last executing test programs:

9.421801578s ago: executing program 0 (id=335):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r7, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0xfffff, 0xfffffffffffffffe)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0xb, {0x0, 0x0, 0x0, 0x8, 0xd, 0x0, 0x0, 0x16, 0x10, "63cb540947071d5c42f6ed9f5817c6c0654f25c79c1e0e6c56b42414ed5b5870ce94d25b8dad0e4b6b27a7ff3df2ac50ab6a0e7c11b296ca28857d0d42dafa61", "003a2012581208a028e7b0cf2be3a10be7e86cc15bec30438bcef2eb2f5aa03cc66e6497540053881f6cdeba81751ffe2b0f76e98ccd4e17e34720678e20ad70", "21fdd8a75b1f7934592a3014302c4be4d87311c6bcc23f953d41c3af95a56e88", [0x7, 0x1]}})

8.461223828s ago: executing program 0 (id=340):
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
fchdir(0xffffffffffffffff)
open(0x0, 0x20000, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000180)=0x7) (fail_nth: 2)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)
getdents(0xffffffffffffffff, &(0x7f00000003c0)=""/202, 0xca)
getdents64(0xffffffffffffffff, 0x0, 0x0)
syz_usb_disconnect(r0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r3, 0x5b04, 0x0)

5.610170831s ago: executing program 1 (id=347):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x12d182, 0x0)
r1 = dup(r0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan0\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x8a2b01)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000)
r5 = syz_open_dev$dri(&(0x7f0000000200), 0x2, 0x100040)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r5, 0xc01064bd, &(0x7f0000000080)={&(0x7f0000000340)="4cdc00", 0x3})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r5, 0xc01064bd, &(0x7f00000002c0)={&(0x7f0000000700)="8623d43b", 0x4, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r5, 0xc00464be, &(0x7f0000000300)={r6})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@hyper})
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x2, 0x0, &(0x7f0000ffa000/0x4000)=nil)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x10)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000ac0)=@newqdisc={0x14c, 0x24, 0xf0b, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {}, {0x4, 0x6}, {0x7ff9}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "e131a2474ce6aaf1be7533de051cd77b1a8e3fe8f1204c7e0ff6770d957efb7f3b98f4ef075ca55b8c13cb265b8a88e80d17d655a15331a6930aa9e73c43cc187c6a6cf7dc093ef7aeb8a68230632278ef98e3c2ac111354d88c738ecd156d79be5a2f4309975957f0bcb0f47ee92d8bda25ed824f97ee7ebcdfe43a6acf8276da95940c23ef9823b37c848493604ef471ba4f60a7c75822e76ccf8617c693d9dfc0bd4f48ac287b145f71442a655203a6a13cd6040724b57ddb20c9778b849663df9d38171e219c418624a6797d2d81f24153bba0ad5cc2a903d5a33cb5f653258b39b5e4ae76f08789996dfc3acacdaa848f36a52b663a4449c3d3ca00"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x9, 0xa, 0x30, 0x0, 0x2, 0x20, 0x7}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0x800)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x100000000000000}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
read$eventfd(r1, &(0x7f0000000100), 0x8)

5.517628249s ago: executing program 3 (id=348):
r0 = openat$ppp(0xffffff9c, &(0x7f0000000100), 0x40, 0x0)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000180)=0x100)
fsopen(&(0x7f00000001c0)='exofs\x00', 0x0)
r1 = fsopen(&(0x7f0000000000)='iso9660\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='o\x05\x00P\be\x9a\xd9\xf5O\x88\x0f\x97', &(0x7f0000000340)='#\x00\x00\x00\x00\x00\x00\x00\x00\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xcc:rC\xb3=\x17\x02/x\x84=\x17\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\x00\xe2\x96T\xa3\xa5\xeb\x0f\xf2f.\xb9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7\xf8\xe3\x04\xbb\x10\x1d3\xa6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9e\\8Y\x8c\xe5#O\x02F\xdc\xb2\x01\xcfw\xfc\x1e\xd4\\\r\xdd\x89\x9e\xac\xd51\x17P\x98Eq\v\xe9\x81%\xac$\xa7\xb0', 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'ip_vti0\x00', &(0x7f0000000480)=@ethtool_perm_addr={0x20, 0xa3, "236dc6ab9dceba8334b7b0b1cc653a0c289d41f2949aa77d074fd96b4804e91999abe3ea823af4d32070eaf5b6553a2443c9ca56808bdab2558adb552b1dad1f4374d6664fd4b2ff39b157bc8037b19ab411ea1c4dbcfb6ca4735296d210050e4a4778a07f77fe20118941cdee9d0b6f70fd2f384ed74e60a7ad6aeadbb84a12c0097b416474c15dbf38047ada83df7816683cf8cbc5409792bab7138afd7a74c24d61"}})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x1c8, 0x12)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x40, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000000)

5.404519403s ago: executing program 0 (id=349):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
read$char_usb(r0, &(0x7f00000002c0)=""/151, 0x97) (fail_nth: 1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
close(r0)

5.360762182s ago: executing program 3 (id=350):
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0xc0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000000)=ANY=[]) (fail_nth: 1)

4.638802374s ago: executing program 1 (id=352):
mknod(&(0x7f0000000380)='./file0\x00', 0x2, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
r2 = socket(0x1d, 0x2, 0x7)
ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000100)=@generic={0x1, 0x1})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r3)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0xc0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000000)=ANY=[])
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r4, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r6, 0x800, 0x70bd25, 0x25dfdbfd, {{}, {}, {0x14, 0x19, {0x3, 0x1ff, 0x3, 0xffff0000}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000)

2.861274944s ago: executing program 0 (id=354):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @local}, 0x2, 0x0, 0x4, 0x3}}, 0x2e)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a692de802c383341695d6979e7ab5450ffc63af4990de7004e64c15f4849101e773f508e0d1d5b8b1dfe56bf35f28fec69fdaec40cfae5752c", @ANYRES16=r4, @ANYBLOB="01002cbd70100400000005000000080009000200000008000c00a80a000008000b0000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40811}, 0x20)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
openat$cuse(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r6, 0x3a, 0xcb, 0x0, 0x0)
syz_clone3(&(0x7f0000000400)={0x14515b800, 0x0, 0x0, 0x0, {0x9}, 0x0, 0x0, 0x0, 0x0}, 0x58)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x68800)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0x3, 0x2)
r9 = syz_open_dev$hiddev(&(0x7f0000000280), 0x4ee, 0xc000)
ioctl$HIDIOCGVERSION(r9, 0x80044801, &(0x7f0000000380))
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

2.751008699s ago: executing program 2 (id=357):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x2a, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x300, 0xfffffffc, 0xfffffffe}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00')
write$binfmt_script(r6, &(0x7f00000003c0)={'#! ', './file0'}, 0xb)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r7)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000300)={0x28, r8, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x5}]}, 0x28}}, 0x0)
write$qrtrtun(0xffffffffffffffff, &(0x7f0000000300)="ca0e808bb35bda", 0x7)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xf00, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x103f, 0x4, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xd1, 0xc, 0x30, {0x6, 0xffffffff}, 0xd0, 0x9}})

2.551383249s ago: executing program 0 (id=358):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x2, 0xffffffffffffffff)
r4 = fanotify_init(0x20, 0x0)
fanotify_mark(r4, 0x1, 0x2, r3, 0x0)
fanotify_mark(r4, 0x80, 0x8001020, r3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r5}, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0xc}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4044081}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) (async)
epoll_create1(0x0) (async)
fcntl$dupfd(r2, 0x2, 0xffffffffffffffff) (async)
fanotify_init(0x20, 0x0) (async)
fanotify_mark(r4, 0x1, 0x2, r3, 0x0) (async)
fanotify_mark(r4, 0x80, 0x8001020, r3, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r5}, 0xc) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0xc}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4044081}, 0x10) (async)

2.550961857s ago: executing program 0 (id=359):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x9, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
syz_emit_ethernet(0xa2, &(0x7f0000000380)=ANY=[@ANYBLOB="0180c200000300000000000008004500009400000000fb01907882690001ac1414aa03019078032400004e00000000010000b50100077f000001640100fe860600000020865e00000000000ce256b28c5903000000520009020007651442eb0009e706d30bd224f80207cfa11cab1a00098475be675de6a7000a0000000000800000001273bc23f9ffffffa30900a301c8460000000ec832fd44019ea788f03d9d32"], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000040)={0x18, &(0x7f00000001c0)={0x40, 0x3, 0x5, {0x5, 0x4, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000100)={@my=0x1})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r6, 0x7af, &(0x7f0000000200)={@host, 0x2814})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='percpu_alloc_percpu\x00', r8}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x6, 0x4, 0xfff, 0x7}, 0x50)

2.181846473s ago: executing program 3 (id=360):
openat$kvm(0xffffffffffffff9c, 0x0, 0x740, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffd, 0x106, 0x1, @buffer={0xf5, 0x0, 0x0}, &(0x7f00000002c0)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5bc6752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc807543ddff977834d8740fabc6db21e011079ec7baa1ef03a3b", 0x0, 0x10, 0x16, 0x1, 0x0})

2.181502105s ago: executing program 1 (id=361):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYRESHEX=r0, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r0], 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00'}, 0x94)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
sendto$netrom(r3, 0x0, 0xfffffffffffffead, 0x0, &(0x7f0000000240)={{0x6, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000080)=@req={0x20, &(0x7f0000000000)={'veth1_to_batadv\x00', @ifru_names='pim6reg\x00'}})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(0xffffffffffffffff, 0xc02864c3, &(0x7f0000000380)={&(0x7f0000000100)=[r4], 0x3, 0x1, 0x1})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x27, 0xe, 0x0, &(0x7f00000005c0)="f8ad48cc02cb29dcc8007f5b0800", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.168411205s ago: executing program 1 (id=362):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000240)={0x20, r3, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x14}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x48004}, 0x14)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000540)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000000440)=[{&(0x7f00000005c0)=""/190, 0xbe}, {&(0x7f0000000280)=""/38, 0x26}, {&(0x7f0000000680)=""/157, 0x9d}, {&(0x7f0000000740)=""/135, 0x87}, {&(0x7f00000003c0)=""/59, 0x3b}], 0x5, &(0x7f0000000800)=""/203, 0xcb}}, {{&(0x7f0000000900)=@l2tp={0x2, 0x0, @private}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000980)=""/253, 0xfd}], 0x1, &(0x7f0000000a80)}, 0x9}], 0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r5 = open(&(0x7f0000000200)='./file0\x00', 0x200081, 0x4c)
mknodat$loop(r5, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000240)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_int(r4, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{}, 0x0, 0x0}, 0x20)
recvmmsg(r4, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000140)={0x2a, 0x3, 0x7fff}, 0xc)

