last executing test programs:

4m25.535586114s ago: executing program 3 (id=1820):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
recvmsg(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40000100)
r3 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0xe64, 0xb, @loopback, 0x2}, 0x1c)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x1}, 0x1c)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x8008af83, &(0x7f0000000400)={0x1d})
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f00000000c0)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r8, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x1f, 0x3}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x2, r7, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}})
io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0x0)

4m24.433363218s ago: executing program 3 (id=1827):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r2=>0x0})
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fccbdf250900000005000700000000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2, @ANYBLOB="c8fd6524d7db696bc508ee46069a11bce1a80743ca86f421352adad007a66689b2f3fc14faaee8aa490d58bea17b47a528d5f4c862d6a72a47d0333b6e38a18a99d59fcac5a4fee5b89ba054f7d5112b38fdd739cc0b59bb65db259fa2c38c0eef82fbbc70a329fcd01d0d44dc2823c8af504e33635f0a596c324ad1e0f234f8b2a564b60e16aaca6f66f04d5bc8bc7ff4305c0b5174a7b9446d6a33e7053562eafcabf38cf3"], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
setreuid(0x0, 0xee00)
request_key(&(0x7f0000000440)='rxrpc_s\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f0000000500)='/dev/vcsu#\x00', 0xffffffffffffffff)

4m23.982752765s ago: executing program 3 (id=1830):
syz_open_dev$loop(&(0x7f0000000100), 0x7, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1)
r3 = eventfd(0x5ef)
ioctl$KVM_IOEVENTFD(r2, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0x4000, 0x0, r3})

4m23.853454986s ago: executing program 3 (id=1832):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff90adedc4, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x10}}, 0x50)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)={0x1c, r7, 0x401, 0x70bd26, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000200)={'sit0\x00', <r8=>0x0, 0x20, 0x40, 0x6, 0x1, {{0x13, 0x4, 0x2, 0x6, 0x4c, 0x64, 0x0, 0x9b, 0x7f, 0x0, @rand_addr=0x64010101, @loopback, {[@ssrr={0x89, 0xb, 0x2b, [@dev={0xac, 0x14, 0x14, 0x36}, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @ssrr={0x89, 0x13, 0x17, [@empty, @private=0xa010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote]}, @noop, @ssrr={0x89, 0xf, 0x72, [@remote, @multicast1, @local]}, @end, @ssrr={0x89, 0x7, 0xeb, [@remote]}]}}}}})
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r5, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x8c, r7, 0x500, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x20, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @remote}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}]}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xff}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfb28}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x2000c0d1)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r0, &(0x7f0000000000)={0x80000000})
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f00000083c0)="c91443d5daaf04b192358b692f84d66c60492a57cffd585b0068ccde45d94ded1e86d3670791c21f8e0b2153d10d45d37b72ee2fa06ad61b0a9354045a8dae1bd1cfb49f3c11fe54c17eee632d95574681e6c472eb8a1beaf3a4b88561847a0a0f05fa4a26639d7e74a0c1c2790d6a59d4073b1c55539b7c21b8550efbd5f835c56642f4be57d170e36a6bf3a995f418554f0cab342769089d0777b28daad5c0c4ba56a0bd6c0515d9bf488fdcf49a9a7bbfcf5ad78733f8119f2568daefbd0985a9916c0d048e38765cc7bb1c82e0f3c81d98e7179ec782331bc3cfb2caf58a99668420795e6a00ef41dcf5283bbb61ebaedbb7a675be4fb2d11c31f9b76936d1112c68978c73f42e145b094490d748c1456a14c23fe25e2fdaeaaa7dc0d35dcc9bbfe86361f99f4d04090d1e66aa9714ee9f4608ad66c60f500bf06a1b5b90fbe2f6c42c4b5f337393b0bb201473712c48f898c514fff84c46b50d3aaf44578f41d312bb5a73526db7818617dcb938ebdb17f92423ca2cf7ea2c611483e0baff012fd97e28558317049e4fe2d27f72796d7260b33900cd61f984c087d3c54f6aa11e389a49069ef99ca86c279598b42dd3485f09fc7e119f707438498316cf2f2bc8a293eeb1a35635989327d4f6c9ba6b2d5b9b8ee89a1e13d538b954479663223bb704af6a63ee497734410ea43bfdb0ad3708cb7155df2432c44e8468a7b77b807d345c9b94fedadfdeba12f4b6d11d16fd6dd5fff6cf896d0f40785ffca538dae61d8a5ffee814e96628cd945553e788b8d915762ca3b40124149b3c186ddd5f7af5b75f4725444f2f7e54b999c93e8c5fd4d4fbd7a3b3d7e85df3053c866f1dd247cac6912ed8b0e491101ca5a0b999a21014b573ba3996c76065c9d8bebf431f8be6435837193efd6e5a565b2ced30d04355435f166b09f9dc91ee50412d0daf72b28ec14c505cb155de1a46362f140ac2b633fa42b12109f0a29fa8ba271d6fc2a77af3b16032ee46b3ddead76a481ef52f6bd25cab4494681f0abc2ffc60ebb36cffcc058a067fcdae6c9de670cd6fde6eb8086a65fc05df17cf69f654516ba30ee04a1427b40fb8e81fe46787d557046854ad342442bacd781c7a6063892402fb0d765397448991206b28193e20f285e50d9219ace39b311e572ebcd80702164315656e7fa92960d0fd28c6489406f0b3061218417548e7e78b8aaaf5a623eb47c92aebfebd1c78343bc781f184e0122a28f56b18832da5646ee8405fa2fc040ab30377c447b42d0bfdddc65e064ccdf1ad52a94309a819caeb523e22b25d1ba288b7f2c726290d50021b9839c5d3c471aadb08025d97619935a9880942cf653508a0b2c43838e5aada8b84d22042928dd372dedec14672266ddceb0744c7464ab282d7fbfb2767e891832aa25d1425b33a60c6894a8d5292fdd73e05a868b8e50cb1a412d1249a77ccfc3d3eb35a67221f80bb8960fd93ceb74e102f2a6946b50caae3ccb86a8ec441d6e58dbf24b3eb962c8a28cffeded9b7cf4a54f524a1ef49fbdc91e125aad65a54df6a0f10cd8799f48aa144f7aec977b4a347c5c9628c4805ecf71f305adc9e5ca7c1f313f9ea3e99b3590efd94d831e1ff5cd7a26b72281109547facfa3abac2cfc9177b117a3757b778e95b5069236abb25d8fb032c38d296f87388fdd364b491cb828732177a2c6bcaaf831d138c898bb60c0d9d8a02d8b4b8e7efa87d3ed66221ac52e31ba9c2da488b999eaf82994bc8f1ac29d5e60b8b1cdc30a1c9829aca1cd7881c8aaac9ede0f5d8b85538d2b13751cfc6b37587b0223b9f6b6dd9340753106b1eecdf4f63c51cc2c63a1f86235bad7602e115d1e0ed78a6b170b88eb9584d2098b187695627612189998171d245797391b2b79bb690a79dac4b769e3f18c4d49359f7b460d997c03c793f51a830d5b21faed2ae1c3eb0fce0cdadde3c789ec931b6397c2a2fb2eda87756fec031e5f50f07619130f8e39f1e00004a1f204e5d87780542bdedf0b1ca5168779ad7cb2ebf27e0a5d760a2492b4d92eab24f2bc9af0a3e51140c415a6f885d0faa38ee6dcffc41652b28e628b859db0e7a0f961e37c5806df137e68c5316667f36051eb05c971e208721fdb8a49b8c49f85114be9dd7288f4e95c5f6fb8c1bc1bc7d79f32ba5419d90130a0328ba70d10c770a1540718f7d890dba9c39a116623d492275a1268c91149bfe026ca1c6a458449d4004d653f4b0a234eacd1f4da495fd1f936b4b335f64514fc8091b1dab132f599e26cb127e25011efa30a922b5a3e8807db9a00a9cc732fd323708767c905c8a3cd53e2e8d377d3b43cb971cbd0e66e2e47f3d601d49e29941b2ea4d3c8b7f5698e1a633ebba00f6c178d6d04b9f1544f04cd173e2d49f129a8725a647e1a9e798b5581c6a461b585012a302353178188e55f8102a49343c9c370ee505d09e4be8580d95f5bf39267b00e93adb6b52b2029160d78ac271e4e0c70ed835484e80302b93efd599707d4d22c806476fd04d18ebd6a9bf88c11dc2c96041ac8c3e04ac0aa5d2ac6740972717b543fb871884a7a0434a433571fd621977777984ea9c06914be966da9f349cb1ef3a116c49f0c716eae1df118cd3d5b350b917c06d853c1e1514213f5a29071e42eecee264ff20529c53c3a060a18a680ade2a08b4549e6998f06e61e4f4c36d578e9ad83dd38d1eeb100e7ab023edb38426d5165b867b9507a6b644aa0322da335b208105f2e74a9841ea7c629ea20cef740f6364e9d84a4485d3bb6b5f4e14c7764f78b65c0647870638a8f618381ec0823faed0424a448f753a59fb22e5138e0ca537b6935befb99fc6eea2d9457c01345afbbaaf3a7a96a39478b222af322f86730d137c3f570b38c7363bb9a89bb4b3b8979b9afd232927becbc91c8d4a276febe47bacd4a84c0bfdd54e685080f2c3be0b1e37bc6d21b13b7b1bfd507880f6ad7fa39bf99eaf6b7088d758d9383e38326381088e9e3e792f75d682cf61cf1176953960b0e160b2a535495d52c28f14fa45ed7a3f91e219dcd05afdda2b7e6c1b742b29f6c5f62a040a5fe6606433fce7de757ed76372dfc0b1af9af10c0128bcd335eff1c6c9660b0893730c3ef8de6e50dba419b35d1766eb9a5dce4c2fa518f8e3e2a27855e04d06b89e97578a4406ac03f3314575143db5e43ae3d03a7e90a590b4c188a5acbe1cf23cd4cf60ca98248d4e740122a55ac6e463511b4c4cd47040aafc0bed7878348a4caad4d977671cf4ac319773767ee28f8ccc4c9deae531b029eff5345470f20865549b2f2c4089306304e13e42ca37fbca6839bbcd2f10bd20c81d44ab73ad5ffcc55f51b53efb00d3c68d8d8505e005247ba23e86a803b199f36447fd01f192994b2fa27c9db59ae66b56b30c1ae5cd717407068a9b13ca941b82db254f4ecdbd1751a3f8f1061031bb41af5c04a33ffc98509f456830cf3c94c14451f04d84844e41c618e82958710d07daeba666329b914f2cc7c1d34ffbf6b50620b7c78c25c5d82a5aadcc4d824b3b68c34231fa7c0befe5241c447f90111c55848feed9d1ee67f61095ec2c0b4ac82f5cf169201516082a804c9d1775990d430d21bc65877041905caf385918f44191c134e493d960724b28f01e79fbf3b99eac1e75fbc8ab8dcfdd98b573fa6d7e6a6ead6b15ed78e2a8d564f61d8c52be8104306c104146696e16c9e9bff79a5fc1d92326cf0f2ff5e5c5c252773f2bd2c554bc409aaec03055f71d439daebc1d8b06c9ca0e1fe4729e8e6119616e8fb861b1e2694d1df267cbc496ba4a87013c3317a16b4c1e369748507794a20ad06aad20e4dbfc1834d789d2a8e9395ddad33a74c6c7cf54e61e533cae228909536eba8020f0c3845d2063270cae4d8e8dd8cfe3f112c46751444546ced9f6434741656dcda2185be13eebcc0392c256f384fc16353e89cbdeef8fb2e3cadc1ed2142f3b6485dc2d540fe799d027413128f624aaf8bc1933d3a0e6a954931bfc914921dec7ec822a31ebb652d4f312ab4068cedc6203b0de98e60c5f82296a3482132b288ba0a8eabdd8ac40faf145928e7563dbcb14d0625c92b542860993bb0388d8390dae727ae4086d4de1b7fea9d79f4844374bcd67fa5e1a3a28cd6d8da3f171fcf9d13062bb149fde18917c6650cdfa2be8de33b556ad34fad454db13a446e8a7c40167117e884d874c786768975df0b201ea0077ba735d31d65a832dc122d13c6559601b83899af1f14808f55f077ad465ed61378c63abff3ad742691168fe1e31bfd0dbb9f43d364ddf0bb185f69e69110c9eb1ab808354fdd2cf571838d5ec63bac3d70ca40878dc3c3cea26adffd5a197206d7c80d6a86c202338e72f17dc7185e1df0cfefa9475a2156738f90c6410c1698d1a160fd396548323c796ec5dca3cd59e468ff6a14caf34b4fdb16f1c92acb6bff2e859f9de1266dea0d1828598319b40a3edef657be02188fc94490c1da088d3ec2f315d6b5bb2f262764b67ba321379f4c93bb3ef9bc7db0c0e5f1e680ebfa84463e904d5351ecf25d1d22a98f81f7a1fc4c4fee3934b7672661f0bcd94109706644d0fdac4b7933b5db2acf39b98c0a8106a7a757408404a4c299a077379458e2118fb0a53b798adc1b85d3eb20b539e572741b9855e44a545809f897dde06730145b5caefe9db1c321783450d25d38834532c3e372fa92a53ac9cb4330eaaf65fe1b69a66459058e02d20c6641b7d8edfa8e356baaeb011b61208ef36ed33235144c86d6ce65da89d66da06291d4acc05e3136559ab77a7c4ad229c5307b48ed642d96c28cd06c82dedd4a16ed90bceda81292120438fd5c47b7b41b2646fe0899643f896ddb2d11e7311f8a0cbb9bfa38106507e06f35b3052ad6b6a11ac5f0129bedc59d04aee3737ebbf10f97c80f1a4e3f51ac8ac4488ad9e3f685a7c0dd4074b07774f4efe4b9f2cba400ef49f73b12fc7d96d8f3283a1eaf8c003931fc24a9248e201ac31bb49226c37d535592e00308d86ba0765a7eda13b72686101d352fb959598038b8dec44a0f18e5c8ec089912d325880390ce5186d4585df46e5662987c164f0ccfb8f12f6144f91349051d3ffa35ba597d2b5920e279ca8e139dfe2ba9923c0190fd444c8bf12a627618791a8781d6b54470777e6a5dac8cb505ae1e534b0c3af7db010dd602b1459964e1e15a812f3b4c8038e6bc1dc568ba482ee4944582abeeda1ed012391706ddb1e0ce60efd15acde8283d3612de5d0cf76185ad3a1ce89488e1cea4009573b55a2766d100ecefc5d53c99876cfec65daea82f55cf9687ec70e45cfdba9fe69fc3a822c29ff4be34857bdcd4313fb23d1d01d8a79cbd0057eeb5c1c0b39f75d5a753a2e10bd0ebb91dab1312bdf1a984332d566ab56dfd838d285995bec8726c5d1358fe10b0b6aaa99b9d9b08894c1dbd06356e5c693ddebb9d8b306062defb160db9d8f02ae3df59697866f5adeb34c8c5b27b63b09675030f344197b3bff097b996819dec9059aaf5ec1a6c585a86d16528091543a9e6bca4d850b7963fd1e7d981814dedb165c1a6444ec0a21743a4de8845b386ad4e1e9c9f2873f6a353487d9a8f8f56ae1d0f69124ee56b5c2b2a48c78cc6ba6b313b889adf0acfaebb4e2dc71054a4992366a2b6ff1f5972d7d2f0e9e3b17d7fbe931f43871819dc6e6040ba239ebce2cfa424ff7344b8a880040321909dcd16956594f5d99fdd39ea5d7209b906d2601572c56c72db899f986185194fe5aab45f27d9ac12aa8600b3c2728ef2e589a6886d711edf4d7f95b2e10d9adde3009560ad754f9e7a52808720a973dc475f8177fd5b199b69925f03a44a8bd9f3c3369861802ce5ca4b40cb47d19e2e1bda1b054f16b66ac7b7c0e5205112e011d6957f1df50505003544631ff4385d8128d46838338930aebc0496348045a7c05abd7a56e1079947d3eb1c50e4d8be001d03d8973f8f08f2f21a415174173ccb90f7ab615be5036947e164a434c059637bfeebb8b9f2e87b9774a4595c71122c9fac74347488b9a054e2e7b9c45b7b12fcca0fe789db614c70d4149d44e50fb64aabccee7447288a5b865a60c2640171f89afecda2cb18b7ecea214bd32f43d5ff66e90741697d085f3ee9bfd8662a3cc570999bb151090160d3bf5bf1d85e896d66276cba7ed97f341f595b13c02ac2a1352aec7a5980de2c8f9d890951108947b7602dcf2bdd2aef680667572b87aadf7c54338492eae763df73e89e3c438c196da83d98bc65233a242e08894f2390d8714f0abb801d9e5c42f169555284b6cf079005b373e9938db71a93ee5945c2a43a06e3df580d372318b3d203503c6e968206d7db8116cca2f2a1fae7f5b5195bea92914d66516bc3ceb2d9dc4de59d0d52ab80910aba7ebb696c7deaddcf0fedf56e2a88c3496bb79897c6420a0ef1b03ad89c76b24f67ffd41c9227d464565457bb25f0b32c83e676b0a3284f2acbed39c6875871c5e866a8284f12e383f87f12dd9bbe3078c68b3711eaa9bc17a7ac8413a8ef486922eddf43f01625671b7c3d0a4c6c2dc38217b4135c8cb46df7d936aabfd253e95e0816dd1f92b257e2f96d2a259a320756ba77d99b709711326f2ea42def974d60f817a1f6779121dd32a1cb194c7809e4c8fd052ba357323436491ec45a49fa601ed373aadd2199e4483704fb2f4edd7bf2815b552fb84d09094cab9700b5125887ee508570217c16799bc11d9e3658de8d9812f30dc8078bbecaf887a6527686b026eea70229df1e61759adf19c1b96673419decb382ae29bd685c5f32120b2d56d3e97c9ef00a2c0598c2181b8fa53172312590a9549ff55dffb9070b042c74654b2ae56371b2a6bac8e2808a40fd5d6d0af184c035101394e347521467e0ddb962e0d63614cf1461ac7b9d744084e9f6f26c88d515dbb1b7392b8e9384b81f186224d5c09e266682d8044d8afb1bd6483962b03ed6884759d2647b8f174a6695a437a1f1aac3e6a2f8ca658ee8a8ae44a77393cec61a9f335a1e859825e73df4125828fbde19d3695125992ddb2826ffbc6c7cfbfdbae19ba864c4170c79cce408e8b280a7632c855d802029ebac8627fbd6fec1c3bd858411c969ca035992f2ab909c423158dffd0dd5a407b3e0c2d9b180440996e09e15f17b4e42f365371d9dd58c4609455253c44c2ba73f592e360ab5fcccdb6e90ae0c60ada9325c4824242c0d866e7dfbefe091067d5c7ff0432814f733591eb0096659738b34cfa8c6c988ec628f34fe08f31dc0156dc39866412932d045168f4f3a48f24fb3b884be1384845d496c3009626f1c41b0189e95c9055d24eb5a0390596f6ccf50d3727e607875a3b2cf076a277e12ac07ddc59da78ee16e1952706ac6a1a9ade80b867d889789c935d196cc4da67aa35ba80ef2077ee4dd69c5f31a0410f7fd0739303ddcdbff2f53e0a44ec5de0f062e533444bd946959a1d9c25b297b6fc7675ca4add9e24e8ff390e0375f3b15e1d3e8129007d743e384659f191bd23ffe02140fa64d5c6d75937b28d51afcaa9d207f57c878f2f54493025e9eff5b5ce0c997d11c9690262e38e1e83c7f1a0ed3f200d9d0472739d59dea3cc6e8783758e3e3201731cf27211267702594356345449b42fa64b64c6f00a8f26665524fe2208b1a7c5fbdc822ea611c1811526471e4f52ab5e3a43de8fd4eba2fb2796a206e348de9b0be78ded78204dc82d9e9adccbe408d7ff538aab3d663eab189927a9cd597388e8dc5063d2db42cd65415fa32d20288da017c9f94e788dfe7cc3a0f6b6ab06116ed3f72f3c048cb1e51abf308ed7169908d1ad5b7ab3a86a3316d164084f8d88c6f96142d888ccb158efa586015914c116db114aa82c44a55d4c33bd901dc34e820d3120d57def03ea4f01b263913cc02ca586b208506d149ef03a706fd5360a12b83acb7bf97ac1f1f85389d4fbfdcf38551e9dbce760a05e8e4023d85038570d3697b3e7de73aac9c7feb39b6ccd1a775c8ce01b08d7190e28866aa7bb8d0cff0fc45b452fcb6a290f98f4b5ec125224c8a93918b1f2888befba6de3d294ee1f13a9c56e92eaac0b8e6c6905e77a60ea7e1d1ed979b6b2606652e7d75750a065c57c7efb1ef5708719ef04e354bd861b15e0a1cbc7cfe65c8a3d9a2b790260d6e6eb60bd4e0fb3f040dfa27fa00797664122add0750a23a8b20fcd68b6be1e21620dda4bf0561f4c5ed74f41612a0676dcdbf669df3436cbf2ce253e69319e3ab36e6e6314f11e0d0882ee3d7f3d3b3dcfe3cd7f061e301369207545676e09801f9bc4bc4c3dcaf48e5320a4b3211051a7525868a0ac1278ed6fc9531ed89cf4205458acc05d5351bcab7ea50250b6cb4c6fdd0cd96f30cdc9a820f495d0a3e14eb6c493a85a87e3b7fb8e5f23431c3c5359f5802f1fc11ff71c3172c6b57b5587ab38579b79e328792edb7a81d60762bc6c88693a00712f811cab9b075a97535c904396dbd2fa0994ba9c9b06fe9c042cb6860d22844b94863bf7b68a1ab8639e4487b38d48e40da4a98dedd7d73ca4b575bf4c604a364a9247c2ea5e3b127ff42f9bce1d3d37c2428edab1708ebd71ac0e4a408a9c6eb97407a4a8b5e912e2c63fadd1abad9a772a96fc4666f7d2b604adbde6f1136de2adfe38994491ab0f34ff1fd20cb8034ad39aae4c5c0076da2e7a157764b770e1c5f35b6f323ce809b2e92be1345204021d74712368e0ef77056afd85f065bba085793c9b6950d3c3fc6c445afbdd5a80cf7b0bb13055fd486700be1500bdf8771e286a63962e56d4771ed5eefbf111ba7380f02d6f96eed174246820b73bd772689c072bb3d8e43ef96f5466dce5c9392e34b7176821d2f4df3dab4c6ef5e0238ffe61582812fdacc987fbb6d98cad5a2d7af0e4c8dd3f800cd75c38a515d4d4c7118c5f81c6f7504e7ae452370c56c4b7fb4daa65bf26919c12081485d09e9d142965320211f483ed2a0a6836fa2488a878eaf9653b0528c3680b75a1920a25b5c5c17548c7ceb9a1656a0cf6a404aec14f7ed8a1dcf8ed32e1cf94dc2f60b65aa102650b7a22d9e708c606ce8403ceb81434bd9938b2c4e5a8530a156a1df7d143b2da54071ba3e673ce11760f72c32273b7bcd9a48da2a6caeb4b782cf1c3a044c1731f3ad61ce32bbd0b52cbb187cb3ecc1e85a67ffe27cf86769a0d69fe293dd30f060b8a0f26ccd0287d0b8d941ee7410a7c6aa430add67c2dd60db292e24f294ce80b0321aaa4d054a6f5d9981e1d5e859b454f5005be082bd59baca5775eedb7994333c62c452ef7b2893e4d03a28c0e368928b4bdd6e31f52a83cd7e162975405fd128321e0a8e3e77fd93257b0c46b309e16203974382ced818faac3a02e74141e9ea36c4a1b98bd859fafce43b2984d856c832f61b1ca562cee96f5843adc14b35bec1ccdafedd214f1a344345373f3c9eccee8324950a23c3e77d55dbde9a7ac1b7804927affb8b0e1488dcd8919d227bd1f50a35abf25e3f120c25b0dfb4d85b4c2a2c69cf7047c76c45e4e901e7396140496f9a322c2c2ac777a27adff5a6daf32e852b1bac89f1086739a603cf0f6838f792351c08e38ab130e5a83aa5a4f2da19df131770a308d810eed0059a2e5546a2169b9d0119f6df7c18981f4b4f119c76fdaac031ce7551f25678b5c4d8815a7ea9565e63389fca6ea0bcd40e71ac72124113dc0041ce26a0c9979ff76d7f1f2c0cd2c16d8c7a36930b909ed7e2d4adfa8352b12b99bdcbc25b485f652539fab7ac983c1ae925967c15ba2345e45d6bafe13b3e9d7acf1a592422ea09c3a45f7fe24e235bd70b106cdaa665584e74cdaf9f39b804bc6c4e7f0bf572225acd4dfe010081b91c2d5970d4f43d2e1a0e05f84baaf50642991b3704034aed74572e6a4715b79276432d06660b39c989570fc0d5d0071a7c690658caee447370d3295db3b5dc625e697e1ca2675b5430b9969024835c7d001fbce86c5165c4fe8f2d46b883daaa3fbf42dc5cf61209379013896df740b9cc32638358ea8079a33f04197f650471086e67e5cf9779268d7973c73bbbde2f1c11e1a8e2b154aaa8b4b74f8a03f14ceb7afc4ba35e6620b7af89c969021d20cb260c1868f3fa432ce7e509db06001ae6540531b126c1e3a851acbf0a9c1354bece05c094d69d9bd87f99391e23306911383d2082997339daebd67d8a707c9b496a309b7921696f39a07864f31208802db7188881e346b41c34f4129fca9c6a13172a4dabfe791584d240fc03685057d53c08737aa1d486233318eb4545f2e8d18087705b9d3a7658564592f56aea3aee53d66c249988bf353853728553a1577062e24af533f47dc012ae90c5c085babc121be2993c063e203ab949a088041271ac0527c56edd4b7a87e98323a0137cd493aa05fe38d02754a66d89348b119e6200d5919bc366788eb67115fc57c4c1a9dd42c7411d6709ad82de8662a1849445b39beb2ba8f894860e41a054f61337179a9214b0884f3964c95ed2a4ab37de8038566bba76fbaa7502c0460558ff4bf4793ca68d78e50f384a81da4cfa23723747e906b82290e0b8ea07e3404bee0915800d4c3c07f94c43e7aafbc7a44d923de97963d0d1586bee06fc90aadbe5758fb9933ff7df346d62e082223741f5cb26ef953ca654ab983a72b30b296891c9e3f1ed5216b0e588eb25f5d4ccad6f96973cc2d26196bbd37c83266473071ccd84d9e3c74f22621e8bd60afa4bcad6c853c7591fe5d4298a954ea5006f682a7a65aeb26b230f3866a28a58bf532aca8fd5eaec64f442ac510a7df4114f00fd6ff7e02d77f8e72797222556959958c4c4d166c5af18a6e25588cac9871a3d5bb453889ff8d13db22024a997bf97a5afdf698b1deaff3101e27868d2de47b92c403ce82e15f3239d8923e8ca0c01e3781b5dd6121f57d2238dc3ff8a1bde3e371efd33838c552e43588042b360f55d7ca92f11987630364b263428e18601d7bf23f6432b3a9aa2c500cd9ac5f73cbe309443858a2806956b0cdcfc19904567bb1703641017c6199e768410e03d8ba603eb34249d567370202f39639ae8f6d52d9d5dbfc544c5b85ac8187095c63f1f613fe4af179fc5c837e6e0ccc21e62ac22ac045c4ac3b1ca6a4cbdbe29ea465240fc0aed1f0e086d7580bcf81d4e2a4d55a8e3bc57110e7cf1e1895df07974f0686dd2ea2b12bbfd64e7a9d0c62c662f0370e6ed495eeb2ee5029042147a1f2e5fcd6068b06567be893cb80e2cbb5fbb12847313811c13cf685698d5e2175959579e510279b9e959ac2c3f94fec653c6b521f8909d633ccedbc1109285ecbd52d27cd2891eaf354db2c966d1e3086718848433c12658fe7f6fbfef930b963139a63f6c4caee5a1964d3a038dd0db403c0a251d702c07a0fba4a3576ec6668a78e9e26efc6ad83a670a47608bf4207979bf196b3160c95e7ccc6406d46f529d34676b76d72396262e1448df051130a21484e0e977df1f7f0a259ac762eef9506877498b9998e1286d6294cf60b95352e81c3", 0x2000, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x150, 0x0, 0x3, [{{0x4, 0x3, 0x28000, 0x3, 0x9, 0x10001, {0x6, 0x9, 0x4, 0xb, 0x6, 0x0, 0x6, 0x1, 0x6, 0x8000, 0xde, 0x0, 0x0, 0x8001, 0x80000000}}, {0x1, 0x1, 0x1, 0x32540194, '\x00'}}, {{0x4, 0x3, 0x7ff, 0x7fffffffffffffff, 0xfff, 0x7ff, {0x3, 0x9, 0x3, 0x6, 0x5, 0x2, 0x2, 0x6, 0x7, 0x8000, 0x0, r2, r3, 0x1, 0x3}}, {0x0, 0x7, 0x1, 0x300, '\x00'}}]}, 0x0, 0x0, 0x0})
getdents64(r4, 0x0, 0x0)

