last executing test programs:

8m31.823087033s ago: executing program 3 (id=550):
r0 = syz_io_uring_setup(0x4b2, &(0x7f0000000100)={0x0, 0xffffffff, 0x40, 0x0, 0x162}, &(0x7f0000ff0000), &(0x7f0000000000))
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newqdisc={0x32c, 0x24, 0x200, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffeb, 0xb}, {0xfff1, 0x8}}, [@TCA_STAB={0xcc, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x89, 0x1, 0x2, 0x7, 0x2, 0xc, 0x7, 0x4}}, {0xc, 0x2, [0x2, 0x200, 0x8, 0x2]}}, {{0x1c, 0x1, {0x23, 0xff, 0x3, 0x280, 0x1, 0x800, 0x8, 0x9}}, {0x16, 0x2, [0x400, 0xff, 0x3, 0x400, 0x15, 0xf1df, 0x4, 0x2, 0xff]}}, {{0x1c, 0x1, {0x0, 0x50, 0x3, 0x2, 0x2, 0xc2, 0xffffffff, 0x2}}, {0x8, 0x2, [0x7f, 0x200]}}, {{0x1c, 0x1, {0xc, 0x4, 0xfff, 0xffffff80, 0x1, 0x7ff, 0x2, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x7, 0x1, 0xcb, 0xc000000, 0x2, 0x4, 0x4, 0x2}}, {0x8, 0x2, [0x0, 0x1000]}}]}, @qdisc_kind_options=@q_gred={{0x9}, {0x110, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "1cef627e9e155a911457d6ebb73b1f9b8d92b56a221b51a9b7b69a9ac3556bfd6c650114fc312e509f346f1b48e977e0be7d582748bb466332b7cda1d78c30c1aac63de9ed800fd0cb7c4ce43c5a6137b2c871bfc34826695deefd7d0473312add048c5d7ffa22b25e3ae4796df91ccd543868798b16ca5548c5cc6799ebca9426fa62f3ef7ada6f4d1e23386799da57ba8ebece5a7ea05975a520dc96876b0926cb2d811c4fcdaae891f8a62463192447471e921c3d3496dbd08ce6c0c475a94865f5f41c93d283dd41428028732aee0ce9db4f3b985e9e4c4e38783b4abe511ea1e6e34562417db42eea098a535b36883482f4833cc756682dfabfc42b86fe"}, @TCA_GRED_MAX_P={0x8, 0x4, 0x940}]}}, @TCA_STAB={0x120, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x2, 0x7, 0x2, 0xb, 0x6, 0x3}}, {0xa, 0x2, [0x6, 0x401, 0x7fff]}}, {{0x1c, 0x1, {0x40, 0x7, 0x2, 0xfffffff7, 0x1, 0x800, 0x7, 0x2}}, {0x8, 0x2, [0x8, 0x6]}}, {{0x1c, 0x1, {0x2, 0x9, 0x7fff, 0x8, 0x2, 0x1, 0x7e, 0x7}}, {0x12, 0x2, [0x9, 0x4, 0x0, 0x0, 0x8001, 0x800, 0xa]}}, {{0x1c, 0x1, {0x0, 0x7, 0x4, 0x2, 0x2, 0xdf}}, {0x4}}, {{0x1c, 0x1, {0x38, 0x6, 0x9, 0x7, 0x0, 0x8, 0x2, 0x4}}, {0xc, 0x2, [0x8000, 0xfeff, 0x8, 0x8]}}, {{0x1c, 0x1, {0x4, 0x0, 0x0, 0x1ff, 0x0, 0x200, 0xffff, 0x8}}, {0x14, 0x2, [0x0, 0x5, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0]}}, {{0x1c, 0x1, {0x7, 0x66, 0x1, 0x9, 0x1, 0xe, 0x2, 0x3}}, {0xa, 0x2, [0x10, 0x4, 0x0]}}]}]}, 0x32c}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, 0x0, 0x40010)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='map_files\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
read$FUSE(r4, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)=""/14, 0xe}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000040)=""/6, 0x6}], 0x0, 0x2}, 0x20)

8m26.395185615s ago: executing program 3 (id=580):
r0 = syz_open_procfs(0x0, 0x0)
io_uring_setup(0x48f3, &(0x7f0000000040)={0x0, 0xb3ed, 0x20000, 0x2, 0x192})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="0c000280060001"], 0x24}}, 0x0)
r4 = syz_io_uring_setup(0x838, &(0x7f00000000c0)={0x0, 0x48b30, 0x2000, 0x3, 0x1a3}, &(0x7f0000000200)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x114, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000003c0)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, r0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./bus\x00'})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r9, 0xc008ae88, &(0x7f0000000300)={0x1, 0x0, [{0x400000f5, 0x0, 0x4}]})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = socket$inet6_udp(0xa, 0x2, 0x0)
r14 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97O\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7)
ioctl$FS_IOC_RESVSP(r14, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762})
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r14, 0xff010000)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r15, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001500010300000000000000fa0b00000008000100ba"], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
setsockopt$IP6T_SO_SET_REPLACE(r13, 0x29, 0x40, &(0x7f0000001380)=@security={'security\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x108, 0x0, 0x108, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0xa}, [0xffffff00, 0xffffff00, 0xff], [0x0, 0xffffff00, 0xffffffff], 'bond_slave_0\x00', 'ipvlan0\x00', {}, {0xff}, 0x32, 0x0, 0xa, 0x2}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, [0xffffffff, 0xffffffff, 0xff, 0xffffff00], 0x4e22, 0x4e22, 0x4e23, 0x4e21, 0x0, 0x200, 0x8000, 0x9, 0x7}}}, {{@ipv6={@loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0x0, 0xff, 0xff000000], [0xff, 0xffffffff, 0xff000000, 0xffffffff], 'pim6reg\x00', 'ipvlan1\x00', {}, {}, 0x1, 0x5, 0x0, 0xc}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0xfffd}}}, {{@ipv6={@mcast2, @remote, [0xffffffff, 0xffffffff, 0xffffffff, 0xffffff00], [0x100000100, 0xffffff00, 0xffffff00, 0xff], 'veth0_virt_wifi\x00', 'ip6gretap0\x00', {}, {0xff}, 0x62, 0xbb, 0x7, 0x32}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x8, 0x4, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f00000002c0)={0x1, 0x0, [{0x1dc, 0x0, 0x6}]})
r16 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x80, &(0x7f0000000500)=ANY=[@ANYRES16=r4, @ANYBLOB, @ANYBLOB="0f726f6f00000000650900000034303030302c7573b6963db4a5f29673b9a9972365728606c237", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRESDEC=0x0, @ANYRES64=r1])
read$FUSE(r0, &(0x7f000000a3c0)={0x2020, 0x0, <r17=>0x0}, 0x2020)
write$FUSE_INIT(r16, &(0x7f0000000080)={0x50, 0x0, r17, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r16, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x9, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8m26.104034216s ago: executing program 3 (id=583):
r0 = msgget$private(0x0, 0x208)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x40002, 0xa69c0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x0, 0x4a}, 0x28)
io_uring_setup(0x2eff, &(0x7f0000000340)={0x0, 0xe8e5, 0x2, 0xfffffffd, 0x290})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, 0x0, 0x0)
mkdir(0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r4, &(0x7f0000000980)={0x2020}, 0x2020)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', r6, 0x4, 0x4, 0x0, 0xe2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev, 0x80, 0x0, 0xffffffff, 0x1}})
msgsnd(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="020000007a19b2ee9f34766de63155dc9ef2d63ddd566f834017502d474bb8e089bf4fdfe5327e5ce433b61d59c4180ee0f2cb05c2f396c2c3bbaa9930ed97d583a3d46d0f2337b8fab605488c87191f4ed7cb50492e98063ecf4db23e7cf2c3319f8c79c911ea3715bd83725bfb69cc614dbb4f5f736266c89c0f9e6db6b85e512181aa713b60037c65c8602ccc6f1719f5252eaaece20daabda708f4d1d9b05db8facf74329959c2f48cdd18b3c0b2fda8ec42c3a5d13ac33a11dadb50bb768c5ae58a08fe82bc473630be23b2841be0695bfa703af1abd29bfe7a48caf981faa81906a06eb43c5c00e8fb39d3265aaf55c4e823bfb8a4ef9953c20cb1fac8dc3150e60ac459978592c060d04f7e42bc105504ab2bc2f34ff9a54a9c9f84bce5a9f996a2146339cb0d1f23dbb6a3a963f5278df1db7ccebd67a8d197d2cb713899efad7fbf2aa50fef3fdfd1c519cf9b4ccadccaa244d7c4d9e92322440e2e8641dd4b16cf9760c2ad47feb9e7"], 0x8, 0x0)
msgrcv(r0, 0x0, 0x0, 0x835597a199ab43be, 0x800)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$VT_RESIZEX(r7, 0x560a, &(0x7f00000000c0)={0x4, 0xac, 0x100, 0x3, 0x1835, 0x1})
getegid()

