975][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  546.101201][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  546.109001][   T24] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  546.112937][   T24] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  546.116464][   T24] usb 6-1: Manufacturer: syz
[  546.122056][   T24] usb 6-1: config 0 descriptor??
[  546.324866][T15727] ptrace attach of "/syz-executor exec"[15231] was attempted by "/syz-executor exec"[15727]
[  546.925286][   T24] rc_core: IR keymap rc-hauppauge not found
[  546.927916][   T24] Registered IR keymap rc-empty
[  546.930118][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  546.946247][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  546.966080][   T24] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  546.972759][   T24] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input85
[  546.980421][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  546.995236][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.015324][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.035413][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.055237][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.073790][T15737] syz_tun: entered allmulticast mode
[  547.074886][T15736] syz_tun: left allmulticast mode
[  547.079055][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.095493][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.229575][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  547.363187][T15740] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2648'.
[  547.905444][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  548.028488][   T24] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  548.056179][   T24] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  548.059926][   T24] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  548.064573][   T24] usb 6-1: USB disconnect, device number 40
[  548.180835][T15759] FAULT_INJECTION: forcing a failure.
[  548.180835][T15759] name failslab, interval 1, probability 0, space 0, times 0
[  548.186172][T15759] CPU: 3 UID: 0 PID: 15759 Comm: syz.1.2657 Not tainted syzkaller #0 PREEMPT(full) 
[  548.186196][T15759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  548.186208][T15759] Call Trace:
[  548.186214][T15759]  <TASK>
[  548.186222][T15759]  dump_stack_lvl+0x16c/0x1f0
[  548.186255][T15759]  should_fail_ex+0x512/0x640
[  548.186283][T15759]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  548.186311][T15759]  should_failslab+0xc2/0x120
[  548.186336][T15759]  __kmalloc_cache_noprof+0x6a/0x3e0
[  548.186357][T15759]  ? snd_pcm_oss_change_params_locked+0x211/0x3a30
[  548.186381][T15759]  snd_pcm_oss_change_params_locked+0x211/0x3a30
[  548.186406][T15759]  ? __pfx___might_resched+0x10/0x10
[  548.186427][T15759]  ? rcu_is_watching+0x12/0xc0
[  548.186448][T15759]  ? trace_contention_end+0xdd/0x130
[  548.186474][T15759]  ? __mutex_lock+0x1c5/0x1060
[  548.186490][T15759]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  548.186532][T15759]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  548.186556][T15759]  snd_pcm_oss_write+0x4c3/0xa10
[  548.186580][T15759]  ? bpf_lsm_file_permission+0x9/0x10
[  548.186605][T15759]  ? security_file_permission+0x71/0x210
[  548.186634][T15759]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  548.186657][T15759]  vfs_write+0x2a0/0x11d0
[  548.186685][T15759]  ? __pfx_vfs_write+0x10/0x10
[  548.186705][T15759]  ? find_held_lock+0x2b/0x80
[  548.186724][T15759]  ? __fget_files+0x204/0x3c0
[  548.186751][T15759]  ? __fget_files+0x20e/0x3c0
[  548.186769][T15759]  ? handle_mm_fault+0x240/0xd10
[  548.186795][T15759]  ksys_write+0x12a/0x250
[  548.186816][T15759]  ? __pfx_ksys_write+0x10/0x10
[  548.186840][T15759]  ? rcu_is_watching+0x12/0xc0
[  548.186862][T15759]  __do_fast_syscall_32+0x7c/0x300
[  548.186882][T15759]  do_fast_syscall_32+0x32/0x80
[  548.186900][T15759]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  548.186922][T15759] RIP: 0023:0xf7f64579
[  548.186936][T15759] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  548.186970][T15759] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  548.186988][T15759] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000500
[  548.187000][T15759] RDX: 000000000000fdbc RSI: 0000000000000000 RDI: 0000000000000000
[  548.187011][T15759] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  548.187022][T15759] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  548.187032][T15759] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  548.187054][T15759]  </TASK>
[  548.474810][T15765] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  548.477650][T15765] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  548.483132][T15765] vhci_hcd vhci_hcd.0: Device attached
[  548.546773][T15766] vhci_hcd: connection closed
[  548.547756][   T95] vhci_hcd: stop threads
[  548.550912][   T95] vhci_hcd: release socket
[  548.552699][   T95] vhci_hcd: disconnect device
[  548.575373][   T56] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[  548.731103][   T56] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  548.751537][   T56] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  548.774768][   T56] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  548.783417][   T56] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  548.805396][   T56] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  548.819978][   T56] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  548.834296][   T56] usb 6-1: Manufacturer: syz
[  548.906040][   T56] usb 6-1: config 0 descriptor??
[  549.418215][   T56] rc_core: IR keymap rc-hauppauge not found
[  549.420228][   T56] Registered IR keymap rc-empty
[  549.422456][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.436134][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.472414][   T56] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  549.493311][   T56] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input86
[  549.518840][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.555848][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.586395][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.616279][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.647612][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.676419][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.805375][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.848163][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.881932][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.926263][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  549.968463][   T56] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  549.971356][   T56] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  550.005461][   T56] usb 6-1: USB disconnect, device number 41
[  550.157802][T15784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2664'.
[  550.160676][T15784] net_ratelimit: 8 callbacks suppressed
[  550.160687][T15784] openvswitch: netlink: nsh attr 6233 is out of range max 3
[  550.164745][T15784] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  550.288949][T15754] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  550.291016][T15754] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  550.294614][T15754] vhci_hcd vhci_hcd.0: Device attached
[  550.384402][T15793] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  550.387220][T15793] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  550.390908][T15793] vhci_hcd vhci_hcd.0: Device attached
[  550.453766][T15796] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.2665'.
[  550.565743][   T10] usb 44-1: SetAddress Request (22) to port 0
[  550.567706][   T10] usb 44-1: new SuperSpeed USB device number 22 using vhci_hcd
[  550.696375][T15794] vhci_hcd: connection closed
[  550.750617][ T1204] vhci_hcd: stop threads
[  550.775193][ T1204] vhci_hcd: release socket
[  550.841140][ T1204] vhci_hcd: disconnect device
[  550.885805][ T6222] vhci_hcd: vhci_device speed not set
[  551.638990][T15754] netdevsim netdevsim3: Direct firmware load for @ failed with error -2
[  551.641874][T15754] netdevsim netdevsim3: Falling back to sysfs fallback for: @
[  552.019290][T15790] vhci_hcd: connection reset by peer
[  552.023945][ T6116] vhci_hcd: stop threads
[  552.033902][ T6116] vhci_hcd: release socket
[  552.035951][ T6116] vhci_hcd: disconnect device
[  552.305783][   T56] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[  552.456822][   T56] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  552.460961][   T56] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  552.464811][   T56] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  552.468855][   T56] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  552.475368][   T56] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  552.478243][   T56] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  552.480795][   T56] usb 6-1: Manufacturer: syz
[  552.483489][   T56] usb 6-1: config 0 descriptor??
[  552.755240][   T56] rc_core: IR keymap rc-hauppauge not found
[  552.757153][   T56] Registered IR keymap rc-empty
[  552.758729][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.775333][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.797472][   T56] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  552.802908][   T56] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input87
[  552.810061][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.835189][   T34] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  552.839110][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.855688][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.885658][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.906012][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.925351][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.946074][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.965572][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  552.975639][T15831] gfs2: gfs2 mount does not exist
[  552.995170][   T34] usb 8-1: Using ep0 maxpacket: 32
[  552.996945][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  553.000368][   T34] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  553.003814][   T34] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  553.007510][   T34] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  553.013556][   T34] usb 8-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  553.016503][   T56] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  553.018745][   T34] usb 8-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  553.021665][   T34] usb 8-1: Product: syz
[  553.023416][   T34] usb 8-1: Manufacturer: syz
[  553.026887][   T34] usb 8-1: SerialNumber: syz
[  553.033556][   T34] input: appletouch as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/input/input88
[  553.040466][   T56] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  553.046578][   T56] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  553.053696][   T56] usb 6-1: USB disconnect, device number 42
[  553.215290][T12563] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  553.244335][   T34] usb 8-1: USB disconnect, device number 25
[  553.250899][   T34] appletouch 8-1:1.0: input: appletouch disconnected
[  553.511031][T15837] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  553.513166][T15837] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  553.516322][T15837] vhci_hcd vhci_hcd.0: Device attached
[  553.571619][T15840] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.2677'.
[  553.700433][T15838] vhci_hcd: connection closed
[  553.700755][ T6116] vhci_hcd: stop threads
[  553.708050][ T6116] vhci_hcd: release socket
[  553.710081][ T6116] vhci_hcd: disconnect device
[  553.775387][   T29] usb 39-1: new high-speed USB device number 4 using vhci_hcd
[  553.791850][   T29] usb 39-1: enqueue for inactive port 0
[  553.864106][T15831] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  553.872926][   T29] vhci_hcd: vhci_device speed not set
[  554.872903][T15863] FAULT_INJECTION: forcing a failure.