4m23.716975733s ago: executing program 3 (id=1834):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000001c0)=[{{&(0x7f0000000100)=@rc={0x1f, @none}, 0x0, &(0x7f0000000740)=[{&(0x7f0000000240)=""/157}, {&(0x7f0000000180)=""/2}, {&(0x7f0000000300)=""/68}, {&(0x7f0000000380)=""/209}, {&(0x7f0000000480)=""/97}, {&(0x7f0000000500)=""/139}, {&(0x7f00000005c0)=""/173}, {&(0x7f0000000680)=""/133}], 0x0, &(0x7f00000009c0)=""/100}, 0x100}, {{&(0x7f00000007c0)=@xdp, 0x0, &(0x7f0000000940)=[{&(0x7f0000000840)=""/162}, {&(0x7f0000000900)=""/33}]}, 0x7}], 0xdf55, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x1000810, &(0x7f0000000000)=ANY=[@ANYBLOB="73746174733d756c6f62616c51b8"])
chroot(&(0x7f0000000200)='./file0\x00')
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x38, &(0x7f0000000200)=[@in6={0xa, 0x4e20, 0x4, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @in6={0xa, 0x4e20, 0x5, @ipv4={'\x00', '\xff\xff', @remote}, 0xc}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r4=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x84, &(0x7f0000000280)={r4, @in={{0x2, 0x4e21, @empty}}, 0x2, 0x3}, 0x90)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r5)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

4m23.602700166s ago: executing program 3 (id=1837):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
r3 = shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil)
shmdt(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r0, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x11, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010100, @broadcast}, {{0x4e24, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r6, @local, @loopback}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x9}}, @ip_ttl={{0x10, 0x0, 0x2, 0x809e}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x2ed}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@ssrr={0x89, 0x27, 0xeb, [@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @multicast2, @local, @multicast2, @rand_addr=0x64010102, @private=0xa010102, @local]}, @timestamp={0x44, 0x24, 0x17, 0x0, 0xb, [0x30000000, 0x3, 0x6575, 0x2, 0x3, 0x80000000, 0x1, 0x1]}, @lsrr={0x83, 0xf, 0xc0, [@dev={0xac, 0x14, 0x14, 0x3e}, @multicast1, @empty]}, @ssrr={0x89, 0x13, 0xf3, [@multicast2, @empty, @empty, @broadcast]}]}}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @multicast1, @local}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x3}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x7f}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @multicast2, @rand_addr=0x64010102}}}], 0x114}, 0x4042800)

4m23.354573848s ago: executing program 32 (id=1837):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
r3 = shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil)
shmdt(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r0, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x11, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010100, @broadcast}, {{0x4e24, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r6, @local, @loopback}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x9}}, @ip_ttl={{0x10, 0x0, 0x2, 0x809e}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x2ed}}, @ip_retopts={{0x7c, 0x0, 0x7, {[@ssrr={0x89, 0x27, 0xeb, [@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @multicast2, @local, @multicast2, @rand_addr=0x64010102, @private=0xa010102, @local]}, @timestamp={0x44, 0x24, 0x17, 0x0, 0xb, [0x30000000, 0x3, 0x6575, 0x2, 0x3, 0x80000000, 0x1, 0x1]}, @lsrr={0x83, 0xf, 0xc0, [@dev={0xac, 0x14, 0x14, 0x3e}, @multicast1, @empty]}, @ssrr={0x89, 0x13, 0xf3, [@multicast2, @empty, @empty, @broadcast]}]}}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @multicast1, @local}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x3}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x7f}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @multicast2, @rand_addr=0x64010102}}}], 0x114}, 0x4042800)

8.427823784s ago: executing program 1 (id=2782):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x14)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0))
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x4, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1, 0x1, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x6, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x103, 0x2, 0x6, 0x7ff, 0xb8547353], [0x4, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0xc, 0x36, 0x4, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a97, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x5, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x4, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000008, 0x2, 0x4, 0x800, 0x7, 0x9, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x6, 0x2, 0x81, 0x8, 0x1, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x82, 0x3, 0x10], [0x0, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x2, 0x6, 0x20c, 0xfffffffd, 0xa18, 0x61c8, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x8, 0x3c, 0x1000, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r2, 0x1e, &(0x7f0000000040)={r2}, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580))
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x2000, 0x0, {0x2}})
io_uring_enter(r8, 0x47f6, 0xfff5, 0x2, 0x0, 0x0)

8.365796553s ago: executing program 1 (id=2785):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r2=>0x0})
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2, @ANYBLOB="c8fd6524d7db696bc508ee46069a11bce1a80743ca86f421352adad007a66689b2f3fc14faaee8aa490d58bea17b47a528d5f4c862d6a72a47d0333b6e38a18a99d59fcac5a4fee5b89ba054f7d5112b38fdd739cc0b59bb65db259fa2c38c0eef82fbbc70a329fcd01d0d44dc2823c8af504e33635f0a596c324ad1e0f234f8b2a564b60e16aaca6f66f04d5bc8bc7ff4305c0b5174a7b9446d6a33e7053562ea"], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
setreuid(0x0, 0xee00)
request_key(&(0x7f0000000440)='rxrpc_s\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f0000000500)='/dev/vcsu#\x00', 0xffffffffffffffff)

7.497096023s ago: executing program 1 (id=2790):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xa, &(0x7f0000000140)={0xaca, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='affs\x00', 0xa08410, 0x0)
socket$inet(0x10, 0x3, 0x0)
r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000008d804e30000001f00000109022400010000a088090400fe01030001000921fffffd012205000905810308000300fd"], 0x0)
syz_usb_control_io(r5, &(0x7f0000000080)={0x2c, &(0x7f0000000e00)=ANY=[@ANYBLOB="020000000000050c26ed60c7d8223e8215403ef823824ef2bc9a232edd5c2c39ccbc40cd5dde74707ce8bc4e8b8f3d195a26de002d6967c023bc1c4d9de8ba7c47fa12fdc5fe9d869360c0b70d3bd252540178b997416a8d4cb016531818f5d1800ce5bc44aa6c4bfba63782ef8e076a01bf5c6807249375f9b37127"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000140)={0x1, 0x9, 0x6, &(0x7f00000000c0)={0x4, "7a6bb811e13d00"}})
socket$netlink(0x10, 0x3, 0x0)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a1337ffcac7b3227933659327b536c3576a1bff0a25001bff6d9af9f1d06e76da4798c2"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001ac0)=@bpf_ext={0x1c, 0x17, &(0x7f0000001b80)=ANY=[@ANYBLOB="1800000009000000000000000700000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000ab936b11fffffcffffff186700000400000000000000020000001822000024868dfe306891ad7a3d3d1b7e4f4b", @ANYRES32=0x1, @ANYBLOB="000000000800000018230000", @ANYRES32, @ANYBLOB="00000000d20000008520000004000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000f40)='syzkaller\x00', 0xfffffffe, 0x0, &(0x7f0000000f80), 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000fc0)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000001000)={0x0, 0x10, 0x0, 0x7ff}, 0x10, 0xf81c, r0, 0x6, &(0x7f0000001040)=[0xffffffffffffffff], &(0x7f0000001080)=[{0x3, 0x3, 0x9, 0xa}, {0x0, 0x3, 0x4}, {0x4, 0x3, 0xa, 0x4}, {0x2, 0x5, 0x1, 0x3}, {0x1, 0x1, 0x7, 0xc}, {0x1, 0x2, 0x4, 0xa}], 0x10, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1, 0x1d3, &(0x7f0000000000)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r9, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r9, 0x8949, &(0x7f0000000000))

6.17841301s ago: executing program 2 (id=2793):
unshare(0x6a040000)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r1, 0x40044149, &(0x7f0000000080)=0x10000)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0)
ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc01cf509, &(0x7f0000000000)={r3, 0x6, 0xcb2, 0x5})

5.783596828s ago: executing program 4 (id=2794):
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffd000/0x3000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
brk(0x5ede6002) (fail_nth: 4)

5.782968737s ago: executing program 0 (id=2795):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x14)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0))
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x4, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1, 0x1, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x6, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x103, 0x2, 0x6, 0x7ff, 0xb8547353], [0x4, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0xc, 0x36, 0x4, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a97, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x5, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x4, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000008, 0x2, 0x4, 0x800, 0x7, 0x9, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x6, 0x2, 0x81, 0x8, 0x1, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x82, 0x3, 0x10], [0x0, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x2, 0x6, 0x20c, 0xfffffffd, 0xa18, 0x61c8, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x8, 0x3c, 0x1000, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r2, 0x1e, &(0x7f0000000040)={r2}, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580))
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x2000, 0x0, {0x2}})
io_uring_enter(r8, 0x47f6, 0xfff5, 0x2, 0x0, 0x0)

5.563911443s ago: executing program 4 (id=2796):
syz_io_uring_setup(0x890, 0x0, &(0x7f0000000240), 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
r2 = gettid()
timer_settime(0x0, 0x0, 0x0, 0x0)
ptrace$poke(0x4, r2, 0x0, 0x7)
mq_open(&(0x7f0000001600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\aXg\xbb\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x8a=\x0f\n*\x8a\x99\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbbV\x1a\x8a\x03#T\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8', 0x40, 0xb, 0x0)
openat(r0, &(0x7f0000000040)='./file0\x00', 0x42, 0x50)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, 0x0, 0x0)
fcntl$setlease(r3, 0x400, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=wi'])
chdir(&(0x7f0000000140)='./file0\x00')
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f00000005c0), 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
recvmmsg(r5, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)}, 0x8000}], 0x2, 0x10002, 0x0)
sendmsg$can_bcm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x48}}, 0x0)

5.484003979s ago: executing program 2 (id=2797):
io_setup(0x5, &(0x7f0000001380)=<r0=>0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
ioctl$int_in(r1, 0x5452, &(0x7f0000000140)=0x10)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r3 = memfd_create(&(0x7f00000004c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g&\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05N\xb9\x1dOr\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
close(0x3)
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f00000001c0)={r3, 0x1, 0x0, 0x8000})
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r4, 0x32d7, 0x0, 0x46, 0x0, 0x0)
write$tun(r1, &(0x7f0000000100)=ANY=[], 0x32)
ioctl$VIDIOC_ENUMOUTPUT(0xffffffffffffffff, 0xc0485630, &(0x7f0000000300)={0xfff, "a6081b0d225d999d7a7ad3d20c753deb91de0b43c3b0f0683dab23f3cde5a8c7", 0x3, 0x5, 0xffffffff, 0x800000, 0x2})

4.324778902s ago: executing program 2 (id=2798):
r0 = getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x3c, r2, 0xc2ddb5edb7ba9069, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)

4.049273255s ago: executing program 4 (id=2799):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x6)
sched_setaffinity(r3, 0x0, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffeffffffffff", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = dup(r5)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
get_robust_list(r0, &(0x7f00000004c0)=&(0x7f00000003c0)={&(0x7f0000000280), 0x0, &(0x7f0000000340)={&(0x7f0000000300)}}, &(0x7f0000000500)=0xc)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0xffc0}, 0x4048043)

3.5704674s ago: executing program 1 (id=2801):
sendmsg$802154_dgram(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000600)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000ec0000008a5c7f5c95f40e918b2907ff3435398adab0a945e80cc51a2ed683162586299243a4b1f7682f2cc7f7de224abb5263253bd8da829908d0aa603378f5b701cc7c7399f551d3088fba70581c35406032"], &(0x7f0000000240)=0x110)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102384, 0x18ff0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000100)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0)
rmdir(&(0x7f0000000300)='./bus\x00')
mkdir(&(0x7f00000003c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000580)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir_follow}]})
chdir(&(0x7f0000000140)='./bus\x00')
rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00')
rmdir(&(0x7f0000000000)='./file0\x00')

1.901785559s ago: executing program 4 (id=2802):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x13, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54}, 0x20) (fail_nth: 10)

1.901381516s ago: executing program 4 (id=2803):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0xc004000)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r1)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), r1)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8004)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYRES32=r6], 0x50}}, 0x0)
sendmsg$nl_route_sched(r5, 0x0, 0x8080)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r8}, 0x18)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00'], 0x10}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000080), 0x4)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
syz_usb_connect$uac1(0x3, 0xc3, &(0x7f00000004c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb1, 0x3, 0x1, 0xf, 0x90, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x6}, [@input_terminal={0xc, 0x24, 0x2, 0x3, 0x101, 0x3, 0xcf, 0x5, 0x8, 0x6}, @processing_unit={0x8, 0x24, 0x7, 0x4, 0x2, 0x81, "db"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x9, 0x4, 0x4, 0x26, '3'}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7f, 0x1, 0x8, 0xc4, "a0b208"}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x5, 0x1000, 0xf, "a3c74ffac9a7fc"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x6, 0x1, 0x8, 0x4, "dcf13ca220b40baa"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x6, 0x79, 0x0, {0x7, 0x25, 0x1, 0x1, 0x7f, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xbf, 0x2, 0x8, 0x40, "deec"}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x2, 0x40, 0x2, {0x7, 0x25, 0x1, 0x82, 0x9, 0x6}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x250, 0x4, 0xf7, 0x9a, 0x10, 0x1}, 0x44, &(0x7f0000000640)=ANY=[@ANYBLOB="050f44000420100a80e5ff01000ff00b003000ff0039b8751535caa37853c35b2b300000000000000000c00000000000000b10010cc0000d048f1c090a1003020500f907e7000a1003020900e692727711aa1706067800"], 0x3, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x500a}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x380a}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x403}}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101142, 0xea7a)
lchown(&(0x7f0000000000)='./file1\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r11=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r11}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