1.741368802s ago: executing program 2 (id=363):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000017000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x25}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd01000080190000000000000000000000000000000000000000000052aa00", [0x0, 0x5]}})
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r7, 0x0, 0x4000000)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0xff80, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.211617252s ago: executing program 1 (id=364):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000fc0), 0x0, 0x0, 0x0})
r7 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r7, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0xfffff, 0xfffffffffffffffe)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0xb, {0x0, 0x0, 0x0, 0x8, 0xd, 0x0, 0x0, 0x16, 0x10, "63cb540947071d5c42f6ed9f5817c6c0654f25c79c1e0e6c56b42414ed5b5870ce94d25b8dad0e4b6b27a7ff3df2ac50ab6a0e7c11b296ca28857d0d42dafa61", "003a2012581208a028e7b0cf2be3a10be7e86cc15bec30438bcef2eb2f5aa03cc66e6497540053881f6cdeba81751ffe2b0f76e98ccd4e17e34720678e20ad70", "21fdd8a75b1f7934592a3014302c4be4d87311c6bcc23f953d41c3af95a56e88", [0x7, 0x1]}})

1.131284818s ago: executing program 3 (id=365):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001640), <r1=>0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00'})
futex(0x0, 0x10b, 0x2, 0x0, 0x0, 0x0)
syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYRESHEX=r1, @ANYRESHEX=r3, @ANYRESHEX=r4])
write$P9_RVERSION(r4, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1000})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x0, 0x9}, {0xffff, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x8}}]}, 0x2c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x121, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x2, 0xa}, {0x1, 0xfff1}, {0x7, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000090}, 0x4041080)
syz_genetlink_get_family_id$team(&(0x7f0000000880), 0xffffffffffffffff)
sendmsg$TEAM_CMD_NOOP(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2405a8c5}, 0x4850)
r12 = socket(0xa, 0x3, 0x3a)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000808000a40000000000b00020073797a31000000000900010073797a3000000000080005400000002508000640ffffff000800034000000038a40100000c0a01010000000000000000070000000900010073797a31000000000900010073797a300000000078010380740100800c000540000000000000000804000280040001800c0005400000000000000c5b440007800b0001006f626a726566000034000280080003400000001c08000140000000050900040073797a320000000008000140000000060900020073797a3200000000090073697af23d60b63d4c69fe82ce60050eb23ee43100000000fe00064049c999253587dbff6aabc0987df12577a0b936f3ae2c1202092faab65ecf5627c5083c64d0bdb067d79ee9a9c827c1b79309a56d45dbc1513aea224bd889e90857135d3656b27b24e6bf19647ee667b8c5df626b531ef8309623c8fd7c62d98976dd9b61cda049c17cf68dc66ba4fb0774d4d48a69e6e0b68c74426127bf5386597c9b937ba60252854d7db71908f8440f9617acd67abe0e224da2480fdfb50728daf2c8a344d959753ce1fc8ee462e18eb81d7921664d0cf9dde7ccbb6d291f23381d488782e378e616a43ff0c19d1cefe507f46163f39bc162e66d118528bf8a80dcfdcf2da1861b26d07e7136bf23110000140000001000010000000000000000000084000a"], 0x238}}, 0x0)
setsockopt$sock_int(r13, 0x1, 0x3, &(0x7f0000000080)=0xee, 0x4)
openat$kvm(0xffffff9c, &(0x7f0000000180), 0x121000, 0x0)
setsockopt$MRT6_DEL_MIF(r12, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r12, 0x29, 0xcc, 0x0, 0x0)

1.001579727s ago: executing program 3 (id=366):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(0xffffffffffffffff, r1, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f00000002c0)="1d", 0xfffff, 0xfffffffffffffffe)

37.533801ms ago: executing program 2 (id=367):
r0 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000b80))
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$pfkey(0xffffff9c, &(0x7f0000000200), 0x40c103, 0x0)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x1, 0x70bd2a, 0x44, {0x5}}, 0x14}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20)
lseek(r4, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
getsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000000100), &(0x7f0000000240)=0x4)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x14)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000480)={0x1, 0x0, @pic={0xf7, 0x1, 0xff, 0x3, 0x8e, 0x6, 0x8e, 0x5, 0x9, 0x0, 0xc, 0x7f, 0x9, 0x3, 0x9, 0x4e}})
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f7410262e66f36d0f330f09660f3a0cb90000a6752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x31}], 0x1, 0x4498bda7e2139f37, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x6, 0x8000, 0x40, 0x0, 0xe0, 0x2004cc, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x3, 0x8, 0x200004, 0x0, 0x3, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

37.236679ms ago: executing program 2 (id=368):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000002d00010026bdf000fcdbdf25041a0000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0fff100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$netlink(0x10, 0x3, 0x10)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0x40045542, 0x0)
close(0x3)

36.9415ms ago: executing program 1 (id=369):
socket$inet6_sctp(0xa, 0x801, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x90ff, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x84}, {0x14}, {0x6, 0x0, 0x0, 0x7ffffcb9}]})
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x3}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, 0x0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x302, 0xfff9, 0x0, 0x0, 0x0})

1.926905ms ago: executing program 2 (id=370):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000140)=0x5)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000001000)=""/4096, 0x1000}], 0x1)
write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2, 0x2000000}], 0x37) (fail_nth: 3)

1.559917ms ago: executing program 2 (id=371):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vxcan1\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000000)={0x1d, r1}, 0x10)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
bind$can_raw(r0, &(0x7f0000000080), 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0x52f, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffa7, 0x1400}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e22}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e23}]}}}]}, 0x48}}, 0x20000000)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000380)=@raw=[@ringbuf_output, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x101}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x3}], &(0x7f00000002c0)='GPL\x00', 0x9c, 0xaf, &(0x7f0000000400)=""/175, 0x41000, 0x0, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x5, 0xa, 0x0, 0x7}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000540)=[{0x3, 0x5, 0x7, 0xb}, {0x3, 0x4, 0x9, 0x5}], 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000100)='afs_send_data\x00', r6, 0x0, 0xd}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x48, r4, 0x1, 0xfffffffe, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r7}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r7}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000890}, 0x20000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r8, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$inet6(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000680)='mm_vmscan_node_reclaim_begin\x00', r6, 0x0, 0x3}, 0x18)
sendmsg$inet(r9, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)