[  554.872903][T15863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  554.879007][T15863] CPU: 2 UID: 0 PID: 15863 Comm: syz.2.2683 Not tainted syzkaller #0 PREEMPT(full) 
[  554.879045][T15863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  554.879056][T15863] Call Trace:
[  554.879063][T15863]  <TASK>
[  554.879069][T15863]  dump_stack_lvl+0x16c/0x1f0
[  554.879102][T15863]  should_fail_ex+0x512/0x640
[  554.879134][T15863]  _copy_from_user+0x2e/0xd0
[  554.879154][T15863]  get_compat_cmd+0x89/0x4a0
[  554.879176][T15863]  ? __pfx_get_compat_cmd+0x10/0x10
[  554.879202][T15863]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  554.879226][T15863]  ? rcu_is_watching+0x12/0xc0
[  554.879249][T15863]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  554.879278][T15863]  comedi_compat_ioctl+0x69a/0x990
[  554.879302][T15863]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  554.879325][T15863]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  554.879354][T15863]  ? do_vfs_ioctl+0x128/0x14f0
[  554.879387][T15863]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  554.879417][T15863]  ? rcu_is_watching+0x12/0xc0
[  554.879433][T15863]  ? irqentry_exit+0x3b/0x90
[  554.879459][T15863]  ? lockdep_hardirqs_on+0x7c/0x110
[  554.879493][T15863]  ? security_file_ioctl_compat+0xa6/0x240
[  554.879537][T15863]  ? bpf_lsm_file_ioctl_compat+0x9/0x10
[  554.879565][T15863]  ? security_file_ioctl_compat+0xc6/0x240
[  554.879588][T15863]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  554.879613][T15863]  __ia32_compat_sys_ioctl+0x242/0x370
[  554.879643][T15863]  __do_fast_syscall_32+0x7c/0x300
[  554.879664][T15863]  do_fast_syscall_32+0x32/0x80
[  554.879679][T15863]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  554.879703][T15863] RIP: 0023:0xf708e579
[  554.879719][T15863] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  554.879737][T15863] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  554.879756][T15863] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080406409
[  554.879768][T15863] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  554.879779][T15863] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  554.879787][T15863] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  554.879798][T15863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  554.879821][T15863]  </TASK>
[  554.983214][    C2] hpet: Lost 5 RTC interrupts
[  555.049821][T15866] FAULT_INJECTION: forcing a failure.
[  555.049821][T15866] name failslab, interval 1, probability 0, space 0, times 0
[  555.056619][T15866] CPU: 1 UID: 0 PID: 15866 Comm: syz.2.2687 Not tainted syzkaller #0 PREEMPT(full) 
[  555.056660][T15866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  555.056672][T15866] Call Trace:
[  555.056679][T15866]  <TASK>
[  555.056687][T15866]  dump_stack_lvl+0x16c/0x1f0
[  555.056719][T15866]  should_fail_ex+0x512/0x640
[  555.056746][T15866]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  555.056768][T15866]  should_failslab+0xc2/0x120
[  555.056792][T15866]  __kmalloc_cache_noprof+0x6a/0x3e0
[  555.056809][T15866]  ? sf_markstate+0x18e/0x4b0
[  555.056834][T15866]  ? ip6_mc_add_src+0x9cd/0x1180
[  555.056863][T15866]  ip6_mc_add_src+0x9cd/0x1180
[  555.056907][T15866]  ip6_mc_source+0x124b/0x15c0
[  555.056935][T15866]  do_ipv6_mcast_group_source+0x183/0x260
[  555.056961][T15866]  ? __pfx_do_ipv6_mcast_group_source+0x10/0x10
[  555.057011][T15866]  ? __local_bh_enable_ip+0xa4/0x120
[  555.057033][T15866]  ? lockdep_hardirqs_on+0x7c/0x110
[  555.057064][T15866]  do_ipv6_setsockopt+0x26b8/0x4350
[  555.057092][T15866]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  555.057116][T15866]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  555.057148][T15866]  ? find_held_lock+0x2b/0x80
[  555.057167][T15866]  ? get_pid_task+0xfc/0x250
[  555.057202][T15866]  ? __pfx___might_resched+0x10/0x10
[  555.057222][T15866]  ? __lock_acquire+0x62e/0x1ce0
[  555.057248][T15866]  ? aa_sk_perm+0x2f4/0xb10
[  555.057270][T15866]  ? ksys_write+0x190/0x250
[  555.057294][T15866]  ? __pfx_aa_sk_perm+0x10/0x10
[  555.057321][T15866]  ? ipv6_setsockopt+0xcb/0x170
[  555.057343][T15866]  ipv6_setsockopt+0xcb/0x170
[  555.057370][T15866]  udpv6_setsockopt+0x7d/0xd0
[  555.057397][T15866]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  555.057420][T15866]  do_sock_setsockopt+0xf3/0x1d0
[  555.057443][T15866]  __sys_setsockopt+0x120/0x1a0
[  555.057474][T15866]  __ia32_sys_setsockopt+0xbc/0x160
[  555.057498][T15866]  ? lockdep_hardirqs_on+0x7c/0x110
[  555.057523][T15866]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  555.057551][T15866]  __do_fast_syscall_32+0x7c/0x300
[  555.057571][T15866]  do_fast_syscall_32+0x32/0x80
[  555.057588][T15866]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  555.057611][T15866] RIP: 0023:0xf708e579
[  555.057626][T15866] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  555.057643][T15866] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  555.057661][T15866] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000029
[  555.057673][T15866] RDX: 000000000000002e RSI: 0000000080000200 RDI: 0000000000000108
[  555.057685][T15866] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  555.057696][T15866] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  555.057706][T15866] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  555.057730][T15866]  </TASK>
[  555.245401][   T29] usb 6-1: new full-speed USB device number 43 using dummy_hcd
[  555.276202][T15874] ptrace attach of "/syz-executor exec"[9237] was attempted by "/syz-executor exec"[15874]
[  555.419829][   T29] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  555.424409][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  555.428840][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  555.443012][T15880] gfs2: gfs2 mount does not exist
[  555.444892][   T29] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  555.459366][   T29] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  555.463201][   T29] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  555.485812][   T29] usb 6-1: Manufacturer: syz
[  555.520400][   T29] usb 6-1: config 0 descriptor??
[  555.619851][ T1204] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  555.622812][ T1204] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  555.627970][ T1204] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  555.631180][ T1204] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  555.745540][ T1023] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  555.867230][   T29] rc_core: IR keymap rc-hauppauge not found
[  555.869765][   T29] Registered IR keymap rc-empty
[  555.871669][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  555.895195][ T1023] usb 7-1: Using ep0 maxpacket: 8
[  555.895538][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  555.902451][ T1023] usb 7-1: unable to get BOS descriptor or descriptor too short
[  555.906435][ T1023] usb 7-1: config 4 interface 0 has no altsetting 0
[  555.910952][ T1023] usb 7-1: string descriptor 0 read error: -22
[  555.913032][ T1023] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  555.916133][ T1023] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.921902][ T1023] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  555.926193][ T1023] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  555.930827][ T1023] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  555.931028][   T29] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0
[  555.933548][ T1023] usb 7-1: media controller created
[  555.945278][ T1023] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  555.946307][   T29] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input89
[  555.958395][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  555.985272][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.005864][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.025370][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.046059][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.065405][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.085220][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.105320][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.119672][T15880] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  556.125257][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.140816][ T1023] zl10353_read_register: readreg error (reg=127, ret==0)
[  556.145445][   T29] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  556.170139][ T1023] usb 7-1: USB disconnect, device number 21
[  556.179193][   T29] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  556.183311][   T29] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  556.226416][   T29] usb 6-1: USB disconnect, device number 43
[  556.276803][T15896] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  556.279480][T15896] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  556.282427][T15896] vhci_hcd vhci_hcd.0: Device attached
[  556.347188][T15899] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2693'.
[  556.363144][T15897] vhci_hcd: connection closed
[  556.363484][ T6116] vhci_hcd: stop threads
[  556.366834][ T6116] vhci_hcd: release socket
[  556.368671][ T6116] vhci_hcd: disconnect device
[  556.550650][   T10] usb 44-1: device descriptor read/8, error -110
[  556.645274][T15900] [U] �
[  556.782206][T15906] FAULT_INJECTION: forcing a failure.