1.738995572s ago: executing program 0 (id=2804):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r2, 0x4068aea3, &(0x7f0000000380)={0x80, 0x0, 0x8000000000000001})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r6, 0x80044dfe, &(0x7f0000000080))
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000000c0)={0x30000000})
getsockname$packet(r5, &(0x7f00000002c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
ppoll(&(0x7f0000000300)=[{r7, 0x202}, {r2, 0x40}, {r1, 0x31d}, {r7, 0x2}], 0x4, &(0x7f0000000340), &(0x7f0000000400)={[0x2, 0xdb5]}, 0x8)
getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f00000000c0)={<r9=>0x0, @multicast2, @multicast2}, &(0x7f0000000180)=0xc)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001140)=@newchain={0x7cc, 0x64, 0x800, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xfff1, 0xe}, {0x4, 0xb}, {0x9, 0xfff3}}, [@TCA_CHAIN={0x8, 0xb, 0xfdf}, @filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x4027}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x7}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0x4, 0x5}}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x9}}, @filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_POLICE={0x18, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x10001}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x982}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x80000000}, @filter_kind_options=@f_cgroup={{0xb}, {0x2a4, 0x2, [@TCA_CGROUP_EMATCHES={0x2a0, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0x240, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x3, 0x0, 0x0, {{0x8f83, 0x4, 0x9}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x315, 0xf, 0x1}, {0x3, 0x81}}}]}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xfffb, 0x3, 0x4fb}, {0x0, 0x3, 0x4b8a, 0xf69}}}, @TCF_EM_META={0x90, 0x3, 0x0, 0x0, {{0x8f9, 0x4, 0x57a0}, [@TCA_EM_META_HDR={0xc, 0x1, {{0xff23, 0x1, 0x2}, {0x3ff, 0x7, 0x1}}}, @TCA_EM_META_LVALUE={0x24, 0x2, [@TCF_META_TYPE_VAR="422d55f94539b7", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="e5a071df52c09e0e", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="88"]}, @TCA_EM_META_RVALUE={0x1c, 0x3, [@TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="ea5f8db023d483", @TCF_META_TYPE_VAR="89ff60f1c5a6842048"]}, @TCA_EM_META_LVALUE={0x19, 0x2, [@TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="aa", @TCF_META_TYPE_VAR="62b868e82a", @TCF_META_TYPE_VAR="38930f"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7fff, 0x0, 0x2}, {0x0, 0x4}}}, @TCA_EM_META_RVALUE={0xe, 0x3, [@TCF_META_TYPE_VAR="4ac5d0534356a2447d3d"]}]}}, @TCF_EM_IPT={0x90, 0x2, 0x0, 0x0, {{0x7f, 0x9, 0x7}, [@TCA_EM_IPT_MATCH_DATA={0x1a, 0x5, "586aedee9fdb7ac60509f6016262fa498627ecc039f2"}, @TCA_EM_IPT_MATCH_DATA={0x5f, 0x5, "bc16010e09d6b8883f93740ed7ed1adbe4a7fc05c3544c67dc1afc65c646df316b97ec0026c3eb7f0cafaa569f14717413263086654a551a76f05fb630f78871fb3d86e4062ef2a705a07e39d739af0c6babc9b797633b470f70c9"}, @TCA_EM_IPT_HOOK={0x8}]}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x26d2, 0x8, 0xb52}, {0x0, 0x5, 0x4}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x5, 0x1, 0x3}, {0x29, 0x4, 0x8, 0x0, 0x6, 0x1}}}, @TCF_EM_CONTAINER={0xc0, 0x3, 0x0, 0x0, {{0xfc01}, "071cda20d3885b7f4c9f5d0c3ef3ea65f5c6ac18cd9247d354ce97c1a8c58e3685d9c882f16d0453b10d2d4c4af07f74a5787abff9565140459d17fd3e5b3a57b4c42eca0f9178bb678f35522f9514229d9da8feaa882e124eb2c25a425f8bf0df0292f7f76ec8b60ea6f1f8facff7d5043d16c486391e51da901cb0f4e4c522bb9edd5953bded375e12f85d04344c9e0783c70e10cdc2c645ec1cdf14327fcd5fc58a201b914f5b94fdfa04fb5e02d7dd5975"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x40}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xf}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xf5ae}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x18, 0x2, 0x0, 0x0, {{0x8, 0x2, 0x8001}, {0x800, 0x8, 0x2, "4798e0b37b3241f5"}}}]}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x8, 0x2, 0x14}, {0x10, 0x4, 0x0, "8fec5f96"}}}]}]}]}}, @filter_kind_options=@f_matchall={{0xd}, {0x24, 0x2, [@TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x6}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xa, 0xd}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff2, 0x4}}]}}, @filter_kind_options=@f_cgroup={{0xb}, {0x448, 0x2, [@TCA_CGROUP_POLICE={0x444, 0x2, [@TCA_POLICE_AVRATE={0x8, 0x4, 0x1}, @TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x8, 0x8, 0x0, 0x5, 0x7f, 0x80000001, 0x45, 0x2, 0x6, 0xb4e, 0x383c, 0x1, 0x9, 0xff, 0xc82, 0x5, 0x10001, 0x1, 0x0, 0x8, 0x1, 0xd0b7, 0x3, 0x9, 0x59, 0x8, 0x6, 0x1, 0x2, 0x9, 0x1, 0x3ff, 0x4, 0x3, 0x3, 0x101, 0x3, 0x2, 0x2, 0x94b, 0xad9c, 0xfff, 0x9, 0x0, 0xfffffffa, 0xfffffff7, 0x6, 0x5, 0xfdd7, 0x80000000, 0xfffffff1, 0x80000001, 0x8, 0x95, 0x8, 0x3, 0x1, 0x9, 0xffff, 0x2, 0x0, 0xec000000, 0x2, 0x8000, 0x7, 0x2, 0x4, 0x7, 0x7, 0x10, 0x0, 0x401, 0x6, 0xa6b, 0x7, 0x1, 0x5, 0x5371, 0x40, 0x59376fbe, 0x2, 0x1, 0x80, 0x4, 0x4, 0x3, 0x1, 0xfff, 0x4, 0x0, 0x6, 0x7196, 0x4, 0x5, 0x2, 0x0, 0x3, 0x7f, 0x81, 0x99, 0xc5ff, 0xc43f, 0xfffffff9, 0xd, 0x7fff, 0x463, 0x101, 0x1, 0x10, 0x20000000, 0x80000000, 0x4, 0xc, 0x6, 0x7, 0x2, 0xffffb3f3, 0x1a3, 0x2, 0xff, 0x2, 0x2, 0x3ff, 0xa, 0x9, 0x7, 0xee7, 0x5, 0x8001, 0x10, 0xfffff311, 0x0, 0x7, 0xf18f, 0xffff, 0x3, 0x2, 0x4, 0x7fff, 0x8000, 0x8, 0x8, 0x3, 0x8d8, 0x7, 0x99, 0x8000, 0xb, 0x3, 0x1, 0x9, 0x6, 0x8f3, 0x3, 0x9, 0x40, 0x19, 0x4, 0x1, 0x7, 0x200, 0x29, 0x1909, 0x7, 0x8, 0x10000, 0x62, 0x1d, 0x9f, 0x80000001, 0x3, 0x2, 0xf, 0x20, 0x2800, 0x25, 0x5, 0x8, 0xa, 0x1, 0x1, 0xfffffff8, 0x6, 0x8, 0x40, 0x1, 0x61, 0xb2, 0x0, 0x9, 0x5, 0x1, 0x7fff, 0xd, 0x160, 0x4, 0x8, 0x21e, 0x800, 0x8, 0x5, 0x7, 0x4, 0x3, 0x2, 0x1d0, 0x5, 0xff, 0x9, 0x20000000, 0x6, 0x1, 0x3ff, 0x7fff, 0x8, 0x1, 0xd, 0x573, 0x8b4a, 0x8, 0x9, 0x200, 0x4, 0x81, 0x5, 0x6, 0x8, 0x3, 0x8000, 0x401, 0x401, 0x40, 0xfffffffa, 0x9, 0x0, 0x5, 0x1ff, 0x7, 0x7, 0xff, 0xff, 0x5, 0x9, 0x7, 0xfffffffa, 0x8, 0xba5, 0x5, 0xc2, 0x7, 0x3ff, 0x1, 0x4, 0x6, 0x2c]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x5}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x9}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xcb69}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}]}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0xd9}}]}, 0x7cc}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x30, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0xffe2}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000091}, 0x0)

1.736097808s ago: executing program 1 (id=2805):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @vbi={0x6, 0x2, 0x40000c7a, 0x38414762, [0x3, 0x7], [0x2, 0x6], 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
read$msr(r1, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = getegid()
fchown(r1, 0x0, r3)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
sendmsg$netlink(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000640)={0x1b0, 0x21, 0x4, 0x70bd2a, 0x25dfdbfd, "", [@generic="4f996108165c3a29caee6e14abaf408e1165471fd27619b064e5a7ba02d6b5e257898c63b0ccef9b5f4146bf7be6ed0aaf25df2ac1e0398ad88026cdaa64713b31b4415a16dee68d0329c0e10e0e470f127d3b30a167e038499b167d692420e20e25b9b82cb69822d8a470686a5af55dfbd1b526b8e6a81d858f22237527fe92908bddf9dede08250772a7957a4ef5c6aed985d8e541990a2c15f5b4d21f79", @nested={0x73, 0x51, 0x0, 0x1, [@generic, @generic="7640dabc8e2414e28420dc5d2472ac7e7027a7d20a5a3eb3fc5fc17919b6299404cf29ebd8e8e487e00d7d94f319a08b0ac3e70f9e27b84efbe687d48ad7d3069b01814ec9c190caa376432c7d4c34cd7a5ab25b05764716ead003295f1202324ecdc6", @typed={0xc, 0x89, 0x0, 0x0, @u64}]}, @generic="896eb4e7e2", @nested={0x86, 0xe9, 0x0, 0x1, [@nested={0x4, 0x34}, @nested={0x4, 0x89}, @typed={0x8, 0x5d, 0x0, 0x0, @pid}, @generic="f1b4339d4d85bdde4234b93e3524d7ca5cec2f0723b5", @nested={0x4, 0xe3}, @nested={0x4, 0xbd}, @generic="7465cd54309b602d7fa16ef8b281ac36aa1cc9e760174e7dbe9816bbb75f6cf9a7d1f27668339c57d02feedd77ebebb4f0292950a2a1a1ec27e0a862ff41c1c45dd53331d1775c3b03bd656d", @nested={0x4, 0xd2}, @nested={0x4, 0x103}]}]}, 0x1b0}, {&(0x7f0000000800)={0x144, 0x24, 0x100, 0x70bd2d, 0x25dfdbfb, "", [@typed={0x8, 0x9b, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="72b52d25dc939e86eea6c439f70b267f4c264a9e3489dc6aba0f0bb4b7f2166be563752420ed6877df81ee3b420d1eedf4227b85602e14bf4a3a37c014c03694ef1c448112b98f43f24eab4347fc8ac637d332f7b856b433170a008c73692a674340e12e0fedab3bdab5840c27ce1f9cd93d907f6b8b0b829ef4f05a93a714d8c97762b755b6b97f0a62b76202fc447acc4b34c9124ae0fb3ecaab8b0eca9ca9a5dbf358181e1dd572fd6a9a08a95e8523b1d8a4d1c3ecd02963a49fc50d7b78b278511cd0f013d15eec43e7013ba41d1a86bf2d27e14b4dbc", @generic="d75ca743ee148aca5dd1c90628ed8162b270a0e4ac1dd6dace476c29df6014e1edd43dd0cee784f6788f5e458cf3787969ed43422488ceec42a261b3db28ed989a3e0943ec9ee278f121e33dd0fa179654c537"]}, 0x144}], 0x2, &(0x7f0000000980)=ANY=[@ANYBLOB="2c0000ff1601000001000000", @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r2, @ANYBLOB="2c0000000100000001000000", @ANYRES32=r1, @ANYRES32=r2, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32, @ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYRES32=r3, @ANYBLOB="280000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32, @ANYRES32=r0, @ANYRES32], 0x98, 0x2400c094}, 0x44810)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
r4 = socket(0x10, 0x80002, 0x0)
r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
readv(r5, &(0x7f0000000140)=[{&(0x7f0000000040)=""/199, 0xc7}], 0x1)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x1ff, 0x0, 0x5, 0x6, 0x1, 0x2, 0x6e62, 0xe5, 0xd1d7, 0x2, 0x5, 0x1, 0x9, 0x72, 0x5, 0x7ff], 0x5000, 0x200})
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="26853f0eb46eea70c21ba8bc8607d2f92111b7b7e9c7cc1db18953bb513cafbec07a6eeefc01b68f98fea4be0992394ac43f3495bb0d6e2183cddb92", 0x3c)
connect$inet6(r4, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYRES8=r2, @ANYRES16=r3, @ANYRESDEC], 0x44}, 0x1, 0x0, 0x0, 0x12}, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r7}, 0x10)
write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e)

1.699990893s ago: executing program 2 (id=2806):
r0 = syz_io_uring_setup(0x110, &(0x7f00000001c0)={0x0, 0xfec9, 0x2, 0x0, 0x37e}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000400)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r3, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x44, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FRAME={0x1c, 0x33, @data_frame={@msdu=@type10={{}, {}, @from_mac=@broadcast, @device_b}}}]}, 0x44}}, 0x800)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x19, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x200}})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0900000004000000080000000c"], 0x50)
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$eventfd(r6, &(0x7f0000000100), 0xfffffd79)
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b000000000000000000000000806ae3cb856027d121eef2267a69179a4ff90d827dac5aff67c2db021da626fd21f8f7672591c3f1de9740e658dad81bff6126ab4b5afbd5f88f539f76b15efd1b2725a58f6d1e5f30e3902f382d7f89de3d0a68b877f2290da95c3c08ddab8f059d01aafecc65f9d4e0db761ad9b6f4bce379c5564a4ac3a08bcb08b47304cdd862af841881680aaab8c12fce15ec921258c71ee8a012a89b61f698b545fa01ca31771699a9b60911367926004f4888c01ad6d414ef"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000097000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50005008200000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000070000008200000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.541751105s ago: executing program 2 (id=2807):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r2, 0x278)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000)={0x2})
accept4(r2, 0x0, 0x0, 0x0)
r4 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000f, 0x13, r4, 0x2000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r5 = io_uring_setup(0xaae, &(0x7f0000000080)={0x0, 0xffffeffa, 0x800, 0x3, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f0000000240)={0x3, 0x0, 0x94, &(0x7f0000000180)={0x6, 0xfd0000000, 0xf}})
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_COMPAT={0x3c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x73}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x80f3}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x90}}, 0x20000080)
r6 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000040)=@id, &(0x7f00000000c0)=0x10, 0x80800)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x3, 0x3}, 0x10)

1.16330051s ago: executing program 0 (id=2808):
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000006, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x1000000000000, 0x2, 0x0, &(0x7f0000ffa000/0x4000)=nil)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000001f000000", @ANYRES32, @ANYRESOCT=0x0, @ANYRES32=0x0, @ANYRES16, @ANYBLOB='\x00'/28], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="180003000000000000fa28d81f7c064806dcf6678c7811cb4a93b5fe84afdae1125b0ce7964b7b36af86fae1997ad7b104d1a0e4658b266f071596ce2263467703850e0d2542fe98a3279f93b82bb5", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000001fcffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000087412ec385000000820000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001010000850000002d0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000040)='tlb_flush\x00', r2, 0x0, 0x5}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x114c83, 0x0)
close(0xffffffffffffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82602, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket(0x840000000002, 0x3, 0x105)
chdir(&(0x7f0000000100)='./file0\x00')
process_vm_writev(0x0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/10, 0xa}, {&(0x7f0000000340)}], 0x2, &(0x7f0000000500)=[{&(0x7f0000000400)=""/65, 0x41}, {&(0x7f0000000680)=""/193, 0xc1}, {&(0x7f0000000780)=""/124, 0x7c}, {&(0x7f0000000880)=""/213, 0xd5}, {&(0x7f00000009c0)=""/195, 0xc3}, {&(0x7f0000000ac0)=""/127, 0x7f}, {&(0x7f0000000b40)=""/200, 0xc8}, {&(0x7f0000000c40)=""/185, 0xb9}], 0x8, 0x0)
connect$inet(r4, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000300)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x4, 0x6, 0x0, @remote, @local}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xfe}}}}}}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
sendmmsg$inet(r4, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@cred={{0x18, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x18, 0x24040000}, 0x880)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000180)={0x23, 0x16, 0xffff, 0x1, 0x0, 0xb, 0x0})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
socket$nl_route(0x10, 0x3, 0x0)
semctl$SEM_INFO(0x0, 0x0, 0x13, 0x0)

801.134263ms ago: executing program 1 (id=2809):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='cgroup\x00')
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001cc0), r7)
sendmsg$NLBL_UNLABEL_C_ACCEPT(r7, &(0x7f0000001d80)={0x0, 0x0, &(0x7f0000001d40)={&(0x7f0000001d00)={0x14, r8, 0x1, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x960, 0x0, 0xdf}, {0x40000325}]})
syz_usb_connect$uac1(0x0, 0xaa, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0xfffc, 0x5, 0xff, 0xffff8001}, {0xc, 0xe, 0x5, 0x5b58}]}, 0x8)
read$FUSE(r0, 0x0, 0x0)

618.68955ms ago: executing program 2 (id=2810):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x54, r5, 0x1, 0x0, 0x200004, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'wlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6_vti0\x00'}]}, 0x54}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x80)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000040), 0x8, 0x0)
ioctl$VIDIOC_S_CROP(r6, 0x4014563c, &(0x7f0000000000)={0xa, {0x108, 0x800000e7, 0x1, 0x80793}})
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000})

162.417913ms ago: executing program 4 (id=2811):
r0 = openat$apparmor_task_exec(0xffffff9c, &(0x7f0000000500), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x24000845}, 0x20000080)
r3 = openat$sr(0xffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$SG_IO(r3, 0x2285, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r3, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0}, 0x4080)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={<r5=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r4, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}, r5}}, 0x30)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0xb, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8}, @TCA_SKBEDIT_PTYPE={0x6, 0x4}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x60}}}}]}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r7 = getpid()
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x3c, r9, 0xc2ddb5edb7ba9069, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r7}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a00006000000000", @ANYRES32=0x0, @ANYRES32=r10, @ANYBLOB="0000000000000010feffffffffffffff000000400000000000000000000000001a000000000000000100000000000000feffffffffffffffa2d5000000000000afb3f60156b150f500e03df0d4908acce9ba00000000000000ff7f040000000000080000000008000001"], 0xc4}}, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x711, @remote, 0xbf}, {0xa, 0x4e20, 0xfffffffe, @mcast2, 0x10001}, r5, 0x403}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f00000002c0)={0x4, 0x8, 0xfa00, {r5, 0x5}}, 0x10)
mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x100004, 0x10001d, 0x40000}, 0x20)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0x1, 0x8, "4ca4625e00b5aa95a443d782d859cb2df816a3bc9bd3bf1d11d8b4a7ba9fc6dfb72a8a253215874b349abc806123fd11b1d23eb79cf0385a4cd7b494621f0b26b593bbccdfdf13dbc79be9e9f18b5fb46b9d5a74d7a6dd151c0f37b9e89825f2f99217fb0091568ce14c98b5b462555908260a0e7c7c33fc1ba12df6d0d8fc11847c4b29bd4752fa53802767e26e11475a905215a4d1cfb8a8cc88d605e68145d97c3c2836b7935b66b3583d6633efe51a9cb5426092d85d47a8ca52fe5b7c2083596186c5b4e98f1052759d2233c3fb1e62e4333f0898f89b770b6abe57c92ba6f0e1c64a714686c6f22f7c8f6f79ee56c56d09e95001654229a197d0462e6f", 0x0, 0x4, 0x5, 0xf, 0xd, 0x0, 0x6, 0x1}, r5}}, 0x120)
socket$nl_generic(0x10, 0x3, 0x10)
bind$rxrpc(r1, &(0x7f0000000040)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24)

70.8501ms ago: executing program 0 (id=2812):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYRESHEX=r0], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x400000000010, 0x3, 0x0)
socket$phonet(0x23, 0x2, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c006226c952a82a4f8e36ec57b45386fad7414aab04bd33efec3db6c3c9ebe350bd468567a261ab53aeba0b847b0462153531247b5cdfb907d5379efdfafd388279be4ff0deb26245e4e53a25d9c1a455084c7c60b5695a3bd43555892f00c7a7f847786f25f145f4972720df2b9cd04ff253ea2ab70d47992e181345b80fe26dad373c7e69170777120606af8cf41a36f36c250b01eea674179253f25658dd3e15e3f01a9be455b4929e11e73281bc3036f5801f650d33afce7b"])

455.492µs ago: executing program 0 (id=2813):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x13, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54}, 0x28)

0s ago: executing program 0 (id=2814):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x3fff, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {0x4}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=@newqdisc={0x40, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfb, {0x0, 0x0, 0x0, r3, {0x4}, {0xffff, 0xffff}, {0xe, 0x1}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x7, 0x1}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) (fail_nth: 6)

kernel console output (not intermixed with test programs):