8m25.203119447s ago: executing program 3 (id=590):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
mkdir(&(0x7f0000000280)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x4, 0x4, 0x3}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r3}, 0xc)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x10000, 0x0, 0x3, 0x9, 0x6, 0x30002, 0x739, 0x1, 0x73e, 0x7, 0x100000000, 0x1000008, 0x6, 0x3ff, 0xf6], 0x1001, 0x80440})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$getregset(0x4205, r4, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ptrace$getregset(0x4204, r4, 0x2, &(0x7f0000000740)={0x0})
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40086602, &(0x7f0000000000))
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000040))
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000140)={{{@in=@multicast2, @in=@local, 0x4e21, 0x0, 0x4e24, 0x1, 0xa, 0xa0, 0x20, 0x3c}, {0x4c7b, 0x9, 0xa, 0x9, 0x2, 0x8, 0x3, 0x8}, {0xea, 0xd98, 0x0, 0x2}, 0x5, 0x6e6bbd, 0x2, 0x1, 0x1, 0x3}, {{@in6=@mcast2, 0x4d3, 0xff}, 0x2, @in6=@local, 0x3504, 0x3, 0x0, 0x0, 0x5, 0x1ff, 0x1800000}}, 0xe4)

8m25.094376142s ago: executing program 3 (id=591):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x4, 0x109a00)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, {0x1, 0x5, 0x1010, 0xb, 0x1, 0xc, 0x2, 0x310}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000300)={'tunl0\x00', <r1=>0x0, 0x1, 0x700, 0x2, 0x1000, {{0x12, 0x4, 0x0, 0x9, 0x48, 0x66, 0x0, 0x3, 0x2f, 0x0, @empty, @private=0xa010100, {[@ssrr={0x89, 0x7, 0xc1, [@dev={0xac, 0x14, 0x14, 0x34}]}, @noop, @noop, @end, @cipso={0x86, 0x2a, 0xffffffffffffffff, [{0x7, 0x8, "4f318336ae3f"}, {0x1, 0x11, "e0ce5111ed05e3827f4d9143d15035"}, {0x5, 0x3, "dc"}, {0x6, 0x8, "a07e824987bb"}]}]}}}}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
chdir(&(0x7f0000000540)='./cgroup\x00')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@deltclass={0x110c, 0x29, 0x800, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0xfff2, 0x10}, {0xffe0, 0x5}, {0xffe0, 0xf}}, [@tclass_kind_options=@c_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0x0, 0xff}}, @tclass_kind_options=@c_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x8, 0x10}}, @tclass_kind_options=@c_htb={{0x8}, {0x10a4, 0x2, [@TCA_HTB_CTAB={0x404, 0x3, [0xfffffff7, 0x7, 0x8, 0xff, 0x3ff, 0x6, 0x66, 0x2, 0x2, 0x8, 0x9, 0x2, 0x6, 0x8, 0x8, 0x0, 0x3, 0x6d, 0x7, 0x10, 0x43e8, 0xe, 0x1, 0x0, 0x9, 0x2, 0x8000, 0x0, 0x5, 0xbb0f, 0x1, 0x80000000, 0x8, 0x1, 0x97, 0x6, 0x10001, 0x8, 0x80000001, 0x1, 0xf6e3, 0x2, 0xffffffbe, 0xffff1765, 0x428, 0x9c, 0x9bd, 0x9, 0x3, 0x8, 0xc071, 0x4, 0x3e, 0x636, 0x457cd101, 0x2, 0x6, 0x5, 0x1, 0x0, 0x8, 0x5, 0x0, 0x2, 0x8, 0x4, 0xfffffff8, 0x76, 0x3, 0x1e3e, 0xfffffff9, 0xd8, 0x3, 0x8, 0x800, 0x4, 0x4, 0x8, 0xfffffeff, 0x2, 0x6, 0x368a194c, 0x0, 0x1f, 0x2, 0x8, 0xf, 0x0, 0x7, 0x0, 0x5, 0x9, 0x4, 0x4, 0x32, 0xd, 0x7, 0x53b, 0x3, 0x10001, 0x7fff, 0x81, 0x4, 0xfff, 0x7, 0x4, 0x140, 0x5, 0x101, 0x6d92, 0x7ff, 0x9, 0x3, 0x7, 0x23, 0x7f9d, 0xc3, 0x4, 0xb, 0x9, 0x2, 0x5, 0x1, 0x5, 0x80000001, 0x401, 0x401, 0xe1, 0x616, 0x4, 0x0, 0x1, 0x9, 0x4, 0x3, 0x69, 0xf, 0x4, 0xfffffe00, 0x6, 0x7, 0x4, 0x6, 0x7, 0xd7fa, 0x2, 0x10, 0x3, 0x5, 0x8a, 0x7, 0x7, 0x5, 0x7, 0x1, 0x1, 0x3, 0x8, 0x6, 0x101, 0x5, 0x8, 0x7, 0x4158, 0x81, 0x5, 0x8, 0x10001, 0xf, 0x6726, 0x0, 0xb606, 0x0, 0x7, 0x0, 0x1, 0xe5, 0x2, 0xfffff800, 0x94f1, 0x3, 0x1, 0x3, 0x7fff, 0x70, 0xf, 0x81, 0x2, 0x6368, 0x6f0d, 0x4, 0x6e0f4276, 0x1, 0x4000, 0x5, 0x2, 0x8, 0xbfd, 0x7, 0xf, 0x52, 0xf2b8, 0x5, 0x8, 0x6, 0x7, 0xb85, 0x7, 0x8000, 0x9, 0x4, 0x1f292974, 0x5e56, 0x7fff, 0x192, 0x2a, 0x1, 0x7, 0x6, 0x8, 0x6c, 0x81, 0x5, 0xfffffffa, 0x2, 0x1, 0xfa, 0x8001, 0xbe, 0x0, 0x8000, 0x3, 0x0, 0x6, 0x2, 0x4, 0x6, 0xef80, 0xffff, 0x6, 0x80000000, 0x7, 0x1, 0x8, 0x5, 0x5, 0x3, 0x47e, 0x1, 0x6, 0x4, 0x401, 0x4, 0x8, 0x9, 0x1]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x0, 0x0, 0xb618, 0x2, 0x8, 0xffffffff}, {0x3, 0x2, 0xdbd, 0x2, 0x4, 0xc02a}, 0x8, 0x53a8953e, 0x2, 0x6, 0x200}}, @TCA_HTB_PARMS={0x30, 0x1, {{0x5, 0x1, 0x0, 0x6a0, 0x80, 0x8}, {0x1, 0x0, 0x5, 0x1, 0xffc0, 0x50}, 0x5, 0x556, 0x8, 0xb7, 0x72c6}}, @TCA_HTB_PARMS={0x30, 0x1, {{0x3, 0x2, 0x6, 0x8, 0x2ad7, 0xfff}, {0x8, 0x2, 0x0, 0x7, 0xfff, 0x9}, 0x6, 0xd3, 0x4, 0x10000, 0x6}}, @TCA_HTB_RTAB={0x404, 0x4, [0x2, 0x0, 0xe5, 0x6, 0x5, 0x0, 0xf6f3, 0x3, 0x4, 0xfffffff7, 0xa, 0x5, 0x7, 0x4, 0x80, 0x9, 0x4, 0x8e, 0x200, 0x0, 0x7ff, 0x5, 0x227, 0x2, 0x8, 0x3ff, 0x5, 0x6, 0x10000, 0x6, 0x2, 0x800, 0xfffffff7, 0x53b, 0x3, 0x4e7, 0x0, 0x80, 0x7, 0x7, 0x4, 0x0, 0xfffff800, 0x2, 0x4, 0x0, 0x8, 0x0, 0x7, 0x7fff, 0x200, 0x80, 0x3, 0x6, 0x4, 0x957f, 0xffff, 0x66c, 0x8, 0x7, 0x0, 0x49cc5ad4, 0x1, 0x9, 0x8000, 0x6, 0x6, 0x0, 0x0, 0xc981, 0x2a00, 0x2, 0x1b37, 0x4, 0x1800, 0x1, 0xdab, 0x6, 0x6, 0xebb, 0x2, 0x10000, 0x100, 0xc34, 0x7, 0x596, 0x8, 0x9, 0xa60, 0xa, 0x7, 0x1, 0x6, 0x7, 0x5, 0x1, 0x4, 0x1a, 0x8, 0x0, 0x4, 0x8b, 0x9, 0x4, 0x3, 0xb, 0x1, 0x7, 0x7f, 0xfffffff8, 0x80000001, 0x800, 0x8000, 0x3, 0x7, 0x10001, 0x6, 0x4, 0x1, 0x7, 0x4, 0x1, 0x80000000, 0x200, 0x4, 0x200, 0x6, 0xff, 0x1000000, 0x8, 0x5, 0x9, 0x8, 0x4, 0x8, 0x200, 0x1, 0x2, 0x0, 0xfffffff7, 0x4, 0x0, 0x7, 