[  556.782206][T15906] name failslab, interval 1, probability 0, space 0, times 0
[  556.787500][T15906] CPU: 3 UID: 0 PID: 15906 Comm: syz.1.2696 Not tainted syzkaller #0 PREEMPT(full) 
[  556.787524][T15906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  556.787534][T15906] Call Trace:
[  556.787541][T15906]  <TASK>
[  556.787547][T15906]  dump_stack_lvl+0x16c/0x1f0
[  556.787582][T15906]  should_fail_ex+0x512/0x640
[  556.787610][T15906]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  556.787634][T15906]  should_failslab+0xc2/0x120
[  556.787659][T15906]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  556.787682][T15906]  ? __alloc_skb+0x2b2/0x380
[  556.787713][T15906]  __alloc_skb+0x2b2/0x380
[  556.787737][T15906]  ? __pfx___alloc_skb+0x10/0x10
[  556.787763][T15906]  ? __lock_acquire+0x62e/0x1ce0
[  556.787789][T15906]  alloc_skb_with_frags+0xe0/0x860
[  556.787804][T15906]  ? __lock_acquire+0x62e/0x1ce0
[  556.787829][T15906]  sock_alloc_send_pskb+0x7fb/0x990
[  556.787862][T15906]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  556.787890][T15906]  ? __pfx___might_resched+0x10/0x10
[  556.787912][T15906]  ? aa_sk_perm+0x2f4/0xb10
[  556.787939][T15906]  hci_sock_sendmsg+0x1c7/0x25f0
[  556.787966][T15906]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  556.787988][T15906]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  556.788010][T15906]  sock_write_iter+0x4ff/0x5b0
[  556.788029][T15906]  ? __pfx_sock_write_iter+0x10/0x10
[  556.788050][T15906]  ? kasan_save_stack+0x42/0x60
[  556.788080][T15906]  ? bpf_lsm_file_permission+0x9/0x10
[  556.788104][T15906]  ? security_file_permission+0x71/0x210
[  556.788129][T15906]  ? rw_verify_area+0xcf/0x6c0
[  556.788150][T15906]  aio_write+0x3b6/0x910
[  556.788176][T15906]  ? __pfx_aio_write+0x10/0x10
[  556.788193][T15906]  ? __lock_acquire+0xb97/0x1ce0
[  556.788229][T15906]  ? __might_fault+0xe3/0x190
[  556.788252][T15906]  ? __might_fault+0x13b/0x190
[  556.788278][T15906]  ? io_submit_one+0x1243/0x1df0
[  556.788297][T15906]  io_submit_one+0x1243/0x1df0
[  556.788319][T15906]  ? __lock_acquire+0xb97/0x1ce0
[  556.788344][T15906]  ? __pfx_io_submit_one+0x10/0x10
[  556.788370][T15906]  ? __might_fault+0xe3/0x190
[  556.788387][T15906]  ? __might_fault+0x13b/0x190
[  556.788412][T15906]  ? __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  556.788436][T15906]  __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  556.788462][T15906]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  556.788484][T15906]  ? fput+0x9b/0xd0
[  556.788513][T15906]  ? rcu_is_watching+0x12/0xc0
[  556.788529][T15906]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  556.788558][T15906]  __do_fast_syscall_32+0x7c/0x300
[  556.788576][T15906]  do_fast_syscall_32+0x32/0x80
[  556.788592][T15906]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  556.788617][T15906] RIP: 0023:0xf7f64579
[  556.788634][T15906] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  556.788650][T15906] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8
[  556.788669][T15906] RAX: ffffffffffffffda RBX: 00000000f7f5d000 RCX: 0000000000000001
[  556.788680][T15906] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  556.788690][T15906] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  556.788700][T15906] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  556.788709][T15906] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  556.788730][T15906]  </TASK>
[  557.263937][T15921] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2700'.
[  557.699970][T15928] gfs2: gfs2 mount does not exist
[  557.725704][   T10] usb usb44-port1: attempt power cycle
[  557.847011][ T6116] bond0 (unregistering): Released all slaves
[  557.853797][ T6116] bond1 (unregistering): Released all slaves
[  557.943562][ T6116] ��: left promiscuous mode
[  558.015981][ T6116] : left promiscuous mode
[  558.093501][ T6116] tipc: Disabling bearer <eth:syzkaller0>
[  558.102048][ T6116] tipc: Left network mode
[  558.296256][   T10] usb usb44-port1: unable to enumerate USB device
[  558.298158][ T6116] veth1_macvtap: left promiscuous mode
[  558.300984][ T6116] veth0_macvtap: left promiscuous mode
[  558.302755][ T6116] veth1_vlan: left promiscuous mode
[  558.304449][ T6116] veth0_vlan: left promiscuous mode
[  558.345492][T12563] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  558.423872][T15928] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  558.440952][T15944] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2707'.
[  558.512688][T12563] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  558.520487][T12563] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  558.524548][T12563] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  558.543924][T12563] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  558.559864][T12563] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.562931][T12563] usb 6-1: Product: syz
[  558.564564][T12563] usb 6-1: Manufacturer: syz
[  558.574083][T12563] usb 6-1: SerialNumber: syz
[  558.704990][T15950] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  558.707135][T15950] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  558.709666][T15950] vhci_hcd vhci_hcd.0: Device attached
[  558.750677][T15950] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2709'.
[  558.769346][T15952] vhci_hcd: connection closed
[  558.774724][   T61] vhci_hcd: stop threads
[  558.786305][   T61] vhci_hcd: release socket
[  558.788204][   T61] vhci_hcd: disconnect device
[  558.805943][T12563] hub 6-1:1.0: bad descriptor, ignoring hub
[  558.809878][T12563] hub 6-1:1.0: probe with driver hub failed with error -5
[  559.039173][T12563] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 44 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  559.315421][   T10] usb 6-1: USB disconnect, device number 44
[  559.319875][   T10] usblp0: removed
[  559.645324][   T10] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  559.813160][   T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  559.816313][   T10] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  559.819630][   T10] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  559.825433][   T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  559.828399][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.831603][   T10] usb 6-1: Product: syz
[  559.832923][   T10] usb 6-1: Manufacturer: syz
[  559.834448][   T10] usb 6-1: SerialNumber: syz
[  559.843311][   T10] hub 6-1:1.0: bad descriptor, ignoring hub
[  559.845417][   T10] hub 6-1:1.0: probe with driver hub failed with error -5
[  560.001424][T15957] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2710'.
[  560.050963][   T10] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 45 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  560.077549][   T10] usb 6-1: USB disconnect, device number 45
[  560.082039][   T10] usblp0: removed
[  560.084936][   T34] infiniband syz1: ib_query_port failed (-19)
[  560.093548][T15944] bridge1: entered promiscuous mode
[  560.111124][T15957] hsr_slave_0: left promiscuous mode
[  560.121917][T15957] hsr_slave_1: left promiscuous mode
[  560.548286][ T6116] IPVS: stop unused estimator thread 0...
[  560.606778][T15972] ptrace attach of "/syz-executor exec"[14567] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  561.268357][T15984] ptrace attach of "/syz-executor exec"[15123] was attempted by ""[15984]
[  561.756771][T15989] syz_tun: entered allmulticast mode
[  561.759552][T15988] syz_tun: left allmulticast mode
[  561.988369][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  561.991835][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  562.178523][T16006] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  562.181306][T16006] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  562.185022][T16006] vhci_hcd vhci_hcd.0: Device attached
[  562.219525][T16005] veth1_to_bridge: entered promiscuous mode
[  562.222200][T16005] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'.
[  562.281251][T16005] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.327038][T16011] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2724'.
[  562.331118][T16011] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  562.373585][T16005] veth1_to_bridge (unregistering): left promiscuous mode
[  562.476711][T16005] bridge_slave_1 (unregistering): left allmulticast mode
[  562.479092][T16005] bridge_slave_1 (unregistering): left promiscuous mode
[  562.481394][T16005] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.505336][ T6222] usb 48-1: SetAddress Request (25) to port 0
[  562.507355][ T6222] usb 48-1: new SuperSpeed USB device number 25 using vhci_hcd
[  562.704632][T16007] vhci_hcd: connection reset by peer
[  562.709710][ T1147] vhci_hcd: stop threads
[  562.711463][ T1147] vhci_hcd: release socket
[  562.713211][ T1147] vhci_hcd: disconnect device
[  562.725236][T16017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2726'.
[  563.681932][T16047] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f���_ٮ,��
�<�_e�F��"
[  563.686578][T16047] CUSE: unknown device info "3�ܟ�,��̘�"
[  563.688435][T16047] CUSE: unknown device info "J���2SZ�� !e/��������J�+-n��a4����D�|G$��5O~�q	��
[  563.688435][T16047] f����z��X�SA�x��j��T�ǔ��w���xR�ɐQ��(hҏj	p�VdY0��|M?2J��I�v�^
R�@��"
[  563.694196][T16047] CUSE: unknown device info "!To�}ݝ&|L+U��o��ϲ���"��FstV�:׌E�gJ�����<@c�����4�T�M�M|�����"
[  563.698029][T16047] CUSE: DEVNAME unspecified
[  563.865320][ T6044] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  564.065270][ T6044] usb 7-1: device descriptor read/64, error -71
[  564.138188][T16068] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2744'.
[  564.335346][ T6044] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  564.403197][T16071] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2745'.
[  564.407225][T16071] hsr_slave_0: left promiscuous mode
[  564.410304][T16071] hsr_slave_1: left promiscuous mode
[  564.485991][ T6044] usb 7-1: device descriptor read/64, error -71
[  564.598793][ T6044] usb usb7-port1: attempt power cycle
[  564.709374][   T40] audit: type=1326 audit(1758992770.295:4288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.720080][   T40] audit: type=1326 audit(1758992770.305:4289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.731214][   T40] audit: type=1326 audit(1758992770.305:4290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.740498][   T40] audit: type=1326 audit(1758992770.305:4291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.750344][   T40] audit: type=1326 audit(1758992770.305:4292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.759261][   T40] audit: type=1326 audit(1758992770.305:4293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.769617][   T40] audit: type=1326 audit(1758992770.305:4294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.778607][   T40] audit: type=1326 audit(1758992770.305:4295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.789329][   T40] audit: type=1326 audit(1758992770.305:4296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.797218][   T40] audit: type=1326 audit(1758992770.305:4297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16076 comm="syz.1.2747" exe="/syz-executor" sig=0 arch=40000003 syscall=174 compat=1 ip=0xf7f64579 code=0x7ffc0000
[  564.824068][T16080] tmpfs: Bad value for 'mpol'
[  565.029368][T16084] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2749'.