ice
[  884.452633][ T1121] sr 2:0:0:0: [sr0] tag#17 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  884.456918][ T1121] sr 2:0:0:0: [sr0] tag#17 Sense Key : Illegal Request [current] 
[  884.460263][ T1121] sr 2:0:0:0: [sr0] tag#17 Add. Sense: Invalid command operation code
[  884.463767][ T1121] sr 2:0:0:0: [sr0] tag#17 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00
[  884.467793][ T1121] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[  884.472489][ T1121] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  885.736240][T16984] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  885.739085][T16984] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  885.741816][T16984] vhci_hcd vhci_hcd.0: Device attached
[  885.749403][T16984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2291'.
[  885.754658][T16984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2291'.
[  885.763816][T16990] vhci_hcd: connection closed
[  885.764023][ T1142] vhci_hcd vhci_hcd.2: stop threads
[  885.768347][ T1142] vhci_hcd vhci_hcd.2: release socket
[  885.770603][ T1142] vhci_hcd vhci_hcd.2: disconnect device
[  885.958428][T16996] FAULT_INJECTION: forcing a failure.
[  885.958428][T16996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  885.963388][T16996] CPU: 2 UID: 0 PID: 16996 Comm: syz.4.2294 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  885.963407][T16996] Tainted: [L]=SOFTLOCKUP
[  885.963410][T16996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  885.963418][T16996] Call Trace:
[  885.963422][T16996]  <TASK>
[  885.963426][T16996]  dump_stack_lvl+0x16c/0x1f0
[  885.963446][T16996]  should_fail_ex+0x512/0x640
[  885.963462][T16996]  _copy_from_user+0x2e/0xd0
[  885.963474][T16996]  get_compat_msghdr+0xa7/0x170
[  885.963489][T16996]  ? __pfx_get_compat_msghdr+0x10/0x10
[  885.963507][T16996]  ___sys_sendmsg+0x1ae/0x1d0
[  885.963522][T16996]  ? __pfx____sys_sendmsg+0x10/0x10
[  885.963542][T16996]  ? find_held_lock+0x2b/0x80
[  885.963570][T16996]  __sys_sendmsg+0x16d/0x220
[  885.963584][T16996]  ? __pfx___sys_sendmsg+0x10/0x10
[  885.963602][T16996]  ? do_user_addr_fault+0x843/0x1370
[  885.963618][T16996]  __do_fast_syscall_32+0xe8/0x680
[  885.963638][T16996]  do_fast_syscall_32+0x32/0x80
[  885.963648][T16996]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  885.963662][T16996] RIP: 0023:0xf707d579
[  885.963670][T16996] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  885.963682][T16996] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  885.963693][T16996] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180
[  885.963700][T16996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  885.963706][T16996] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  885.963712][T16996] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  885.963719][T16996] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  885.963732][T16996]  </TASK>
[  886.133834][T16999] tmpfs: Bad value for 'huge'
[  886.730974][T17006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2296'.
[  888.047277][T17014] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2299'.
[  888.391872][T17025] tmpfs: Bad value for 'huge'
[  888.398475][T17025] 9p: Bad value for 'version'
[  889.142277][T17030] wireguard0: entered promiscuous mode
[  889.144947][T17030] wireguard0: entered allmulticast mode
[  889.485230][  T144] usb 38-1: device descriptor read/8, error -110
[  889.606320][T17046] /dev/sr0: Can't open blockdev
[  889.673821][T17049] tmpfs: Bad value for 'huge'
[  889.678287][T17053] overlayfs: missing 'lowerdir'
[  889.773226][T17054] FAULT_INJECTION: forcing a failure.
[  889.773226][T17054] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  889.777903][T17054] CPU: 1 UID: 0 PID: 17054 Comm: syz.1.2310 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  889.777922][T17054] Tainted: [L]=SOFTLOCKUP
[  889.777926][T17054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  889.777933][T17054] Call Trace:
[  889.777937][T17054]  <TASK>
[  889.777942][T17054]  dump_stack_lvl+0x16c/0x1f0
[  889.777962][T17054]  should_fail_ex+0x512/0x640
[  889.777977][T17054]  _copy_from_user+0x2e/0xd0
[  889.777989][T17054]  v4l2_compat_get_array_args+0x55c/0x760
[  889.778022][T17054]  ? __pfx_v4l2_compat_get_array_args+0x10/0x10
[  889.778037][T17054]  ? trace_kmalloc+0x2b/0xb0
[  889.778052][T17054]  ? __kvmalloc_node_noprof.cold+0x61/0x8e
[  889.778070][T17054]  ? video_usercopy+0x9c8/0x13e0
[  889.778090][T17054]  video_usercopy+0xc32/0x13e0
[  889.778106][T17054]  ? __pfx___video_do_ioctl+0x10/0x10
[  889.778122][T17054]  ? __pfx_video_usercopy+0x10/0x10
[  889.778142][T17054]  ? hook_file_ioctl_common+0x144/0x410
[  889.778159][T17054]  v4l2_ioctl+0x1bd/0x250
[  889.778173][T17054]  ? __fput_deferred+0x431/0x480
[  889.778185][T17054]  v4l2_compat_ioctl32+0x217/0x2e0
[  889.778199][T17054]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  889.778213][T17054]  __ia32_compat_sys_ioctl+0x242/0x370
[  889.778228][T17054]  __do_fast_syscall_32+0xe8/0x680
[  889.778247][T17054]  do_fast_syscall_32+0x32/0x80
[  889.778257][T17054]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  889.778271][T17054] RIP: 0023:0xf7f67579
[  889.778280][T17054] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  889.778291][T17054] RSP: 002b:00000000f543555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  889.778301][T17054] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0185647
[  889.778308][T17054] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  889.778315][T17054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  889.778321][T17054] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  889.778327][T17054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  889.778340][T17054]  </TASK>
[  889.887437][  T144] usb usb38-port1: attempt power cycle
[  890.446269][  T144] usb usb38-port1: unable to enumerate USB device
[  890.567252][T17090] FAULT_INJECTION: forcing a failure.
[  890.567252][T17090] name failslab, interval 1, probability 0, space 0, times 0
[  890.572118][T17090] CPU: 3 UID: 0 PID: 17090 Comm: syz.0.2316 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  890.572137][T17090] Tainted: [L]=SOFTLOCKUP
[  890.572141][T17090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  890.572148][T17090] Call Trace:
[  890.572152][T17090]  <TASK>
[  890.572157][T17090]  dump_stack_lvl+0x16c/0x1f0
[  890.572177][T17090]  should_fail_ex+0x512/0x640
[  890.572191][T17090]  should_failslab+0xc2/0x120
[  890.572208][T17090]  kmem_cache_alloc_noprof+0x83/0x770
[  890.572222][T17090]  ? lock_acquire+0x179/0x330
[  890.572232][T17090]  ? skb_clone+0x190/0x3f0
[  890.572248][T17090]  ? skb_clone+0x190/0x3f0
[  890.572260][T17090]  skb_clone+0x190/0x3f0
[  890.572275][T17090]  dev_queue_xmit_nit+0x25b/0xac0
[  890.572294][T17090]  dev_hard_start_xmit+0x56b/0x6e0
[  890.572308][T17090]  __dev_queue_xmit+0x6d7/0x4650
[  890.572324][T17090]  ? __pfx___dev_queue_xmit+0x10/0x10
[  890.572344][T17090]  ? __asan_memcpy+0x3c/0x60
[  890.572357][T17090]  ? __asan_memcpy+0x3c/0x60
[  890.572370][T17090]  ? __skb_clone+0x570/0x760
[  890.572385][T17090]  netlink_deliver_tap+0xa87/0xd30
[  890.572403][T17090]  netlink_unicast+0x64c/0x870
[  890.572420][T17090]  ? __pfx_netlink_unicast+0x10/0x10
[  890.572440][T17090]  netlink_sendmsg+0x8c8/0xdd0
[  890.572458][T17090]  ? __pfx_netlink_sendmsg+0x10/0x10
[  890.572475][T17090]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  890.572495][T17090]  ____sys_sendmsg+0xa5d/0xc30
[  890.572518][T17090]  ? __pfx_____sys_sendmsg+0x10/0x10
[  890.572534][T17090]  ? get_compat_msghdr+0x11a/0x170
[  890.572554][T17090]  ___sys_sendmsg+0x134/0x1d0
[  890.572575][T17090]  ? __pfx____sys_sendmsg+0x10/0x10
[  890.572609][T17090]  ? find_held_lock+0x2b/0x80
[  890.572650][T17090]  __sys_sendmsg+0x16d/0x220
[  890.572674][T17090]  ? __pfx___sys_sendmsg+0x10/0x10
[  890.572702][T17090]  __do_fast_syscall_32+0xe8/0x680
[  890.572723][T17090]  do_fast_syscall_32+0x32/0x80
[  890.572738][T17090]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  890.572758][T17090] RIP: 0023:0xf702d579
[  890.572774][T17090] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  890.572792][T17090] RSP: 002b:00000000f541d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  890.572810][T17090] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  890.572820][T17090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  890.572830][T17090] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  890.572840][T17090] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  890.572849][T17090] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  890.572872][T17090]  </TASK>
[  890.573100][T17090] wireguard: wg2: Could not create IPv4 socket
[  890.788254][T17106] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2317'.
[  891.541806][T17146] FAULT_INJECTION: forcing a failure.
[  891.541806][T17146] name failslab, interval 1, probability 0, space 0, times 0
[  891.548381][T17146] CPU: 0 UID: 0 PID: 17146 Comm: syz.2.2323 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  891.548400][T17146] Tainted: [L]=SOFTLOCKUP
[  891.548404][T17146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  891.548411][T17146] Call Trace:
[  891.548414][T17146]  <TASK>
[  891.548418][T17146]  dump_stack_lvl+0x16c/0x1f0
[  891.548439][T17146]  should_fail_ex+0x512/0x640
[  891.548454][T17146]  ? __kmalloc_cache_noprof+0x5f/0x800
[  891.548468][T17146]  should_failslab+0xc2/0x120
[  891.548486][T17146]  __kmalloc_cache_noprof+0x80/0x800
[  891.548498][T17146]  ? allocate_cgrp_cset_links+0xca/0x230
[  891.548518][T17146]  ? allocate_cgrp_cset_links+0xca/0x230
[  891.548534][T17146]  allocate_cgrp_cset_links+0xca/0x230
[  891.548553][T17146]  find_css_set+0x785/0x1c70
[  891.548570][T17146]  ? __pfx_find_css_set+0x10/0x10
[  891.548592][T17146]  cgroup_migrate_prepare_dst+0x10b/0x7f0
[  891.548609][T17146]  cgroup_attach_task+0x3cc/0x700
[  891.548624][T17146]  ? __pfx_cgroup_attach_task+0x10/0x10
[  891.548637][T17146]  ? iput.part.0+0x192/0x1190
[  891.548653][T17146]  ? cgroup_attach_permissions+0x2a1/0x790
[  891.548673][T17146]  __cgroup_procs_write+0x452/0x780
[  891.548690][T17146]  ? __pfx___cgroup_procs_write+0x10/0x10
[  891.548716][T17146]  cgroup_procs_write+0x26/0x60
[  891.548731][T17146]  cgroup_file_write+0x1ef/0x7a0
[  891.548741][T17146]  ? __pfx_cgroup_procs_write+0x10/0x10
[  891.548757][T17146]  ? __pfx_cgroup_file_write+0x10/0x10
[  891.548767][T17146]  ? __kmalloc_noprof+0x35d/0x910
[  891.548783][T17146]  kernfs_fop_write_iter+0x3af/0x570
[  891.548799][T17146]  ? __pfx_cgroup_file_write+0x10/0x10
[  891.548811][T17146]  vfs_write+0x7d3/0x11d0
[  891.548828][T17146]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  891.548846][T17146]  ? __pfx_vfs_write+0x10/0x10
[  891.548860][T17146]  ? find_held_lock+0x2b/0x80
[  891.548883][T17146]  ksys_write+0x12a/0x250
[  891.548898][T17146]  ? __pfx_ksys_write+0x10/0x10
[  891.548914][T17146]  ? do_user_addr_fault+0x843/0x1370
[  891.548930][T17146]  __do_fast_syscall_32+0xe8/0x680
[  891.548949][T17146]  do_fast_syscall_32+0x32/0x80
[  891.548959][T17146]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  891.548973][T17146] RIP: 0023:0xf70dd579
[  891.548982][T17146] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  891.548992][T17146] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  891.549003][T17146] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000c40
[  891.549010][T17146] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000
[  891.549016][T17146] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  891.549022][T17146] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  891.549028][T17146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  891.549042][T17146]  </TASK>
[  891.793909][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.798432][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.802861][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.853774][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.857695][T17158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2326'.
[  891.863462][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.871000][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.876591][T17148] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2324'.
[  891.988365][T17156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2324'.
[  895.809543][T10909] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  895.979549][T10909] usb 9-1: device descriptor read/64, error -71
[  896.059676][ T5693] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  896.229682][T10909] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  896.253701][ T5693] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  896.256844][ T5693] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  896.292759][ T5693] usb 5-1: Product: syz
[  896.294529][ T5693] usb 5-1: Manufacturer: syz
[  896.296432][ T5693] usb 5-1: SerialNumber: syz
[  896.320407][ T5693] usb 5-1: config 0 descriptor??
[  896.369801][T10909] usb 9-1: device descriptor read/64, error -71
[  896.480134][T10909] usb usb9-port1: attempt power cycle
[  896.544972][ T6034] usb 5-1: USB disconnect, device number 45
[  896.756059][T17239] __nla_validate_parse: 4 callbacks suppressed
[  896.756079][T17239] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2337'.
[  896.763203][T17239] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2337'.
[  896.890312][T10909] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  896.910708][T10909] usb 9-1: device descriptor read/8, error -71
[  897.190284][T10909] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  897.220876][T10909] usb 9-1: device descriptor read/8, error -71
[  897.330578][T10909] usb usb9-port1: unable to enumerate USB device
[  897.359363][   T40] audit: type=1326 audit(1766908759.361:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.370398][   T40] audit: type=1326 audit(1766908759.371:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.380253][   T40] audit: type=1326 audit(1766908759.371:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.395820][   T40] audit: type=1326 audit(1766908759.371:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.402994][   T40] audit: type=1326 audit(1766908759.371:1165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.410824][   T40] audit: type=1326 audit(1766908759.371:1166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.418708][   T40] audit: type=1326 audit(1766908759.371:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.426088][   T40] audit: type=1326 audit(1766908759.381:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.433228][   T40] audit: type=1326 audit(1766908759.381:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.440523][   T40] audit: type=1326 audit(1766908759.381:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17250 comm="syz.2.2340" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  897.484836][T17258] pim6reg: entered allmulticast mode
[  897.517244][T17258] pim6reg: left allmulticast mode
[  898.038356][T17261] pim6reg: entered allmulticast mode
[  898.184127][T17265] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2342'.
[  899.812120][ T6034] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  899.962179][ T6034] usb 9-1: Using ep0 maxpacket: 8
[  899.966300][ T6034] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  899.968924][ T6034] usb 9-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  900.453297][ T6034] usb 9-1: config 179 has no interface number 0
[  900.664901][ T6034] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7
[  901.143498][ T6034] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  901.256751][ T6034] usb 9-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  901.296455][ T6034] usb 9-1: config 179 interface 65 has no altsetting 0
[  901.398434][ T6034] usb 9-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  901.451026][ T6034] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.673532][T17312] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2348'.
[  902.681721][T17312] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2348'.
[  903.146108][T10909] usb 9-1: USB disconnect, device number 11
[  903.279037][T17327] tmpfs: Bad value for 'usrquota_block_hardlimit'
[  903.325079][ T6034] usb 5-1: new full-speed USB device number 46 using dummy_hcd
[  903.476202][ T6034] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  903.481703][ T6034] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  903.494122][ T6034] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  903.497464][ T6034] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.502413][T17325] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  903.509234][T17325] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  903.516722][ T6034] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  903.723237][T17325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.726748][T17325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  903.735889][T17325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  903.739363][T17325] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  904.202154][T17354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2357'.
[  904.310584][  T144] usb 5-1: USB disconnect, device number 46
[  904.425544][T17363] netlink: 'syz.2.2358': attribute type 12 has an invalid length.
[  904.429012][T17363] netlink: 'syz.2.2358': attribute type 29 has an invalid length.
[  904.432034][T17363] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2358'.
[  904.435182][T17363] netlink: 59 bytes leftover after parsing attributes in process `syz.2.2358'.
[  904.667099][   T40] kauditd_printk_skb: 22 callbacks suppressed
[  904.667113][   T40] audit: type=1326 audit(1766908766.666:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17368 comm="syz.4.2360" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf707d579 code=0x0
[  905.010135][T17369] tmpfs: Bad value for 'huge'
[  905.756161][ T6034] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  905.906084][ T6034] usb 9-1: Using ep0 maxpacket: 8
[  905.909050][ T6034] usb 9-1: config 0 interface 0 has no altsetting 0
[  905.911325][ T6034] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  905.914581][ T6034] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.918720][ T6034] usb 9-1: config 0 descriptor??
[  906.151318][ T6034] usbhid 9-1:0.0: can't add hid device: -71
[  906.161794][ T6034] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  906.174339][ T6034] usb 9-1: USB disconnect, device number 12
[  906.286064][T17390] netlink: 'syz.4.2366': attribute type 10 has an invalid length.
[  906.288860][T17390] bond0: (slave wlan1): Opening slave failed
[  906.341630][T17390] mac80211_hwsim hwsim12 wlan1: entered allmulticast mode
[  906.526283][T17398] tmpfs: Bad value for 'huge'
[  907.192125][ T6034] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  907.437066][T17425] FAULT_INJECTION: forcing a failure.
[  907.437066][T17425] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  907.437091][T17425] CPU: 2 UID: 0 PID: 17425 Comm: syz.1.2371 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  907.437107][T17425] Tainted: [L]=SOFTLOCKUP
[  907.437110][T17425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  907.437117][T17425] Call Trace:
[  907.437121][T17425]  <TASK>
[  907.437125][T17425]  dump_stack_lvl+0x16c/0x1f0
[  907.437161][T17425]  should_fail_ex+0x512/0x640
[  907.437181][T17425]  _copy_from_user+0x2e/0xd0
[  907.437194][T17425]  ia32_restore_sigcontext+0xc3/0x630
[  907.437206][T17425]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  907.437220][T17425]  ? rcu_is_watching+0x12/0xc0
[  907.437236][T17425]  ? _raw_spin_unlock_irq+0x23/0x50
[  907.437251][T17425]  ? lockdep_hardirqs_on+0x7c/0x110
[  907.437270][T17425]  __do_compat_sys_sigreturn+0x1b5/0x280
[  907.437282][T17425]  ? __pfx___do_compat_sys_sigreturn+0x10/0x10
[  907.437294][T17425]  ? rcu_is_watching+0x12/0xc0
[  907.437312][T17425]  do_int80_emulation+0x104/0x480
[  907.437367][T17425]  asm_int80_emulation+0x1a/0x20
[  907.437379][T17425] RIP: 0023:0xf7f67598
[  907.437389][T17425] Code: 00 00 51 52 55 89 e5 0f 34 cd 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 90 58 b8 77 00 00 00 cd 80 <90> 8d b4 26 00 00 00 00 b8 ad 00 00 00 cd 80 90 90 90 90 90 90 90
[  907.437400][T17425] RSP: 002b:00000000f54132f4 EFLAGS: 00000293 ORIG_RAX: 0000000000000077
[  907.437411][T17425] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000000000000
[  907.437417][T17425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000f73f6ff4
[  907.437424][T17425] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  907.437430][T17425] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  907.437436][T17425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  907.437449][T17425]  </TASK>
[  908.299271][ T5949] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  908.303520][ T5949] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  908.306203][ T5949] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  908.322996][ T5949] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  908.341298][ T5949] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  908.350943][ T5297] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  908.353797][ T5297] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  908.356534][ T5297] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  908.361804][ T5297] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  908.364907][ T5297] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  908.368520][   T40] audit: type=1326 audit(1766908770.364:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17443 comm="syz.0.2374" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702d579 code=0x0
[  908.439101][T17421] /dev/sr0: Can't open blockdev
[  908.808866][ T1142] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.917683][ T1142] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.932538][T17436] chnl_net:caif_netlink_parms(): no params data found
[  909.024768][ T1142] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.039889][T17436] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.042423][T17436] bridge0: port 1(bridge_slave_0) entered disabled state
[  909.044972][T17436] bridge_slave_0: entered allmulticast mode
[  909.047753][T17436] bridge_slave_0: entered promiscuous mode
[  909.053864][T17436] bridge0: port 2(bridge_slave_1) entered blocking state
[  909.057064][T17436] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.061119][T17436] bridge_slave_1: entered allmulticast mode
[  909.064509][T17436] bridge_slave_1: entered promiscuous mode
[  909.101497][ T1142] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.114174][T17436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  909.119612][T17436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  909.134342][T17436] team0: Port device team_slave_0 added
[  909.137514][T17436] team0: Port device team_slave_1 added
[  909.150026][T17436] batman_adv: batadv0: Adding interface: batadv_slave_0
[  909.152347][T17436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  909.162323][T17436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  909.166731][T17436] batman_adv: batadv0: Adding interface: batadv_slave_1
[  909.169302][T17436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  909.179241][T17436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  909.203521][T17436] hsr_slave_0: entered promiscuous mode
[  909.205955][T17436] hsr_slave_1: entered promiscuous mode
[  909.208084][T17436] debugfs: 'hsr0' already exists in 'hsr'
[  909.210153][T17436] Cannot create hsr debugfs directory
[  909.306876][ T1142] bridge_slave_1: left allmulticast mode
[  909.309416][ T1142] bridge_slave_1: left promiscuous mode
[  909.311910][ T1142] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.317006][ T1142] bridge_slave_0: left allmulticast mode
[  909.319368][ T1142] bridge_slave_0: left promiscuous mode
[  909.321509][ T1142] bridge0: port 1(bridge_slave_0) entered disabled state
[  909.600489][T17483] netlink: 360 bytes leftover after parsing attributes in process `syz.4.2379'.
[  909.655499][ T1142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  909.661796][ T1142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  909.667347][ T1142] bond0 (unregistering): Released all slaves
[  909.754025][T17488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2380'.
[  909.768239][ T1142] : left promiscuous mode
[  909.924960][T17496] tmpfs: Bad value for 'huge'
[  910.477213][ T5949] Bluetooth: hci4: command tx timeout
[  911.233961][ T1142] hsr_slave_0: left promiscuous mode
[  911.242116][ T1142] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  911.245359][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_0
[  911.257154][ T1142] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  911.260389][ T1142] batman_adv: batadv0: Removing interface: batadv_slave_1
[  911.264589][   T40] audit: type=1326 audit(1766908773.252:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17536 comm="syz.2.2383" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70dd579 code=0x0
[  911.286958][ T1142] veth1_macvtap: left promiscuous mode
[  911.290103][ T1142] veth0_macvtap: left promiscuous mode
[  911.324863][T17541] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2383'.
[  911.379384][ T1142] pim6reg (unregistering): left allmulticast mode
[  911.655243][ T1142] team0 (unregistering): Port device team_slave_1 removed
[  911.697002][ T1142] team0 (unregistering): Port device team_slave_0 removed
[  912.063309][T17436] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  912.068895][T17436] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  912.073111][T17436] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  912.079875][T17436] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  912.155313][T17436] 8021q: adding VLAN 0 to HW filter on device bond0
[  912.164936][T17436] 8021q: adding VLAN 0 to HW filter on device team0
[  912.172205][   T82] bridge0: port 1(bridge_slave_0) entered blocking state
[  912.175439][   T82] bridge0: port 1(bridge_slave_0) entered forwarding state
[  912.185170][   T82] bridge0: port 2(bridge_slave_1) entered blocking state
[  912.187770][   T82] bridge0: port 2(bridge_slave_1) entered forwarding state
[  912.342655][T17555] tmpfs: Bad value for 'huge'
[  912.382306][T17556] [U] 
[  912.383786][T17556] [U] 
[  912.384795][T17556] [U] 
[  912.385775][T17556] [U] 
[  912.386837][T17556] [U] 
[  912.387780][T17556] [U] 
[  912.388706][T17556] [U] 
[  912.389648][T17556] [U] 
[  912.391024][T17556] [U] 
[  912.392060][T17556] [U] 
[  912.393069][T17556] [U] 
[  912.394807][T17556] [U] 
[  912.395895][T17556] [U] 
[  912.396981][T17556] [U] 
[  912.397943][T17556] [U] 
[  912.398877][T17556] [U] 
[  912.413807][T17556] [U] 
[  912.414956][T17556] [U] 
[  912.416103][T17556] [U] 
[  912.417181][T17556] [U] 
[  912.425795][T17556] [U] 
[  912.426768][T17556] [U] 
[  912.427690][T17556] [U] 
[  912.428639][T17556] [U] 
[  912.431699][T17556] [U] 
[  912.432941][T17556] [U] 
[  912.434042][T17556] [U] 
[  912.434997][T17556] [U] 
[  912.451541][T17436] 8021q: adding VLAN 0 to HW filter on device batadv0
[  912.463404][T17556] [U] 
[  912.464908][T17556] [U] 
[  912.466114][T17556] [U] 
[  912.467272][T17556] [U] 
[  912.511389][T17556] [U] 
[  912.512367][T17556] [U] 
[  912.513330][T17556] [U] 
[  912.514258][T17556] [U] 
[  912.540471][T17556] [U] 
[  912.540502][ T5949] Bluetooth: hci4: command tx timeout
[  912.541818][T17556] [U] 
[  912.545309][T17556] [U] 
[  912.546599][T17556] [U] 
[  912.554689][T17556] [U] 
[  912.556033][T17556] [U] 
[  912.557323][T17556] [U] 
[  912.558610][T17556] [U] 
[  912.559936][T17556] [U] 
[  912.561232][T17556] [U] 
[  912.562515][T17556] [U] 
[  912.563793][T17556] [U] 
[  912.565556][T17556] [U] 
[  912.566888][T17556] [U] 
[  912.568164][T17556] [U] 
[  912.569457][T17556] [U] 
[  912.570942][T17556] [U] 
[  912.572303][T17556] [U] 
[  912.573621][T17556] [U] 
[  912.574885][T17556] [U] 
[  912.576323][T17556] [U] 
[  912.577640][T17556] [U] 
[  912.578890][T17556] [U] 
[  912.580148][T17556] [U] 
[  912.582067][T17556] [U] 
[  912.583383][T17556] [U] 
[  912.584654][T17556] [U] 
[  912.585950][T17556] [U] 
[  912.587362][T17556] [U] 
[  912.588663][T17556] [U] 
[  912.589975][T17556] [U] 
[  912.591269][T17556] [U] 
[  912.592771][T17556] [U] 
[  912.594101][T17556] [U] 
[  912.595362][T17556] [U] 
[  912.596656][T17556] [U] 
[  912.598083][T17556] [U] 
[  912.599374][T17556] [U] 
[  912.600642][T17556] [U] 
[  912.601915][T17556] [U] 
[  912.603376][T17556] [U] 
[  912.604679][T17556] [U] 
[  912.605990][T17556] [U] 
[  912.607268][T17556] [U] 
[  912.608684][T17556] [U] 
[  912.609997][T17556] [U] 
[  912.611269][T17556] [U] 
[  912.612531][T17556] [U] 
[  912.614505][T17556] [U] 
[  912.615816][T17556] [U] 
[  912.617086][T17556] [U] 
[  912.618365][T17556] [U] 
[  912.619764][T17556] [U] 
[  912.621048][T17556] [U] 
[  912.622326][T17556] [U] 
[  912.623596][T17556] [U] 
[  912.625087][T17556] [U] 
[  912.626381][T17556] [U] 
[  912.627614][T17556] [U] 
[  912.628867][T17556] [U] 
[  912.630265][T17556] [U] 
[  912.631535][T17556] [U] 
[  912.632805][T17556] [U] 
[  912.634089][T17556] [U] 
[  912.637789][T17556] [U] 
[  912.639076][T17556] [U] 
[  912.640344][T17556] [U] 
[  912.641707][T17556] [U] 
[  912.643151][T17556] [U] 
[  912.644428][T17556] [U] 
[  912.645730][T17556] [U] 
[  912.646979][T17556] [U] 
[  912.648311][T17556] [U] 
[  912.649604][T17556] [U] 
[  912.650847][T17556] [U] 
[  912.652103][T17556] [U] 
[  912.653665][T17556] [U] 
[  912.655111][T17556] [U] 
[  912.656463][T17556] [U] 
[  912.657721][T17556] [U] 
[  912.659060][T17556] [U] 
[  912.660341][T17556] [U] 
[  912.661590][T17556] [U] 
[  912.662843][T17556] [U] 
[  912.664635][T17556] [U] 
[  912.665912][T17556] [U] 
[  912.667147][T17556] [U] 
[  912.668394][T17556] [U] 
[  912.669711][T17556] [U] 
[  912.670956][T17556] [U] 
[  912.672159][T17556] [U] 
[  912.722816][T17553] [U] 
[  912.867988][ T1142] IPVS: stop unused estimator thread 0...
[  912.886986][T17436] veth0_vlan: entered promiscuous mode
[  912.894789][T17436] veth1_vlan: entered promiscuous mode
[  912.960559][T17436] veth0_macvtap: entered promiscuous mode
[  912.968866][T17564] qnx6: unable to read the first superblock
[  912.969140][T17436] veth1_macvtap: entered promiscuous mode
[  912.982646][T17436] batman_adv: batadv0: Interface activated: batadv_slave_0
[  912.987847][T17436] batman_adv: batadv0: Interface activated: batadv_slave_1
[  913.362328][ T6117] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  913.365548][ T6117] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  913.379665][ T6117] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  913.384746][ T6117] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  913.434703][ T6116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  913.437416][ T6116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  913.469731][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  913.473610][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  913.589141][T17576] tmpfs: Bad value for 'huge'