0s ago: executing program 3 (id=372):
userfaultfd(0x1)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000740)={0x34, r1, 0x852dd6c070cd7e4d, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x4}]}, 0x34}, 0x4, 0x700000000000000, 0x0, 0x4}, 0x8850)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a50a86b06000000e27f00000103d91af80784f268d37aec484c3496132eb7264071f8e5ab5126a4450a179503666c5b1db0e6bae2fa457fda8f3f14323a235eff49e3577482a770a3d837c89920c50d3da04550b9b0e6b899ec7f20c0aff979b211"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000018117b73ad3738c59eadf01e7138c7ab38910b183223b9e94ac3b27ecb6eb6a639a523172f0b3d006aae1b1354272a3575b836d5aec70734c303ad1b68307ae012ab03bfcecafbebf49cffffffffffffff7f0a9dc9d429e4c3cc6dd5f4f363671592139cc136052460e8db23fa2f151e284f181adc1f03f2eb649ce1d798570a33d453e793b1886976d3be653655f844358e964588f0b6b8629a3f9616f9b28ffe1df5096dacb859827e490cecf627bdbfeb4c49066dafc7ec91368ecc76ddcbb26ef15bf46658b878e4c9a78308c02f86394239169eaf5ef00820e87a8757", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r5}, 0x10)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0xffffffffffffffb6)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x1c)
ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000080)={'virt_wifi0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r7, 0xc0145401, &(0x7f0000000600)={0x1, 0x0, 0x0, 0xfdfdffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x23b, &(0x7f0000000480)={0x0, 0x8101, 0x1000, 0x10000, 0x70, 0x0, r8}, &(0x7f00000000c0)=<r10=>0x0, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket$pppl2tp(0x18, 0x1, 0x1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:44575' (ED25519) to the list of known hosts.
[   41.730926][ T5959] cgroup: Unknown subsys name 'net'
[   41.906193][ T5959] cgroup: Unknown subsys name 'cpuset'
[   41.909967][ T5959] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.797597][ T5959] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.609692][ T5979] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   46.612987][ T5979] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   46.616059][ T5979] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   46.616349][ T5983] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   46.618797][ T5979] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   46.621314][ T5983] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   46.623647][ T5979] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   46.625639][ T5983] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   46.627853][ T5991] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   46.630586][ T5983] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   46.633537][ T5986] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   46.633686][ T5979] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   46.634663][ T5983] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   46.636781][ T5979] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   46.637166][ T5986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   46.637481][ T5986] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   46.637939][ T5986] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   46.638215][ T5986] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   46.655142][ T5979] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   46.658009][ T5979] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   46.870121][ T5976] chnl_net:caif_netlink_parms(): no params data found
[   46.881889][ T5984] chnl_net:caif_netlink_parms(): no params data found
[   46.968519][ T5978] chnl_net:caif_netlink_parms(): no params data found
[   47.070923][ T5985] chnl_net:caif_netlink_parms(): no params data found
[   47.102376][ T5984] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.105110][ T5984] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.107465][ T5984] bridge_slave_0: entered allmulticast mode
[   47.110119][ T5984] bridge_slave_0: entered promiscuous mode
[   47.113556][ T5984] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.115830][ T5984] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.118015][ T5984] bridge_slave_1: entered allmulticast mode
[   47.120469][ T5984] bridge_slave_1: entered promiscuous mode
[   47.126316][ T5976] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.128854][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.131065][ T5976] bridge_slave_0: entered allmulticast mode
[   47.133981][ T5976] bridge_slave_0: entered promiscuous mode
[   47.137589][ T5976] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.140049][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.142498][ T5976] bridge_slave_1: entered allmulticast mode
[   47.145984][ T5976] bridge_slave_1: entered promiscuous mode
[   47.237822][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.240100][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.242272][ T5978] bridge_slave_0: entered allmulticast mode
[   47.245346][ T5978] bridge_slave_0: entered promiscuous mode
[   47.290965][ T5976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.294589][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.296857][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.299034][ T5978] bridge_slave_1: entered allmulticast mode
[   47.301659][ T5978] bridge_slave_1: entered promiscuous mode
[   47.306171][ T5984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.313974][ T5976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.346127][ T5984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.395323][ T5978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.420896][ T5976] team0: Port device team_slave_0 added
[   47.424593][ T5978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.449972][ T5984] team0: Port device team_slave_0 added
[   47.479876][ T5976] team0: Port device team_slave_1 added
[   47.513036][ T5984] team0: Port device team_slave_1 added
[   47.538138][ T5985] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.540984][ T5985] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.543879][ T5985] bridge_slave_0: entered allmulticast mode
[   47.547474][ T5985] bridge_slave_0: entered promiscuous mode
[   47.568118][ T5978] team0: Port device team_slave_0 added
[   47.583678][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.586528][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.589551][ T5985] bridge_slave_1: entered allmulticast mode
[   47.592972][ T5985] bridge_slave_1: entered promiscuous mode
[   47.611148][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.613235][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.622592][ T5976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.628208][ T5978] team0: Port device team_slave_1 added
[   47.664422][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.666792][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.674431][ T5976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.694039][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.696965][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.704766][ T5984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.750251][ T5984] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.752336][ T5984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.759916][ T5984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.765076][ T5985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.770375][ T5985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.773401][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.775653][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.783144][ T5978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.816459][ T5978] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.818548][ T5978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.826221][ T5978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.894369][ T5984] hsr_slave_0: entered promiscuous mode
[   47.896736][ T5984] hsr_slave_1: entered promiscuous mode
[   47.929296][ T5985] team0: Port device team_slave_0 added
[   47.934345][ T5985] team0: Port device team_slave_1 added
[   47.954505][ T5976] hsr_slave_0: entered promiscuous mode
[   47.957153][ T5976] hsr_slave_1: entered promiscuous mode
[   47.959156][ T5976] debugfs: 'hsr0' already exists in 'hsr'
[   47.960927][ T5976] Cannot create hsr debugfs directory
[   48.019988][ T5985] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.022067][ T5985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.029767][ T5985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.049929][ T5978] hsr_slave_0: entered promiscuous mode
[   48.052377][ T5978] hsr_slave_1: entered promiscuous mode
[   48.054449][ T5978] debugfs: 'hsr0' already exists in 'hsr'
[   48.056282][ T5978] Cannot create hsr debugfs directory
[   48.058472][ T5985] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.060533][ T5985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.069323][ T5985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.212555][ T5985] hsr_slave_0: entered promiscuous mode
[   48.215363][ T5985] hsr_slave_1: entered promiscuous mode
[   48.217568][ T5985] debugfs: 'hsr0' already exists in 'hsr'
[   48.219320][ T5985] Cannot create hsr debugfs directory
[   48.461448][ T5984] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   48.467448][ T5984] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   48.471933][ T5984] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   48.482333][ T5984] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   48.513504][ T5978] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   48.522131][ T5978] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   48.526872][ T5978] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   48.532937][ T5978] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   48.577266][ T5985] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   48.581945][ T5985] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   48.598616][ T5985] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   48.604736][ T5985] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   48.644610][ T5979] Bluetooth: hci0: command tx timeout
[   48.644980][ T5989] Bluetooth: hci1: command tx timeout
[   48.645061][ T5981] Bluetooth: hci2: command tx timeout
[   48.658071][ T5976] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   48.662537][ T5976] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   48.666748][ T5976] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   48.671876][ T5976] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   48.713724][ T5984] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.723901][ T5989] Bluetooth: hci3: command tx timeout
[   48.739847][ T5978] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.757665][ T5985] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.765441][ T5984] 8021q: adding VLAN 0 to HW filter on device team0
[   48.773523][ T5978] 8021q: adding VLAN 0 to HW filter on device team0
[   48.781351][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.783729][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.787943][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.790076][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.793078][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.795346][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.810658][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.812893][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.828903][ T5985] 8021q: adding VLAN 0 to HW filter on device team0
[   48.846994][ T5976] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.850979][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.853095][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.865175][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.867597][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.879703][ T5976] 8021q: adding VLAN 0 to HW filter on device team0
[   48.892165][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.894919][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.908743][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.911337][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.931667][ T5985] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   48.935630][ T5985] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   48.967337][ T5976] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   48.970418][ T5976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   49.022805][ T5984] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.057593][ T5978] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.069891][ T5984] veth0_vlan: entered promiscuous mode
[   49.078790][ T5985] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.092795][ T5984] veth1_vlan: entered promiscuous mode
[   49.118167][ T5976] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.139093][ T5978] veth0_vlan: entered promiscuous mode
[   49.150655][ T5984] veth0_macvtap: entered promiscuous mode
[   49.154652][ T5985] veth0_vlan: entered promiscuous mode
[   49.162669][ T5984] veth1_macvtap: entered promiscuous mode
[   49.173490][ T5976] veth0_vlan: entered promiscuous mode
[   49.176354][ T5978] veth1_vlan: entered promiscuous mode
[   49.185213][ T5985] veth1_vlan: entered promiscuous mode