0xfffffffb, 0x0, 0x2, 0xdd6, 0x9, 0x3, 0x1, 0xeb53, 0xe, 0x5, 0x9, 0x5, 0x0, 0xe2, 0x0, 0x3, 0x9, 0x4, 0x2, 0x7fff, 0x80, 0xff, 0xe5, 0x7, 0x4, 0x7, 0x401, 0x1, 0x7, 0x80, 0x4, 0x0, 0x7, 0x6, 0x6, 0xfffffb5a, 0x3, 0x10000, 0x3b82, 0xe, 0x0, 0x1ff, 0xd, 0x1, 0x3, 0x8d, 0x3d6, 0x3ff, 0x6, 0x1, 0x0, 0x3ec89dac, 0x5, 0x1, 0x8, 0x4, 0x0, 0x371, 0x6, 0xb, 0xfffffffa, 0x9, 0x3, 0xcd13, 0xcd1e, 0x7, 0x4, 0x1, 0x0, 0xffffffc5, 0x170, 0x0, 0x9, 0xd, 0xfffffffd, 0x7ff, 0x1, 0x2, 0xfffffff7, 0x1ff, 0x40, 0x2, 0xa8, 0x18, 0x5, 0x7, 0x4, 0x401, 0x5, 0x7fffffff, 0x7, 0x7fffffff, 0xa, 0x3ac2, 0xa7f, 0x8, 0x5, 0x4, 0x9, 0x2ad, 0x0, 0x7, 0x0, 0xc, 0xffff3ae6, 0x8, 0x2, 0xf, 0x5f8, 0xb2f, 0x8, 0x5, 0x2]}, @TCA_HTB_RTAB={0x404, 0x4, [0x0, 0xc3, 0x99, 0x149, 0x9, 0x6, 0x3, 0xffff, 0xdf8, 0x9, 0x0, 0x81, 0xac9, 0xffff, 0x9, 0x7, 0x82e, 0x3, 0x6, 0x6, 0x1, 0x4, 0x7ff, 0x3a, 0x7, 0xb1, 0xc204, 0x6, 0x620, 0x80, 0xfffffff8, 0x10, 0x5, 0x80000000, 0xc, 0x101, 0x6, 0x4, 0x1, 0x1, 0x4, 0x401, 0x9, 0x39, 0x2, 0xffffffff, 0x10001, 0x401, 0x4, 0x81, 0x9, 0x77, 0x8, 0x8, 0x9, 0x8, 0x5, 0x5, 0x31, 0xab, 0x7, 0xffff, 0x4d50, 0x3, 0x10001, 0x2, 0x7, 0x6dfe78fa, 0x10000256, 0x40, 0x1, 0x9, 0x0, 0x1, 0x129, 0xc, 0x9, 0x2, 0x3, 0x9, 0x5, 0x2, 0x7, 0x7, 0x4, 0x6, 0x5, 0x7, 0x7, 0x8, 0x4, 0x0, 0x2, 0x3, 0xe9, 0x9, 0x8, 0xffffffff, 0x1, 0xd, 0x3, 0x7, 0x1, 0x8, 0x5, 0x9, 0x7, 0x62, 0x5, 0x2, 0xffff8001, 0xfffffff5, 0x2, 0x1c5, 0x7, 0x6, 0x8, 0x4, 0x898, 0x70, 0x0, 0x800, 0xb, 0x7, 0x101, 0x400, 0xfd, 0x9d2, 0x78e, 0xfffffff9, 0x9, 0x31c6, 0x82, 0x8, 0x0, 0x4, 0x0, 0x800, 0xfffffffe, 0xecd, 0x8, 0x81, 0x1ff, 0x6, 0x12ff, 0x2, 0xeb30, 0x8, 0x5, 0x76, 0x4, 0x5, 0x523da8c6, 0x3ed, 0x6, 0x56aecdeb, 0x80, 0x1, 0x9, 0x7, 0x1, 0x0, 0x2, 0x200, 0x8, 0x9, 0xfff, 0x9, 0x3, 0x6, 0x251, 0x10001, 0x80000000, 0x6, 0x4, 0xc, 0xd, 0x4, 0x401, 0xd, 0x0, 0x1, 0x24000000, 0x6, 0x800, 0xfff, 0x8, 0xc9, 0x23, 0x81, 0x7fffffff, 0xe75, 0xfffff8c6, 0x6f, 0xfe000000, 0x9, 0x6, 0x3, 0xffffffff, 0x7, 0xa, 0x7, 0x5, 0x1, 0xfff, 0x3, 0x5, 0x5, 0xfa64, 0x4, 0x3, 0x1, 0x1, 0xa1a7, 0x800, 0x80, 0x4, 0x401, 0xf2, 0xfffffffa, 0x0, 0x7, 0x2, 0x87, 0x7, 0x1, 0x2, 0x3, 0x0, 0x5, 0x81, 0x4, 0x3, 0x2, 0x400, 0x7, 0x7, 0xfffff000, 0xc6, 0x400, 0x2, 0x1, 0x9, 0x9, 0xd8d, 0x0, 0x0, 0x8, 0x98e2, 0x1, 0xfffffffe, 0x8, 0x6, 0x1, 0x65, 0x4]}, @TCA_HTB_RTAB={0x404, 0x4, [0xfff, 0xfffffff7, 0x3, 0x2, 0x5, 0x604, 0x80000000, 0xffff, 0x92f6, 0x5, 0x4, 0xe1, 0xf, 0xfffffffd, 0x4, 0x10, 0xfffffffa, 0x4, 0x9, 0x7, 0x1000, 0x80, 0x7, 0x8f, 0x7ff, 0x45ef, 0x9, 0xd25, 0x9, 0xdf6, 0x80, 0x52, 0x4000000, 0xfff, 0x7fffffff, 0x3, 0x7, 0xcb, 0x97, 0x100, 0x4, 0x1, 0x5, 0x45a0, 0x1, 0x401, 0x9, 0x6, 0x1c0d, 0x0, 0xa, 0x1, 0x8f4, 0x2, 0x0, 0x0, 0xc0b3, 0x7, 0x5, 0x2, 0x5, 0x6, 0x1, 0x7fff, 0x8, 0x3, 0x1, 0x37b, 0x2, 0x1000, 0x1000, 0x4, 0x4, 0x8, 0x9, 0x3, 0x0, 0xfffffffd, 0x8, 0x9, 0xdb79, 0x601, 0x0, 0x5, 0x6, 0xfffffffb, 0x7, 0x800, 0x3, 0x8ac, 0x9, 0x6, 0x2, 0x7, 0x7f, 0x0, 0x762, 0x9, 0x8, 0x9, 0x5, 0x4, 0x40, 0x8, 0x3, 0x6, 0x7, 0x9b, 0x8, 0x3ff, 0x80000001, 0xa, 0x7, 0x6, 0x5, 0x9, 0x6, 0x8, 0x2, 0x80, 0x0, 0x5, 0xb, 0x5, 0x1, 0x200, 0x7, 0x4, 0x8, 0x6, 0x5, 0xdd, 0x9, 0xf, 0x3, 0x8, 0x2, 0x6e85e5ac, 0x9, 0x7, 0x7a, 0x7f, 0x90, 0x4, 0x5, 0x401, 0x1, 0x8, 0x2, 0xffffff7f, 0x6e7, 0x9, 0x9, 0x9, 0x7ff, 0x2, 0x7f, 0x400000, 0x6, 0x40, 0x0, 0x4, 0x8, 0x0, 0x6653, 0x2, 0x4, 0x0, 0x5, 0xfffffd36, 0x62, 0x7, 0xffffffa0, 0xfff, 0x1000, 0x20000000, 0xff, 0xcc78, 0x0, 0xfff, 0x100, 0x8, 0x2, 0x4, 0x2, 0x324, 0x2, 0x100, 0x7, 0x1000, 0x80, 0x7, 0xa02a, 0xfffffffc, 0x8, 0x80000001, 0xd7, 0xfffffff9, 0x1, 0x0, 0x7fffffff, 0x401, 0x2, 0x52d8fab, 0x1270, 0x8, 0x6, 0xc, 0x100, 0x41, 0x4000000, 0x4, 0x5, 0x5, 0x400, 0x9, 0xe, 0x9, 0x9, 0xfffffffb, 0x7, 0x2, 0x4, 0x3, 0x4, 0x2d3, 0x1, 0x3, 0xba9, 0x200, 0x1, 0x8, 0x4, 0x7, 0x5, 0x80000001, 0x6, 0x4, 0x8, 0x1, 0xffffffff, 0x5, 0x2, 0x7fffffff, 0xb1, 0x7, 0x7, 0xd, 0x80000001, 0xfffffffc, 0x9, 0x7, 0x800, 0x5f17, 0x8, 0x4]}]}}, @tclass_kind_options=@c_ingress={0xc}, @tclass_kind_options=@c_red={0x8}]}, 0x110c}, 0x1, 0x0, 0x0, 0x4008880}, 0x20000080)
r2 = socket(0x10, 0x803, 0x0)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r3, &(0x7f00003aa000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000040)="0f0666b9d00400000f32dc0466b9800000c00f326635001000000f30660f38809702000f55c7660f72f5eeb8ec028ed0ba4000ec260f1c02", 0x38}], 0x1, 0x62, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r5, 0x4048ae9b, &(0x7f0000000080)={0xc0003, 0x0, {[0xffffffffffffffff, 0x81, 0x83, 0x2, 0x3, 0x6, 0x3, 0x4]}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad", 0x1)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x801}], 0x1, 0x800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
setxattr$incfs_id(&(0x7f00000006c0)='./cgroup\x00', &(0x7f0000000700), &(0x7f0000000780)={'0000000000000000000000000000000', 0x32}, 0x20, 0x1)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f00000014c0)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x398, 0x2a0, 0xffffffff, 0xe0, 0x188, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x20}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'pim6reg\x00', {0xff}}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