[  914.621783][ T5949] Bluetooth: hci4: command tx timeout
[  914.768715][T17602] binder: 17597:17602 ioctl 0 80000040 returned -22
[  914.966944][   T34] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  915.347521][T17609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2395'.
[  915.472316][   T34] usb 5-1: device descriptor read/64, error -71
[  915.712534][   T34] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  915.842621][   T34] usb 5-1: device descriptor read/64, error -71
[  915.892642][T14292] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  915.952981][   T34] usb usb5-port1: attempt power cycle
[  916.054022][T14292] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  916.056195][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.060560][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.060577][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.063588][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.069987][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.070006][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.071316][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.079472][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.079489][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.080383][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.089677][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.089695][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.093148][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.098788][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.098882][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.101395][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.108551][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.108568][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.111358][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.118275][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.118293][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.119568][T14292] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  916.127696][T14292] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  916.131552][T14292] usb 9-1: config 0 interface 0 has no altsetting 0
[  916.135699][T14292] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  916.138898][T14292] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  916.141899][T14292] usb 9-1: Product: syz
[  916.144067][T14292] usb 9-1: Manufacturer: syz
[  916.145792][T14292] usb 9-1: SerialNumber: syz
[  916.150463][T14292] usb 9-1: config 0 descriptor??
[  916.161334][T14292] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  916.502889][T14292] usb 9-1: USB disconnect, device number 13
[  916.508893][T14292] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  916.532179][   T34] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  916.553515][   T34] usb 5-1: device descriptor read/8, error -71
[  916.713115][ T5949] Bluetooth: hci4: command tx timeout
[  916.794484][   T34] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  916.814021][   T34] usb 5-1: device descriptor read/8, error -71
[  916.923416][   T34] usb usb5-port1: unable to enumerate USB device
[  917.146470][T17627] tmpfs: Bad value for 'huge'
[  917.628509][T17647] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2401'.
[  917.694004][T17650] tmpfs: Bad value for 'huge'
[  917.697500][T17650] 9pnet_virtio: no channels available for device syz
[  917.950075][T17653] syzkaller0: entered promiscuous mode
[  917.952534][T17653] syzkaller0: entered allmulticast mode
[  918.275303][T17663] qnx6: unable to read the first superblock
[  918.314448][ T6512] IPVS: starting estimator thread 0...
[  918.404341][T17664] IPVS: using max 45 ests per chain, 108000 per kthread
[  919.075307][T17670] trusted_key: encrypted_key: insufficient parameters specified
[  919.082478][T17670] trusted_key: encrypted_key: insufficient parameters specified
[  919.169411][ T6029] libceph: connect (1)[c::]:6789 error -101
[  919.172810][ T6029] libceph: mon0 (1)[c::]:6789 connect error
[  919.220004][T17674] ceph: No mds server is up or the cluster is laggy
[  919.877020][T17677] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  920.067248][T17711] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2411'.
[  920.128523][ T5297] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  920.133105][ T5297] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  920.137155][ T5297] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  920.140117][ T5297] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  920.142831][ T5297] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  920.478121][T17715] chnl_net:caif_netlink_parms(): no params data found
[  920.567666][   T82] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.598507][T17715] bridge0: port 1(bridge_slave_0) entered blocking state
[  920.601598][T17715] bridge0: port 1(bridge_slave_0) entered disabled state
[  920.604615][T17715] bridge_slave_0: entered allmulticast mode
[  920.608204][T17715] bridge_slave_0: entered promiscuous mode
[  920.616442][T17715] bridge0: port 2(bridge_slave_1) entered blocking state
[  920.619707][T17715] bridge0: port 2(bridge_slave_1) entered disabled state
[  920.622728][T17715] bridge_slave_1: entered allmulticast mode
[  920.626074][T17715] bridge_slave_1: entered promiscuous mode
[  920.640019][   T82] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.673772][T17715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  920.680060][T17715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  920.701098][T17715] team0: Port device team_slave_0 added
[  920.705185][T17715] team0: Port device team_slave_1 added
[  920.727754][   T82] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.734438][T17715] batman_adv: batadv0: Adding interface: batadv_slave_0
[  920.738245][T17715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  920.746855][T17715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  920.751276][T17715] batman_adv: batadv0: Adding interface: batadv_slave_1
[  920.753737][T17715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  920.763355][T17715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  920.787773][T17715] hsr_slave_0: entered promiscuous mode
[  920.790089][T17715] hsr_slave_1: entered promiscuous mode
[  920.796439][   T82] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  920.941425][   T82] bridge_slave_1: left allmulticast mode
[  920.943355][   T82] bridge_slave_1: left promiscuous mode
[  920.945360][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  920.950978][   T82] bridge_slave_0: left allmulticast mode
[  920.952841][   T82] bridge_slave_0: left promiscuous mode
[  920.954942][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.531821][   T82] bond1 (unregistering): Released all slaves
[  921.657625][   T82] bond0 (unregistering): Released all slaves
[  921.773748][   T82] tipc: Left network mode
[  922.028721][T17715] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  922.033748][T17715] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  922.058274][T17715] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  922.069234][T17715] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  922.097560][T17771] syzkaller0: entered promiscuous mode
[  922.099457][T17771] syzkaller0: entered allmulticast mode
[  922.151006][   T82] hsr_slave_0: left promiscuous mode
[  922.154086][   T82] hsr_slave_1: left promiscuous mode
[  922.169976][   T82] veth1_macvtap: left promiscuous mode
[  922.172201][   T82] veth0_macvtap: left promiscuous mode
[  922.174297][   T82] veth1_vlan: left promiscuous mode
[  922.176138][   T82] veth0_vlan: left promiscuous mode
[  922.226614][ T5297] Bluetooth: hci2: command tx timeout
[  922.337515][T17785] FAULT_INJECTION: forcing a failure.
[  922.337515][T17785] name failslab, interval 1, probability 0, space 0, times 0
[  922.347847][T17785] CPU: 3 UID: 0 PID: 17785 Comm: syz.4.2424 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  922.347872][T17785] Tainted: [L]=SOFTLOCKUP
[  922.347877][T17785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  922.347886][T17785] Call Trace:
[  922.347890][T17785]  <TASK>
[  922.347896][T17785]  dump_stack_lvl+0x16c/0x1f0
[  922.347923][T17785]  should_fail_ex+0x512/0x640
[  922.347939][T17785]  ? __kmalloc_cache_noprof+0x5f/0x800
[  922.347958][T17785]  should_failslab+0xc2/0x120
[  922.347980][T17785]  __kmalloc_cache_noprof+0x80/0x800
[  922.347996][T17785]  ? snd_pcm_lib_malloc_pages+0x2aa/0x9a0
[  922.348014][T17785]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  922.348039][T17785]  ? snd_pcm_lib_malloc_pages+0x2aa/0x9a0
[  922.348056][T17785]  snd_pcm_lib_malloc_pages+0x2aa/0x9a0
[  922.348072][T17785]  ? fixup_unreferenced_params+0x4b3/0xed0
[  922.348091][T17785]  snd_pcm_hw_params+0x1656/0x1ba0
[  922.348112][T17785]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  922.348128][T17785]  ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0
[  922.348152][T17785]  ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0
[  922.348245][T17785]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  922.348273][T17785]  ? __asan_memset+0x23/0x50
[  922.348293][T17785]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  922.348315][T17785]  snd_pcm_oss_change_params_locked+0x15ab/0x3ab0
[  922.348339][T17785]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  922.348362][T17785]  ? __pfx___mutex_lock+0x10/0x10
[  922.348400][T17785]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  922.348417][T17785]  snd_pcm_oss_get_formats+0x7e/0x340
[  922.348430][T17785]  ? find_held_lock+0x2b/0x80
[  922.348450][T17785]  ? __pfx_snd_pcm_oss_get_formats+0x10/0x10
[  922.348463][T17785]  ? __might_fault+0x13b/0x190
[  922.348486][T17785]  snd_pcm_oss_ioctl+0x2f49/0x37f0
[  922.348500][T17785]  ? find_held_lock+0x2b/0x80
[  922.348517][T17785]  ? hook_file_ioctl_common+0x144/0x410
[  922.348535][T17785]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  922.348551][T17785]  ? __fget_files+0x20e/0x3c0
[  922.348570][T17785]  ? __fput_deferred+0x430/0x480
[  922.348588][T17785]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  922.348604][T17785]  __ia32_compat_sys_ioctl+0x242/0x370
[  922.348625][T17785]  __do_fast_syscall_32+0xe8/0x680
[  922.348650][T17785]  do_fast_syscall_32+0x32/0x80
[  922.348663][T17785]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  922.348685][T17785] RIP: 0023:0xf707d579
[  922.348700][T17785] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  922.348714][T17785] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  922.348728][T17785] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045005
[  922.348738][T17785] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  922.348747][T17785] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  922.348755][T17785] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  922.348763][T17785] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  922.348782][T17785]  </TASK>
[  922.573884][T17793] qnx6: unable to read the first superblock
[  922.582684][ T6029] IPVS: starting estimator thread 0...
[  922.686834][T17795] IPVS: using max 44 ests per chain, 105600 per kthread
[  922.799149][   T82] team0 (unregistering): Port device team_slave_1 removed
[  922.832131][   T82] team0 (unregistering): Port device team_slave_0 removed
[  923.103937][T17791] syzkaller0: entered promiscuous mode
[  923.106054][T17791] syzkaller0: entered allmulticast mode
[  923.559777][T17823] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  923.562741][T17823] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  923.567304][T17823] vhci_hcd vhci_hcd.0: Device attached
[  923.809000][ T6029] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[  924.195640][T17824] vhci_hcd: connection reset by peer
[  924.198886][ T1142] vhci_hcd vhci_hcd.4: stop threads
[  924.201241][ T1142] vhci_hcd vhci_hcd.4: release socket
[  924.203459][ T1142] vhci_hcd vhci_hcd.4: disconnect device
[  924.317975][ T5297] Bluetooth: hci2: command tx timeout
[  924.501502][T17715] 8021q: adding VLAN 0 to HW filter on device bond0
[  924.512908][T17715] 8021q: adding VLAN 0 to HW filter on device team0
[  924.521932][ T5024] bridge0: port 1(bridge_slave_0) entered blocking state
[  924.524324][ T5024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  924.535410][ T6127] bridge0: port 2(bridge_slave_1) entered blocking state
[  924.537824][ T6127] bridge0: port 2(bridge_slave_1) entered forwarding state
[  924.651960][T17839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2431'.
[  924.685463][   T82] IPVS: stop unused estimator thread 0...
[  924.818391][T17715] 8021q: adding VLAN 0 to HW filter on device batadv0
[  924.925087][T17715] veth0_vlan: entered promiscuous mode
[  924.933590][T17715] veth1_vlan: entered promiscuous mode
[  924.976321][T17715] veth0_macvtap: entered promiscuous mode
[  924.983765][T17715] veth1_macvtap: entered promiscuous mode
[  924.997516][T17715] batman_adv: batadv0: Interface activated: batadv_slave_0
[  925.061968][T17845] qnx6: unable to read the first superblock
[  925.366879][T17715] batman_adv: batadv0: Interface activated: batadv_slave_1
[  925.380420][ T1222] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  925.389785][ T1222] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  925.412828][ T1222] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  925.421012][ T1222] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  925.534443][T17787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.545583][T17787] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  925.571063][T17787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  925.573779][T17787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  926.218846][T17847] tmpfs: Bad value for 'huge'
[  926.389571][ T5297] Bluetooth: hci2: command tx timeout
[  927.019677][T10610] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  927.169830][T10610] usb 6-1: Using ep0 maxpacket: 8
[  927.174009][T10610] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  927.177651][T10610] usb 6-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  927.182033][T10610] usb 6-1: config 179 has no interface number 0
[  927.184880][T10610] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7
[  927.189595][T10610] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  927.194717][T10610] usb 6-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  927.200397][T10610] usb 6-1: config 179 interface 65 has no altsetting 0
[  927.203278][T10610] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  927.207081][T10610] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.470519][ T5297] Bluetooth: hci2: command tx timeout
[  928.571381][T17933] tmpfs: Bad value for 'huge'
[  928.962295][ T6029] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  930.261820][ T6029] usb 6-1: USB disconnect, device number 41
[  930.644238][T17964] batman_adv: batadv0: Adding interface: dummy0
[  930.647143][T17964] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  930.658011][T17964] batman_adv: batadv0: Interface activated: dummy0
[  930.741819][T17969] tmpfs: Bad value for 'huge'
[  930.912063][   T34] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  931.062127][   T34] usb 6-1: Using ep0 maxpacket: 16
[  931.065438][   T34] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  931.070044][   T34] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  931.075279][   T34] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  931.078811][   T34] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  931.081541][   T34] usb 6-1: Manufacturer: syz
[  931.084529][   T34] usb 6-1: config 0 descriptor??
[  931.288902][   T34] usb 6-1: USB disconnect, device number 42
[  931.948114][T17976] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  931.950307][T17976] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  931.953155][T17976] vhci_hcd vhci_hcd.0: Device attached
[  931.967563][T17976] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2455'.
[  931.970580][T17976] 0·: renamed from hsr_slave_1 (while UP)
[  931.976152][T17976] 0·: entered allmulticast mode
[  931.978505][T17976] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  932.233026][   T34] usb 46-1: SetAddress Request (6) to port 0
[  932.238171][   T34] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  932.304557][T17983] vhci_hcd: connection reset by peer
[  932.307960][ T6127] vhci_hcd vhci_hcd.4: stop threads
[  932.309810][ T6127] vhci_hcd vhci_hcd.4: release socket
[  932.313908][ T6127] vhci_hcd vhci_hcd.4: disconnect device
[  932.554498][ T5949] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  932.558631][ T5949] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  932.561866][ T5949] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  932.566731][ T5949] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  932.571130][ T5949] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  932.793049][T17987] chnl_net:caif_netlink_parms(): no params data found
[  933.029971][T17987] bridge0: port 1(bridge_slave_0) entered blocking state
[  933.032541][T17987] bridge0: port 1(bridge_slave_0) entered disabled state
[  933.035180][T17987] bridge_slave_0: entered allmulticast mode
[  933.038478][T17987] bridge_slave_0: entered promiscuous mode
[  933.041795][T17987] bridge0: port 2(bridge_slave_1) entered blocking state
[  933.044347][T17987] bridge0: port 2(bridge_slave_1) entered disabled state
[  933.046773][T17987] bridge_slave_1: entered allmulticast mode
[  933.049526][T17987] bridge_slave_1: entered promiscuous mode
[  933.243628][T10610] kernel read not supported for file /dsp (pid: 10610 comm: kworker/2:3)
[  933.340131][T17987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  933.355465][T17987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  933.391894][T17987] team0: Port device team_slave_0 added
[  933.399911][T17987] team0: Port device team_slave_1 added
[  933.419585][T17987] batman_adv: batadv0: Adding interface: batadv_slave_0
[  933.421891][T17987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  933.443626][T17987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  933.448257][T17987] batman_adv: batadv0: Adding interface: batadv_slave_1
[  933.450611][T17987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  933.459723][T17987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  933.485065][T17987] hsr_slave_0: entered promiscuous mode
[  933.487933][T17987] hsr_slave_1: entered promiscuous mode
[  933.490269][T17987] debugfs: 'hsr0' already exists in 'hsr'
[  933.492202][T17987] Cannot create hsr debugfs directory
[  933.590993][T17987] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  933.619841][T18017] tmpfs: Bad value for 'huge'
[  933.805060][T17987] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  934.036500][T17987] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  934.143812][T17987] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  934.332422][T17987] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  934.347778][T17987] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  934.377451][T17987] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  934.406909][T17987] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  934.635022][ T5949] Bluetooth: hci0: command tx timeout
[  934.672420][T18034] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  934.713394][T18040] tmpfs: Bad value for 'huge'
[  934.727585][T17987] 8021q: adding VLAN 0 to HW filter on device bond0
[  934.753338][T17987] 8021q: adding VLAN 0 to HW filter on device team0
[  934.782944][T17987] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  934.786511][T17987] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  934.896312][T17282] bridge0: port 1(bridge_slave_0) entered blocking state
[  934.899155][T17282] bridge0: port 1(bridge_slave_0) entered forwarding state
[  934.915801][T17282] bridge0: port 2(bridge_slave_1) entered blocking state
[  934.918554][T17282] bridge0: port 2(bridge_slave_1) entered forwarding state
[  935.120645][T17987] 8021q: adding VLAN 0 to HW filter on device batadv0
[  935.143424][T17987] veth0_vlan: entered promiscuous mode
[  935.149803][T17987] veth1_vlan: entered promiscuous mode
[  935.167952][T17987] veth0_macvtap: entered promiscuous mode
[  935.171867][T17987] veth1_macvtap: entered promiscuous mode
[  935.180337][T17987] batman_adv: batadv0: Interface activated: batadv_slave_0
[  935.186617][T17987] batman_adv: batadv0: Interface activated: batadv_slave_1
[  935.192535][T17282] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  935.196949][T17282] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  935.201514][T17282] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  935.206489][T17282] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  935.440758][ T5024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  935.446276][ T5024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  935.460158][ T5024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  935.463950][ T5024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  936.077245][T18063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2473'.
[  936.893811][ T5949] Bluetooth: hci0: command tx timeout
[  937.276555][   T34] usb 46-1: device descriptor read/8, error -110
[  937.672509][T18087] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2479'.
[  938.040088][T18095] tmpfs: Bad value for 'huge'
[  938.265979][   T34] usb usb46-port1: attempt power cycle
[  938.768892][T18083] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2478'.
[  938.780382][T18083] syz_tun: entered allmulticast mode
[  938.827417][   T34] usb usb46-port1: unable to enumerate USB device
[  938.957258][ T5949] Bluetooth: hci0: command tx timeout
[  939.395385][T18109] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2485'.
[  939.773912][T18112] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2486'.
[  940.254920][T18117] tmpfs: Bad value for 'huge'
[  941.038974][ T5949] Bluetooth: hci0: command tx timeout
[  941.600519][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  941.603277][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  943.419880][T18146] tmpfs: Bad value for 'huge'
[  943.687241][T18150] tmpfs: Bad value for 'huge'
[  943.694093][T18150] 9pnet_virtio: no channels available for device syz
[  944.550506][   T24] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  944.680507][   T24] usb 5-1: device descriptor read/64, error -71
[  944.920710][   T24] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  945.050748][   T24] usb 5-1: device descriptor read/64, error -71
[  945.090729][   T10] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  945.161279][   T24] usb usb5-port1: attempt power cycle
[  945.250946][   T10] usb 9-1: Using ep0 maxpacket: 8
[  945.254387][   T10] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  945.257260][   T10] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  945.260566][   T10] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  945.264003][   T10] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  945.297483][   T10] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  945.303345][   T10] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  945.306701][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.511007][   T24] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  945.531615][   T24] usb 5-1: device descriptor read/8, error -71
[  945.676814][   T10] usb 9-1: usb_control_msg returned -32
[  945.678725][   T10] usbtmc 9-1:16.0: can't read capabilities
[  945.771260][   T24] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  945.792302][   T24] usb 5-1: device descriptor read/8, error -71
[  945.902191][   T24] usb usb5-port1: unable to enumerate USB device
[  945.991965][T18193] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  945.994930][T18193] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  945.998950][T18193] vhci_hcd vhci_hcd.0: Device attached
[  946.004840][T18193] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2503'.
[  946.008567][T18193] 0·: renamed from hsr_slave_1 (while UP)
[  946.017608][T18193] 0·: entered allmulticast mode
[  946.020882][T18193] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  946.146989][T18194] vhci_hcd: connection closed
[  946.147348][ T6117] vhci_hcd vhci_hcd.2: stop threads
[  946.152077][ T6117] vhci_hcd vhci_hcd.2: release socket
[  946.154788][ T6117] vhci_hcd vhci_hcd.2: disconnect device
[  946.389503][T18198] usbtmc 9-1:16.0: usb_control_msg returned -32
[  947.638035][T10909] usb 9-1: USB disconnect, device number 14
[  948.202518][T18240] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2512'.
[  948.207377][T18240] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2512'.
[  948.211067][T18240] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2512'.
[  948.305083][T18250] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2516'.
[  948.608199][T18265] FAULT_INJECTION: forcing a failure.
[  948.608199][T18265] name failslab, interval 1, probability 0, space 0, times 0
[  948.615324][T18265] CPU: 3 UID: 0 PID: 18265 Comm: syz.0.2520 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  948.615354][T18265] Tainted: [L]=SOFTLOCKUP
[  948.615361][T18265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  948.615371][T18265] Call Trace:
[  948.615377][T18265]  <TASK>
[  948.615385][T18265]  dump_stack_lvl+0x16c/0x1f0
[  948.615415][T18265]  should_fail_ex+0x512/0x640
[  948.615435][T18265]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  948.615458][T18265]  should_failslab+0xc2/0x120
[  948.615483][T18265]  kmem_cache_alloc_node_noprof+0x86/0x800
[  948.615504][T18265]  ? __alloc_skb+0x156/0x410
[  948.615527][T18265]  ? __alloc_skb+0x156/0x410
[  948.615543][T18265]  __alloc_skb+0x156/0x410
[  948.615559][T18265]  ? __alloc_skb+0x35d/0x410
[  948.615576][T18265]  ? __pfx___alloc_skb+0x10/0x10
[  948.615602][T18265]  alloc_skb_with_frags+0xe0/0x860
[  948.615631][T18265]  sock_alloc_send_pskb+0x7f9/0x980
[  948.615649][T18265]  ? __pfx___page_table_check_zero+0x10/0x10
[  948.615691][T18265]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  948.615717][T18265]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  948.615736][T18265]  ? find_held_lock+0x2b/0x80
[  948.615759][T18265]  ? dev_get_by_index+0x17c/0x380
[  948.615786][T18265]  packet_sendmsg+0x1fe4/0x54a0
[  948.615814][T18265]  ? __lock_acquire+0x436/0x2890
[  948.615835][T18265]  ? aa_sk_perm+0x2f2/0xae0
[  948.615858][T18265]  ? __pfx_packet_sendmsg+0x10/0x10
[  948.615875][T18265]  ? __pfx_aa_sk_perm+0x10/0x10
[  948.615892][T18265]  ? find_held_lock+0x2b/0x80
[  948.615918][T18265]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  948.615948][T18265]  ____sys_sendmsg+0xa5d/0xc30
[  948.615975][T18265]  ? __pfx_____sys_sendmsg+0x10/0x10
[  948.616000][T18265]  ? get_compat_msghdr+0x11a/0x170
[  948.616024][T18265]  ? __pfx__kstrtoull+0x10/0x10
[  948.616050][T18265]  ___sys_sendmsg+0x134/0x1d0
[  948.616073][T18265]  ? __pfx____sys_sendmsg+0x10/0x10
[  948.616119][T18265]  __sys_sendmmsg+0x2f9/0x420
[  948.616142][T18265]  ? __pfx___sys_sendmmsg+0x10/0x10
[  948.616170][T18265]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  948.616204][T18265]  ? fput+0x70/0xf0
[  948.616220][T18265]  ? ksys_write+0x1ac/0x250
[  948.616242][T18265]  ? __pfx_ksys_write+0x10/0x10
[  948.616274][T18265]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  948.616296][T18265]  ? lockdep_hardirqs_on+0x7c/0x110
[  948.616319][T18265]  __do_fast_syscall_32+0xe8/0x680
[  948.616347][T18265]  do_fast_syscall_32+0x32/0x80
[  948.616363][T18265]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  948.616383][T18265] RIP: 0023:0xf704d579
[  948.616397][T18265] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  948.616414][T18265] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  948.616430][T18265] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000440
[  948.616441][T18265] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  948.616452][T18265] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  948.616461][T18265] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  948.616471][T18265] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  948.616492][T18265]  </TASK>
[  949.153873][T18290] bond1 (unregistering): Released all slaves
[  949.724361][T18312] FAULT_INJECTION: forcing a failure.
[  949.724361][T18312] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  949.728785][T18312] CPU: 2 UID: 0 PID: 18312 Comm: syz.0.2532 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  949.728816][T18312] Tainted: [L]=SOFTLOCKUP
[  949.728820][T18312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  949.728827][T18312] Call Trace:
[  949.728833][T18312]  <TASK>
[  949.728837][T18312]  dump_stack_lvl+0x16c/0x1f0
[  949.728858][T18312]  should_fail_ex+0x512/0x640
[  949.728873][T18312]  _copy_to_user+0x32/0xd0
[  949.728887][T18312]  simple_read_from_buffer+0xcb/0x170
[  949.728904][T18312]  proc_fail_nth_read+0x197/0x240
[  949.728924][T18312]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  949.728962][T18312]  ? rw_verify_area+0xcf/0x6c0
[  949.728978][T18312]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  949.728996][T18312]  vfs_read+0x1e4/0xcf0
[  949.729012][T18312]  ? __pfx___mutex_lock+0x10/0x10
[  949.729036][T18312]  ? __pfx_vfs_read+0x10/0x10
[  949.729050][T18312]  ? find_held_lock+0x2b/0x80
[  949.729069][T18312]  ? __fget_files+0x20e/0x3c0
[  949.729089][T18312]  ksys_read+0x12a/0x250
[  949.729104][T18312]  ? __pfx_ksys_read+0x10/0x10
[  949.729121][T18312]  ? do_user_addr_fault+0x843/0x1370
[  949.729137][T18312]  __do_fast_syscall_32+0xe8/0x680
[  949.729157][T18312]  do_fast_syscall_32+0x32/0x80
[  949.729168][T18312]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  949.729182][T18312] RIP: 0023:0xf704d579
[  949.729191][T18312] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  949.729202][T18312] RSP: 002b:00000000f543d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  949.729213][T18312] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f543d620
[  949.729220][T18312] RDX: 000000000000000f RSI: 00000000f73e6ff4 RDI: 0000000000000000
[  949.729226][T18312] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  949.729233][T18312] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  949.729239][T18312] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  949.729254][T18312]  </TASK>
[  949.853776][   T24] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  950.004066][   T24] usb 9-1: Using ep0 maxpacket: 8