[   49.192082][ T5976] veth1_vlan: entered promiscuous mode
[   49.195848][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.209205][ T5984] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.218940][ T5978] veth0_macvtap: entered promiscuous mode
[   49.223148][ T5978] veth1_macvtap: entered promiscuous mode
[   49.231925][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.242474][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.246053][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.255518][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.263119][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.268071][ T5985] veth0_macvtap: entered promiscuous mode
[   49.273099][ T5976] veth0_macvtap: entered promiscuous mode
[   49.289442][ T5978] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.292325][ T5985] veth1_macvtap: entered promiscuous mode
[   49.297173][ T5976] veth1_macvtap: entered promiscuous mode
[   49.316611][   T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.319674][   T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.328319][   T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.331328][   T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.345362][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.350087][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.362145][ T5985] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.368537][ T5985] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.372597][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.375837][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.380601][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.384388][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.394985][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.400405][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.413040][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.417485][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.429436][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.430766][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.431808][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.435952][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.450793][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.453931][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.488528][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.493075][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.495061][   T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.495072][   T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.525024][ T5984] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   49.528618][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.533046][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.570432][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.573264][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.587511][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.589980][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.674490][ T6064] Zero length message leads to an empty skb
[   49.864057][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.183692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   50.723876][ T5989] Bluetooth: hci0: command tx timeout
[   50.723901][ T5979] Bluetooth: hci1: command tx timeout
[   50.733868][ T5979] Bluetooth: hci2: command tx timeout
[   50.814871][ T5979] Bluetooth: hci3: command tx timeout
[   50.843844][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.853842][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.856443][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.033905][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   51.392934][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   51.488113][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   51.691770][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   51.896503][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   52.232714][ T6091] netlink: 'syz.0.8': attribute type 4 has an invalid length.
[   52.754476][ T1116] sr 2:0:0:0: [sr0] tag#17 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[   52.757910][ T1116] sr 2:0:0:0: [sr0] tag#17 Sense Key : Illegal Request [current] 
[   52.762168][ T1116] sr 2:0:0:0: [sr0] tag#17 Add. Sense: Invalid command operation code
[   52.764901][ T1116] sr 2:0:0:0: [sr0] tag#17 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00
[   52.767485][ T1116] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 1
[   52.770822][ T1116] Buffer I/O error on dev sr0, logical block 0, lost async page write
[   52.804248][ T5989] Bluetooth: hci2: command tx timeout
[   52.805987][ T5989] Bluetooth: hci0: command tx timeout
[   52.808113][ T5989] Bluetooth: hci1: command tx timeout
[   52.884081][ T5981] Bluetooth: hci3: command tx timeout
[   52.939037][   T79] Bluetooth: Error in BCSP hdr checksum
[   54.643729][ T5981] Bluetooth: hci4: command 0x1003 tx timeout
[   54.643905][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   54.913787][ T5979] Bluetooth: hci1: command tx timeout
[   54.916058][ T5981] Bluetooth: hci0: command tx timeout
[   54.917825][ T5981] Bluetooth: hci2: command tx timeout
[   54.973868][ T5979] Bluetooth: hci3: command tx timeout
[   55.873663][   T40] audit: type=1326 audit(1756745138.806:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6139 comm="syz.0.18" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc3579 code=0x0
[   56.103663][ T6151] loop8: detected capacity change from 0 to 8
[   56.131730][ T5990] Dev loop8: unable to read RDB block 8
[   56.134007][ T5990]  loop8: unable to read partition table
[   56.138610][ T5990] loop8: partition table beyond EOD, truncated
[   56.162854][ T6151] Dev loop8: unable to read RDB block 8
[   56.172016][ T6151]  loop8: unable to read partition table
[   56.179287][ T6151] loop8: partition table beyond EOD, truncated
[   56.179794][ T6155] netlink: 'syz.2.22': attribute type 4 has an invalid length.
[   56.183688][ T6151] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[   56.198453][ T5389] udevd[5389]: worker [5990] terminated by signal 33 (Unknown signal 33)
[   56.201225][ T5389] udevd[5389]: worker [5990] failed while handling '/devices/virtual/block/loop8'
[   59.762307][ T6205] netlink: 92 bytes leftover after parsing attributes in process `syz.0.32'.
[   59.765549][ T6205] netlink: 20 bytes leftover after parsing attributes in process `syz.0.32'.
[   59.903990][ T6207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.31'.
[   64.343666][ T5846] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   64.494698][ T5846] usb 5-1: Using ep0 maxpacket: 32
[   64.497990][ T5846] usb 5-1: no configurations
[   64.499461][ T5846] usb 5-1: can't read configurations, error -22
[   64.583025][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.3.42'.
[   64.633678][ T5846] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   64.794833][ T5846] usb 5-1: Using ep0 maxpacket: 32
[   64.797448][ T5846] usb 5-1: no configurations
[   64.799298][ T5846] usb 5-1: can't read configurations, error -22
[   64.801986][ T5846] usb usb5-port1: attempt power cycle
[   65.163714][ T5846] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   65.184128][ T5846] usb 5-1: Using ep0 maxpacket: 32
[   65.189428][ T5846] usb 5-1: no configurations
[   65.193677][ T5846] usb 5-1: can't read configurations, error -22
[   65.332046][ T6267] netlink: 'syz.1.50': attribute type 4 has an invalid length.
[   65.333702][ T5846] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   65.354142][ T5846] usb 5-1: Using ep0 maxpacket: 32
[   65.356357][ T5846] usb 5-1: no configurations
[   65.357894][ T5846] usb 5-1: can't read configurations, error -22
[   65.360093][ T5846] usb usb5-port1: unable to enumerate USB device
[   65.741298][ T6271] netlink: 'syz.1.51': attribute type 4 has an invalid length.
[   66.368526][ T6288] binder: 6275:6288 ioctl c0306201 0 returned -14
[   67.175191][ T6294] tipc: Started in network mode
[   67.177361][ T6294] tipc: Node identity c, cluster identity 4711
[   67.179391][ T6294] tipc: Node number set to 12
[   67.214599][ T6301] netlink: 'syz.3.59': attribute type 4 has an invalid length.
[   69.229954][ T6329] pim6reg: entered allmulticast mode
[   69.427141][ T6333] tipc: Started in network mode
[   69.428726][ T6333] tipc: Node identity c, cluster identity 4711
[   69.430713][ T6333] tipc: Node number set to 12
[   69.452908][ T6334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.66'.
[   69.469462][ T6334] bridge_slave_1: left allmulticast mode
[   69.481773][ T6334] bridge_slave_1: left promiscuous mode
[   69.489026][ T6334] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.643735][ T6334] bridge_slave_0: left allmulticast mode
[   69.645958][ T6334] bridge_slave_0: left promiscuous mode
[   69.648871][ T6334] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.773835][ T1137] Bluetooth: Error in BCSP hdr checksum
[   70.802173][ T6368] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   70.886338][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[   70.888413][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[   70.909488][ T6372] tipc: Started in network mode
[   70.911080][ T6372] tipc: Node identity cecae645ab3c, cluster identity 4711
[   70.914304][ T6372] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   70.916871][ T6372] syzkaller0: entered promiscuous mode
[   70.919250][ T6372] syzkaller0: entered allmulticast mode
[   70.939610][ T6372] tipc: Resetting bearer <eth:syzkaller0>
[   70.944232][ T6371] tipc: Resetting bearer <eth:syzkaller0>
[   70.951977][ T6371] tipc: Disabling bearer <eth:syzkaller0>
[   71.035041][   T79] Bluetooth: Error in BCSP hdr checksum
[   71.036686][ T6376] netlink: 8 bytes leftover after parsing attributes in process `syz.0.78'.
[   71.168415][ T6378] tipc: Cannot configure node identity twice
[   72.136178][ T6395] netlink: 'syz.0.84': attribute type 1 has an invalid length.
[   72.563750][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   72.564159][ T5989] Bluetooth: hci4: command 0x1003 tx timeout
[   72.638043][ T6403] fuse: Unknown parameter '000000000000000000000x0000000000000004'
[   72.754718][ T6406] netlink: 12 bytes leftover after parsing attributes in process `syz.1.87'.
[   72.837813][ T6409] tipc: Started in network mode
[   72.839473][ T6409] tipc: Node identity c, cluster identity 4711
[   72.841533][ T6409] tipc: Node number set to 12
[   73.471284][ T6426] netlink: 'syz.0.93': attribute type 4 has an invalid length.
[   73.537886][ T6428] netlink: 'syz.3.94': attribute type 4 has an invalid length.
[   74.252151][   T60] Bluetooth: Error in BCSP hdr checksum
[   74.502265][ T6446] syz.3.98 uses obsolete (PF_INET,SOCK_PACKET)
[   74.511668][ T6446] loop4: detected capacity change from 0 to 524255232
[   74.724706][ T6446] loop4: detected capacity change from 524255232 to 524287956
[   75.151526][ T6457] netlink: 92 bytes leftover after parsing attributes in process `syz.3.101'.
[   75.157096][ T6457] netlink: 20 bytes leftover after parsing attributes in process `syz.3.101'.
[   75.933749][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   76.031249][ T6473] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[   76.033677][ T6473] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[   76.043035][ T6473] vhci_hcd vhci_hcd.0: Device attached
[   76.228094][ T6483] Bluetooth: MGMT ver 1.23
[   76.315254][ T6476] vhci_hcd: connection closed
[   76.316265][   T79] vhci_hcd: stop threads
[   76.319316][   T79] vhci_hcd: release socket
[   76.369623][   T79] vhci_hcd: disconnect device
[   76.493740][ T6062] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   76.656994][ T6062] usb 7-1: config 1 has an invalid interface number: 7 but max is 0
[   76.659691][ T6062] usb 7-1: config 1 has no interface number 0
[   76.661926][ T6062] usb 7-1: config 1 interface 7 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 16
[   76.667018][ T6062] usb 7-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   76.673355][ T6062] usb 7-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[   76.677869][ T6062] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.680814][ T6062] usb 7-1: Product: syz
[   76.682657][ T6062] usb 7-1: Manufacturer: syz
[   76.684861][ T6062] usb 7-1: SerialNumber: syz
[   76.697027][ T6483] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   76.699592][ T6483] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   76.704170][ T6062] usb 7-1: Expected 3 endpoints, found: 2
[   78.543946][   T60] Bluetooth: Error in BCSP hdr checksum
[   78.806927][   T79] Bluetooth: Error in BCSP hdr checksum
[   79.219045][ T6519] netlink: 'syz.3.120': attribute type 4 has an invalid length.
[   79.383760][ T6062] usb 7-1: USB disconnect, device number 2
[   79.469867][ T6523] netlink: 108 bytes leftover after parsing attributes in process `syz.2.121'.
[   79.482056][ T6523] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   79.485228][ T6523] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   79.895243][ T6527] binder: 6524:6527 ioctl c0306201 0 returned -14
[   80.324578][ T5989] Bluetooth: hci4: command 0x1003 tx timeout