8m24.485150171s ago: executing program 3 (id=594):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x10, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x1)
fchdir(r2)

8m24.398628561s ago: executing program 32 (id=594):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace(0x10, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x1)
fchdir(r2)

4m36.123200682s ago: executing program 4 (id=1750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x3, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x61800, 0x30, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2, r1}, 0xc)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r3)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r3, &(0x7f0000000540)={0x0, 0x3e, &(0x7f0000000040)={&(0x7f00000001c0)={0x14, r4, 0x72b}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4)
bind$ax25(r5, &(0x7f0000000100)={{0x3, @default, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48)
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
sched_setaffinity(r6, 0x8, &(0x7f0000000000)=0x1)
connect$ax25(r5, &(0x7f0000000080)={{0x3, @bcast, 0x8}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast]}, 0x48)

4m35.961418109s ago: executing program 4 (id=1751):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
r1 = syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0xc0305720, &(0x7f0000000080))
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000500000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6939fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a34b8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8f23e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae0000c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c31082ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a3d19c158a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b884057aeb68f3d675a79907a72ace70902459f6950a06a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbd488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc816df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d044fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c52be71d780c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f9863800f127d6b4518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c104fe52837a19dd6952fe2724c0105ab158a54a6a73000000000000000000"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000ac0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000b40)="b9e403c6631eb9d8394d5aa00000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)

4m35.543019306s ago: executing program 4 (id=1756):
r0 = socket$igmp(0x2, 0x3, 0x2) (async)
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, &(0x7f0000000080)={0x2, 0xffffffff, @a}, 0x48, 0xffffffffffffffff)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x70, 0xfffff9, 0x90, [0x0, 0x0, 0x0, 0x0, 0x80000100, 0x80000130], 0x0, 0x0, 0x0}, 0xe0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x621c2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x60000004})
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r2, 0x408c5333, &(0x7f0000000100)={0x5, 0x1, 0x0, 'queue1\x00', 0x2})

4m35.151431706s ago: executing program 4 (id=1758):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="480000001100010025bd7000fbdbdf25fc010000000000000000110000000001000004d50a006c00"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x7, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xf}]}, 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x800)