[  950.007347][   T24] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  950.010476][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.016851][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  950.019161][   T24] pvrusb2: **********
[  950.021782][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  950.025362][   T24] pvrusb2: Important functionality might not be entirely working.
[  950.028089][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  950.031792][   T24] pvrusb2: **********
[  950.219035][ T2483] pvrusb2: Invalid write control endpoint
[  950.249680][ T2483] pvrusb2: Invalid write control endpoint
[  950.251771][ T2483] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  950.256235][ T2483] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  950.258747][ T2483] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  950.262109][ T2483] pvrusb2: Device being rendered inoperable
[  950.267321][ T2483] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  950.269880][ T2483] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  950.277987][ T2483] pvrusb2: Attached sub-driver cx25840
[  950.280022][ T2483] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  950.283466][ T2483] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  950.419317][T18310] pvrusb2: Attempted to execute control transfer when device not ok
[  950.436395][   T24] usb 9-1: USB disconnect, device number 15
[  950.456478][T18321] fuse: Unknown parameter '0x0000000000000004Srootmode'
[  950.460387][T18321] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2536'.
[  950.464749][T18321] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  950.814651][T18324] nbd0: detected capacity change from 0 to 8589934655
[  951.075177][ T5949] block nbd0: Receive control failed (result -104)
[  951.281050][T18339] syzkaller0: entered promiscuous mode
[  951.283523][T18339] syzkaller0: entered allmulticast mode
[  951.447341][T18353] fuse: Bad value for 'rootmode'
[  951.556054][T18367] syzkaller0: entered promiscuous mode
[  951.558013][T18367] syzkaller0: entered allmulticast mode
[  951.853126][   T82] bridge_slave_1: left allmulticast mode
[  951.856631][   T82] bridge_slave_1: left promiscuous mode
[  951.859497][   T82] bridge0: port 2(bridge_slave_1) entered disabled state
[  951.864265][   T82] bridge_slave_0: left allmulticast mode
[  951.867892][   T82] bridge_slave_0: left promiscuous mode
[  951.871055][   T82] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.127968][T18374] FAULT_INJECTION: forcing a failure.
[  952.127968][T18374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  952.148114][T18374] CPU: 1 UID: 0 PID: 18374 Comm: syz.0.2544 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  952.148160][T18374] Tainted: [L]=SOFTLOCKUP
[  952.148167][T18374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  952.148179][T18374] Call Trace:
[  952.148186][T18374]  <TASK>
[  952.148194][T18374]  dump_stack_lvl+0x16c/0x1f0
[  952.148235][T18374]  should_fail_ex+0x512/0x640
[  952.148261][T18374]  copy_fpstate_to_sigframe+0x827/0xad0
[  952.148293][T18374]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  952.148320][T18374]  ? posixtimer_deliver_signal+0x105/0x6b0
[  952.148349][T18374]  ? irqentry_exit+0x1dd/0x8c0
[  952.148376][T18374]  ? lockdep_hardirqs_on+0x7c/0x110
[  952.148401][T18374]  ? x86_task_fpu+0x5f/0x90
[  952.148427][T18374]  get_sigframe+0x4a8/0x9c0
[  952.148456][T18374]  ? __pfx_get_sigframe+0x10/0x10
[  952.148479][T18374]  ? trace_irq_enable.constprop.0+0x2f/0x110
[  952.148510][T18374]  ? _raw_spin_unlock_irq+0x29/0x50
[  952.148535][T18374]  ? siginfo_layout+0x177/0x290
[  952.148562][T18374]  ia32_setup_rt_frame+0xe4/0xb30
[  952.148585][T18374]  ? vfs_read+0x23b/0xcf0
[  952.148612][T18374]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  952.148633][T18374]  ? __pfx_vfs_read+0x10/0x10
[  952.148656][T18374]  ? find_held_lock+0x2b/0x80
[  952.148779][T18374]  arch_do_signal_or_restart+0x475/0x7a0
[  952.148812][T18374]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  952.148845][T18374]  ? fput+0x70/0xf0
[  952.148871][T18374]  exit_to_user_mode_loop+0x8c/0x540
[  952.148900][T18374]  __do_fast_syscall_32+0x4a4/0x680
[  952.148957][T18374]  do_fast_syscall_32+0x32/0x80
[  952.148977][T18374]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  952.149002][T18374] RIP: 0023:0xf704d579
[  952.149019][T18374] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  952.149042][T18374] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  952.149061][T18374] RAX: fffffffffffffff2 RBX: 0000000000000008 RCX: 0000000080001b40
[  952.149075][T18374] RDX: 000000000000205c RSI: 0000000000000000 RDI: 0000000000000000
[  952.149087][T18374] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  952.149099][T18374] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  952.149110][T18374] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  952.149136][T18374]  </TASK>
[  952.376583][T18381] overlay: ./file1 is not a directory
[  952.426914][T18381] netlink: 'syz.2.2547': attribute type 10 has an invalid length.
[  952.430506][T18381] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2547'.
[  952.549467][T18386] netlink: 'syz.0.2548': attribute type 10 has an invalid length.
[  952.773880][   T82] team0: Port device geneve0 removed
[  952.811564][T18390] netlink: 'syz.4.2549': attribute type 2 has an invalid length.
[  952.902607][   T82] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  952.910150][   T82] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  952.915434][   T82] bond0 (unregistering): Released all slaves
[  952.992429][   T82] bond1 (unregistering): Released all slaves
[  953.016025][T18381] team0: Port device geneve0 added
[  953.020439][T18386] syz_tun: entered promiscuous mode
[  953.028118][T18386] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  953.396479][T18395] 0xfffffffffffffffd-0x000000020000 : ""
[  953.399641][T18395] mtd: partition "" is out of reach -- disabled
[  953.409483][T18395] ftl_cs: FTL header not found.
[  953.637818][T18409] FAULT_INJECTION: forcing a failure.
[  953.637818][T18409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  953.643703][T18409] CPU: 1 UID: 0 PID: 18409 Comm: syz.0.2556 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  953.643735][T18409] Tainted: [L]=SOFTLOCKUP
[  953.643742][T18409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  953.643754][T18409] Call Trace:
[  953.643762][T18409]  <TASK>
[  953.643770][T18409]  dump_stack_lvl+0x16c/0x1f0
[  953.643805][T18409]  should_fail_ex+0x512/0x640
[  953.643831][T18409]  _copy_to_user+0x32/0xd0
[  953.643855][T18409]  simple_read_from_buffer+0xcb/0x170
[  953.643883][T18409]  proc_fail_nth_read+0x197/0x240
[  953.643914][T18409]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  953.643945][T18409]  ? rw_verify_area+0xcf/0x6c0
[  953.643969][T18409]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  953.644000][T18409]  vfs_read+0x1e4/0xcf0
[  953.644033][T18409]  ? __pfx___mutex_lock+0x10/0x10
[  953.644066][T18409]  ? __pfx_vfs_read+0x10/0x10
[  953.644089][T18409]  ? find_held_lock+0x2b/0x80
[  953.644121][T18409]  ? __fget_files+0x20e/0x3c0
[  953.644161][T18409]  ksys_read+0x12a/0x250
[  953.644189][T18409]  ? __pfx_ksys_read+0x10/0x10
[  953.644223][T18409]  __do_fast_syscall_32+0xe8/0x680
[  953.644256][T18409]  do_fast_syscall_32+0x32/0x80
[  953.644274][T18409]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  953.644298][T18409] RIP: 0023:0xf704d579
[  953.644313][T18409] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  953.644332][T18409] RSP: 002b:00000000f543d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  953.644351][T18409] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f543d620
[  953.644364][T18409] RDX: 000000000000000f RSI: 00000000f73e6ff4 RDI: 0000000000000000
[  953.644376][T18409] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  953.644387][T18409] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  953.644398][T18409] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  953.644424][T18409]  </TASK>
[  954.678110][   T82] tipc: Left network mode
[  955.182096][   T82] hsr_slave_0: left promiscuous mode
[  955.209061][   T82] veth1_vlan: left promiscuous mode
[  955.214206][   T82] veth0_vlan: left promiscuous mode
[  955.626710][   T82] team0 (unregistering): Port device team_slave_1 removed
[  955.658404][   T82] team0 (unregistering): Port device team_slave_0 removed
[  956.105230][T18449] batman_adv: batadv0: Interface deactivated: dummy0
[  956.107629][T18449] batman_adv: batadv0: Removing interface: dummy0
[  956.116647][T18449] bridge_slave_0: left allmulticast mode
[  956.118818][T18449] bridge_slave_0: left promiscuous mode
[  956.121352][T18449] bridge0: port 1(bridge_slave_0) entered disabled state
[  956.132189][T18449] bridge_slave_1: left allmulticast mode
[  956.134857][T18449] bridge_slave_1: left promiscuous mode
[  956.138362][T18449] bridge0: port 2(bridge_slave_1) entered disabled state
[  956.151995][T18449] bond0: (slave bond_slave_0): Releasing backup interface
[  956.409193][T18449] bond0: (slave bond_slave_1): Releasing backup interface
[  956.429830][T18449] team0: Port device team_slave_0 removed
[  956.436089][T18449] team0: Port device team_slave_1 removed
[  956.439121][T18449] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  956.441695][T18449] batman_adv: batadv0: Removing interface: batadv_slave_0
[  956.445255][T18449] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  956.461943][T18449] batman_adv: batadv0: Removing interface: batadv_slave_1
[  956.478573][T18449] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  956.741292][   T82] IPVS: stop unused estimator thread 0...
[  957.163896][T18521] tmpfs: Bad value for 'huge'
[  957.821966][T18524] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  958.731928][T18541] netlink: 'syz.1.2581': attribute type 2 has an invalid length.
[  958.739312][T18541] FAULT_INJECTION: forcing a failure.
[  958.739312][T18541] name failslab, interval 1, probability 0, space 0, times 0
[  958.743263][T18541] CPU: 3 UID: 0 PID: 18541 Comm: syz.1.2581 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  958.743283][T18541] Tainted: [L]=SOFTLOCKUP
[  958.743287][T18541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  958.743294][T18541] Call Trace:
[  958.743299][T18541]  <TASK>
[  958.743304][T18541]  dump_stack_lvl+0x16c/0x1f0
[  958.743325][T18541]  should_fail_ex+0x512/0x640
[  958.743338][T18541]  ? kmem_cache_alloc_lru_noprof+0x66/0x770
[  958.743355][T18541]  should_failslab+0xc2/0x120
[  958.743372][T18541]  kmem_cache_alloc_lru_noprof+0x87/0x770
[  958.743386][T18541]  ? __d_lookup+0x25c/0x4a0
[  958.743400][T18541]  ? __d_alloc+0x35/0xa80
[  958.743411][T18541]  ? __d_alloc+0x35/0xa80
[  958.743420][T18541]  __d_alloc+0x35/0xa80
[  958.743431][T18541]  d_alloc+0x4a/0x1e0
[  958.743442][T18541]  lookup_one_qstr_excl+0x175/0x250
[  958.743457][T18541]  start_dirop+0x59/0xb0
[  958.743472][T18541]  simple_start_creating+0xf4/0x100
[  958.743489][T18541]  ? __pfx_simple_start_creating+0x10/0x10
[  958.743503][T18541]  ? do_raw_spin_unlock+0x172/0x230
[  958.743531][T18541]  ? simple_pin_fs+0xa3/0x190
[  958.743546][T18541]  debugfs_start_creating.part.0+0x86/0x1c0
[  958.743567][T18541]  __debugfs_create_file+0xb3/0x530
[  958.743588][T18541]  debugfs_create_file_full+0x41/0x60
[  958.743600][T18541]  ? __pfx_do_setup+0x10/0x10
[  958.743616][T18541]  ref_tracker_dir_debugfs+0x19d/0x2f0
[  958.743630][T18541]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  958.743654][T18541]  ? __kmalloc_noprof+0x35d/0x910
[  958.743666][T18541]  ? alloc_netdev_mqs+0xd7/0x1550
[  958.743682][T18541]  ? lockdep_init_map_type+0x5c/0x270
[  958.743695][T18541]  alloc_netdev_mqs+0x314/0x1550
[  958.743714][T18541]  internal_dev_create+0x8a/0x520
[  958.743732][T18541]  ovs_vport_add+0x147/0x4d0
[  958.743750][T18541]  new_vport+0x16/0x1d0
[  958.743763][T18541]  ovs_dp_cmd_new+0x6ba/0xe60
[  958.743781][T18541]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  958.743798][T18541]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  958.743818][T18541]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  958.743845][T18541]  genl_family_rcv_msg_doit+0x209/0x2f0
[  958.743864][T18541]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  958.743882][T18541]  ? genl_get_cmd+0x194/0x580
[  958.743902][T18541]  ? bpf_lsm_capable+0x9/0x10
[  958.743917][T18541]  ? security_capable+0x7e/0x260
[  958.743936][T18541]  ? ns_capable+0xd7/0x110
[  958.743951][T18541]  genl_rcv_msg+0x55c/0x800
[  958.743964][T18541]  ? __pfx_genl_rcv_msg+0x10/0x10
[  958.743974][T18541]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  958.743994][T18541]  netlink_rcv_skb+0x158/0x420
[  958.744010][T18541]  ? __pfx_genl_rcv_msg+0x10/0x10
[  958.744021][T18541]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  958.744043][T18541]  ? netlink_deliver_tap+0x1ae/0xd30
[  958.744060][T18541]  genl_rcv+0x28/0x40
[  958.744076][T18541]  netlink_unicast+0x5aa/0x870
[  958.744094][T18541]  ? __pfx_netlink_unicast+0x10/0x10
[  958.744116][T18541]  netlink_sendmsg+0x8c8/0xdd0
[  958.744134][T18541]  ? __pfx_netlink_sendmsg+0x10/0x10
[  958.744152][T18541]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  958.744174][T18541]  ____sys_sendmsg+0xa5d/0xc30
[  958.744193][T18541]  ? __pfx_____sys_sendmsg+0x10/0x10
[  958.744210][T18541]  ? get_compat_msghdr+0x11a/0x170
[  958.744231][T18541]  ___sys_sendmsg+0x134/0x1d0
[  958.744248][T18541]  ? __pfx____sys_sendmsg+0x10/0x10
[  958.744269][T18541]  ? find_held_lock+0x2b/0x80
[  958.744293][T18541]  __sys_sendmsg+0x16d/0x220
[  958.744307][T18541]  ? __pfx___sys_sendmsg+0x10/0x10
[  958.744327][T18541]  ? do_user_addr_fault+0x843/0x1370
[  958.744344][T18541]  __do_fast_syscall_32+0xe8/0x680
[  958.744364][T18541]  do_fast_syscall_32+0x32/0x80
[  958.744374][T18541]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  958.744388][T18541] RIP: 0023:0xf7f65579
[  958.744397][T18541] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  958.744409][T18541] RSP: 002b:00000000f541455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  958.744420][T18541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  958.744427][T18541] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[  958.744434][T18541] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  958.744440][T18541] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  958.744446][T18541] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  958.744461][T18541]  </TASK>
[  958.866906][T18543] FAULT_INJECTION: forcing a failure.
[  958.866906][T18543] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  958.906907][T18543] CPU: 0 UID: 0 PID: 18543 Comm: syz.2.2582 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  958.906926][T18543] Tainted: [L]=SOFTLOCKUP
[  958.906931][T18543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  958.906938][T18543] Call Trace:
[  958.906943][T18543]  <TASK>
[  958.906949][T18543]  dump_stack_lvl+0x16c/0x1f0
[  958.906969][T18543]  should_fail_ex+0x512/0x640
[  958.906985][T18543]  should_fail_alloc_page+0xe7/0x130
[  958.907004][T18543]  prepare_alloc_pages+0x401/0x670
[  958.907024][T18543]  __alloc_frozen_pages_noprof+0x18b/0x2430
[  958.907041][T18543]  ? __lock_acquire+0x436/0x2890
[  958.907055][T18543]  ? __lock_acquire+0x436/0x2890
[  958.907065][T18543]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  958.907086][T18543]  ? __lock_acquire+0x436/0x2890
[  958.907097][T18543]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  958.907114][T18543]  ? policy_nodemask+0xea/0x4e0
[  958.907133][T18543]  alloc_pages_mpol+0x1fb/0x550
[  958.907152][T18543]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  958.907172][T18543]  alloc_pages_noprof+0x131/0x390
[  958.907189][T18543]  __pmd_alloc+0x3b/0x9c0
[  958.907208][T18543]  __handle_mm_fault+0xbeb/0x2bb0
[  958.907224][T18543]  ? __pfx___handle_mm_fault+0x10/0x10
[  958.907243][T18543]  ? find_vma+0xbf/0x140
[  958.907258][T18543]  ? __pfx_find_vma+0x10/0x10
[  958.907271][T18543]  ? __ia32_compat_sys_ioctl+0x242/0x370
[  958.907287][T18543]  handle_mm_fault+0x3fe/0xad0
[  958.907302][T18543]  do_user_addr_fault+0x7a6/0x1370
[  958.907317][T18543]  ? rcu_is_watching+0x12/0xc0
[  958.907334][T18543]  exc_page_fault+0x64/0xc0
[  958.907352][T18543]  asm_exc_page_fault+0x26/0x30
[  958.907363][T18543] RIP: 0010:_copy_from_user+0x93/0xd0
[  958.907375][T18543] Code: dc 13 fd 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 d9 c6 7c fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 <f3> a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 65 d7
[  958.907387][T18543] RSP: 0018:ffffc900048b7be8 EFLAGS: 00050246
[  958.907396][T18543] RAX: 0000000000000001 RBX: 0000000080000140 RCX: 0000000000000008
[  958.907403][T18543] RDX: fffff52000916f8c RSI: 0000000080000140 RDI: ffffc900048b7c58
[  958.907410][T18543] RBP: 0000000000000008 R08: 0000000000000001 R09: fffff52000916f8b
[  958.907417][T18543] R10: ffffc900048b7c5f R11: ffff888028a5d4b0 R12: 0000000000000000
[  958.907424][T18543] R13: ffffc900048b7c58 R14: 0000000000000000 R15: 00000000400448e0
[  958.907438][T18543]  ? _copy_from_user+0x87/0xd0
[  958.907450][T18543]  hci_dev_cmd+0x9b/0xa20
[  958.907467][T18543]  ? __pfx_hci_dev_cmd+0x10/0x10
[  958.907483][T18543]  ? apparmor_capable+0x1d7/0x4e0
[  958.907496][T18543]  ? bpf_lsm_capable+0x9/0x10
[  958.907511][T18543]  ? security_capable+0x7e/0x260
[  958.907530][T18543]  hci_sock_ioctl+0x428/0x7f0
[  958.907546][T18543]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  958.907562][T18543]  ? do_vfs_ioctl+0x128/0x14f0
[  958.907577][T18543]  hci_sock_compat_ioctl+0x68/0x80
[  958.907592][T18543]  ? __pfx_hci_sock_compat_ioctl+0x10/0x10
[  958.907607][T18543]  compat_sock_ioctl+0x176/0x730
[  958.907621][T18543]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  958.907631][T18543]  ? hook_file_ioctl_common+0x144/0x410
[  958.907647][T18543]  ? __fget_files+0x20e/0x3c0
[  958.907662][T18543]  ? __fput_deferred+0x430/0x480
[  958.907678][T18543]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  958.907688][T18543]  __ia32_compat_sys_ioctl+0x242/0x370
[  958.907711][T18543]  __do_fast_syscall_32+0xe8/0x680
[  958.907743][T18543]  do_fast_syscall_32+0x32/0x80
[  958.907760][T18543]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  958.907782][T18543] RIP: 0023:0xf709d579
[  958.907797][T18543] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  958.907815][T18543] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  958.907831][T18543] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400448e0
[  958.907838][T18543] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000
[  958.907844][T18543] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  958.907851][T18543] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  958.907857][T18543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  958.907871][T18543]  </TASK>
[  959.842036][T18557] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  960.170293][   T34] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  960.322903][   T34] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  960.327023][   T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.334811][   T34] usb 5-1: Product: syz
[  960.336484][   T34] usb 5-1: Manufacturer: syz
[  960.338097][   T34] usb 5-1: SerialNumber: syz
[  960.343886][   T34] usb 5-1: config 0 descriptor??
[  960.551306][   T34] usb 5-1: USB disconnect, device number 55
[  960.822946][T18552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2585'.
[  961.650182][T18604] mmap: syz.2.2596 (18604): VmData 37380096 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data.
[  962.287855][T18615] syzkaller0: entered promiscuous mode
[  962.291687][T18615] syzkaller0: entered allmulticast mode
[  962.397649][   T34] IPVS: starting estimator thread 0...
[  962.511239][T18618] IPVS: using max 30 ests per chain, 72000 per kthread
[  963.614083][   T61] bond0: (slave bond_slave_0): interface is now down
[  963.618718][   T61] bond0: (slave bond_slave_1): interface is now down
[  963.623427][   T61] bond0: now running without any active interface!
[  964.002964][T18670] FAULT_INJECTION: forcing a failure.
[  964.002964][T18670] name failslab, interval 1, probability 0, space 0, times 0
[  964.007591][T18670] CPU: 3 UID: 0 PID: 18670 Comm: syz.2.2612 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  964.007618][T18670] Tainted: [L]=SOFTLOCKUP
[  964.007625][T18670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  964.007636][T18670] Call Trace:
[  964.007642][T18670]  <TASK>
[  964.007649][T18670]  dump_stack_lvl+0x16c/0x1f0
[  964.007680][T18670]  should_fail_ex+0x512/0x640
[  964.007699][T18670]  ? fs_reclaim_acquire+0xae/0x150
[  964.007729][T18670]  should_failslab+0xc2/0x120
[  964.007755][T18670]  __kmalloc_noprof+0xeb/0x910
[  964.007775][T18670]  ? tomoyo_encode2+0x100/0x3e0
[  964.007802][T18670]  ? tomoyo_encode2+0x100/0x3e0
[  964.007823][T18670]  tomoyo_encode2+0x100/0x3e0
[  964.007850][T18670]  tomoyo_encode+0x29/0x50
[  964.007873][T18670]  tomoyo_realpath_from_path+0x18f/0x6e0
[  964.007905][T18670]  tomoyo_check_open_permission+0x2ab/0x3c0
[  964.007929][T18670]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  964.007975][T18670]  ? do_raw_spin_lock+0x12c/0x2b0
[  964.008006][T18670]  tomoyo_file_open+0x6b/0x90
[  964.008035][T18670]  security_file_open+0x84/0x1e0
[  964.008068][T18670]  do_dentry_open+0x597/0x1590
[  964.008097][T18670]  ? security_inode_permission+0xbf/0x260
[  964.008123][T18670]  vfs_open+0x82/0x3f0
[  964.008146][T18670]  path_openat+0x2078/0x3140
[  964.008180][T18670]  ? __pfx_path_openat+0x10/0x10
[  964.008211][T18670]  ? __lock_acquire+0x436/0x2890
[  964.008231][T18670]  do_filp_open+0x20b/0x470
[  964.008259][T18670]  ? __pfx_do_filp_open+0x10/0x10
[  964.008304][T18670]  ? _raw_spin_unlock+0x28/0x50
[  964.008328][T18670]  ? alloc_fd+0x471/0x7d0
[  964.008362][T18670]  do_sys_openat2+0x121/0x290
[  964.008382][T18670]  ? __pfx_do_sys_openat2+0x10/0x10
[  964.008405][T18670]  ? __fget_files+0x20e/0x3c0
[  964.008435][T18670]  __ia32_compat_sys_openat+0x16d/0x210
[  964.008458][T18670]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  964.008478][T18670]  ? ksys_write+0x1ac/0x250
[  964.008504][T18670]  ? do_user_addr_fault+0x843/0x1370
[  964.008530][T18670]  __do_fast_syscall_32+0xe8/0x680
[  964.008559][T18670]  do_fast_syscall_32+0x32/0x80
[  964.008576][T18670]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  964.008598][T18670] RIP: 0023:0xf709d579
[  964.008612][T18670] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  964.008630][T18670] RSP: 002b:00000000f546c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  964.008648][T18670] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000a80
[  964.008660][T18670] RDX: 000000000300000d RSI: 0000000000000001 RDI: 0000000000000000
[  964.008671][T18670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  964.008680][T18670] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  964.008691][T18670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  964.008715][T18670]  </TASK>
[  964.008734][T18670] ERROR: Out of memory at tomoyo_realpath_from_path.
[  964.289728][T18675] bond0: (slave syz_tun): Releasing backup interface
[  964.331291][T18685] netlink: 'syz.4.2610': attribute type 1 has an invalid length.
[  964.347550][T18685] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2610'.
[  964.477980][T18693] afs: Bad value for 'flock'
[  964.481376][T18693] fuse: Unknown parameter '0x0000000000000004'
[  964.836955][T18709] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2617'.
[  964.845315][T18709] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2617'.
[  964.849414][T18709] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2617'.
[  965.302473][T18724] fuse: Bad value for 'fd'
[  966.222784][T18739] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2623'.
[  966.229865][T18742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2625'.
[  966.887813][T18764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2627'.
[  969.272596][T18828] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2639'.
[  969.710371][T18830] FAULT_INJECTION: forcing a failure.
[  969.710371][T18830] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  969.715698][T18830] CPU: 1 UID: 0 PID: 18830 Comm: syz.0.2641 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  969.715786][T18830] Tainted: [L]=SOFTLOCKUP
[  969.715794][T18830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  969.715807][T18830] Call Trace:
[  969.715832][T18830]  <TASK>
[  969.715841][T18830]  dump_stack_lvl+0x16c/0x1f0
[  969.715964][T18830]  should_fail_ex+0x512/0x640
[  969.716003][T18830]  _copy_to_user+0x32/0xd0
[  969.716024][T18830]  __copy_siginfo_to_user32+0x96/0xf0
[  969.716053][T18830]  ? __pfx___copy_siginfo_to_user32+0x10/0x10
[  969.716094][T18830]  ? _raw_spin_unlock_irq+0x23/0x50
[  969.716119][T18830]  ? siginfo_layout+0x177/0x290
[  969.716144][T18830]  ia32_setup_rt_frame+0x6cc/0xb30
[  969.716169][T18830]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  969.716192][T18830]  arch_do_signal_or_restart+0x475/0x7a0
[  969.716219][T18830]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  969.716250][T18830]  ? __fget_files+0x20e/0x3c0
[  969.716280][T18830]  exit_to_user_mode_loop+0x8c/0x540
[  969.716305][T18830]  do_int80_emulation+0x3a8/0x480
[  969.716336][T18830]  asm_int80_emulation+0x1a/0x20
[  969.716353][T18830] RIP: 0023:0xf704d577
[  969.716367][T18830] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  969.716385][T18830] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  969.716404][T18830] RAX: 0000000000000036 RBX: 0000000000000003 RCX: 0000000000002285
[  969.716415][T18830] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[  969.716426][T18830] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  969.716436][T18830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  969.716447][T18830] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  969.716469][T18830]  </TASK>
[  970.056202][T18844] tmpfs: Bad value for 'huge'
[  971.698486][T18886] input: syz1 as /devices/virtual/input/input25
[  972.682437][T18888] netlink: 'syz.2.2653': attribute type 21 has an invalid length.
[  972.727350][   T10] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  972.761644][T18896] tmpfs: Bad value for 'huge'
[  973.558097][   T10] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  973.575865][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  973.579488][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  973.583978][   T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  973.586944][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.589616][   T10] usb 6-1: Product: syz
[  973.591002][   T10] usb 6-1: Manufacturer: syz
[  973.592527][   T10] usb 6-1: SerialNumber: syz
[  973.592968][T18900] nfs: Unknown parameter 'aw'
[  973.598803][T18900] input: syz0 as /devices/virtual/input/input26
[  973.813427][T18878] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2650'.
[  973.854608][   T10] usb 6-1: 0:2 : does not exist
[  974.119827][   T10] usb 6-1: USB disconnect, device number 43
[  974.243457][T18913] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2661'.
[  974.247293][T18913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2661'.
[  974.296266][T18913] 0· (unregistering): left promiscuous mode
[  974.308644][T17360] udevd[17360]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  974.471883][T18920] tmpfs: Bad value for 'huge'
[  975.153804][T18924] tmpfs: Bad value for 'huge'
[  975.197705][T18924] 9pnet_virtio: no channels available for device syz
[  975.618755][ T5949] Bluetooth: hci4: command 0x0c1a tx timeout
[  975.629350][T10909] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  975.642537][T10909] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  976.329393][T18951] FAULT_INJECTION: forcing a failure.
[  976.329393][T18951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  976.333797][T18951] CPU: 0 UID: 0 PID: 18951 Comm: syz.2.2671 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  976.333816][T18951] Tainted: [L]=SOFTLOCKUP
[  976.333820][T18951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  976.333828][T18951] Call Trace:
[  976.333832][T18951]  <TASK>
[  976.333837][T18951]  dump_stack_lvl+0x16c/0x1f0
[  976.333858][T18951]  should_fail_ex+0x512/0x640
[  976.333873][T18951]  _copy_from_user+0x2e/0xd0
[  976.333885][T18951]  get_compat_msghdr+0xa7/0x170
[  976.333900][T18951]  ? __pfx_get_compat_msghdr+0x10/0x10
[  976.333919][T18951]  ___sys_sendmsg+0x1ae/0x1d0
[  976.333935][T18951]  ? __pfx____sys_sendmsg+0x10/0x10
[  976.333955][T18951]  ? find_held_lock+0x2b/0x80
[  976.333977][T18951]  __sys_sendmsg+0x16d/0x220
[  976.333992][T18951]  ? __pfx___sys_sendmsg+0x10/0x10
[  976.334015][T18951]  ? do_user_addr_fault+0x843/0x1370
[  976.334031][T18951]  __do_fast_syscall_32+0xe8/0x680
[  976.334051][T18951]  do_fast_syscall_32+0x32/0x80
[  976.334061][T18951]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  976.334075][T18951] RIP: 0023:0xf709d579
[  976.334085][T18951] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  976.334096][T18951] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  976.334107][T18951] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  976.334114][T18951] RDX: 0000000000004014 RSI: 0000000000000000 RDI: 0000000000000000
[  976.334120][T18951] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  976.334127][T18951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  976.334133][T18951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  976.334146][T18951]  </TASK>
[  976.552062][T18958] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2674'.
[  976.633239][T18964] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  976.635479][T18964] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  976.654059][T18964] vhci_hcd vhci_hcd.0: Device attached
[  976.717257][T18963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2675'.
[  976.842692][T18972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2676'.
[  976.899579][T18097] usb 41-1: new low-speed USB device number 8 using vhci_hcd
[  977.256300][T18965] vhci_hcd: connection reset by peer
[  977.259236][ T6117] vhci_hcd vhci_hcd.2: stop threads
[  977.261808][ T6117] vhci_hcd vhci_hcd.2: release socket
[  977.264264][ T6117] vhci_hcd vhci_hcd.2: disconnect device
[  977.952901][T18980] tmpfs: Bad value for 'huge'
[  978.350632][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  978.352831][T10909] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  978.355160][T10909] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  980.511519][T10909] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  980.511750][ T5949] Bluetooth: hci0: command 0x0c1a tx timeout
[  980.516349][T10909] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  981.035200][T19037] netlink: 'syz.1.2690': attribute type 1 has an invalid length.