[   80.326274][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   81.397218][ T6597] netlink: 'syz.1.131': attribute type 4 has an invalid length.
[   81.544119][ T6598] netlink: 48 bytes leftover after parsing attributes in process `syz.3.130'.
[   81.548021][ T6598] netlink: 48 bytes leftover after parsing attributes in process `syz.3.130'.
[   82.021638][   T53] cfg80211: failed to load regulatory.db
[   82.532319][ T6624] netdevsim netdevsim1 : renamed from netdevsim0 (while UP)
[   82.589685][ T6630] netlink: 'syz.1.139': attribute type 4 has an invalid length.
[   82.590322][ T6626] binder: 6611:6626 ioctl c0306201 0 returned -14
[   83.051526][ T6634] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   83.054414][ T6634] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   83.060663][ T6634] netlink: 4 bytes leftover after parsing attributes in process `syz.0.140'.
[   83.219494][ T6638] netlink: 'syz.0.142': attribute type 4 has an invalid length.
[   83.238046][ T6640] netlink: 292 bytes leftover after parsing attributes in process `syz.2.143'.
[   83.241789][ T6640] netlink: 292 bytes leftover after parsing attributes in process `syz.2.143'.
[   83.346841][ T6640] netlink: 292 bytes leftover after parsing attributes in process `syz.2.143'.
[   83.350524][ T6640] netlink: 292 bytes leftover after parsing attributes in process `syz.2.143'.
[   83.411003][ T6640] netlink: 292 bytes leftover after parsing attributes in process `syz.2.143'.
[   83.414110][ T6640] netlink: 292 bytes leftover after parsing attributes in process `syz.2.143'.
[   84.044499][ T6661] kvm: apic: phys broadcast and lowest prio
[   84.046271][ T6661] netlink: 12 bytes leftover after parsing attributes in process `syz.0.149'.
[   84.061793][ T6661] fuse: Bad value for 'group_id'
[   84.063418][ T6661] fuse: Bad value for 'group_id'
[   84.489483][ T6675] futex_wake_op: syz.1.152 tries to shift op by 32; fix this program
[   84.739334][ T6680] binder: 6676:6680 ioctl c0306201 0 returned -14
[   85.366414][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   85.516431][   T24] usb 6-1: Using ep0 maxpacket: 8
[   85.520746][   T24] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   85.533704][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   85.537870][   T24] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   85.541935][   T24] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   85.548672][   T24] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   85.552373][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.770514][   T24] usb 6-1: GET_CAPABILITIES returned 0
[   85.772489][   T24] usbtmc 6-1:16.0: can't read capabilities
[   85.889384][ T6701] capability: warning: `syz.3.161' uses deprecated v2 capabilities in a way that may be insecure
[   86.039084][ T6703] process 'syz.3.162' launched './file0' with NULL argv: empty string added
[   86.044446][    C1] usbtmc 6-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[   86.047665][ T6689] usbtmc 6-1:16.0: Unable to send data, error -71
[   86.473995][ T6723] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   86.872239][ T6734] binder: 6725:6734 ioctl c0306201 0 returned -14
[   87.336549][ T6738] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (3800 ns). Using initial count to start timer.
[   87.356481][ T6738] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   87.665067][ T6756] __nla_validate_parse: 1 callbacks suppressed
[   87.665135][ T6756] netlink: 28 bytes leftover after parsing attributes in process `syz.3.176'.
[   87.671667][ T6756] netlink: 28 bytes leftover after parsing attributes in process `syz.3.176'.
[   87.675736][ T6756] netlink: 'syz.3.176': attribute type 6 has an invalid length.
[   88.310400][ T6223] usb 6-1: USB disconnect, device number 2
[   88.562015][ T6773] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   88.844828][ T6781] netlink: 'syz.2.185': attribute type 4 has an invalid length.
[   88.975037][ T6784] binder: 6774:6784 ioctl c0306201 0 returned -14
[   89.325888][ T6789] netlink: 'syz.2.186': attribute type 4 has an invalid length.
[   90.367562][ T6798] bridge0: entered promiscuous mode
[   90.369383][ T6798] macvlan2: entered promiscuous mode
[   90.438638][ T6805] netlink: 'syz.3.191': attribute type 10 has an invalid length.
[   90.449170][ T6805] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.454023][ T6805] team0: Port device bond0 added
[   90.456779][ T6805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.191'.
[   91.487073][ T6822] warning: `syz.0.197' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   91.493573][ T6822] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   92.462801][ T6837] netlink: 48 bytes leftover after parsing attributes in process `syz.0.202'.
[   92.625682][   T40] audit: type=1326 audit(1756745175.726:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.641162][   T40] audit: type=1326 audit(1756745175.726:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=308 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.663542][   T40] audit: type=1326 audit(1756745175.726:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.687505][   T40] audit: type=1326 audit(1756745175.726:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.840981][   T40] audit: type=1326 audit(1756745175.726:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.849900][   T40] audit: type=1326 audit(1756745175.726:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.865197][   T40] audit: type=1326 audit(1756745175.726:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.874352][   T40] audit: type=1326 audit(1756745175.726:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.883118][   T40] audit: type=1326 audit(1756745175.726:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   92.892093][   T40] audit: type=1326 audit(1756745175.726:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6839 comm="syz.2.200" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f43579 code=0x7ffc0000
[   93.494116][ T6861] netlink: 20 bytes leftover after parsing attributes in process `syz.1.208'.
[   93.604438][ T5989] Bluetooth: hci3: command 0x0405 tx timeout
[   93.963687][   T34] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   94.114967][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.118416][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   94.121661][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.126520][   T34] usb 5-1: config 0 descriptor??
[   95.264265][ T1152] Bluetooth: Error in BCSP hdr checksum
[   95.363801][   T12] wlan1: Trigger new scan to find an IBSS to join
[   96.393386][ T6910] netlink: 'syz.2.223': attribute type 4 has an invalid length.
[   96.706250][   T34] usbhid 5-1:0.0: can't add hid device: -71
[   96.709758][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   96.716683][   T34] usb 5-1: USB disconnect, device number 6
[   97.044421][ T5989] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   98.050628][ T6929] kvm: apic: phys broadcast and lowest prio
[   98.404627][ T1150] wlan1: Trigger new scan to find an IBSS to join
[   98.410145][ T6939] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   98.738755][ T6946] netlink: 92 bytes leftover after parsing attributes in process `syz.1.232'.
[   98.742486][ T6946] netlink: 20 bytes leftover after parsing attributes in process `syz.1.232'.
[   98.861356][ T6948] syz_tun: entered allmulticast mode
[   98.866559][ T6948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.233'.
[   98.876281][ T6948] syz_tun (unregistering): left allmulticast mode
[   99.049767][ T6951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.234'.
[   99.055587][ T6951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.234'.
[   99.060123][ T6951] netlink: 104 bytes leftover after parsing attributes in process `syz.0.234'.
[   99.064097][ T6951] netlink: 104 bytes leftover after parsing attributes in process `syz.0.234'.
[   99.336926][ T1150] wlan1: Creating new IBSS network, BSSID 1e:38:d3:11:d3:ff
[   99.594751][ T1150] Bluetooth: Error in BCSP hdr checksum
[   99.752815][ T6961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.236'.
[   99.889520][   T46] Bluetooth: Error in BCSP hdr checksum
[  101.364006][ T5989] Bluetooth: hci4: command 0x1003 tx timeout
[  101.373850][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  101.846533][ T6981] kvm: apic: phys broadcast and lowest prio
[  102.002361][ T6989] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  102.025145][ T6992] sch_tbf: burst 1821 is lower than device lo mtu (65550) !
[  102.045220][ T6992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.245'.
[  102.054758][ T6992] netlink: 12 bytes leftover after parsing attributes in process `syz.3.245'.
[  102.305189][ T7001] tipc: Cannot configure node identity twice
[  103.397154][ T7023] FAULT_INJECTION: forcing a failure.
[  103.397154][ T7023] name failslab, interval 1, probability 0, space 0, times 0
[  103.409467][ T7023] CPU: 0 UID: 0 PID: 7023 Comm: syz.2.253 Not tainted syzkaller #0 PREEMPT(full) 
[  103.409483][ T7023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.409490][ T7023] Call Trace:
[  103.409508][ T7023]  <TASK>
[  103.409514][ T7023]  dump_stack_lvl+0x16c/0x1f0
[  103.409533][ T7023]  should_fail_ex+0x512/0x640
[  103.409548][ T7023]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  103.409561][ T7023]  should_failslab+0xc2/0x120
[  103.409574][ T7023]  __kmalloc_cache_noprof+0x6a/0x3e0
[  103.409585][ T7023]  ? vhost_iotlb_alloc+0x47/0x1d0
[  103.409597][ T7023]  vhost_iotlb_alloc+0x47/0x1d0
[  103.409608][ T7023]  vhost_net_ioctl+0x7a4/0x1840
[  103.409622][ T7023]  ? do_vfs_ioctl+0x128/0x14f0
[  103.409638][ T7023]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  103.409653][ T7023]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  103.409672][ T7023]  ? hook_file_ioctl_common+0x145/0x410
[  103.409689][ T7023]  ? __fget_files+0x20e/0x3c0
[  103.409701][ T7023]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  103.409715][ T7023]  compat_ptr_ioctl+0x6b/0xa0
[  103.409729][ T7023]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  103.409744][ T7023]  __ia32_compat_sys_ioctl+0x23f/0x370
[  103.409762][ T7023]  __do_fast_syscall_32+0x7c/0x3a0
[  103.409777][ T7023]  do_fast_syscall_32+0x32/0x80
[  103.409791][ T7023]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  103.409804][ T7023] RIP: 0023:0xf7f43579
[  103.409812][ T7023] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  103.409822][ T7023] RSP: 002b:00000000f543555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  103.409831][ T7023] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000af02
[  103.409838][ T7023] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  103.409843][ T7023] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  103.409849][ T7023] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  103.409854][ T7023] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  103.409866][ T7023]  </TASK>
[  103.620120][ T7026] kvm: apic: phys broadcast and lowest prio
[  104.735485][ T6117] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  104.885155][ T6117] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  104.888993][ T6117] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  104.892139][ T6117] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  104.903744][ T6117] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.910442][ T7045] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  104.916325][ T6117] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  104.995014][ T7050] __nla_validate_parse: 2 callbacks suppressed
[  104.995024][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'.
[  105.008679][ T7050] netlink: 'syz.3.261': attribute type 2 has an invalid length.
[  105.013760][ T7050] netlink: 1184 bytes leftover after parsing attributes in process `syz.3.261'.
[  105.228158][ T7043] overlay: Unknown parameter 'smackfshat'
[  105.520366][ T6117] IPVS: starting estimator thread 0...
[  105.531899][ T7070] IPVS: ip_vs_edit_dest(): server weight less than zero
[  105.603757][ T7071] IPVS: using max 46 ests per chain, 110400 per kthread
[  106.459527][ T7085] netlink: 'syz.0.271': attribute type 4 has an invalid length.
[  106.613770][ T6060] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  106.765089][ T6060] usb 6-1: Using ep0 maxpacket: 8
[  106.769266][ T6060] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  106.774148][ T6060] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  106.777657][ T6060] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  106.780801][ T6060] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  106.789643][ T6060] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  106.792951][ T6060] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.068153][ T6060] usb 6-1: GET_CAPABILITIES returned 0
[  107.071652][ T6060] usbtmc 6-1:16.0: can't read capabilities
[  107.213813][ T5846] usb 7-1: USB disconnect, device number 3
[  107.386306][ T7102] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  107.388727][ T7102] IPv6: NLM_F_CREATE should be set when creating new route
[  107.391707][ T7102] IPv6: NLM_F_CREATE should be set when creating new route
[  107.394427][ T7102] IPv6: NLM_F_CREATE should be set when creating new route