4m34.962742382s ago: executing program 4 (id=1759):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x92, 0x5, 0x6, 0x4}, 0x3a, [0x8000, 0x2c95a, 0xf, 0x8, 0x80, 0x1, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x5, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0x800, 0x4, 0x4, 0x7, 0x3, 0x9, 0x4c75, 0x80000000, 0x2, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x40017, 0x0, 0x7, 0x5, 0x3e, 0x3, 0x6, 0xffff, 0x0, 0x6, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x9, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0x40c8, 0xf9, 0xe, 0x82c0, 0x6c7, 0x8, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0x0, 0xb94, 0x7, 0x7fff, 0x1c000, 0x3fe, 0x403, 0x200006, 0x1, 0x9, 0x5, 0x1000005, 0x5f31, 0x2d, 0x4e4, 0x5, 0x4, 0xb, 0x2000004, 0x9, 0x80000001, 0x9, 0x6, 0x47, 0x8200, 0x1, 0xfe000000, 0x8, 0xffffffff, 0x4, 0x4, 0x3, 0x50, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x407, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xa2, 0x8000, 0x0, 0x5, 0xb, 0x5, 0x5, 0x5, 0x4000000, 0x1eb, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xfffffffe, 0x3, 0x20000008, 0x8000004, 0x6d01, 0x2, 0x38, 0x800083, 0x200, 0x80, 0x3, 0x8000004, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4005, 0x6, 0x6, 0xca, 0x1ff, 0x3, 0x7ff, 0xbe, 0x4, 0x7, 0xe, 0x0, 0x5, 0x1c, 0x8, 0x4, 0x8, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x6, 0xb, 0x5, 0x2, 0x5, 0x3, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x9, 0x1, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0xfffffffe, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xffffffd9, 0xfffff000, 0x10010000, 0x0, 0x7e, 0x9, 0x9602, 0x40007, 0xaf, 0x5, 0x6, 0x227, 0x2, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf3c, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0x2000d7, 0x201, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0})

4m34.802815587s ago: executing program 4 (id=1761):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, 0x0, 0x0) (async)
write$char_usb(r2, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x478, 0x0, 0x4c, 0x1a, 0x2b4, 0x73, 0x3b0, 0x258, 0x258, 0x3b0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x284, 0x2b4, 0x0, {}, [@common=@inet=@policy={{0x154}, {[{@ipv6=@private0, [0xffffffff, 0xff, 0xffffff00, 0xffffff00], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0x0, 0xffffffff, 0xff], 0x4d5, 0x3501, 0x4, 0x1, 0x15, 0x8}, {@ipv4=@empty, [0xffffffff, 0xffffff00, 0xff, 0xff], @ipv4=@dev={0xac, 0x14, 0x14, 0x22}, [0xff000000, 0xffffff00, 0xffffffff, 0xff000000], 0x4d5, 0x3505, 0x73, 0x0, 0x8, 0x8}, {@ipv4=@remote, [0xff000000, 0x0, 0x0, 0xffffffff], @ipv6=@mcast2, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], 0x4d2, 0x3501, 0x3a, 0x0, 0x1}, {@ipv4=@private=0xa010102, [0xff, 0xff000000, 0xff, 0xff000000], @ipv6=@mcast1, [0xff000000, 0xffffffff, 0xffffffff], 0x4d2, 0x0, 0x2c, 0x1, 0x10}], 0x8, 0x4}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0xfc, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@icmp6={{0x24}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4d4) (async)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x478, 0x0, 0x4c, 0x1a, 0x2b4, 0x73, 0x3b0, 0x258, 0x258, 0x3b0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x284, 0x2b4, 0x0, {}, [@common=@inet=@policy={{0x154}, {[{@ipv6=@private0, [0xffffffff, 0xff, 0xffffff00, 0xffffff00], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0x0, 0xffffffff, 0xff], 0x4d5, 0x3501, 0x4, 0x1, 0x15, 0x8}, {@ipv4=@empty, [0xffffffff, 0xffffff00, 0xff, 0xff], @ipv4=@dev={0xac, 0x14, 0x14, 0x22}, [0xff000000, 0xffffff00, 0xffffffff, 0xff000000], 0x4d5, 0x3505, 0x73, 0x0, 0x8, 0x8}, {@ipv4=@remote, [0xff000000, 0x0, 0x0, 0xffffffff], @ipv6=@mcast2, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], 0x4d2, 0x3501, 0x3a, 0x0, 0x1}, {@ipv4=@private=0xa010102, [0xff, 0xff000000, 0xff, 0xff000000], @ipv6=@mcast1, [0xff000000, 0xffffffff, 0xffffffff], 0x4d2, 0x0, 0x2c, 0x1, 0x10}], 0x8, 0x4}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0xfc, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@icmp6={{0x24}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4d4)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x0, 0x1, 0x100000}, 0x20)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

4m19.773896301s ago: executing program 33 (id=1761):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, 0x0, 0x0) (async)
write$char_usb(r2, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x478, 0x0, 0x4c, 0x1a, 0x2b4, 0x73, 0x3b0, 0x258, 0x258, 0x3b0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x284, 0x2b4, 0x0, {}, [@common=@inet=@policy={{0x154}, {[{@ipv6=@private0, [0xffffffff, 0xff, 0xffffff00, 0xffffff00], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0x0, 0xffffffff, 0xff], 0x4d5, 0x3501, 0x4, 0x1, 0x15, 0x8}, {@ipv4=@empty, [0xffffffff, 0xffffff00, 0xff, 0xff], @ipv4=@dev={0xac, 0x14, 0x14, 0x22}, [0xff000000, 0xffffff00, 0xffffffff, 0xff000000], 0x4d5, 0x3505, 0x73, 0x0, 0x8, 0x8}, {@ipv4=@remote, [0xff000000, 0x0, 0x0, 0xffffffff], @ipv6=@mcast2, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], 0x4d2, 0x3501, 0x3a, 0x0, 0x1}, {@ipv4=@private=0xa010102, [0xff, 0xff000000, 0xff, 0xff000000], @ipv6=@mcast1, [0xff000000, 0xffffffff, 0xffffffff], 0x4d2, 0x0, 0x2c, 0x1, 0x10}], 0x8, 0x4}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0xfc, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@icmp6={{0x24}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4d4) (async)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x478, 0x0, 0x4c, 0x1a, 0x2b4, 0x73, 0x3b0, 0x258, 0x258, 0x3b0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x284, 0x2b4, 0x0, {}, [@common=@inet=@policy={{0x154}, {[{@ipv6=@private0, [0xffffffff, 0xff, 0xffffff00, 0xffffff00], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0x0, 0xffffffff, 0xff], 0x4d5, 0x3501, 0x4, 0x1, 0x15, 0x8}, {@ipv4=@empty, [0xffffffff, 0xffffff00, 0xff, 0xff], @ipv4=@dev={0xac, 0x14, 0x14, 0x22}, [0xff000000, 0xffffff00, 0xffffffff, 0xff000000], 0x4d5, 0x3505, 0x73, 0x0, 0x8, 0x8}, {@ipv4=@remote, [0xff000000, 0x0, 0x0, 0xffffffff], @ipv6=@mcast2, [0xff000000, 0xffffff00, 0xffffff00, 0xffffffff], 0x4d2, 0x3501, 0x3a, 0x0, 0x1}, {@ipv4=@private=0xa010102, [0xff, 0xff000000, 0xff, 0xff000000], @ipv6=@mcast1, [0xff000000, 0xffffffff, 0xffffffff], 0x4d2, 0x0, 0x2c, 0x1, 0x10}], 0x8, 0x4}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0xfc, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev, [], [0x0, 0x0, 0xffffff00]}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xc8, 0xfc, 0x0, {}, [@common=@icmp6={{0x24}, {0x0, "e1f6"}}]}, @common=@inet=@SET3={0x34}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4d4)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x9000, &(0x7f0000000200)={0x0, 0x1, 0x100000}, 0x20)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

9.60181718s ago: executing program 2 (id=2886):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x14, 0x7, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}}, 0x14}, 0x1, 0x3f000000, 0x0, 0x20004055}, 0x48000)

9.525937316s ago: executing program 2 (id=2887):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x18, 0x6, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x80ffffff}, [@jmp={0x5, 0x0, 0x849aee721dcc84be, 0x0, 0x0, 0x2}, @jmp={0x5, 0x0, 0xa2cc39c635ab99fe, 0x0, 0x0, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x301, 0x2}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xca20}, 0x94)