[  565.033235][T16084] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  565.095301][ T6044] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  565.116324][ T6044] usb 7-1: device descriptor read/8, error -71
[  565.375771][ T6044] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  565.381247][T16090] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  565.383332][T16090] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  565.386345][T16090] vhci_hcd vhci_hcd.0: Device attached
[  565.406861][ T6044] usb 7-1: device descriptor read/8, error -71
[  565.519016][ T6044] usb usb7-port1: unable to enumerate USB device
[  565.604980][T16098] tmpfs: Unknown parameter 'hash'
[  565.925226][   T56] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  566.095212][   T56] usb 8-1: Using ep0 maxpacket: 16
[  566.103595][   T56] usb 8-1: config 1 has an invalid interface number: 5 but max is 2
[  566.106706][   T56] usb 8-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  566.110679][   T56] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  566.114216][   T56] usb 8-1: config 1 has no interface number 1
[  566.116659][   T56] usb 8-1: config 1 interface 5 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 11
[  566.121693][   T56] usb 8-1: config 1 interface 5 has no altsetting 0
[  566.131989][   T56] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  566.135698][   T56] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.138692][   T56] usb 8-1: Product: ည
[  566.140334][   T56] usb 8-1: Manufacturer: 뺸儇ፐṷ듿㝟㐼껈﴿⾻羑
[  566.143733][   T56] usb 8-1: SerialNumber: Љ
[  566.183516][T16091] vhci_hcd: connection closed
[  566.188047][ T1147] vhci_hcd: stop threads
[  566.191801][ T1147] vhci_hcd: release socket
[  566.203924][ T1147] vhci_hcd: disconnect device
[  566.985203][   T29] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  567.072372][T16116] sp0: Synchronizing with TNC
[  567.085881][T16114] [U] �
[  567.102468][T16118] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2758'.
[  567.145328][   T29] usb 7-1: Using ep0 maxpacket: 8
[  567.156104][   T29] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  567.160832][   T29] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  567.164091][   T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  567.195215][   T29] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  567.205354][   T29] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  567.232915][   T29] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  567.236929][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.452484][   T29] usb 7-1: usb_control_msg returned -32
[  567.454273][   T29] usbtmc 7-1:16.0: can't read capabilities
[  567.586935][ T6222] usb 48-1: device descriptor read/8, error -110
[  567.807111][T16127] usbtmc 7-1:16.0: usb_control_msg returned -32
[  567.816794][  T841] usb 7-1: USB disconnect, device number 26
[  567.991531][ T6222] usb usb48-port1: attempt power cycle
[  568.213380][T16133] ptrace attach of "/syz-executor exec"[9237] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5c
[  568.564443][   T56] usb 8-1: 0:2 : does not exist
[  568.613679][T16139] lo speed is unknown, defaulting to 1000
[  568.619003][   T56] hub 8-1:1.5: Invalid hub with more than one config or interface
[  568.621625][   T56] hub 8-1:1.5: probe with driver hub failed with error -22
[  568.628982][   T56] usb 8-1: USB disconnect, device number 26
[  568.673866][T14457] udevd[14457]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  568.726444][T16144] lo speed is unknown, defaulting to 1000
[  568.812269][ T6222] usb usb48-port1: unable to enumerate USB device
[  568.960630][T16149] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  568.962767][T16149] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  568.969843][T16149] vhci_hcd vhci_hcd.0: Device attached
[  569.245583][ T6222] usb 42-1: SetAddress Request (35) to port 0
[  569.248220][ T6222] usb 42-1: new SuperSpeed USB device number 35 using vhci_hcd
[  569.387583][T16153] vhci_hcd: connection reset by peer
[  569.390261][ T1204] vhci_hcd: stop threads
[  569.391676][ T1204] vhci_hcd: release socket
[  569.393162][ T1204] vhci_hcd: disconnect device
[  569.560756][T16165] batadv_slave_1: entered promiscuous mode
[  569.573733][T16165] batman_adv: batadv0: Adding interface: macsec1
[  569.578015][T16165] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.585911][T16165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  569.589607][T16165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  569.592906][T16165] batman_adv: batadv0: Interface activated: macsec1
[  570.077687][T16184] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.170895][T16184] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.846017][T16184] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.942090][T16197] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2774'.
[  571.252791][T16184] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.358955][ T6116] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  571.374804][ T6116] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  571.392131][ T6116] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  571.411259][ T6116] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  571.825321][   T29] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  572.075958][   T29] usb 7-1: too many configurations: 178, using maximum allowed: 8
[  572.139819][T16232] ptrace attach of "/syz-executor exec"[15231] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  572.214119][   T29] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  572.235217][   T24] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  572.418520][   T24] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  572.422150][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  572.425597][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  572.428790][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  572.433382][   T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  572.436715][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.441204][   T24] usb 6-1: config 0 descriptor??
[  572.487387][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.492037][   T29] usb 7-1: Product: syz
[  572.494460][   T29] usb 7-1: Manufacturer: syz
[  572.498170][   T29] usb 7-1: SerialNumber: syz
[  572.507624][   T29] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  572.519268][T15553] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  572.736991][T12563] usb 7-1: USB disconnect, device number 27
[  572.974332][   T24] plantronics 0003:047F:FFFF.0007: ignoring exceeding usage max
[  572.987889][   T24] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  573.212143][T16248] random: crng reseeded on system resumption
[  573.595457][T15553] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  573.598362][T15553] ath9k_htc: Failed to initialize the device
[  573.604908][T12563] usb 7-1: ath9k_htc: USB layer deinitialized
[  574.306086][ T6222] usb 42-1: device descriptor read/8, error -110
[  574.341253][T16269] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input90
[  574.387760][T16269] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2792'.
[  574.853045][ T6222] usb usb42-port1: attempt power cycle
[  575.058701][   T34] usb 6-1: USB disconnect, device number 46
[  575.804331][T16299] gfs2: gfs2 mount does not exist
[  575.807644][ T6222] usb usb42-port1: unable to enumerate USB device
[  575.938726][T16303] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  575.940628][T16303] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  575.942812][T16303] vhci_hcd vhci_hcd.0: Device attached
[  576.011271][T16306] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.2802'.
[  576.018554][T16304] vhci_hcd: connection closed
[  576.025307][ T1204] vhci_hcd: stop threads
[  576.028013][ T1204] vhci_hcd: release socket
[  576.058707][ T1204] vhci_hcd: disconnect device
[  576.446396][T16311] netlink: 'syz.2.2804': attribute type 1 has an invalid length.
[  576.527093][T16314] ptrace attach of "/syz-executor exec"[9237] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5c
[  576.566368][T16311] bond1: entered promiscuous mode
[  576.572913][T16299] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  576.603610][T16311] 8021q: adding VLAN 0 to HW filter on device bond1
[  577.083804][T16325] ptrace attach of "/syz-executor exec"[14567] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  577.396801][T16328] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2808'.
[  578.376876][T16348] gfs2: gfs2 mount does not exist
[  578.494116][T16353] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  578.540195][T16354] kAFS: unable to lookup cell '/,'
[  579.162991][T16348] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  579.312986][T16360] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  579.315217][T16360] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  579.318000][T16360] vhci_hcd vhci_hcd.0: Device attached
[  579.341747][T16365] FAULT_INJECTION: forcing a failure.
[  579.341747][T16365] name failslab, interval 1, probability 0, space 0, times 0
[  579.346024][T16365] CPU: 3 UID: 0 PID: 16365 Comm: syz.3.2818 Not tainted syzkaller #0 PREEMPT(full) 
[  579.346040][T16365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  579.346047][T16365] Call Trace:
[  579.346052][T16365]  <TASK>
[  579.346057][T16365]  dump_stack_lvl+0x16c/0x1f0
[  579.346091][T16365]  should_fail_ex+0x512/0x640
[  579.346109][T16365]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  579.346124][T16365]  should_failslab+0xc2/0x120
[  579.346139][T16365]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  579.346153][T16365]  ? __alloc_skb+0x2b2/0x380
[  579.346171][T16365]  __alloc_skb+0x2b2/0x380
[  579.346187][T16365]  ? __pfx___alloc_skb+0x10/0x10
[  579.346201][T16365]  ? __pfx_tc_get_qdisc+0x10/0x10
[  579.346220][T16365]  netlink_ack+0x15d/0xb80
[  579.346242][T16365]  netlink_rcv_skb+0x332/0x420
[  579.346259][T16365]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  579.346271][T16365]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  579.346293][T16365]  ? netlink_deliver_tap+0x1ae/0xd30
[  579.346313][T16365]  netlink_unicast+0x5aa/0x870
[  579.346332][T16365]  ? __pfx_netlink_unicast+0x10/0x10
[  579.346349][T16365]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  579.346370][T16365]  netlink_sendmsg+0x8d1/0xdd0
[  579.346390][T16365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  579.346409][T16365]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  579.346424][T16365]  ____sys_sendmsg+0xa95/0xc70
[  579.346438][T16365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  579.346450][T16365]  ? get_compat_msghdr+0x11a/0x170
[  579.346472][T16365]  ___sys_sendmsg+0x134/0x1d0
[  579.346490][T16365]  ? __pfx____sys_sendmsg+0x10/0x10
[  579.346515][T16365]  ? find_held_lock+0x2b/0x80
[  579.346546][T16365]  __sys_sendmsg+0x16d/0x220
[  579.346573][T16365]  ? __pfx___sys_sendmsg+0x10/0x10
[  579.346608][T16365]  ? rcu_is_watching+0x12/0xc0
[  579.346632][T16365]  __do_fast_syscall_32+0x7c/0x300
[  579.346645][T16365]  do_fast_syscall_32+0x32/0x80
[  579.346671][T16365]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  579.346686][T16365] RIP: 0023:0xf7f88579
[  579.346696][T16365] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  579.346707][T16365] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  579.346719][T16365] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000400
[  579.346726][T16365] RDX: 0000000020040080 RSI: 0000000000000000 RDI: 0000000000000000
[  579.346733][T16365] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  579.346739][T16365] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  579.346746][T16365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  579.346760][T16365]  </TASK>
[  579.455487][T16370] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.2817'.