[  107.398583][ T7102] netlink: 'syz.3.275': attribute type 4 has an invalid length.
[  107.401718][ T7102] netlink: 152 bytes leftover after parsing attributes in process `syz.3.275'.
[  107.408740][ T7102] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  107.414138][ T7103] netlink: 92 bytes leftover after parsing attributes in process `syz.2.276'.
[  107.418458][ T7103] netlink: 20 bytes leftover after parsing attributes in process `syz.2.276'.
[  107.471666][   T10] usb 6-1: USB disconnect, device number 3
[  108.178651][ T7114] binder: 7107:7114 ioctl c0306201 0 returned -14
[  108.237988][ T7118] netlink: 'syz.1.280': attribute type 2 has an invalid length.
[  109.425487][ T1150] Bluetooth: Error in BCSP hdr checksum
[  109.593779][ T6223] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  109.683930][   T60] Bluetooth: Error in BCSP hdr checksum
[  109.743710][ T6223] usb 6-1: Using ep0 maxpacket: 8
[  109.747947][ T6223] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  109.753574][ T6223] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  109.757836][ T6223] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  109.760957][ T6223] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.765064][ T6223] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  109.767892][ T6223] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.976546][ T6223] usb 6-1: GET_CAPABILITIES returned 0
[  109.979117][ T6223] usbtmc 6-1:16.0: can't read capabilities
[  110.225300][ T6223] usb 6-1: USB disconnect, device number 4
[  110.451442][ T7143] bridge1: the hash_elasticity option has been deprecated and is always 16
[  110.455142][ T7143] bridge1: entered allmulticast mode
[  111.194927][ T7151] binder: 7148:7151 ioctl c0306201 0 returned -14
[  111.204335][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  111.712313][ T7172] FAT-fs (nullb0): bogus number of reserved sectors
[  111.714656][ T7172] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  111.785314][ T7175] netlink: 92 bytes leftover after parsing attributes in process `syz.3.296'.
[  111.789015][ T7175] netlink: 20 bytes leftover after parsing attributes in process `syz.3.296'.
[  111.793776][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  111.968251][   T10] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  111.972026][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.976548][   T10] usb 5-1: Product: syz
[  111.979290][   T10] usb 5-1: Manufacturer: syz
[  111.981286][   T10] usb 5-1: SerialNumber: syz
[  112.600222][   T10] rtl8150 5-1:1.0: couldn't reset the device
[  112.603239][   T10] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  112.617611][   T10] usb 5-1: USB disconnect, device number 7
[  112.628568][ T7189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.301'.
[  113.126866][ T7197] /dev/sr0: Can't open blockdev
[  113.286556][ T5846] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  113.413843][ T5846] usb 6-1: device descriptor read/64, error -71
[  113.653773][ T5846] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  113.785633][ T5846] usb 6-1: device descriptor read/64, error -71
[  113.894069][ T5846] usb usb6-port1: attempt power cycle
[  114.233701][ T5846] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  114.254479][ T5846] usb 6-1: device descriptor read/8, error -71
[  114.492111][ T7210] netlink: 'syz.2.308': attribute type 4 has an invalid length.
[  114.493715][ T5846] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  114.526076][ T5846] usb 6-1: device descriptor read/8, error -71
[  114.635808][ T5846] usb usb6-port1: unable to enumerate USB device
[  115.395573][ T7231] netlink: 40 bytes leftover after parsing attributes in process `syz.3.315'.
[  115.473772][   T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  115.520926][ T7233] evm: overlay not supported
[  115.703715][   T10] usb 7-1: Using ep0 maxpacket: 8
[  115.707365][   T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  115.710587][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  115.713377][ T7233] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  115.714069][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  115.717415][ T7233] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  115.719996][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  115.727726][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  115.730430][ T7233] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  115.733259][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  115.738925][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.744703][ T7233] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  115.746665][ T7233] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  115.751813][ T7233] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  115.756981][ T7233] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  115.758928][ T7233] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  115.762722][ T7233] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  115.766638][ T7233] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  115.768563][ T7233] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  115.771657][ T7233] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  115.883122][ T7238] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  115.885509][ T7238] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  115.890812][ T7238] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  115.893336][ T7238] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  115.899177][ T7238] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  115.901089][ T7238] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  115.904588][ T7238] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  115.906653][ T7238] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  116.035658][   T10] usb 7-1: GET_CAPABILITIES returned 0
[  116.118293][   T10] usbtmc 7-1:16.0: can't read capabilities
[  116.214747][   T34] usb 7-1: USB disconnect, device number 4
[  116.594676][ T7259] binder: 7247:7259 ioctl c0306201 0 returned -14
[  116.959647][ T7264] FAULT_INJECTION: forcing a failure.
[  116.959647][ T7264] name failslab, interval 1, probability 0, space 0, times 0
[  116.974051][ T7264] CPU: 3 UID: 0 PID: 7264 Comm: syz.1.325 Not tainted syzkaller #0 PREEMPT(full) 
[  116.974068][ T7264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.974074][ T7264] Call Trace:
[  116.974078][ T7264]  <TASK>
[  116.974082][ T7264]  dump_stack_lvl+0x16c/0x1f0
[  116.974099][ T7264]  should_fail_ex+0x512/0x640
[  116.974114][ T7264]  ? fs_reclaim_acquire+0xae/0x150
[  116.974130][ T7264]  should_failslab+0xc2/0x120
[  116.974144][ T7264]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  116.974159][ T7264]  ? security_inode_alloc+0x3b/0x2b0
[  116.974173][ T7264]  security_inode_alloc+0x3b/0x2b0
[  116.974185][ T7264]  inode_init_always_gfp+0xce4/0x1030
[  116.974199][ T7264]  alloc_inode+0x86/0x240
[  116.974214][ T7264]  sock_alloc+0x40/0x280
[  116.974230][ T7264]  __sock_create+0xc1/0x8d0
[  116.974242][ T7264]  l2tp_tunnel_sock_create+0x4a0/0xaa0
[  116.974257][ T7264]  ? __pfx_l2tp_tunnel_sock_create+0x10/0x10
[  116.974269][ T7264]  ? node_tag_clear+0x105/0x290
[  116.974288][ T7264]  ? __local_bh_enable_ip+0xa4/0x120
[  116.974303][ T7264]  l2tp_tunnel_register+0x49a/0xbe0
[  116.974319][ T7264]  ? __pfx___debug_object_init+0x10/0x10
[  116.974330][ T7264]  ? sprintf+0xcc/0x100
[  116.974342][ T7264]  ? __pfx_l2tp_tunnel_register+0x10/0x10
[  116.974360][ T7264]  ? lockdep_init_map_type+0x5c/0x280
[  116.974375][ T7264]  ? lockdep_init_map_type+0x5c/0x280
[  116.974388][ T7264]  ? l2tp_tunnel_create+0x2cf/0x460
[  116.974400][ T7264]  ? l2tp_tunnel_create+0x37d/0x460
[  116.974414][ T7264]  l2tp_nl_cmd_tunnel_create+0x44e/0x990
[  116.974428][ T7264]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  116.974444][ T7264]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  116.974461][ T7264]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  116.974480][ T7264]  genl_family_rcv_msg_doit+0x209/0x2f0
[  116.974496][ T7264]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  116.974516][ T7264]  ? bpf_lsm_capable+0x9/0x10
[  116.974526][ T7264]  ? security_capable+0x7e/0x260
[  116.974537][ T7264]  ? ns_capable+0xd7/0x110
[  116.974548][ T7264]  genl_rcv_msg+0x55c/0x800
[  116.974559][ T7264]  ? __pfx_genl_rcv_msg+0x10/0x10
[  116.974575][ T7264]  ? __pfx_l2tp_nl_cmd_tunnel_create+0x10/0x10
[  116.974591][ T7264]  netlink_rcv_skb+0x158/0x420
[  116.974605][ T7264]  ? __pfx_genl_rcv_msg+0x10/0x10
[  116.974621][ T7264]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  116.974640][ T7264]  ? netlink_deliver_tap+0x1ae/0xd30
[  116.974655][ T7264]  genl_rcv+0x28/0x40
[  116.974669][ T7264]  netlink_unicast+0x5a7/0x870
[  116.974685][ T7264]  ? __pfx_netlink_unicast+0x10/0x10
[  116.974698][ T7264]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  116.974716][ T7264]  netlink_sendmsg+0x8d1/0xdd0
[  116.974732][ T7264]  ? __pfx_netlink_sendmsg+0x10/0x10
[  116.974751][ T7264]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  116.974765][ T7264]  ____sys_sendmsg+0xa98/0xc70
[  116.974776][ T7264]  ? __pfx_____sys_sendmsg+0x10/0x10
[  116.974785][ T7264]  ? get_compat_msghdr+0x11a/0x170
[  116.974804][ T7264]  ___sys_sendmsg+0x134/0x1d0
[  116.974819][ T7264]  ? __pfx____sys_sendmsg+0x10/0x10
[  116.974838][ T7264]  ? find_held_lock+0x2b/0x80
[  116.974860][ T7264]  __sys_sendmsg+0x16d/0x220
[  116.974873][ T7264]  ? __pfx___sys_sendmsg+0x10/0x10
[  116.974892][ T7264]  ? rcu_is_watching+0x12/0xc0
[  116.974904][ T7264]  __do_fast_syscall_32+0x7c/0x3a0
[  116.974919][ T7264]  do_fast_syscall_32+0x32/0x80
[  116.974933][ T7264]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  116.974946][ T7264] RIP: 0023:0xf7f54579
[  116.974954][ T7264] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  116.974964][ T7264] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  116.974974][ T7264] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  116.974980][ T7264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  116.974985][ T7264] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  116.974991][ T7264] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  116.974997][ T7264] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  116.975009][ T7264]  </TASK>
[  116.975027][ T7264] socket: no more sockets
[  117.293971][ T6117] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  117.449208][ T6117] usb 7-1: not running at top speed; connect to a high speed hub
[  117.457938][ T6117] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  117.474030][ T6117] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  117.476951][ T6117] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.479525][ T6117] usb 7-1: Product: syz
[  117.480892][ T6117] usb 7-1: Manufacturer: syz
[  117.482440][ T6117] usb 7-1: SerialNumber: syz
[  117.593962][ T1137] Bluetooth: Error in BCSP hdr checksum
[  117.705095][ T6117] cdc_ncm 7-1:1.0: bind() failure
[  117.709556][ T6117] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  117.711890][ T6117] cdc_ncm 7-1:1.1: bind() failure
[  117.717281][ T6117] usb 7-1: USB disconnect, device number 5
[  117.779323][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.327'.
[  117.782982][ T7273] netlink: 'syz.0.327': attribute type 1 has an invalid length.
[  117.796014][ T7273] 8021q: adding VLAN 0 to HW filter on device bond2
[  117.798737][   T40] kauditd_printk_skb: 24 callbacks suppressed
[  117.798746][   T40] audit: type=1326 audit(1756745200.896:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.808017][   T40] audit: type=1326 audit(1756745200.896:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.816858][   T40] audit: type=1326 audit(1756745200.896:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.823788][   T40] audit: type=1326 audit(1756745200.896:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=75 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.830245][   T40] audit: type=1326 audit(1756745200.896:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.837699][   T40] audit: type=1326 audit(1756745200.896:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.844916][   T40] audit: type=1326 audit(1756745200.896:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.851478][   T40] audit: type=1326 audit(1756745200.896:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.859900][   T40] audit: type=1326 audit(1756745200.896:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=396 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.867344][   T40] audit: type=1326 audit(1756745200.896:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7278 comm="syz.3.329" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f57579 code=0x7ffc0000
[  117.867551][   T12] Bluetooth: Error in BCSP hdr checksum
[  118.509941][ T7296] netlink: 'syz.3.333': attribute type 1 has an invalid length.
[  119.363727][ T5989] Bluetooth: hci4: command 0x1003 tx timeout
[  119.363743][ T5979] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  119.673705][ T6062] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  119.675301][ T7315] netlink: 20 bytes leftover after parsing attributes in process `syz.3.339'.
[  119.844523][ T6062] usb 6-1: Using ep0 maxpacket: 8