[  981.051072][T19037] bond1: entered promiscuous mode
[  981.053133][T19037] bond1: entered allmulticast mode
[  981.055415][T19037] 8021q: adding VLAN 0 to HW filter on device bond1
[  981.227162][T19037] erspan1: entered allmulticast mode
[  981.230896][T19037] bond1: (slave erspan1): making interface the new active one
[  981.233667][T19037] erspan1: entered promiscuous mode
[  981.236057][T19037] bond1: (slave erspan1): Enslaving as an active interface with an up link
[  981.368130][T19041] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2690'.
[  981.389981][T19037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2690'.
[  981.489436][T19037] bond1 (unregistering): (slave erspan1): Releasing active interface
[  981.492926][T19037] erspan1: left promiscuous mode
[  981.496241][T19037] bond1 (unregistering): Released all slaves
[  982.013057][T18097] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  982.019076][   T35] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 30 seconds
[  982.026942][   T35] block nbd0: Possible stuck request ffff8880261b0200: control (read@1024,1024B). Runtime 30 seconds
[  982.031341][   T35] block nbd0: Possible stuck request ffff8880261b0400: control (read@2048,1024B). Runtime 30 seconds
[  982.034995][   T35] block nbd0: Possible stuck request ffff8880261b0600: control (read@3072,1024B). Runtime 30 seconds
[  982.320691][T19050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2692'.
[  982.348506][T19051] tmpfs: Bad value for 'huge'
[  982.952843][T19057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2695'.
[  983.491406][T19063] netlink: 'syz.0.2697': attribute type 12 has an invalid length.
[  983.495268][T19063] netlink: 'syz.0.2697': attribute type 29 has an invalid length.
[  983.498325][T19063] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2697'.
[  983.502132][T19063] netlink: 'syz.0.2697': attribute type 1 has an invalid length.
[  983.505788][T19063] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2697'.
[  984.512042][T19091] tmpfs: Bad value for 'huge'
[  985.412580][T19101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2704'.
[  986.783122][T19132] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  986.834737][T19133] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2709'.
[  986.846271][T19141] block nbd4: shutting down sockets
[  986.877917][T19132] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  986.993503][T19132] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  987.079029][T19147] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2714'.
[  987.089070][T19132] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  987.210706][   T82] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  987.224979][T17282] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  987.242384][T17282] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  987.251786][T17282] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  989.204382][T19172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2720'.
[  989.497040][T19180] binder: Unknown parameter 'ma6ö'
[  989.677676][T19188] rdma_rxe: rxe_newlink: failed to add syz_tun
[  989.683161][T19182] rdma_rxe: rxe_newlink: failed to add syz_tun
[  989.846591][T19185] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  989.867023][T19189] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2725'.
[  989.947992][T19185] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.038068][T19185] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.070731][T19182] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.102812][T19187] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2724'.
[  990.125363][T19185] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.156716][T19182] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.238919][T17282] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  990.262278][T19182] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.281793][   T82] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  990.298358][   T82] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  990.313792][   T82] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  990.350768][T19182] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.682544][T18065] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  990.693127][T18065] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  990.702322][T18065] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  990.760906][T18065] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  991.659308][T19213] /dev/sr0: Can't open blockdev
[  991.816169][T19219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2734'.
[  991.899784][T19218] syz1: rxe_newlink: already configured on syz_tun
[  992.119246][T19218] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  992.167386][T19221] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2735'.
[  992.179783][T19218] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  992.255959][T19218] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  992.320979][T19218] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  992.413806][T17282] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  992.422094][T17282] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  992.431414][ T6117] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  992.441986][ T6117] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  993.719355][T19231] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  993.762917][T19231] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  993.786265][T19240] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2738'.
[  994.162204][T19231] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.237628][T19231] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  994.321896][   T82] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  994.332114][   T82] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  994.341145][   T82] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  994.352916][   T82] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  994.847332][T19275] syz1: rxe_newlink: already configured on syz_tun
[  994.957275][T19275] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.017025][T19275] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.034109][T19282] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2745'.
[  995.767457][T19275] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.845453][T19275] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.309918][T19332] bridge0: port 3(erspan0) entered blocking state
[  997.313045][T19332] bridge0: port 3(erspan0) entered disabled state
[  997.318090][T19332] erspan0: entered allmulticast mode
[  997.327691][T19332] erspan0: entered promiscuous mode
[  997.330991][T19332] bridge0: port 3(erspan0) entered blocking state
[  997.333691][T19332] bridge0: port 3(erspan0) entered forwarding state
[  997.416263][T19331] rdma_rxe: rxe_newlink: failed to add syz_tun
[  997.576727][T19331] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.628383][ T6117] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  997.639729][ T6117] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  997.653743][T19331] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.669519][ T6117] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  997.674208][T19334] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2757'.
[  997.683115][ T6117] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  997.734516][T19331] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.836420][T19331] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  997.886777][T19339] tmpfs: Bad value for 'huge'
[  999.611204][T17787] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  999.618433][ T6117] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  999.625408][ T6117] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  999.642320][ T6117] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  999.792829][T19353] rdma_rxe: rxe_newlink: failed to add syz_tun
[ 1000.001287][T19376] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1000.058634][T19380] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2762'.
[ 1000.122163][T19376] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1000.195020][T19376] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1000.273356][T19376] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1000.568496][   T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.578592][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.587332][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1000.601843][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1001.224895][T19396] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2770'.
[ 1001.405499][T10610] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[ 1001.693209][T10610] usb 9-1: Using ep0 maxpacket: 8
[ 1003.076035][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[ 1003.078818][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[ 1003.165031][T10610] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1003.174567][T10610] usb 9-1: New USB device found, idVendor=04d8, idProduct=00e3, bcdDevice= 0.00
[ 1003.177591][T10610] usb 9-1: New USB device strings: Mfr=31, Product=0, SerialNumber=0
[ 1003.180268][T10610] usb 9-1: Manufacturer: syz
[ 1003.183413][T10610] usb 9-1: config 0 descriptor??
[ 1003.346228][T19413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1003.349222][T19413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1003.352294][T19413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1003.370197][T19409] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2772'.
[ 1003.374364][T19413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1003.377411][T19413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1003.378229][T19409] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2772'.
[ 1003.380332][T19413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1003.895393][T19414] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2774'.
[ 1004.343698][   T55] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 1004.823627][T10610] usbhid 9-1:0.0: can't add hid device: -71
[ 1004.827165][T10610] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1004.847390][T10610] usb 9-1: USB disconnect, device number 16
[ 1011.708230][T19497] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.758103][T19505] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2784'.
[ 1011.785107][T19497] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.869369][T19497] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1011.972814][T19497] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1012.385499][ T6117] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.413612][   T13] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.434367][   T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.452462][ T5024] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1012.689558][   T35] block nbd0: Possible stuck request ffff8880261b0000: control (read@0,1024B). Runtime 60 seconds
[ 1012.693380][   T35] block nbd0: Possible stuck request ffff8880261b0200: control (read@1024,1024B). Runtime 60 seconds
[ 1012.697033][   T35] block nbd0: Possible stuck request ffff8880261b0400: control (read@2048,1024B). Runtime 60 seconds
[ 1012.700864][   T35] block nbd0: Possible stuck request ffff8880261b0600: control (read@3072,1024B). Runtime 60 seconds
[ 1013.419585][   T55] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1013.579649][   T55] usb 6-1: Using ep0 maxpacket: 8
[ 1013.584847][   T55] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1013.588431][   T55] usb 6-1: New USB device found, idVendor=04d8, idProduct=00e3, bcdDevice= 0.00
[ 1013.596266][   T55] usb 6-1: New USB device strings: Mfr=31, Product=0, SerialNumber=0
[ 1013.599468][   T55] usb 6-1: Manufacturer: syz
[ 1013.607717][   T55] usb 6-1: config 0 descriptor??
[ 1014.160576][T17285] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 1014.722516][T19580] tmpfs: Bad value for 'huge'
[ 1015.157360][T19590] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.493919][T19590] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.566229][T19590] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.657515][T19590] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.710435][   T55] usbhid 6-1:0.0: can't add hid device: -71
[ 1015.714673][   T55] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1015.731594][   T55] usb 6-1: USB disconnect, device number 44
[ 1017.591563][T19610] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2803'.
[ 1017.664833][T19610] sctp: [Deprecated]: syz.4.2803 (pid 19610) Use of int in max_burst socket option deprecated.
[ 1017.664833][T19610] Use struct sctp_assoc_value instead
[ 1017.693372][ T6117] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.727536][ T5024] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.732564][ T5024] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.744245][ T5024] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1017.779230][T19618] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2804'.
[ 1018.042306][T18057] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[ 1018.342616][T18057] usb 9-1: Using ep0 maxpacket: 32
[ 1018.348898][T18057] usb 9-1: descriptor type invalid, skip
[ 1018.351180][T18057] usb 9-1: descriptor type invalid, skip
[ 1018.353577][T18057] usb 9-1: descriptor type invalid, skip
[ 1018.359379][T18057] usb 9-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1018.362962][T18057] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1018.366560][T18057] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1018.394365][T18057] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1018.407938][T18057] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1018.417646][T18057] usb 9-1: Product: Ѓ
[ 1018.431483][T18057] usb 9-1: Manufacturer: ã Š
[ 1018.440055][T18057] usb 9-1: SerialNumber: syz
[ 1018.703641][   T40] audit: type=1326 audit(1766908880.639:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.713429][   T40] audit: type=1326 audit(1766908880.639:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.725404][   T40] audit: type=1326 audit(1766908880.639:1198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.752404][   T40] audit: type=1326 audit(1766908880.639:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.759534][T19610] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2803'.
[ 1018.761897][   T40] audit: type=1326 audit(1766908880.639:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.785861][   T40] audit: type=1326 audit(1766908880.639:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=16 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.795780][   T40] audit: type=1326 audit(1766908880.639:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.806688][   T40] audit: type=1326 audit(1766908880.639:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.816393][   T40] audit: type=1326 audit(1766908880.649:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.816968][T18057] usb 9-1: 0:2 : does not exist
[ 1018.826360][   T40] audit: type=1326 audit(1766908880.689:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19609 comm="syz.4.2803" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[ 1018.927379][T19637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2809'.
[ 1019.062747][T18057] usb 9-1: USB disconnect, device number 17
[ 1019.383319][T19644] netlink: 'syz.0.2812': attribute type 25 has an invalid length.
[ 1019.387065][T19644] fuse: Bad value for 'fd'
[ 1019.478228][T19642] syz1: rxe_newlink: already configured on syz_tun
[ 1019.487870][T19649] netlink: 'syz.0.2814': attribute type 1 has an invalid length.
[ 1019.490832][T19649] FAULT_INJECTION: forcing a failure.
[ 1019.490832][T19649] name failslab, interval 1, probability 0, space 0, times 0
[ 1019.501077][T19649] CPU: 3 UID: 0 PID: 19649 Comm: syz.0.2814 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1019.501101][T19649] Tainted: [L]=SOFTLOCKUP
[ 1019.501106][T19649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1019.501113][T19649] Call Trace:
[ 1019.501118][T19649]  <TASK>
[ 1019.501123][T19649]  dump_stack_lvl+0x16c/0x1f0
[ 1019.501143][T19649]  should_fail_ex+0x512/0x640
[ 1019.501156][T19649]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1019.501171][T19649]  should_failslab+0xc2/0x120
[ 1019.501189][T19649]  __kmalloc_cache_noprof+0x80/0x800
[ 1019.501201][T19649]  ? qfq_change_class+0xcf8/0x1da0
[ 1019.501220][T19649]  ? qfq_change_class+0xcf8/0x1da0
[ 1019.501236][T19649]  qfq_change_class+0xcf8/0x1da0
[ 1019.501254][T19649]  ? __pfx_qfq_change_class+0x10/0x10
[ 1019.501272][T19649]  ? qdisc_match_from_root+0x16f/0x260
[ 1019.501289][T19649]  ? __pfx_qfq_change_class+0x10/0x10
[ 1019.501305][T19649]  tc_ctl_tclass+0x59d/0x16c0
[ 1019.501323][T19649]  ? __pfx_tc_ctl_tclass+0x10/0x10
[ 1019.501332][T19649]  ? __mutex_lock+0x27b/0x1ca0
[ 1019.501351][T19649]  ? rtnetlink_rcv_msg+0x371/0xe90
[ 1019.501367][T19649]  ? __lock_acquire+0x436/0x2890
[ 1019.501387][T19649]  ? __pfx_tc_ctl_tclass+0x10/0x10
[ 1019.501398][T19649]  rtnetlink_rcv_msg+0x3c9/0xe90
[ 1019.501415][T19649]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1019.501434][T19649]  ? ref_tracker_free+0x37c/0x830
[ 1019.501449][T19649]  netlink_rcv_skb+0x158/0x420
[ 1019.501465][T19649]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1019.501481][T19649]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1019.501502][T19649]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1019.501519][T19649]  netlink_unicast+0x5aa/0x870
[ 1019.501537][T19649]  ? __pfx_netlink_unicast+0x10/0x10
[ 1019.501557][T19649]  netlink_sendmsg+0x8c8/0xdd0
[ 1019.501577][T19649]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1019.501594][T19649]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1019.501615][T19649]  ____sys_sendmsg+0xa5d/0xc30
[ 1019.501632][T19649]  ? iterate_inodes_from_logical+0x150/0x220
[ 1019.501650][T19649]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1019.501667][T19649]  ? get_compat_msghdr+0x11a/0x170
[ 1019.501687][T19649]  ___sys_sendmsg+0x134/0x1d0
[ 1019.501702][T19649]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1019.501721][T19649]  ? find_held_lock+0x2b/0x80
[ 1019.501744][T19649]  __sys_sendmsg+0x16d/0x220
[ 1019.501758][T19649]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1019.501777][T19649]  ? do_user_addr_fault+0x843/0x1370
[ 1019.501794][T19649]  __do_fast_syscall_32+0xe8/0x680
[ 1019.501813][T19649]  do_fast_syscall_32+0x32/0x80
[ 1019.501823][T19649]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1019.501837][T19649] RIP: 0023:0xf704d579
[ 1019.501847][T19649] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1019.501858][T19649] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1019.501869][T19649] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[ 1019.501876][T19649] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1019.501882][T19649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1019.501888][T19649] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1019.501895][T19649] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1019.501909][T19649]  </TASK>
[ 1019.643817][T19647] ==================================================================
[ 1019.647564][T19647] BUG: KASAN: slab-use-after-free in qfq_reset_qdisc+0x323/0x420
[ 1019.651088][T19647] Read of size 8 at addr ffff888027615750 by task syz.0.2814/19647
[ 1019.655776][T19647] 
[ 1019.657696][T19647] CPU: 3 UID: 0 PID: 19647 Comm: syz.0.2814 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1019.657726][T19647] Tainted: [L]=SOFTLOCKUP
[ 1019.657733][T19647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1019.657746][T19647] Call Trace:
[ 1019.657754][T19647]  <TASK>
[ 1019.657762][T19647]  dump_stack_lvl+0x116/0x1f0
[ 1019.657794][T19647]  print_report+0xcd/0x630
SYZFAIL: failed to recv rpc
[ 1019.657824][T19647]  ? __virt_addr_valid+0x81/0x610
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1019.657853][T19647]  ? __phys_addr+0xe8/0x180
[ 1019.657880][T19647]  ? qfq_reset_qdisc+0x323/0x420
[ 1019.657906][T19647]  kasan_report+0xe0/0x110
[ 1019.657934][T19647]  ? qfq_reset_qdisc+0x323/0x420
[ 1019.657963][T19647]  qfq_reset_qdisc+0x323/0x420
[ 1019.657990][T19647]  ? synchronize_rcu_expedited+0x3b9/0x460
[ 1019.658011][T19647]  ? __pfx_qfq_reset_qdisc+0x10/0x10
[ 1019.658039][T19647]  qdisc_reset+0xe0/0x630
[ 1019.658062][T19647]  __qdisc_destroy+0xd3/0x4a0
[ 1019.658083][T19647]  qdisc_put+0xab/0xe0
[ 1019.658104][T19647]  dev_shutdown+0x1d0/0x430
[ 1019.658128][T19647]  unregister_netdevice_many_notify+0xb37/0x2590
[ 1019.658159][T19647]  ? do_raw_spin_unlock+0x172/0x230
[ 1019.658182][T19647]  ? ref_tracker_alloc+0x305/0x5b0
[ 1019.658206][T19647]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1019.658234][T19647]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1019.658256][T19647]  ? clear_pending_if_disabled+0xa8/0x210
[ 1019.658287][T19647]  unregister_netdevice_queue+0x305/0x3c0
[ 1019.658314][T19647]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1019.658342][T19647]  ? linkwatch_schedule_work+0x181/0x1c0
[ 1019.658361][T19647]  ? linkwatch_fire_event+0x6f/0x270
[ 1019.658382][T19647]  __tun_detach+0x119c/0x1490
[ 1019.658403][T19647]  ? __pfx_tun_chr_close+0x10/0x10
[ 1019.658421][T19647]  tun_chr_close+0xc2/0x230
[ 1019.658439][T19647]  __fput+0x402/0xb70
[ 1019.658461][T19647]  task_work_run+0x150/0x240
[ 1019.658482][T19647]  ? __pfx_task_work_run+0x10/0x10
[ 1019.658501][T19647]  ? __do_sys_close_range+0x278/0x730
[ 1019.658533][T19647]  exit_to_user_mode_loop+0xfb/0x540
[ 1019.658563][T19647]  __do_fast_syscall_32+0x4a4/0x680
[ 1019.658595][T19647]  do_fast_syscall_32+0x32/0x80
[ 1019.658613][T19647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1019.658637][T19647] RIP: 0023:0xf704d579
[ 1019.658653][T19647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1019.658671][T19647] RSP: 002b:00000000ffcf3e8c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[ 1019.658692][T19647] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[ 1019.658704][T19647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1019.658716][T19647] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1019.658728][T19647] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1019.658741][T19647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1019.658759][T19647]  </TASK>
[ 1019.658766][T19647] 
[ 1019.775837][T19647] Allocated by task 19649:
[ 1019.777404][T19647]  kasan_save_stack+0x33/0x60
[ 1019.779091][T19647]  kasan_save_track+0x14/0x30
[ 1019.780750][T19647]  __kasan_kmalloc+0xaa/0xb0
[ 1019.782408][T19647]  qfq_change_class+0x2ba/0x1da0
[ 1019.784372][T19647]  tc_ctl_tclass+0x59d/0x16c0
[ 1019.786169][T19647]  rtnetlink_rcv_msg+0x3c9/0xe90
[ 1019.788502][T19647]  netlink_rcv_skb+0x158/0x420
[ 1019.790750][T19647]  netlink_unicast+0x5aa/0x870
[ 1019.792906][T19647]  netlink_sendmsg+0x8c8/0xdd0
[ 1019.794907][T19647]  ____sys_sendmsg+0xa5d/0xc30
[ 1019.796867][T19647]  ___sys_sendmsg+0x134/0x1d0
[ 1019.799056][T19647]  __sys_sendmsg+0x16d/0x220
[ 1019.801212][T19647]  __do_fast_syscall_32+0xe8/0x680
[ 1019.803527][T19647]  do_fast_syscall_32+0x32/0x80
[ 1019.805310][T19647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1019.808171][T19647] 
[ 1019.809317][T19647] Freed by task 19649:
[ 1019.811218][T19647]  kasan_save_stack+0x33/0x60
[ 1019.813085][T19647]  kasan_save_track+0x14/0x30
[ 1019.814778][T19647]  kasan_save_free_info+0x3b/0x60
[ 1019.816967][T19647]  __kasan_slab_free+0x5f/0x80
[ 1019.818799][T19647]  kfree+0x2f8/0x6e0
[ 1019.820173][T19647]  qfq_change_class+0x1576/0x1da0
[ 1019.822189][T19647]  tc_ctl_tclass+0x59d/0x16c0
[ 1019.823878][T19647]  rtnetlink_rcv_msg+0x3c9/0xe90
[ 1019.825743][T19647]  netlink_rcv_skb+0x158/0x420
[ 1019.827470][T19647]  netlink_unicast+0x5aa/0x870
[ 1019.829187][T19647]  netlink_sendmsg+0x8c8/0xdd0
[ 1019.830896][T19647]  ____sys_sendmsg+0xa5d/0xc30
[ 1019.832606][T19647]  ___sys_sendmsg+0x134/0x1d0
[ 1019.834699][T19647]  __sys_sendmsg+0x16d/0x220
[ 1019.836602][T19647]  __do_fast_syscall_32+0xe8/0x680
[ 1019.838590][T19647]  do_fast_syscall_32+0x32/0x80
[ 1019.840726][T19647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1019.843024][T19647] 
[ 1019.844193][T19647] The buggy address belongs to the object at ffff888027615700
[ 1019.844193][T19647]  which belongs to the cache kmalloc-128 of size 128
[ 1019.849921][T19647] The buggy address is located 80 bytes inside of
[ 1019.849921][T19647]  freed 128-byte region [ffff888027615700, ffff888027615780)
[ 1019.856079][T19647] 
[ 1019.857065][T19647] The buggy address belongs to the physical page:
[ 1019.859387][T19647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27615
[ 1019.862360][T19647] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1019.865019][T19647] page_type: f5(slab)
[ 1019.866354][T19647] raw: 00fff00000000000 ffff88801b442a00 0000000000000000 dead000000000001
[ 1019.869270][T19647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 1019.872099][T19647] page dumped because: kasan: bad access detected
[ 1019.874287][T19647] page_owner tracks the page as allocated
[ 1019.876248][T19647] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5943, tgid 5943 (syz-executor), ts 63613191072, free_ts 26232062133
[ 1019.882728][T19647]  post_alloc_hook+0x1af/0x220
[ 1019.884383][T19647]  get_page_from_freelist+0xd0b/0x31a0
[ 1019.886312][T19647]  __alloc_frozen_pages_noprof+0x25f/0x2430
[ 1019.888402][T19647]  alloc_pages_mpol+0x1fb/0x550
[ 1019.890136][T19647]  new_slab+0x2c3/0x430
[ 1019.891623][T19647]  ___slab_alloc+0xe18/0x1c90
[ 1019.893264][T19647]  __slab_alloc.constprop.0+0x63/0x110
[ 1019.895314][T19647]  __kmalloc_cache_noprof+0x485/0x800
[ 1019.897120][T19647]  __hw_addr_add_ex+0x3c9/0x7c0
[ 1019.898741][T19647]  dev_mc_add+0xb6/0x110
[ 1019.900226][T19647]  igmp_group_added+0x82f/0x980
[ 1019.901880][T19647]  ____ip_mc_inc_group+0x7d6/0x10c0
[ 1019.903630][T19647]  ip_mc_up+0x154/0x380
[ 1019.905056][T19647]  inetdev_event+0xafb/0x1870
[ 1019.906624][T19647]  notifier_call_chain+0xbc/0x3e0
[ 1019.908302][T19647]  call_netdevice_notifiers_info+0xbe/0x110
[ 1019.910303][T19647] page last free pid 10 tgid 10 stack trace:
[ 1019.912702][T19647]  __free_frozen_pages+0x7df/0x1170
[ 1019.914436][T19647]  kasan_depopulate_vmalloc_pte+0x5b/0x80
[ 1019.916377][T19647]  __apply_to_page_range+0xac1/0x13f0
[ 1019.918157][T19647]  __kasan_release_vmalloc+0xd1/0xe0
[ 1019.919922][T19647]  purge_vmap_node+0x1ba/0xad0
[ 1019.921608][T19647]  __purge_vmap_area_lazy+0x9d2/0xc00
[ 1019.923458][T19647]  drain_vmap_area_work+0x27/0x40
[ 1019.925171][T19647]  process_one_work+0x9ba/0x1b20
[ 1019.926819][T19647]  worker_thread+0x6c8/0xf10
[ 1019.928348][T19647]  kthread+0x3c5/0x780
[ 1019.929724][T19647]  ret_from_fork+0x983/0xb10
[ 1019.931269][T19647]  ret_from_fork_asm+0x1a/0x30
[ 1019.933042][T19647] 
[ 1019.933872][T19647] Memory state around the buggy address:
[ 1019.935791][T19647]  ffff888027615600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1019.938451][T19647]  ffff888027615680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1019.941105][T19647] >ffff888027615700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1019.943816][T19647]                                                  ^
[ 1019.946101][T19647]  ffff888027615780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1019.948746][T19647]  ffff888027615800: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 1019.951373][T19647] ==================================================================
[ 1019.957287][T19647] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1019.960487][T19647] CPU: 3 UID: 0 PID: 19647 Comm: syz.0.2814 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1019.965350][T19647] Tainted: [L]=SOFTLOCKUP
[ 1019.967285][T19647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1019.972002][T19647] Call Trace:
[ 1019.973544][T19647]  <TASK>
[ 1019.974891][T19647]  dump_stack_lvl+0x3d/0x1f0
[ 1019.976992][T19647]  vpanic+0x640/0x6f0
[ 1019.978751][T19647]  panic+0xca/0xd0
[ 1019.980418][T19647]  ? __pfx_panic+0x10/0x10
[ 1019.982361][T19647]  ? qfq_reset_qdisc+0x323/0x420
[ 1019.984329][T19647]  ? preempt_schedule_common+0x44/0xc0
[ 1019.986523][T19647]  ? preempt_schedule_thunk+0x16/0x30
[ 1019.988382][T19647]  ? check_panic_on_warn+0x1f/0xb0
[ 1019.990081][T19647]  check_panic_on_warn+0xab/0xb0
[ 1019.991721][T19647]  end_report+0x107/0x160
[ 1019.993192][T19647]  kasan_report+0xee/0x110
[ 1019.994742][T19647]  ? qfq_reset_qdisc+0x323/0x420
[ 1019.996466][T19647]  qfq_reset_qdisc+0x323/0x420
[ 1019.998084][T19647]  ? synchronize_rcu_expedited+0x3b9/0x460
[ 1020.000060][T19647]  ? __pfx_qfq_reset_qdisc+0x10/0x10
[ 1020.001832][T19647]  qdisc_reset+0xe0/0x630
[ 1020.003268][T19647]  __qdisc_destroy+0xd3/0x4a0
[ 1020.004871][T19647]  qdisc_put+0xab/0xe0
[ 1020.006228][T19647]  dev_shutdown+0x1d0/0x430
[ 1020.007787][T19647]  unregister_netdevice_many_notify+0xb37/0x2590
[ 1020.009958][T19647]  ? do_raw_spin_unlock+0x172/0x230
[ 1020.011677][T19647]  ? ref_tracker_alloc+0x305/0x5b0
[ 1020.013415][T19647]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1020.015665][T19647]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1020.017500][T19647]  ? clear_pending_if_disabled+0xa8/0x210
[ 1020.019672][T19647]  unregister_netdevice_queue+0x305/0x3c0
[ 1020.021743][T19647]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1020.023808][T19647]  ? linkwatch_schedule_work+0x181/0x1c0
[ 1020.025714][T19647]  ? linkwatch_fire_event+0x6f/0x270
[ 1020.027452][T19647]  __tun_detach+0x119c/0x1490
[ 1020.029087][T19647]  ? __pfx_tun_chr_close+0x10/0x10
[ 1020.030791][T19647]  tun_chr_close+0xc2/0x230
[ 1020.032402][T19647]  __fput+0x402/0xb70
[ 1020.033747][T19647]  task_work_run+0x150/0x240
[ 1020.035329][T19647]  ? __pfx_task_work_run+0x10/0x10
[ 1020.037086][T19647]  ? __do_sys_close_range+0x278/0x730
[ 1020.038894][T19647]  exit_to_user_mode_loop+0xfb/0x540
[ 1020.040924][T19647]  __do_fast_syscall_32+0x4a4/0x680
[ 1020.042720][T19647]  do_fast_syscall_32+0x32/0x80
[ 1020.044389][T19647]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1020.046497][T19647] RIP: 0023:0xf704d579
[ 1020.047864][T19647] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1020.054389][T19647] RSP: 002b:00000000ffcf3e8c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[ 1020.057147][T19647] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[ 1020.059742][T19647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1020.062440][T19647] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1020.065150][T19647] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1020.067745][T19647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1020.070364][T19647]  </TASK>
[ 1020.072239][T19647] Kernel Offset: disabled
[ 1020.073710][T19647] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:57:06  Registers:
info registers vcpu 0