[  579.459990][T16361] vhci_hcd: connection closed
[  579.462835][   T61] vhci_hcd: stop threads
[  579.466218][   T61] vhci_hcd: release socket
[  579.468347][   T61] vhci_hcd: disconnect device
[  579.515410][  T841] vhci_hcd: vhci_device speed not set
[  581.445516][T16401] gfs2: gfs2 mount does not exist
[  581.498584][T16407] tmpfs: Unknown parameter 'hash'
[  581.552979][T16405] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2830'.
[  581.680025][T16417] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  581.682807][T16417] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  581.686533][T16417] vhci_hcd vhci_hcd.0: Device attached
[  581.761347][T16422] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.2833'.
[  581.776402][T16418] vhci_hcd: connection closed
[  581.801520][ T1204] vhci_hcd: stop threads
[  581.805548][ T1204] vhci_hcd: release socket
[  581.807462][ T1204] vhci_hcd: disconnect device
[  582.005399][T16401] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  582.278000][T16426] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  582.280111][T16426] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  582.283046][T16426] vhci_hcd vhci_hcd.0: Device attached
[  582.339134][T16429] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2834'.
[  582.362362][T16427] vhci_hcd: connection closed
[  582.373771][ T1147] vhci_hcd: stop threads
[  582.383203][ T1147] vhci_hcd: release socket
[  582.393948][ T1147] vhci_hcd: disconnect device
[  583.141366][T16439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2837'.
[  583.151596][T16439] openvswitch: netlink: nsh attr 0 has unexpected len 8 expected 0
[  583.159138][T16441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2838'.
[  583.160538][T16439] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  583.162034][T16441] openvswitch: netlink: nsh attr 0 has unexpected len 8 expected 0
[  583.172085][T16441] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  583.318687][T16444] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null.
[  583.463999][T16448] tmpfs: Bad value for 'mpol'
[  583.719293][T16457] tmpfs: Unknown parameter 'hash'
[  584.888561][   T40] kauditd_printk_skb: 209 callbacks suppressed
[  584.888572][   T40] audit: type=1800 audit(1758993046.476:4507): pid=16466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2845" name="/" dev="fuse" ino=1 res=0 errno=0
[  585.012033][T16474] ptrace attach of "/syz-executor exec"[9237] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5c
[  585.136704][T16477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2848'.
[  585.184544][T16477] openvswitch: netlink: nsh attr 6233 is out of range max 3
[  585.187728][T16477] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  585.274371][   T56] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  585.329505][T16482] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  585.331629][T16482] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  585.334677][T16482] vhci_hcd vhci_hcd.0: Device attached
[  585.392451][T16489] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.2850'.
[  585.397048][T16484] vhci_hcd: connection closed
[  585.397670][ T7294] vhci_hcd: stop threads
[  585.402431][ T7294] vhci_hcd: release socket
[  585.404341][ T7294] vhci_hcd: disconnect device
[  586.333989][T16496] tmpfs: Unknown parameter 'hash'
[  586.439834][T16497] syz_tun: entered allmulticast mode
[  586.621609][   T56] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  586.641286][   T56] usb 8-1: config 0 has no interfaces?
[  586.643438][   T56] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  586.646731][   T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.655786][   T56] usb 8-1: config 0 descriptor??
[  586.744491][T16504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2857'.
[  586.748294][T16504] openvswitch: netlink: nsh attr 6233 is out of range max 3
[  586.753707][T16504] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  586.885274][T16500] netlink: 'syz.5.2856': attribute type 10 has an invalid length.
[  587.383009][T16521] input: syz1 as /devices/virtual/input/input91
[  587.524591][T16524] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  587.964761][T16527] input: syz1 as /devices/virtual/input/input92
[  588.053104][   T24] usb 8-1: USB disconnect, device number 27
[  588.092176][T16530] syz_tun: entered allmulticast mode
[  589.395979][T16548] tmpfs: Unknown parameter 'hash'
[  589.846102][T16551] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2870'.
[  590.656595][T16559] syz_tun: entered allmulticast mode
[  590.924257][T16566] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2875'.
[  590.931372][T16566] bridge1: entered promiscuous mode
[  591.822704][T16572] netlink: 'syz.1.2876': attribute type 10 has an invalid length.
[  591.830771][T16572] team0: Port device hsr_slave_0 added
[  593.451728][T16588] ptrace attach of "/syz-executor exec"[15123] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  593.913589][T16604] ptrace attach of "/syz-executor exec"[9237] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5c
[  595.008233][T16623] new mount options do not match the existing superblock, will be ignored
[  595.056236][T16623] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 ""
[  595.059404][T16623] random: crng reseeded on system resumption
[  595.741360][T16636] ptrace attach of "/syz-executor exec"[15123] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  595.889293][T16645] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(11)
[  595.892120][T16645] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  595.896081][T16645] vhci_hcd vhci_hcd.0: Device attached
[  595.974890][T16650] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.2897'.
[  595.991808][T16646] vhci_hcd: connection closed
[  595.992167][ T1204] vhci_hcd: stop threads
[  595.996513][ T1204] vhci_hcd: release socket
[  595.996528][ T1204] vhci_hcd: disconnect device
[  596.082107][T16651] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2898'.
[  597.472741][   T40] audit: type=1326 audit(1758993059.063:4508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.508470][   T40] audit: type=1326 audit(1758993059.063:4509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.530196][   T40] audit: type=1326 audit(1758993059.073:4510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.540570][   T40] audit: type=1326 audit(1758993059.073:4511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.556260][   T40] audit: type=1326 audit(1758993059.073:4512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.581832][   T40] audit: type=1326 audit(1758993059.073:4513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.610340][   T40] audit: type=1326 audit(1758993059.073:4514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.621577][   T40] audit: type=1326 audit(1758993059.073:4515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.632108][   T40] audit: type=1326 audit(1758993059.073:4516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  597.721409][   T40] audit: type=1326 audit(1758993059.313:4517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16658 comm="syz.5.2901" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7ffc0000
[  598.648047][   T24] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  598.817928][   T24] usb 7-1: Using ep0 maxpacket: 8
[  598.835543][   T24] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  598.845856][   T24] usb 7-1: config 0 has no interface number 0
[  598.857345][   T24] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  598.871566][   T24] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  598.898320][   T24] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  598.901749][   T24] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  598.905684][   T24] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  598.915858][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.949853][   T24] usb 7-1: config 0 descriptor??
[  598.972450][   T24] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  599.235210][ T6044] usb 7-1: USB disconnect, device number 28
[  599.236249][    C0] ldusb 7-1:0.55: usb_submit_urb failed (-19)
[  599.239656][T16677] ldusb 7-1:0.55: Couldn't submit interrupt_out_urb -19
[  599.243299][ T6044] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  599.844150][T16712] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2915'.
[  600.888468][T16730] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2920'.
[  600.938260][T16730] bridge1: entered promiscuous mode
[  600.977064][T16731] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2921'.
[  601.748063][T16745] input: syz1 as /devices/virtual/input/input93
[  601.876058][ T6062] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  602.037788][ T6062] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  602.041509][ T6062] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  602.045289][ T6062] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  602.053084][ T6062] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  602.056691][ T6062] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.059863][ T6062] usb 10-1: Product: syz
[  602.061642][ T6062] usb 10-1: Manufacturer: syz
[  602.063521][ T6062] usb 10-1: SerialNumber: syz
[  602.072028][ T6062] hub 10-1:1.0: bad descriptor, ignoring hub
[  602.073891][ T6062] hub 10-1:1.0: probe with driver hub failed with error -5
[  602.296777][ T6062] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  602.595892][  T841] usb 10-1: USB disconnect, device number 11
[  602.655843][  T841] usblp0: removed
[  605.789492][T16809] FAULT_INJECTION: forcing a failure.
[  605.789492][T16809] name failslab, interval 1, probability 0, space 0, times 0
[  605.794326][T16809] CPU: 2 UID: 0 PID: 16809 Comm: syz.3.2943 Not tainted syzkaller #0 PREEMPT(full) 
[  605.794342][T16809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  605.794349][T16809] Call Trace:
[  605.794354][T16809]  <TASK>
[  605.794358][T16809]  dump_stack_lvl+0x16c/0x1f0
[  605.794379][T16809]  should_fail_ex+0x512/0x640
[  605.794398][T16809]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  605.794414][T16809]  should_failslab+0xc2/0x120
[  605.794429][T16809]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  605.794443][T16809]  ? __alloc_skb+0x2b2/0x380
[  605.794462][T16809]  __alloc_skb+0x2b2/0x380
[  605.794477][T16809]  ? __pfx___alloc_skb+0x10/0x10
[  605.794494][T16809]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  605.794519][T16809]  netlink_alloc_large_skb+0x69/0x130
[  605.794538][T16809]  netlink_sendmsg+0x6a1/0xdd0
[  605.794557][T16809]  ? __pfx_netlink_sendmsg+0x10/0x10
[  605.794576][T16809]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  605.794591][T16809]  ____sys_sendmsg+0xa95/0xc70
[  605.794605][T16809]  ? __pfx_____sys_sendmsg+0x10/0x10
[  605.794617][T16809]  ? get_compat_msghdr+0x11a/0x170
[  605.794639][T16809]  ___sys_sendmsg+0x134/0x1d0
[  605.794657][T16809]  ? __pfx____sys_sendmsg+0x10/0x10
[  605.794680][T16809]  ? find_held_lock+0x2b/0x80
[  605.794700][T16809]  __sys_sendmsg+0x16d/0x220
[  605.794717][T16809]  ? __pfx___sys_sendmsg+0x10/0x10
[  605.794740][T16809]  ? rcu_is_watching+0x12/0xc0
[  605.794753][T16809]  __do_fast_syscall_32+0x7c/0x300
[  605.794765][T16809]  do_fast_syscall_32+0x32/0x80
[  605.794775][T16809]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  605.794795][T16809] RIP: 0023:0xf7f88579
[  605.794808][T16809] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  605.794825][T16809] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  605.794844][T16809] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800012c0
[  605.794857][T16809] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  605.794867][T16809] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  605.794876][T16809] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  605.794887][T16809] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  605.794906][T16809]  </TASK>
[  605.801211][T16810] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2942'.