9.525361409s ago: executing program 2 (id=2888):
capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffff9, 0x2})
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
chdir(&(0x7f0000000140)='./file1\x00')

9.434952994s ago: executing program 2 (id=2889):
r0 = epoll_create1(0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc01c5869, &(0x7f00000001c0)={<r1=>r0, &(0x7f0000000000)='&&\x00', 0x2000, &(0x7f0000000040)={@align=0x7, {0x101, 0x5, 0x1, 0x9271}}, 0x8, &(0x7f0000000080)={@_ha_fsid}, &(0x7f0000000180)=0x9})
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_smc(0x2b, 0x1, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x0, 0xc, 0x9, 0xff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x800)
semget$private(0x0, 0x4000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
setitimer(0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000003d09000325bd7001f8f7ffff0600000097c0227ce4f24eb7ea7f4fbc1544ef40d48d6215ee32891eb8c8e41c8633e164c895c843ae8fa521820b49b535aac5549cc54b8bfa5dd3c6746683171e2f1bb25b054346b921b32a3f49508c15423fbf5378ee694df02a39fc840d8302e3af04ba665bfb73f2fac5138b8278d781e5612464b2f9e932ee0bfc9ca12b6c813c8c7835ebab1a0883f5fa66c8a5519959fbceaf7a6c1529e73bad075d505b61f9a36eff4b4baf2717db40cd6f23dbc15b93f4608dd0d6426573570dd635d15ad9f7ed772c4d5e8604a9b31a591437a67929f10eceb8e9c9a4ed5ceb9a831f3557881c507d47573dbee247e09d6d34cd45630a5a5fdfe32b236728eb6e11def482bfbd5d31a4d43be066"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000740))
write$UHID_INPUT(r2, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153bdf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
shutdown(0xffffffffffffffff, 0x1)
setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f00000003c0)={0x1, {{0xa, 0x4e23, 0x8caa, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}}}, 0x84)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, &(0x7f0000000140))
open$dir(&(0x7f0000000300)='./file0\x00', 0x600000, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000000000)={0x3fffffffffffff69, &(0x7f0000001ac0)=[{0x0, 0x1000}]})
connect$unix(r1, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/wakeup_count', 0x141000, 0x20)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r6, &(0x7f0000000200)={0xa000000a})
r7 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000108c0d220000000000000109022400010000000009040000ee03ffff000921050000012205000905810300023609ee"], 0x0)
syz_usb_control_io(r7, 0x0, 0x0)

6.427313335s ago: executing program 2 (id=2899):
openat$incfs(0xffffffffffffff9c, &(0x7f0000000040)='.pending_reads\x00', 0x200, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x2000000000000013, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x6, 0xb4, &(0x7f00000003c0)=""/180, 0x41000, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x0, 0x0})
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(0xffffffffffffffff, 0x40146f2c, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = mq_open(0x0, 0xc3, 0x48, 0x0)
mq_timedreceive(r0, 0x0, 0xfffffffffffffee3, 0x1, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)

5.597953441s ago: executing program 1 (id=2903):
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)={0x118, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x3a}}}}, [@NL80211_ATTR_IE={0xbd, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x2, 0x3}}, @gcr_ga={0xbd, 0x6, @broadcast}, @random={0x2, 0x9e, "40618851f88c2b4398a6d1b60645cbc0ffe949c3552cb2a42efd7b91e0d10b040c9c5755e580f35f74eb9f9c5d3953a5d91c35eefb780156fd37f72aa77c99db1ee3902fc617a4e540d01f520b6dc37a93a0cf68af084117622921dc93111ad37926adc558efb3dc82651560b3334d1d729748bf5de8ea39d36fbe7dc78a708b9c3e2ca3fbc3c6522ba71a1bf8e3d8e10432e4afe0660541739df4406443"}, @mesh_id={0x72, 0x3}]}, @NL80211_ATTR_IE={0x2e, 0x2a, [@cf={0x4, 0x6, {0x3, 0xfe, 0x8, 0xb}}, @chsw_timing={0x68, 0x4, {0x86, 0xb3}}, @ht={0x2d, 0x1a, {0x800, 0x1, 0x0, 0x0, {0x0, 0x1, 0x0, 0x5, 0x0, 0x1, 0x1}, 0x1, 0x3, 0xb}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x8811}, 0x40)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000002840)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000040)="9f", 0x1}], 0x1}}, {{&(0x7f0000000200)={0xa, 0x4e20, 0xb, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}, 0x1c, &(0x7f0000001700)=[{&(0x7f0000000440)="8b", 0x1}], 0x1}}], 0x2, 0x44804)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x5})
shutdown(r0, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES16=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.447119743s ago: executing program 1 (id=2904):
r0 = syz_io_uring_setup(0x4b2, &(0x7f0000000100)={0x0, 0xffffffff, 0x40, 0x0, 0x162}, &(0x7f0000ff0000), &(0x7f0000000000))
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newqdisc={0x338, 0x24, 0x200, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffeb, 0xb}, {0xfff1, 0x8}}, [@TCA_STAB={0xc8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x89, 0x1, 0x2, 0x7, 0x2, 0xc, 0x7, 0x4}}, {0xc, 0x2, [0x2, 0x200, 0x8, 0x2]}}, {{0x1c, 0x1, {0x23, 0xff, 0x3, 0x280, 0x1, 0x800, 0x8, 0x8}}, {0x14, 0x2, [0x400, 0xff, 0x400, 0x15, 0xf1df, 0x4, 0x2, 0xff]}}, {{0x1c, 0x1, {0x0, 0x50, 0x3, 0x2, 0x2, 0xc2, 0xffffffff, 0x2}}, {0x8, 0x2, [0x7f, 0x200]}}, {{0x1c, 0x1, {0xc, 0x4, 0xfff, 0xffffff80, 0x1, 0x7ff, 0x2, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x7, 0x1, 0xcb, 0xc000000, 0x2, 0x4, 0x4, 0x2}}, {0x8, 0x2, [0x0, 0x1000]}}]}, @qdisc_kind_options=@q_gred={{0x9}, {0x110, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "1cef627e9e155a911457d6ebb73b1f9b8d92b56a221b51a9b7b69a9ac3556bfd6c650114fc312e509f346f1b48e977e0be7d582748bb466332b7cda1d78c30c1aac63de9ed800fd0cb7c4ce43c5a6137b2c871bfc34826695deefd7d0473312add048c5d7ffa22b25e3ae4796df91ccd543868798b16ca5548c5cc6799ebca9426fa62f3ef7ada6f4d1e23386799da57ba8ebece5a7ea05975a520dc96876b0926cb2d811c4fcdaae891f8a62463192447471e921c3d3496dbd08ce6c0c475a94865f5f41c93d283dd41428028732aee0ce9db4f3b985e9e4c4e38783b4abe511ea1e6e34562417db42eea098a535b36883482f4833cc756682dfabfc42b86fe"}, @TCA_GRED_MAX_P={0x8, 0x4, 0x940}]}}, @TCA_STAB={0x130, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x2, 0x7, 0x2, 0xb, 0x6, 0x3}}, {0xa, 0x2, [0x6, 0x401, 0x7fff]}}, {{0x1c, 0x1, {0x40, 0x7, 0x2, 0xfffffff7, 0x1, 0x800, 0x7, 0x2}}, {0x8, 0x2, [0x8, 0x6]}}, {{0x1c, 0x1, {0x2, 0x9, 0x7fff, 0x8, 0x2, 0x1, 0x7e, 0x7}}, {0x12, 0x2, [0x9, 0x4, 0x0, 0x0, 0x8001, 0x800, 0xa]}}, {{0x1c, 0x1, {0x0, 0x7, 0x4, 0x2, 0x2, 0xdf, 0x0, 0x7}}, {0x12, 0x2, [0xfff, 0x6, 0x0, 0x3, 0x6, 0x101, 0x3]}}, {{0x1c, 0x1, {0x38, 0x6, 0x9, 0x7, 0x0, 0x8, 0x2, 0x4}}, {0xc, 0x2, [0x8000, 0xfeff, 0x8, 0x8]}}, {{0x1c, 0x1, {0x4, 0x0, 0x0, 0x1ff, 0x0, 0x200, 0xffff, 0x8}}, {0x14, 0x2, [0x0, 0x5, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0]}}, {{0x1c, 0x1, {0x7, 0x66, 0x1, 0x9, 0x1, 0xe, 0x2, 0x3}}, {0xa, 0x2, [0x10, 0x4, 0x0]}}]}]}, 0x338}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, 0x0, 0x40010)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='map_files\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
read$FUSE(r4, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)=""/14, 0xe}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000040)=""/6, 0x6}], 0x0, 0x2}, 0x20)