[  119.853444][ T6062] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  119.856912][ T6062] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  119.860579][ T6062] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  119.864423][ T6062] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  119.868198][ T6062] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  119.872436][ T6062] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  119.875239][ T6062] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.043664][ T6117] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  120.084954][ T6062] usb 6-1: usb_control_msg returned -32
[  120.086852][ T6062] usbtmc 6-1:16.0: can't read capabilities
[  120.183344][ T6062] usb 6-1: USB disconnect, device number 9
[  120.196697][ T6117] usb 5-1: Using ep0 maxpacket: 8
[  120.214375][ T6117] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  120.228947][ T6117] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  120.248395][ T6117] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  120.271123][ T6117] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  120.343804][ T6117] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  120.347968][ T6117] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  120.350979][ T6117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.562991][ T6117] usb 5-1: usb_control_msg returned -32
[  120.564956][ T6117] usbtmc 5-1:16.0: can't read capabilities
[  120.617529][ T7325] FAULT_INJECTION: forcing a failure.
[  120.617529][ T7325] name failslab, interval 1, probability 0, space 0, times 0
[  120.621379][ T7325] CPU: 2 UID: 0 PID: 7325 Comm: syz.0.340 Not tainted syzkaller #0 PREEMPT(full) 
[  120.621393][ T7325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  120.621399][ T7325] Call Trace:
[  120.621403][ T7325]  <TASK>
[  120.621407][ T7325]  dump_stack_lvl+0x16c/0x1f0
[  120.621424][ T7325]  should_fail_ex+0x512/0x640
[  120.621439][ T7325]  ? fs_reclaim_acquire+0xae/0x150
[  120.621455][ T7325]  ? tomoyo_encode2+0x100/0x3e0
[  120.621468][ T7325]  should_failslab+0xc2/0x120
[  120.621482][ T7325]  __kmalloc_noprof+0xd2/0x510
[  120.621494][ T7325]  ? d_absolute_path+0x136/0x1a0
[  120.621510][ T7325]  tomoyo_encode2+0x100/0x3e0
[  120.621526][ T7325]  tomoyo_encode+0x29/0x50
[  120.621539][ T7325]  tomoyo_realpath_from_path+0x18f/0x6e0
[  120.621557][ T7325]  tomoyo_path_number_perm+0x245/0x580
[  120.621568][ T7325]  ? tomoyo_path_number_perm+0x237/0x580
[  120.621582][ T7325]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  120.621608][ T7325]  ? find_held_lock+0x2b/0x80
[  120.621618][ T7325]  ? hook_file_ioctl_common+0x145/0x410
[  120.621635][ T7325]  ? __fget_files+0x20e/0x3c0
[  120.621648][ T7325]  security_file_ioctl_compat+0x9b/0x240
[  120.621662][ T7325]  __ia32_compat_sys_ioctl+0xc3/0x370
[  120.621680][ T7325]  __do_fast_syscall_32+0x7c/0x3a0
[  120.621695][ T7325]  do_fast_syscall_32+0x32/0x80
[  120.621709][ T7325]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  120.621722][ T7325] RIP: 0023:0xf7fc3579
[  120.621729][ T7325] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  120.621743][ T7325] RSP: 002b:00000000f54b555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  120.621753][ T7325] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000541a
[  120.621759][ T7325] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  120.621764][ T7325] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  120.621770][ T7325] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  120.621776][ T7325] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  120.621788][ T7325]  </TASK>
[  120.621798][ T7325] ERROR: Out of memory at tomoyo_realpath_from_path.
[  120.677581][ T6117] usb 5-1: USB disconnect, device number 8
[  120.972120][ T7331] delete_channel: no stack
[  122.143707][   T34] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  122.293652][   T34] usb 7-1: Using ep0 maxpacket: 8
[  122.296614][   T34] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  122.300372][   T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  122.303908][   T34] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  122.307133][   T34] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  122.311354][   T34] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  122.314345][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.525640][   T34] usb 7-1: GET_CAPABILITIES returned 0
[  122.528100][   T34] usbtmc 7-1:16.0: can't read capabilities
[  122.711697][ T7346] syz.1.347 (7346): attempted to duplicate a private mapping with mremap.  This is not supported.
[  122.784099][ T7348] block device autoloading is deprecated and will be removed.
[  122.860787][   T34] usb 7-1: USB disconnect, device number 6
[  122.960199][ T7352] FAULT_INJECTION: forcing a failure.
[  122.960199][ T7352] name failslab, interval 1, probability 0, space 0, times 0
[  122.966852][ T7352] CPU: 3 UID: 0 PID: 7352 Comm: syz.3.350 Not tainted syzkaller #0 PREEMPT(full) 
[  122.966875][ T7352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  122.966885][ T7352] Call Trace:
[  122.966890][ T7352]  <TASK>
[  122.966897][ T7352]  dump_stack_lvl+0x16c/0x1f0
[  122.966924][ T7352]  should_fail_ex+0x512/0x640
[  122.966946][ T7352]  ? fs_reclaim_acquire+0xae/0x150
[  122.966971][ T7352]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  122.966996][ T7352]  should_failslab+0xc2/0x120
[  122.967016][ T7352]  __kmalloc_noprof+0xd2/0x510
[  122.967042][ T7352]  tomoyo_realpath_from_path+0xc2/0x6e0
[  122.967068][ T7352]  ? tomoyo_profile+0x47/0x60
[  122.967085][ T7352]  tomoyo_path_number_perm+0x245/0x580
[  122.967105][ T7352]  ? tomoyo_path_number_perm+0x237/0x580
[  122.967127][ T7352]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  122.967171][ T7352]  ? find_held_lock+0x2b/0x80
[  122.967189][ T7352]  ? hook_file_ioctl_common+0x145/0x410
[  122.967218][ T7352]  ? __fget_files+0x20e/0x3c0
[  122.967241][ T7352]  security_file_ioctl_compat+0x9b/0x240
[  122.967265][ T7352]  __ia32_compat_sys_ioctl+0xc3/0x370
[  122.967295][ T7352]  __do_fast_syscall_32+0x7c/0x3a0
[  122.967321][ T7352]  do_fast_syscall_32+0x32/0x80
[  122.967344][ T7352]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  122.967365][ T7352] RIP: 0023:0xf7f57579
[  122.967379][ T7352] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  122.967393][ T7352] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  122.967411][ T7352] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[  122.967421][ T7352] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  122.967428][ T7352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  122.967436][ T7352] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  122.967447][ T7352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  122.967468][ T7352]  </TASK>
[  122.967475][ T7352] ERROR: Out of memory at tomoyo_realpath_from_path.
[  123.174026][ T6042] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  123.323749][ T6042] usb 5-1: Using ep0 maxpacket: 8
[  123.327948][ T6042] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  123.331280][ T6042] usb 5-1: config 0 has no interface number 0
[  123.333953][ T6042] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  123.337285][ T6042] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  123.340833][ T6042] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  123.344997][ T6042] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  123.350314][ T6042] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  123.354144][ T6042] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.359281][ T6042] usb 5-1: config 0 descriptor??
[  123.364995][ T6042] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  123.705267][ T7361] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  124.858528][    T9] usb 5-1: USB disconnect, device number 9
[  124.865179][    T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  124.875445][ T7369] random: crng reseeded on system resumption
[  125.551760][ T7371] syzkaller1: entered promiscuous mode
[  125.554287][ T7371] syzkaller1: entered allmulticast mode
[  125.895984][ T7390] trusted_key: syz.0.359 sent an empty control message without MSG_MORE.
[  126.186719][   T40] kauditd_printk_skb: 22 callbacks suppressed
[  126.186730][   T40] audit: type=1326 audit(1756745209.286:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.195222][   T40] audit: type=1326 audit(1756745209.286:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.201554][   T40] audit: type=1326 audit(1756745209.296:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=120 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.208073][ T6117] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  126.217223][   T40] audit: type=1326 audit(1756745209.316:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.223543][   T40] audit: type=1326 audit(1756745209.316:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.230178][   T40] audit: type=1326 audit(1756745209.316:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7398 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.236885][   T40] audit: type=1326 audit(1756745209.316:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=284 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.292286][   T40] audit: type=1804 audit(1756745209.386:76): pid=7399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.362" name="/newroot/98/bus/file1" dev="overlay" ino=538 res=1 errno=0
[  126.363634][ T6117] usb 5-1: Using ep0 maxpacket: 8
[  126.366535][ T6117] usb 5-1: config 0 interface 0 has no altsetting 0
[  126.368630][ T6117] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  126.371655][ T6117] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.375602][   T40] audit: type=1326 audit(1756745209.476:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7398 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=1 compat=1 ip=0xf7f54579 code=0x7ffc0000
[  126.385766][ T6117] usb 5-1: config 0 descriptor??
[  126.414336][   T40] audit: type=1326 audit(1756745209.506:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7395 comm="syz.1.362" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f54598 code=0x7ffc0000
[  126.844482][ T6117] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  127.119031][ T7407] 9pnet_fd: Insufficient options for proto=fd
[  127.205856][ T7407] netlink: 256 bytes leftover after parsing attributes in process `syz.3.365'.
[  128.014553][ T7427] FAULT_INJECTION: forcing a failure.
[  128.014553][ T7427] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  128.019123][ T7427] CPU: 0 UID: 0 PID: 7427 Comm: syz.2.370 Not tainted syzkaller #0 PREEMPT(full) 
[  128.019154][ T7427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.019161][ T7427] Call Trace:
[  128.019166][ T7427]  <TASK>
[  128.019171][ T7427]  dump_stack_lvl+0x16c/0x1f0
[  128.019188][ T7427]  should_fail_ex+0x512/0x640
[  128.019205][ T7427]  _copy_from_user+0x2e/0xd0
[  128.019221][ T7427]  input_event_from_user+0x137/0x290
[  128.019234][ T7427]  ? __pfx_input_event_from_user+0x10/0x10
[  128.019245][ T7427]  ? input_inject_event+0x1c0/0x3b0
[  128.019258][ T7427]  evdev_write+0x26b/0x440
[  128.019270][ T7427]  ? __pfx_evdev_write+0x10/0x10
[  128.019279][ T7427]  ? common_file_perm+0x1a9/0x340
[  128.019292][ T7427]  ? bpf_lsm_file_permission+0x9/0x10
[  128.019307][ T7427]  ? security_file_permission+0x71/0x210
[  128.019322][ T7427]  ? rw_verify_area+0xcf/0x6c0
[  128.019333][ T7427]  ? __pfx_evdev_write+0x10/0x10
[  128.019342][ T7427]  vfs_write+0x29d/0x11d0
[  128.019357][ T7427]  ? __pfx_vfs_write+0x10/0x10
[  128.019367][ T7427]  ? find_held_lock+0x2b/0x80
[  128.019378][ T7427]  ? __fget_files+0x204/0x3c0
[  128.019392][ T7427]  ? __fget_files+0x20e/0x3c0
[  128.019401][ T7427]  ? handle_mm_fault+0x1d0/0xd10
[  128.019415][ T7427]  ksys_write+0x1f8/0x250
[  128.019426][ T7427]  ? __pfx_ksys_write+0x10/0x10
[  128.019439][ T7427]  ? rcu_is_watching+0x12/0xc0
[  128.019451][ T7427]  __do_fast_syscall_32+0x7c/0x3a0
[  128.019467][ T7427]  do_fast_syscall_32+0x32/0x80
[  128.019480][ T7427]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.019493][ T7427] RIP: 0023:0xf7f43579
[  128.019502][ T7427] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  128.019511][ T7427] RSP: 002b:00000000f543555c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  128.019521][ T7427] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  128.019528][ T7427] RDX: 0000000000000037 RSI: 0000000000000000 RDI: 0000000000000000
[  128.019533][ T7427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.019539][ T7427] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  128.019544][ T7427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  128.019556][ T7427]  </TASK>
[  128.252374][ T7434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.371'.
[  128.475209][ T7430] 
[  128.476310][ T7430] ======================================================
[  128.479266][ T7430] WARNING: possible circular locking dependency detected
[  128.482191][ T7430] syzkaller #0 Not tainted
[  128.485168][ T7430] ------------------------------------------------------
[  128.488250][ T7430] syz.2.371/7430 is trying to acquire lock:
[  128.490096][ T7430] ffffffff8e727908 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470
[  128.493193][ T7430] 
[  128.493193][ T7430] but task is already holding lock:
[  128.495843][ T7430] ffff888044491e18 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x899/0x1200
[  128.500137][ T7430] 
[  128.500137][ T7430] which lock already depends on the new lock.
[  128.500137][ T7430] 
[  128.503562][ T7430] 
[  128.503562][ T7430] the existing dependency chain (in reverse order) is:
[  128.506964][ T7430] 
[  128.506964][ T7430] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  128.510340][ T7430]        blk_alloc_queue+0x619/0x760
[  128.512363][ T7430]        blk_mq_alloc_queue+0x172/0x280
[  128.514229][ T7430]        __blk_mq_alloc_disk+0x29/0x120
[  128.516023][ T7430]        nbd_dev_add+0x492/0xbb0
[  128.517623][ T7430]        nbd_init+0x181/0x320
[  128.519095][ T7430]        do_one_initcall+0x120/0x6e0
[  128.520737][ T7430]        kernel_init_freeable+0x5c2/0x910
[  128.522578][ T7430]        kernel_init+0x1c/0x2b0
[  128.524183][ T7430]        ret_from_fork+0x5d7/0x6f0
[  128.526285][ T7430]        ret_from_fork_asm+0x1a/0x30
[  128.528527][ T7430] 
[  128.528527][ T7430] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  128.531626][ T7430]        fs_reclaim_acquire+0x102/0x150
[  128.533956][ T7430]        prepare_alloc_pages+0x162/0x610
[  128.536201][ T7430]        __alloc_frozen_pages_noprof+0x18b/0x23f0
[  128.538345][ T7430]        __alloc_pages_noprof+0xb/0x1b0
[  128.540255][ T7430]        pcpu_populate_chunk+0x110/0xb00
[  128.542616][ T7430]        pcpu_alloc_noprof+0x86a/0x1470
[  128.545071][ T7430]        iommu_dma_init_fq+0x202/0x8a0
[  128.547336][ T7430]        iommu_setup_dma_ops+0x1336/0x1700
[  128.549910][ T7430]        bus_iommu_probe+0x23e/0x530
[  128.552212][ T7430]        iommu_device_register+0x1af/0x280
[  128.554715][ T7430]        intel_iommu_init+0x25e7/0x3780
[  128.557140][ T7430]        pci_iommu_init+0x2e/0x90
[  128.559282][ T7430]        do_one_initcall+0x120/0x6e0
[  128.561510][ T7430]        kernel_init_freeable+0x5c2/0x910
[  128.563905][ T7430]        kernel_init+0x1c/0x2b0
[  128.565938][ T7430]        ret_from_fork+0x5d7/0x6f0
[  128.568085][ T7430]        ret_from_fork_asm+0x1a/0x30
[  128.570303][ T7430] 
[  128.570303][ T7430] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}:
[  128.573445][ T7430]        __lock_acquire+0x12a6/0x1ce0
[  128.575679][ T7430]        lock_acquire+0x179/0x350
[  128.577813][ T7430]        __mutex_lock+0x193/0x1060
[  128.579959][ T7430]        pcpu_alloc_noprof+0xb4c/0x1470
[  128.582318][ T7430]        sbitmap_init_node+0x2fd/0x770
[  128.584601][ T7430]        sbitmap_queue_init_node+0x40/0x4a0
[  128.587064][ T7430]        blk_mq_init_tags+0x12d/0x2b0
[  128.589314][ T7430]        blk_mq_alloc_map_and_rqs+0x237/0xf60
[  128.591958][ T7430]        __blk_mq_alloc_map_and_rqs+0x128/0x1f0
[  128.594595][ T7430]        __blk_mq_update_nr_hw_queues+0xcc1/0x1200
[  128.596736][ T7430]        blk_mq_update_nr_hw_queues+0x3b/0x60
[  128.598641][ T7430]        nbd_start_device+0x1b0/0xd70
[  128.600318][ T7430]        nbd_genl_connect+0x134b/0x1c60
[  128.602046][ T7430]        genl_family_rcv_msg_doit+0x209/0x2f0
[  128.603989][ T7430]        genl_rcv_msg+0x55c/0x800
[  128.606018][ T7430]        netlink_rcv_skb+0x158/0x420
[  128.608158][ T7430]        genl_rcv+0x28/0x40
[  128.610001][ T7430]        netlink_unicast+0x5a7/0x870
[  128.612097][ T7430]        netlink_sendmsg+0x8d1/0xdd0
[  128.614268][ T7430]        ____sys_sendmsg+0xa98/0xc70
[  128.616330][ T7430]        ___sys_sendmsg+0x134/0x1d0
[  128.618027][ T7430]        __sys_sendmsg+0x16d/0x220
[  128.619690][ T7430]        __do_fast_syscall_32+0x7c/0x3a0
[  128.621516][ T7430]        do_fast_syscall_32+0x32/0x80
[  128.623219][ T7430]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.625459][ T7430] 
[  128.625459][ T7430] other info that might help us debug this:
[  128.625459][ T7430] 
[  128.628753][ T7430] Chain exists of:
[  128.628753][ T7430]   pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#49
[  128.628753][ T7430] 
[  128.633048][ T7430]  Possible unsafe locking scenario:
[  128.633048][ T7430] 
[  128.635949][ T7430]        CPU0                    CPU1
[  128.638139][ T7430]        ----                    ----
[  128.639870][ T7430]   lock(&q->q_usage_counter(io)#49);
[  128.641602][ T7430]                                lock(fs_reclaim);
[  128.643665][ T7430]                                lock(&q->q_usage_counter(io)#49);
[  128.646378][ T7430]   lock(pcpu_alloc_mutex);
[  128.647954][ T7430] 
[  128.647954][ T7430]  *** DEADLOCK ***
[  128.647954][ T7430] 
[  128.650567][ T7430] 6 locks held by syz.2.371/7430:
[  128.652166][ T7430]  #0: ffffffff9042a350 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  128.655017][ T7430]  #1: ffffffff9042a408 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x577/0x800
[  128.658282][ T7430]  #2: ffff888026501188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x27/0x60
[  128.661805][ T7430]  #3: ffff8880265010d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x31/0x60
[  128.665232][ T7430]  #4: ffff888044491e18 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x899/0x1200
[  128.669049][ T7430]  #5: ffff888044491e50 (&q->q_usage_counter(queue)#33){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x899/0x1200
[  128.672857][ T7430] 
[  128.672857][ T7430] stack backtrace:
[  128.674998][ T7430] CPU: 3 UID: 0 PID: 7430 Comm: syz.2.371 Not tainted syzkaller #0 PREEMPT(full) 
[  128.675020][ T7430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  128.675031][ T7430] Call Trace:
[  128.675039][ T7430]  <TASK>
[  128.675046][ T7430]  dump_stack_lvl+0x116/0x1f0
[  128.675071][ T7430]  print_circular_bug+0x275/0x350
[  128.675095][ T7430]  check_noncircular+0x14c/0x170
[  128.675120][ T7430]  __lock_acquire+0x12a6/0x1ce0
[  128.675149][ T7430]  lock_acquire+0x179/0x350
[  128.675172][ T7430]  ? pcpu_alloc_noprof+0xb4c/0x1470
[  128.675193][ T7430]  ? __pfx___might_resched+0x10/0x10
[  128.675211][ T7430]  ? mark_held_locks+0x49/0x80
[  128.675235][ T7430]  ? pcpu_alloc_noprof+0xb4c/0x1470
[  128.675253][ T7430]  __mutex_lock+0x193/0x1060
[  128.675277][ T7430]  ? pcpu_alloc_noprof+0xb4c/0x1470
[  128.675295][ T7430]  ? stack_depot_save_flags+0x3de/0x9c0
[  128.675323][ T7430]  ? __pfx___mutex_lock+0x10/0x10
[  128.675345][ T7430]  ? blk_mq_init_tags+0x87/0x2b0
[  128.675368][ T7430]  ? blk_mq_alloc_map_and_rqs+0x237/0xf60
[  128.675388][ T7430]  ? __blk_mq_alloc_map_and_rqs+0x128/0x1f0
[  128.675410][ T7430]  ? nbd_start_device+0x1b0/0xd70
[  128.675433][ T7430]  ? nbd_genl_connect+0x134b/0x1c60
[  128.675457][ T7430]  ? netlink_sendmsg+0x8d1/0xdd0
[  128.675481][ T7430]  ? ____sys_sendmsg+0xa98/0xc70
[  128.675497][ T7430]  ? ___sys_sendmsg+0x134/0x1d0
[  128.675519][ T7430]  ? __sys_sendmsg+0x16d/0x220
[  128.675540][ T7430]  ? __do_fast_syscall_32+0x7c/0x3a0
[  128.675564][ T7430]  ? do_fast_syscall_32+0x32/0x80
[  128.675587][ T7430]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.675610][ T7430]  ? pcpu_alloc_noprof+0xb4c/0x1470
[  128.675628][ T7430]  pcpu_alloc_noprof+0xb4c/0x1470
[  128.675659][ T7430]  sbitmap_init_node+0x2fd/0x770
[  128.675681][ T7430]  sbitmap_queue_init_node+0x40/0x4a0
[  128.675701][ T7430]  blk_mq_init_tags+0x12d/0x2b0
[  128.675728][ T7430]  blk_mq_alloc_map_and_rqs+0x237/0xf60
[  128.675752][ T7430]  ? lockdep_hardirqs_on+0x7c/0x110
[  128.675778][ T7430]  __blk_mq_alloc_map_and_rqs+0x128/0x1f0
[  128.675803][ T7430]  __blk_mq_update_nr_hw_queues+0xcc1/0x1200
[  128.675828][ T7430]  ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10
[  128.675854][ T7430]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  128.675883][ T7430]  ? __pfx_down_write+0x10/0x10
[  128.675908][ T7430]  blk_mq_update_nr_hw_queues+0x3b/0x60
[  128.675931][ T7430]  nbd_start_device+0x1b0/0xd70
[  128.675959][ T7430]  nbd_genl_connect+0x134b/0x1c60
[  128.675987][ T7430]  ? __pfx_nbd_genl_connect+0x10/0x10
[  128.676015][ T7430]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  128.676044][ T7430]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  128.676075][ T7430]  genl_family_rcv_msg_doit+0x209/0x2f0
[  128.676103][ T7430]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  128.676131][ T7430]  ? genl_get_cmd+0x194/0x580
[  128.676158][ T7430]  ? netlink_alloc_large_skb+0x69/0x130
[  128.676181][ T7430]  ? netlink_sendmsg+0x6a1/0xdd0
[  128.676204][ T7430]  ? __radix_tree_lookup+0x21f/0x2c0
[  128.676226][ T7430]  genl_rcv_msg+0x55c/0x800
[  128.676242][ T7430]  ? __pfx_genl_rcv_msg+0x10/0x10
[  128.676269][ T7430]  ? __pfx_nbd_genl_connect+0x10/0x10
[  128.676293][ T7430]  ? __lock_acquire+0x62e/0x1ce0
[  128.676314][ T7430]  netlink_rcv_skb+0x158/0x420
[  128.676333][ T7430]  ? __pfx_genl_rcv_msg+0x10/0x10
[  128.676349][ T7430]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  128.676364][ T7430]  ? netlink_deliver_tap+0x1ae/0xd30
[  128.676376][ T7430]  ? is_vmalloc_addr+0x86/0xa0
[  128.676387][ T7430]  genl_rcv+0x28/0x40
[  128.676401][ T7430]  netlink_unicast+0x5a7/0x870
[  128.676415][ T7430]  ? __pfx_netlink_unicast+0x10/0x10
[  128.676428][ T7430]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  128.676442][ T7430]  netlink_sendmsg+0x8d1/0xdd0
[  128.676456][ T7430]  ? __pfx_netlink_sendmsg+0x10/0x10
[  128.676470][ T7430]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  128.676487][ T7430]  ____sys_sendmsg+0xa98/0xc70
[  128.676501][ T7430]  ? __pfx_____sys_sendmsg+0x10/0x10
[  128.676514][ T7430]  ? get_compat_msghdr+0x11a/0x170
[  128.676539][ T7430]  ___sys_sendmsg+0x134/0x1d0
[  128.676559][ T7430]  ? __pfx____sys_sendmsg+0x10/0x10
[  128.676584][ T7430]  ? find_held_lock+0x2b/0x80
[  128.676604][ T7430]  __sys_sendmsg+0x16d/0x220
[  128.676621][ T7430]  ? __pfx___sys_sendmsg+0x10/0x10
[  128.676654][ T7430]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  128.676673][ T7430]  ? rcu_is_watching+0x12/0xc0
[  128.676685][ T7430]  __do_fast_syscall_32+0x7c/0x3a0
[  128.676701][ T7430]  do_fast_syscall_32+0x32/0x80
[  128.676716][ T7430]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  128.676729][ T7430] RIP: 0023:0xf7f43579
[  128.676738][ T7430] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  128.676747][ T7430] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  128.676757][ T7430] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080001ac0
[  128.676763][ T7430] RDX: 0000000000020000 RSI: 0000000000000000 RDI: 0000000000000000
[  128.676769][ T7430] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.676775][ T7430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.676780][ T7430] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  128.676789][ T7430]  </TASK>
[  128.897677][   T10] usb 5-1: USB disconnect, device number 10
[  128.965122][ T7430] nbd0: detected capacity change from 0 to 127
[  128.975049][ T5979] block nbd0: Receive control failed (result -104)
[  128.977014][ T5989] block nbd0: Receive control failed (result -32)
[  129.413920][   T60] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  132.324662][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  132.326776][ T1419] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
16:46:51  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080000000 RBX=1ffff92000571fcf RCX=ffffffff81aa994a RDX=ffff888023e0c880
RSI=ffffffff81aa9958 RDI=0000000000000005 RBP=ffffffff8bb03ce0 RSP=ffffc90002b8fe58
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=ffffc90002b8fe98 R15=ffffffff8bb03d10
RIP=ffffffff81bb0ae7 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880974c0000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080000298 CR3=0000000067d63000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffff88802b23a440 RCX=1ffff1100566767a RDX=1ffff1100566767a
RSI=ffffffff8c162d80 RDI=ffff88802b33b3d0 RBP=ffff88802b33b3c0 RSP=ffffc90003daf820
R8 =0000000000000000 R9 =ffff88802b33b3d4 R10=ffffffff90ab8897 R11=0000000000000001
R12=0000000000000001 R13=0000000000000000 R14=ffff88802b33b3c0 R15=0000000000000001
RIP=ffffffff8b9398bb RFL=00000803 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975c0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000080002000 CR3=00000000122b4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000001049bc RBX=0000000000000002 RCX=ffffffff8b90dbf9 RDX=ffffed1005686656
RSI=ffffffff8c162d80 RDI=ffffffff8190ca61 RBP=ffffed1003a5a910 RSP=ffffc9000047fdf8
R8 =0000000000000000 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000001
R12=0000000000000002 R13=ffff88801d2d4880 R14=ffffffff90ab8890 R15=0000000000000000
RIP=ffffffff8b90c75f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880976c0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb63d3225d0 CR3=000000002b27c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff856170b5 RDI=ffffffff9b0fc700 RBP=ffffffff9b0fc6c0 RSP=ffffc90003e8e758
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000037 R14=ffffffff9b0fc6c0 R15=ffffffff85617050
RIP=ffffffff856170df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977c0000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000000080198018 CR3=0000000025cdf000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000