[  605.884255][T16810] bridge2: entered promiscuous mode
[  606.151641][T16817] gfs2: gfs2 mount does not exist
[  606.524062][   T40] kauditd_printk_skb: 16 callbacks suppressed
[  606.524073][   T40] audit: type=1326 audit(1758993068.127:4534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16768 comm="syz.5.2931" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7fc00000
[  606.918751][T16817] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  606.966256][T16828] FAULT_INJECTION: forcing a failure.
[  606.966256][T16828] name failslab, interval 1, probability 0, space 0, times 0
[  606.974309][T16828] CPU: 3 UID: 0 PID: 16828 Comm: syz.3.2948 Not tainted syzkaller #0 PREEMPT(full) 
[  606.974326][T16828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  606.974333][T16828] Call Trace:
[  606.974337][T16828]  <TASK>
[  606.974342][T16828]  dump_stack_lvl+0x16c/0x1f0
[  606.974365][T16828]  should_fail_ex+0x512/0x640
[  606.974383][T16828]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  606.974397][T16828]  should_failslab+0xc2/0x120
[  606.974412][T16828]  __kmalloc_cache_noprof+0x6a/0x3e0
[  606.974424][T16828]  ? vb2_vmalloc_alloc+0xf9/0x3f0
[  606.974440][T16828]  vb2_vmalloc_alloc+0xf9/0x3f0
[  606.974453][T16828]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  606.974466][T16828]  __vb2_queue_alloc+0x8c9/0x1280
[  606.974485][T16828]  vb2_core_reqbufs+0xa90/0xfe0
[  606.974501][T16828]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  606.974527][T16828]  __vb2_init_fileio+0x3f1/0x1100
[  606.974540][T16828]  ? lockdep_hardirqs_on+0x7c/0x110
[  606.974556][T16828]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  606.974573][T16828]  ? __pollwait+0x271/0x490
[  606.974586][T16828]  vb2_core_poll+0x5ec/0x700
[  606.974600][T16828]  vb2_poll+0x33/0x150
[  606.974611][T16828]  vb2_fop_poll+0x10f/0x2c0
[  606.974623][T16828]  ? __pfx_vb2_fop_poll+0x10/0x10
[  606.974634][T16828]  v4l2_poll+0x163/0x320
[  606.974650][T16828]  ? __pfx_v4l2_poll+0x10/0x10
[  606.974664][T16828]  do_sys_poll+0x559/0xdf0
[  606.974680][T16828]  ? __pfx_do_sys_poll+0x10/0x10
[  606.974691][T16828]  ? __lock_acquire+0x62e/0x1ce0
[  606.974718][T16828]  ? __lock_acquire+0x62e/0x1ce0
[  606.974732][T16828]  ? __pfx___pollwait+0x10/0x10
[  606.974745][T16828]  ? __pfx_pollwake+0x10/0x10
[  606.974778][T16828]  ? __pfx_timespec64_add_safe+0x10/0x10
[  606.974795][T16828]  ? ktime_get_ts64+0x2d2/0x400
[  606.974810][T16828]  ? read_tsc+0x9/0x20
[  606.974823][T16828]  ? ktime_get_ts64+0x256/0x400
[  606.974840][T16828]  __ia32_sys_poll+0x1a9/0x450
[  606.974854][T16828]  ? __pfx___ia32_sys_poll+0x10/0x10
[  606.974868][T16828]  ? rcu_is_watching+0x12/0xc0
[  606.974882][T16828]  __do_fast_syscall_32+0x7c/0x300
[  606.974893][T16828]  do_fast_syscall_32+0x32/0x80
[  606.974904][T16828]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  606.974918][T16828] RIP: 0023:0xf7f88579
[  606.974927][T16828] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  606.974938][T16828] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 00000000000000a8
[  606.974949][T16828] RAX: ffffffffffffffda RBX: 0000000080000440 RCX: 0000000000000001
[  606.974956][T16828] RDX: 0000000002000000 RSI: 0000000000000000 RDI: 0000000000000000
[  606.974963][T16828] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  606.974969][T16828] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  606.974976][T16828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  606.974989][T16828]  </TASK>
[  607.192012][   T40] audit: type=1326 audit(1758993068.788:4535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16827 comm="syz.3.2948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7fc00000
[  608.191255][T16838] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  608.193409][T16838] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  608.196187][T16838] vhci_hcd vhci_hcd.0: Device attached
[  608.332314][T16844] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.2950'.
[  608.405468][T16839] vhci_hcd: connection closed
[  608.419387][ T1204] vhci_hcd: stop threads
[  608.424253][ T1204] vhci_hcd: release socket
[  608.443250][ T1204] vhci_hcd: disconnect device
[  609.105439][T16854] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2954'.
[  609.305781][T16862] gfs2: gfs2 mount does not exist
[  609.672255][T16875] gfs2: gfs2 mount does not exist
[  610.051297][T16862] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  610.596764][T16876] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  610.683839][T16890] tmpfs: Unknown parameter 'hash'
[  610.893308][T16896] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  610.895529][T16896] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  610.898661][T16896] vhci_hcd vhci_hcd.0: Device attached
[  610.953827][T16903] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2967'.
[  610.962212][T16898] vhci_hcd: connection closed
[  610.962493][ T7294] vhci_hcd: stop threads
[  610.966115][ T7294] vhci_hcd: release socket
[  610.981772][ T7294] vhci_hcd: disconnect device
[  611.122403][T16905] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2969'.
[  611.191912][T16908] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2965'.
[  611.819022][T16911] gfs2: gfs2 mount does not exist
[  611.912286][T16917] netlink: 'syz.1.2972': attribute type 72 has an invalid length.
[  611.914905][T16917] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2972'.
[  612.142496][T16924] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2973'.
[  612.167071][T16924] bridge2: entered promiscuous mode
[  612.594234][T16911] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  613.408667][T16947] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2980'.
[  613.671794][T16951] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(11)
[  613.674756][T16951] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  613.678132][T16951] vhci_hcd vhci_hcd.0: Device attached
[  613.735812][T16956] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.2982'.
[  613.740738][T16952] vhci_hcd: connection closed
[  613.742736][ T7294] vhci_hcd: stop threads
[  613.745568][ T7294] vhci_hcd: release socket
[  613.747055][ T7294] vhci_hcd: disconnect device
[  613.839591][T16959] gfs2: gfs2 mount does not exist
[  614.613670][T16959] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  614.775741][T16965] FAULT_INJECTION: forcing a failure.
[  614.775741][T16965] name failslab, interval 1, probability 0, space 0, times 0
[  614.781146][T16965] CPU: 0 UID: 0 PID: 16965 Comm: syz.3.2986 Not tainted syzkaller #0 PREEMPT(full) 
[  614.781171][T16965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  614.781182][T16965] Call Trace:
[  614.781190][T16965]  <TASK>
[  614.781198][T16965]  dump_stack_lvl+0x16c/0x1f0
[  614.781229][T16965]  should_fail_ex+0x512/0x640
[  614.781256][T16965]  ? __kmalloc_noprof+0xbf/0x510
[  614.781280][T16965]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  614.781301][T16965]  should_failslab+0xc2/0x120
[  614.781325][T16965]  __kmalloc_noprof+0xd2/0x510
[  614.781346][T16965]  ? kmem_cache_free+0x2d1/0x4d0
[  614.781368][T16965]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  614.781394][T16965]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  614.781415][T16965]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  614.781443][T16965]  ? bpf_lsm_capable+0x9/0x10
[  614.781459][T16965]  ? security_capable+0x7e/0x260
[  614.781480][T16965]  ? ns_capable+0xd7/0x110
[  614.781504][T16965]  genl_rcv_msg+0x55c/0x800
[  614.781526][T16965]  ? __pfx_genl_rcv_msg+0x10/0x10
[  614.781544][T16965]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  614.781565][T16965]  ? __pfx_nl80211_channel_switch+0x10/0x10
[  614.781587][T16965]  ? __pfx_nl80211_post_doit+0x10/0x10
[  614.781621][T16965]  netlink_rcv_skb+0x155/0x420
[  614.781647][T16965]  ? __pfx_genl_rcv_msg+0x10/0x10
[  614.781666][T16965]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  614.781703][T16965]  ? netlink_deliver_tap+0x1ae/0xd30
[  614.781732][T16965]  genl_rcv+0x28/0x40
[  614.781748][T16965]  netlink_unicast+0x5aa/0x870
[  614.781779][T16965]  ? __pfx_netlink_unicast+0x10/0x10
[  614.781806][T16965]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  614.781841][T16965]  netlink_sendmsg+0x8d1/0xdd0
[  614.781873][T16965]  ? __pfx_netlink_sendmsg+0x10/0x10
[  614.781903][T16965]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  614.781929][T16965]  ____sys_sendmsg+0xa95/0xc70
[  614.781953][T16965]  ? __pfx_____sys_sendmsg+0x10/0x10
[  614.781972][T16965]  ? get_compat_msghdr+0x11a/0x170
[  614.782009][T16965]  ___sys_sendmsg+0x134/0x1d0
[  614.782037][T16965]  ? __pfx____sys_sendmsg+0x10/0x10
[  614.782076][T16965]  ? find_held_lock+0x2b/0x80
[  614.782109][T16965]  __sys_sendmsg+0x16d/0x220
[  614.782136][T16965]  ? __pfx___sys_sendmsg+0x10/0x10
[  614.782172][T16965]  ? rcu_is_watching+0x12/0xc0
[  614.782214][T16965]  __do_fast_syscall_32+0x7c/0x300
[  614.782236][T16965]  do_fast_syscall_32+0x32/0x80
[  614.782253][T16965]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  614.782274][T16965] RIP: 0023:0xf7f88579
[  614.782288][T16965] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  614.782306][T16965] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  614.782324][T16965] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  614.782336][T16965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  614.782346][T16965] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  614.782357][T16965] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  614.782367][T16965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  614.782390][T16965]  </TASK>
[  614.923194][    C0] vkms_vblank_simulate: vblank timer overrun
[  615.306352][T16980] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2989'.