5.440975821s ago: executing program 0 (id=2905):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fa01ffff00000000010000008500000041000000850000007d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.257449282s ago: executing program 0 (id=2906):
r0 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x7a09, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0)

5.188590355s ago: executing program 0 (id=2907):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa0, 0x30, 0x1, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_ct={0x40, 0x2, 0x0, 0x0, {{0x7}, {0x18, 0x2, 0x0, 0x1, [@TCA_CT_LABELS={0x14, 0x7, "a44b0d682abd28b5af4e1a6a05008440"}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}, 0x8002}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000540)={'gre0\x00', <r0=>0x0, 0x20, 0x7800, 0x6, 0x2, {{0x7, 0x4, 0x3, 0x8, 0x1c, 0x64, 0x0, 0x9, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@rr={0x7, 0x7, 0x8f, [@dev={0xac, 0x14, 0x14, 0x3c}]}]}}}}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000640)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000680)=0x14)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000740)=[0x0], 0x0, 0x41, &(0x7f0000000780)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0xcb, 0x8, 0x8, &(0x7f0000000840)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000a40)={'syztnl2\x00', &(0x7f00000009c0)={'syztnl1\x00', <r3=>0x0, 0x2f, 0x6, 0x0, 0x4, 0x6e, @dev={0xfe, 0x80, '\x00', 0x10}, @mcast2, 0x7, 0x700, 0x3, 0x3}})
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000d80)={&(0x7f0000000a80)={0x2d4, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}]}]}, 0x2d4}, 0x1, 0x0, 0x0, 0x44000}, 0x4c000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x127)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r6, &(0x7f00000005c0)=[{&(0x7f0000000080)='/', 0x1}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
syz_open_procfs(r7, &(0x7f0000000180)='schedstat\x00')
r8 = socket$nl_route(0x10, 0x3, 0x0)
openat$ttynull(0xffffff9c, &(0x7f0000002080), 0x100, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$FUSE(r9, &(0x7f0000000040)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r10=>0x0})
r11 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000000000280471", @ANYRES32=0x0, @ANYBLOB="45000000015001001800128008000100677470000c00028008000100", @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r10, @ANYBLOB], 0x40}}, 0x0)
ioctl$FS_IOC_FSSETXATTR(r8, 0x401c5820, &(0x7f0000000000)={0x2, 0x40000, 0x401, 0x4, 0x6})

4.448326781s ago: executing program 1 (id=2911):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffeae, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c1100003e00dcdf2503", @ANYRES16=r0], 0x113c}}, 0x0)
socket(0x1d, 0x2, 0x6)
syz_io_uring_setup(0x4aeb, &(0x7f0000000200)={0x0, 0xaee2, 0x2000, 0x2, 0x18}, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00')
setuid(0xee01)
r3 = socket(0x15, 0x3, 0x1)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@mpls_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x10, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1000}}, 0x1c}}, 0x4090)
open_by_handle_at(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000000", @ANYRES64=r1], 0x0)

4.331167754s ago: executing program 1 (id=2912):
r0 = syz_open_dev$video4linux(&(0x7f0000000500), 0x69, 0x0)
ioctl$VIDIOC_G_EDID(r0, 0xc0245628, &(0x7f0000000300)={0x0, 0x8c, 0x4, '\x00', &(0x7f0000000180)=0xe})
socket$can_raw(0x1d, 0x3, 0x1)
r1 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r1, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0x8})