CPU#0
RAX=00000002000008fb RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000002
RSI=00000000000000fb RDI=0000000000000002 RBP=ffff8880288049b8 RSP=ffffc90000007db0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000001 R13=1ffff92000000fb9 R14=1ffff11005100901 R15=0000000000000000
RIP=ffffffff816aed58 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f284283e300 ffffffff 00c00000
GS =0000 ffff8880976fc000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005605edf3f000 CR3=00000000285c8000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000004b29677 RBX=0000000000000001 RCX=ffffffff8b7576d9 RDX=0000000000000000
RSI=ffffffff8daca977 RDI=ffffffff8bf2b580 RBP=ffffed1003adf498 RSP=ffffc9000046fde8
R8 =0000000000000001 R9 =ffffed100566673d R10=ffff88802b3339eb R11=ffff88801d6faff0
R12=0000000000000001 R13=ffff88801d6fa4c0 R14=ffffffff9088e8d0 R15=0000000000000000
RIP=ffffffff8b755dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977fc000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080003000 CR3=0000000069fc7000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000080000 RBX=0000000000000001 RCX=ffffc900302f9000 RDX=0000000000080000
RSI=ffffffff81f63a33 RDI=0000000000000005 RBP=ffffea000177cdf4 RSP=ffffc90003ad7670
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=ffff8880268b0b30
R12=0000000000000001 R13=0000000000000003 R14=dffffc0000000000 R15=1ffff9200075af01
RIP=ffffffff81be594a RFL=00000216 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978fc000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3c7b6f CR3=0000000059a77000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85301205 RDI=ffffffff9aed9260 RBP=ffffffff9aed9220 RSP=ffffc90003ba7428
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3230383838666666
R12=0000000000000000 R13=0000000000000037 R14=ffffffff9aed9220 R15=ffffffff853011a0
RIP=ffffffff8530122f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880979fc000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c3bb25e CR3=00000000632d7000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000