[  615.347459][T16980] bridge2: entered promiscuous mode
[  615.458655][T16983] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2990'.
[  615.503237][T16983] bridge3: entered promiscuous mode
[  616.164667][T16996] gfs2: gfs2 mount does not exist
[  616.934398][T16996] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  616.997524][T17005] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2997'.
[  617.101181][T17008] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2999'.
[  618.252973][T17026] gfs2: gfs2 mount does not exist
[  618.369396][T17033] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3007'.
[  618.864374][T17040] ptrace attach of "/syz-executor exec"[14567] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  619.018058][T17026] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  619.139043][T17047] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3012'.
[  619.562851][T17063] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3016'.
[  619.643432][T17065] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  619.647196][T17065] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  619.663010][T17065] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  619.666589][T17065] overlayfs: failed to look up (tracing) for ino (-66)
[  619.718495][T17065] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3017'.
[  619.722173][T17065] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3017'.
[  619.726100][ T5988] Bluetooth: hci4: connection err: -111
[  619.798697][T17077] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3019'.
[  620.401049][T17082] gfs2: gfs2 mount does not exist
[  620.715490][T17092] overlayfs: missing 'workdir'
[  621.032675][T17082] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  621.166778][ T5988] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  621.170569][ T5988] Bluetooth: hci4: Injecting HCI hardware error event
[  621.175478][ T5988] Bluetooth: hci4: hardware error 0x00
[  621.775101][T17109] netlink: 'syz.2.3029': attribute type 1 has an invalid length.
[  621.777706][T17109] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3029'.
[  621.866210][T17109] netlink: 'syz.2.3029': attribute type 40 has an invalid length.
[  622.101174][T17119] tmpfs: Unknown parameter 'hash'
[  622.168996][   T40] audit: type=1326 audit(1758993083.775:4536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17050 comm="syz.5.3014" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f02579 code=0x7fc00000
[  622.197899][T17122] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  622.231907][T17124] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3031'.
[  622.524761][T17129] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3039'.
[  623.255876][ T5988] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  623.408075][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  623.410025][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  623.857650][T17144] gfs2: gfs2 mount does not exist
[  624.005814][T17147] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3036'.
[  624.277023][T17152] FAULT_INJECTION: forcing a failure.
[  624.277023][T17152] name fail_futex, interval 1, probability 0, space 0, times 1
[  624.281065][T17152] CPU: 3 UID: 0 PID: 17152 Comm: syz.2.3040 Not tainted syzkaller #0 PREEMPT(full) 
[  624.281082][T17152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  624.281089][T17152] Call Trace:
[  624.281093][T17152]  <TASK>
[  624.281098][T17152]  dump_stack_lvl+0x16c/0x1f0
[  624.281120][T17152]  should_fail_ex+0x512/0x640
[  624.281140][T17152]  get_futex_key+0xff0/0x1560
[  624.281157][T17152]  ? __pfx_get_futex_key+0x10/0x10
[  624.281171][T17152]  ? _kstrtoull+0x145/0x200
[  624.281188][T17152]  futex_wait_requeue_pi+0x1f6/0x830
[  624.281207][T17152]  ? __pfx_futex_wait_requeue_pi+0x10/0x10
[  624.281224][T17152]  ? __lock_acquire+0x62e/0x1ce0
[  624.281253][T17152]  ? __pfx_futex_wake_mark+0x10/0x10
[  624.281272][T17152]  ? find_held_lock+0x2b/0x80
[  624.281283][T17152]  ? ksys_write+0x190/0x250
[  624.281300][T17152]  do_futex+0x2ae/0x350
[  624.281314][T17152]  ? __pfx_do_futex+0x10/0x10
[  624.281332][T17152]  __ia32_sys_futex_time32+0x1d9/0x460
[  624.281350][T17152]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  624.281366][T17152]  ? ksys_write+0x1ac/0x250
[  624.281378][T17152]  ? __pfx_ksys_write+0x10/0x10
[  624.281392][T17152]  ? rcu_is_watching+0x12/0xc0
[  624.281406][T17152]  __do_fast_syscall_32+0x7c/0x300
[  624.281418][T17152]  do_fast_syscall_32+0x32/0x80
[  624.281428][T17152]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  624.281442][T17152] RIP: 0023:0xf708e579
[  624.281452][T17152] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  624.281463][T17152] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[  624.281474][T17152] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 000000000000000b
[  624.281481][T17152] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000080000200
[  624.281488][T17152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  624.281495][T17152] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  624.281501][T17152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  624.281514][T17152]  </TASK>
[  624.507970][T17150] ptrace attach of "/syz-executor exec"[15123] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  624.615527][T17144] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  624.714806][  T841] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  624.860397][T17164] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3044'.
[  624.864856][T17164] openvswitch: netlink: nsh attr 0 has unexpected len 8 expected 0
[  624.868173][T17164] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  624.875023][  T841] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  624.877999][  T841] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  624.881468][  T841] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  624.891742][  T841] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  624.904639][  T841] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.908607][  T841] usb 7-1: Product: syz
[  624.910422][  T841] usb 7-1: Manufacturer: syz
[  624.912668][  T841] usb 7-1: SerialNumber: syz
[  624.927565][  T841] hub 7-1:1.0: bad descriptor, ignoring hub
[  624.929956][  T841] hub 7-1:1.0: probe with driver hub failed with error -5
[  624.951676][T17169] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3045'.
[  625.149253][T17175] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  625.151409][T17175] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  625.154933][T17175] vhci_hcd vhci_hcd.0: Device attached
[  625.227198][T17179] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.3047'.
[  625.243779][T17177] vhci_hcd: connection closed
[  625.274907][  T841] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  625.280331][ T1147] vhci_hcd: stop threads
[  625.284694][ T1147] vhci_hcd: release socket
[  625.296342][ T1147] vhci_hcd: disconnect device
[  626.623866][  T841] usb 7-1: USB disconnect, device number 29
[  626.627455][  T841] usblp0: removed
[  626.924091][T17190] ptrace attach of "/syz-executor exec"[15123] was attempted by "                                                                ��\x0c��H;�'���Sde/Ȑ|�zP��иW��\x0b�P�<�I7�{���Wr�עӇam�L5��{�޶-ڨ���ظ�����E�f�YS�7�?�V�s��\x0b�M�������`���g��ر/◒��U�C�ΐ�OG�Dn��\x07��w��m}O��q�����p�]��K|I(����9�/�k��Y_�֤vqy����rƲ�.+/�n�y�]�6�B\x5c
*���Lo��� �\x0a��B�\x0d��An���\x0bptQU�olL��obB��M�����ȹ.��T3#(D�\x1b�����?-�M��M�\x0d�{�X���Lhl1G�J(��\x0a����\x07�b\x0cf��\x5c�L�e#�y�w�O%�0��,��zǂ�r�\x5cH�\x22�@)E�lĪo��=��0}�|�����m ��~�M��UK\x0b�QoDU1h$�t�Qf�\x0b�;\x0bvN�T/��rP��x0m�؇dG>�t5Q�I����0k��p��;����t�>?7~��՞��8�)>�\x0a.F�v\x5c0CP�{�\x07ԭ4OT)���%��DkfCkF 籥�;��m\x0c�v�\x0cTʪz5��m֢����v����ī'c���^ت�g_\x0bƍ��8�)c,�(q��e�B���㑻SPt4�o� 
�I�HwL#��@mU�p�E�^a��gh~d�_��9\x07r|��GJj+&ҽk(�\x07���rn�E�4�(����#ë�\x0b Y�βB��\x0aЦ&��R��`�?��L1t����իw��.M�=3�|G����s�m�g�4`|\x22{б�춋���1�[{��ȯw/B�_g�6-�qyk*�o��\x0d\x5cc8����\x5
[  627.410026][T17195] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3052'.
[  627.442765][T17195] openvswitch: netlink: nsh attr 0 has unexpected len 8 expected 0
[  627.446412][T17195] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  627.624067][T17201] gfs2: gfs2 mount does not exist
[  628.180901][  T841] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  628.343014][  T841] usb 10-1: Using ep0 maxpacket: 16
[  628.343367][T17201] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  628.419922][T17214] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3057'.
[  628.555033][T17210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.562362][T17210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.677670][  T841] usb 10-1: unable to get BOS descriptor or descriptor too short
[  628.689216][  T841] usb 10-1: unable to read config index 0 descriptor/start: -71
[  628.692522][  T841] usb 10-1: can't read configurations, error -71
[  628.946001][T17225] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3061'.
[  629.536484][T17234] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3064'.
[  630.032193][T17228] ------------[ cut here ]------------
[  630.034585][T17228] refcount_t: addition on 0; use-after-free.
[  630.037067][T17228] WARNING: CPU: 1 PID: 17228 at lib/refcount.c:25 refcount_warn_saturate+0x1ca/0x210
[  630.040045][T17228] Modules linked in:
[  630.041651][T17228] CPU: 1 UID: 0 PID: 17228 Comm: syz.5.3062 Not tainted syzkaller #0 PREEMPT(full) 
[  630.046564][T17228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  630.049996][T17228] RIP: 0010:refcount_warn_saturate+0x1ca/0x210
[  630.051994][T17228] Code: ff 89 de e8 88 dc d9 fc 84 db 0f 85 e6 fe ff ff e8 9b e1 d9 fc c6 05 a2 e4 b2 0b 01 90 48 c7 c7 20 a6 15 8c e8 77 db 98 fc 90 <0f> 0b 90 90 e9 c3 fe ff ff e8 78 e1 d9 fc c6 05 7d e4 b2 0b 01 90
[  630.057850][T17228] RSP: 0018:ffffc9000e3bfd40 EFLAGS: 00010282
[  630.059771][T17228] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc900275c1000
[  630.062312][T17228] RDX: 0000000000080000 RSI: ffffffff817a0305 RDI: 0000000000000001
[  630.064788][T17228] RBP: ffff8880502dcec8 R08: 0000000000000001 R09: 0000000000000000
[  630.067305][T17228] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92001c77fb0
[  630.069887][T17228] R13: 0000000000000000 R14: ffff8880502dce00 R15: ffff888058430000
[  630.072488][T17228] FS:  0000000000000000(0000) GS:ffff8880975b9000(0063) knlGS:00000000f53d5b40
[  630.075288][T17228] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  630.077367][T17228] CR2: 0000000080032000 CR3: 00000000130ae000 CR4: 0000000000352ef0
[  630.079853][T17228] Call Trace:
[  630.080912][T17228]  <TASK>
[  630.081902][T17228]  ax25_setsockopt+0xfed/0x1170
[  630.083484][T17228]  ? __pfx_ax25_setsockopt+0x10/0x10
[  630.085138][T17228]  ? aa_sock_opt_perm+0xfd/0x1c0
[  630.086708][T17228]  ? __pfx_ax25_setsockopt+0x10/0x10
[  630.088389][T17228]  do_sock_setsockopt+0xf3/0x1d0
[  630.089958][T17228]  __sys_setsockopt+0x120/0x1a0
[  630.091517][T17228]  __ia32_sys_setsockopt+0xbc/0x160
[  630.093265][T17228]  ? lockdep_hardirqs_on+0x7c/0x110
[  630.094926][T17228]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  630.096987][T17228]  __do_fast_syscall_32+0x7c/0x300
[  630.098630][T17228]  do_fast_syscall_32+0x32/0x80
[  630.100191][T17228]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  630.102250][T17228] RIP: 0023:0xf7f02579
[  630.103558][T17228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  630.109941][T17228] RSP: 002b:00000000f53d555c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  630.112611][T17228] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000000000101
[  630.115158][T17228] RDX: 0000000000000019 RSI: 00000000800001c0 RDI: 0000000000000010
[  630.117877][T17228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  630.120600][T17228] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  630.123562][T17228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  630.126717][T17228]  </TASK>
[  630.127921][T17228] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  630.130179][T17228] CPU: 1 UID: 0 PID: 17228 Comm: syz.5.3062 Not tainted syzkaller #0 PREEMPT(full) 
[  630.133655][T17228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  630.137730][T17228] Call Trace:
[  630.138845][T17228]  <TASK>
[  630.139915][T17228]  dump_stack_lvl+0x3d/0x1f0
[  630.141377][T17228]  vpanic+0x6e8/0x7a0
[  630.142618][T17228]  ? __pfx_vpanic+0x10/0x10
[  630.144046][T17228]  ? refcount_warn_saturate+0x1ca/0x210
[  630.145760][T17228]  panic+0xca/0xd0
[  630.146965][T17228]  ? __pfx_panic+0x10/0x10
[  630.148341][T17228]  check_panic_on_warn+0xab/0xb0
[  630.149916][T17228]  __warn+0xf6/0x3c0
[  630.151206][T17228]  ? __pfx_vprintk_emit+0x10/0x10
[  630.152747][T17228]  ? refcount_warn_saturate+0x1ca/0x210
[  630.154482][T17228]  report_bug+0x3c3/0x580
[  630.155863][T17228]  ? refcount_warn_saturate+0x1ca/0x210
[  630.157593][T17228]  handle_bug+0x184/0x210
[  630.158936][T17228]  exc_invalid_op+0x17/0x50
[  630.160375][T17228]  asm_exc_invalid_op+0x1a/0x20
[  630.161866][T17228] RIP: 0010:refcount_warn_saturate+0x1ca/0x210
[  630.163777][T17228] Code: ff 89 de e8 88 dc d9 fc 84 db 0f 85 e6 fe ff ff e8 9b e1 d9 fc c6 05 a2 e4 b2 0b 01 90 48 c7 c7 20 a6 15 8c e8 77 db 98 fc 90 <0f> 0b 90 90 e9 c3 fe ff ff e8 78 e1 d9 fc c6 05 7d e4 b2 0b 01 90
[  630.169688][T17228] RSP: 0018:ffffc9000e3bfd40 EFLAGS: 00010282
[  630.171629][T17228] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc900275c1000
[  630.174102][T17228] RDX: 0000000000080000 RSI: ffffffff817a0305 RDI: 0000000000000001
[  630.176574][T17228] RBP: ffff8880502dcec8 R08: 0000000000000001 R09: 0000000000000000
[  630.179007][T17228] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92001c77fb0
[  630.181469][T17228] R13: 0000000000000000 R14: ffff8880502dce00 R15: ffff888058430000
[  630.183880][T17228]  ? __warn_printk+0x1a5/0x350
[  630.185376][T17228]  ax25_setsockopt+0xfed/0x1170
[  630.186879][T17228]  ? __pfx_ax25_setsockopt+0x10/0x10
[  630.188493][T17228]  ? aa_sock_opt_perm+0xfd/0x1c0
[  630.190021][T17228]  ? __pfx_ax25_setsockopt+0x10/0x10
[  630.191685][T17228]  do_sock_setsockopt+0xf3/0x1d0
[  630.193670][T17228]  __sys_setsockopt+0x120/0x1a0
[  630.195632][T17228]  __ia32_sys_setsockopt+0xbc/0x160
[  630.197697][T17228]  ? lockdep_hardirqs_on+0x7c/0x110
[  630.199784][T17228]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  630.202402][T17228]  __do_fast_syscall_32+0x7c/0x300
[  630.204462][T17228]  do_fast_syscall_32+0x32/0x80
[  630.206564][T17228]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  630.208643][T17228] RIP: 0023:0xf7f02579
[  630.209985][T17228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  630.216084][T17228] RSP: 002b:00000000f53d555c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  630.218665][T17228] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000000000101
[  630.221144][T17228] RDX: 0000000000000019 RSI: 00000000800001c0 RDI: 0000000000000010
[  630.223630][T17228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  630.226068][T17228] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  630.228560][T17228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  630.231003][T17228]  </TASK>
[  630.232739][T17228] Kernel Offset: disabled
[  630.234087][T17228] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:07:15  Registers:
info registers vcpu 0

CPU#0
EAX=f6c75670 EBX=815fea0b ECX=f6c755c0 EDX=815fea0b
ESI=ffffffff EDI=ffffffff EBP=ffffffff ESP=ffece120
EIP=f7097e26 EFL=00000246 [---Z-P-] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0023 00000000 ffffffff 00c0fb00 DPL=3 CS32 [-RA]
SS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =002b 00000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 00000000 ffffffff 00c00000
GS =0063 57c45440 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 00000000 ffffffff 00c00000
TR =0040 00003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002e3dfff8 CR3=000000006ab2c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561ed25 RDI=ffffffff9b103780 RBP=ffffffff9b103740 RSP=ffffc9000e3bf6b0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000038 R14=ffffffff9b103740 R15=ffffffff8561ecc0
RIP=ffffffff8561ed4f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975b9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080032000 CR3=00000000130ae000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000d8efd5 RBX=0000000000000002 RCX=ffffffff8b91db29 RDX=0000000000000000
RSI=ffffffff8de4f872 RDI=ffffffff8c163780 RBP=ffffed1003a5a910 RSP=ffffc9000047fdf8
R8 =0000000000000001 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000000
R12=0000000000000002 R13=ffff88801d2d4880 R14=ffffffff90abad90 R15=0000000000000000
RIP=ffffffff8b91c66f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880976b9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080fe9000 CR3=000000006a614000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000001 RBX=ffff88802b43a440 RCX=0000000000000100 RDX=0000000000000001
RSI=0000000000000002 RDI=ffff88802b43a442 RBP=dffffc0000000000 RSP=ffffc9000e5ef4f8
R8 =0000000000000001 R9 =ffff88802b53b394 R10=ffff88802b43a443 R11=0000000000000000
R12=0000000000007fe1 R13=0000000000000000 R14=ffff88802b53b380 R15=ffffed1005687488
RIP=ffffffff8b949ac8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977b9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080021018 CR3=0000000069f89000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000