4.166438839s ago: executing program 1 (id=2914):
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x286c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x2814, 0x3, 0x0, 0x1, [{0x2a4, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x34, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x8000000000000003}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_KEY={0xa0, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VALUE={0x7f, 0x1, "b5f4e109a90a96f16175a7a0817a5d1e1096d38820a87c779343a4c8b07d73bbfa12115a973e5de20051c9618f918d3e939af3898b1c7237ba84609335e14c3f401ebeddfb866fb7bd691393afd06394169fd26a2282f38f8837b7a0cd40acd266dbe0a03749aa00ee641950c2171ef24a321d2b47df54d0fede04"}]}, @NFTA_SET_ELEM_KEY={0x160, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0xbf, 0x1, "112d9ac5ecdb20fa37d625306bdf37798d1cec39520873b85eef886fb4d85b00d2d60021ab4abb1a86b4a1c2d1ddee314b8fe3be76794066921925dc7aa9634f590535867b88704d968df7952d5b1829f194050b41b44fabb8b5e5bc4f54d09b44c916ea6657d96a6df0c17842fdce36d05e354c77ddbb9ca2d293798e1ae7e98f0bf7f76b3c64708646880c706a50f18bc1425e2b52a7302b4b03f75fa8b06336c020096b3638727a55225e20a8c9a0ca36a22d44ef27ef89955a"}, @NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x46, 0x1, "a2cc573def269328961aa63112748c3b36534739bca0c1a07f183ca6775ca0dc860417c4633dac51d1c921da81a1c7d5f8e38b9054d82412f0dac32ecb3d994ab4db"}]}, @NFTA_SET_ELEM_KEY={0x64, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x45, 0x1, "960ad146baa5cca631d0e3c24448c2b67200044a7f83d27ce92d76f8dc371785daa4aca4db4a382310cbd6f15d4acb214782ad2e9e8a6687857fac1e8508ed9b4e"}, @NFTA_DATA_VALUE={0x17, 0x1, "ac97936f733fc70ebdf626f2909cac625b745d"}]}]}, {0x280, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xf4, 0x6, 0x1, 0x0, "9eb0ff8d4eb6aaceca092d88a83f13950c72956f45c8ad0b6949165e48754a92acc764842c38db5bc193e24bd3f759ac031071c86e571f6465d20d79960cac8f24ac0ab5a814c89ad4030a7013f01adbccf16daccdde8cd86cf3cfadc44e4acd775e4bc8645b5204784f6ddb6d9df23aab04dbf0422f5b99c18ebd08cde46c94621cb0dfe5bdce2ea8d634364a9f9dbeee9e11ed10d4fb04f06e042aeb54c916d9a6ec9830730126ca05bfa9a2bb78a3a7537b2e7d5fce775834d2e238b0ce6260a8a3f03942c930aab71f55072ba33d5897465e61aae15819ddb00946c77cfb8c90c1616d30c0a3800a717cef79e9dc"}, @NFTA_SET_ELEM_KEY={0x10, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x9}, @NFTA_SET_ELEM_USERDATA={0xa1, 0x6, 0x1, 0x0, "97d899cbd5d86b9ee71676f4f90e60a9bf0eacab0ab2b6339abd9fb2317e20b48b1574c28f4e305560ef5de0b4bf3c85321232226c4a74b6c693fb29dde652023fedb89b18c89bb5bcfcba373f1c421b9b7cdf68cf8c33db062f0522d3d46a8b26d737a0b2e112e3a182670292b2b199ad42264e943e848fe35b4051b37a3bee9de16dae251806bc1f16542a4f013310d0812944f0a9013d073f618575"}, @NFTA_SET_ELEM_KEY={0x5c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x1d, 0x1, "6547d2946a24d62a1834bbd7f9fd140c0eb1796c1213c46bf8"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_USERDATA={0x6c, 0x6, 0x1, 0x0, "7986bde18474050518223f215055858923ef0411421b377f87642158439e22297261cb5ca85771b0513877cf36edb1e0843c3a7126b14b1e4fbb92dac11c4901057c3ec9f4e714dbaa7e014ea88a5d0afb85a9c6a08933a16411c7711497f0b7073f0a60e467b7b5"}]}, {0x4}, {0xc8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xe}, @NFTA_SET_ELEM_KEY={0xac, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VALUE={0x35, 0x1, "e6af94128060aad565db8c6783df45b4c350fc0d279eda8415e969bbffbbeb5857c5fd3e3b6a905b3ded5cdbc8d3382356"}]}]}, {0x18cc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x154, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x98, 0x1, "e2d08323ba42b0492eb61022d4f7116d684789f5544832054c0331af9c61e10dd350004c0aad9676a92d561fdab971fa4150c7e872be2cca25c2601a731b46cc99371933e9fa6e5821a0ee0247c8452451fa60d8a468c11f653975e68c35091523aad9ba92b1db0a56c6fed06da8896d3d719a4d83f856426f13d856f5a2204cceaae73617dcd8789fe354f24849064ea765ad14"}, @NFTA_DATA_VERDICT={0x3c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_SET_ELEM_KEY={0x2a4, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0xe9, 0x1, "af4a3fdea82e89b922fb300251ac3216380c72477f47d24d61a163b58ab7433f31dcad4a2106b91f04800db42c014bb8e84c1fbb5ac7b30e4264ef774b09ce55e8b66e323df6fe2371eeeb304b9c2ab2f34d875caf00cfe424d231d3d18586595cb1567f2c866b03e3711efb9afec026d0b14046ea7acc561736e7c66427cce983ef5d236a406df95710f0f4cbbcb73b1984472dcd9ad9a63a02a30d264a955a4e6e6731f650cd35929d32d152ce8d3bfe2aba9dcc2d2c182df096240073d8d3fbb38d11a4c1447ac3114862bd5b07f101a65ccd50b318514f10d001a1f7912e7d452ad09a"}, @NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VALUE={0x94, 0x1, "f91ee33bc1de4a0452ce4af4d7b1c07c0d2389993af02b264f026ef887a13580c87a58630a3147df2a24d2f98cffbb9085967ab20fb62c6e6d4928c208291c59eef2c224f3111fc28062a11253e78e0c409df0b64a0bb65d9ee467abe7b37b0db0f646620ec813aba86a8c02e09eb4451ebeb7004e91491143f72396ac045ea3d4003f21a19d409d7c6adadca0e70f50"}, @NFTA_DATA_VALUE={0x9, 0x1, "aac7d8e892"}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x6}, @NFTA_SET_ELEM_KEY_END={0x1ac, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}, @NFTA_DATA_VALUE={0xf4, 0x1, "26950e9cb49c44cb6903ba89496182bc116fa299af34ebf66045044474276ca1c9e82f543bc6b364623455cd898686008b42c3dd21959ba77f4e5462978c5bb279b5d4c740c039314e4fe45428a03160a687e5ecbb569b75af1bb4e228df5ddb0c3ab9fe9d18ee2af2d711f9ed9a02e862a0102ded04fec479162e84011bdf453c67c34e30448031ecf87a6fe38eee0c1f0ec19a8a3183c57e54b3121a85c12553f93110b1d22ceed32f34cc4ebda772fcf31344fdba9cc5284adbb101a3123325a37869e10279828aa05379ca7c1b5420452324efcd2473dbef45e3b0b82f9831b7a492921f2e0f9072894b7e453229"}, @NFTA_DATA_VERDICT={0x28, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_SET_ELEM_KEY_END={0x78, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x74, 0x1, "568e6050af827c407288fc670ad470ff6dbd30945c6850a500b0bfa766266e10db35e8f28916a15246263cf51980b2ca1746ff1d21faf150ade653885d55f1017152f50580e40ef46e36809d72291885f5719c41e47e8881ff3bc7ceaedf5b31736b8e92aebce8f10ec337f0567229d9"}]}, @NFTA_SET_ELEM_KEY={0x10bc, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFTA_DATA_VALUE={0x4e, 0x1, "d62f5cdc4c5fab3b8d8e04afd343db0f99a47c9e8288585e95438669943107f63e5a30cef9de0daccc78d0c0ebb386162c8885b2722db0c47e5815cbb01d24aabb279ef36ac7b0c2693f"}, @NFTA_DATA_VALUE={0x18, 0x1, "869841c70c26674dcb9764cab035548bbe1ae6ea"}, @NFTA_DATA_VALUE={0x1004, 0x1, "e7de36516be20ff106dc540d3e0aa748d8b3fa9b61ed63f40b3730b50b1a6661a30b0229f0764554f9b2aaa70913f200b44aad63f549e1bcd6ccc44d55ae6a9df4518c242e563c3745715bc34b09ebdfae5ff0edb1a3ed543edd0da24e5baf2f3d1fde34ced18393e4ae4a235f6a6d40478200d04fd3e4894237cf6aa665e51b652ab6ee52ef88c7af597917bbfe0a3cf77e8a3e58fc78ab1c63766fb087eee8233d083619a9c82ae26ef6d221d08e87c01461a570cae3c9d949ed3f2fca5a8957cb664ecdcd1e8836e1cf9cf141d170f139a1ed2c09a0ccdcfe7dee4905e5c47b39ba7e419885ab6c82a422f649f321e4ff0219afb8a4f9218c45515891ad1bacbcebc92e26d8d6658a752cb8dbeeeb335cd2ed04f0f066e0a0db2ec53a75db8edd9612466ecc799f304e7cf72c8bbdef045cb1ac6cb6b7ddf51ab47c7a1360bde4df09cb45eee16d96732a74c4be46d2dd43163acfa8835d82667544fdd40225ad7c11e7a2f39a3b92666af7405d208232245f19dcc5f1ca654bbd4c77ef63b2e4c4e44fd855e3c509067d4901965987f4bd64ab3be0978be649cf89e5d7a1ec23f6fcdc5c5602901e80727758df200b016f640992d9944c27708532265e12e978750b9722fb21aba9ed6ac2ab205852411e915e7f4ef30131be896ac67501caeb106b79e0ab945fbdc0f8bc2267874280d09ec817c7e287b9e2505d84d8f8d1b742dd29495c2197a3159eb0eed5348441eef2c06d8009a45e6883d88554beab1e1058033179761853cd8cf344928ba63efabbbc01966a6d09f7ff3e616bf72cea8406c53304f87fe91c81024712782a6e1a33958960d4cb53a9418df775a525082eaef84ac1af5fb28fa47feb45acb62049defe4b96fed26b4771845da1012c845c14d65e31bea3750c55d13f78a3ad5f47b92d30952bb089575c2cb49f8aaa1418ebbae7722608e6aa95d875c48601dc10a79fc9b195df9dc0cece26881d40ea363d368d26be42974ad0ef9f67a695e949c5de7cac3e597a1394cfa8c78683082f7080e746fd4d7a49798774026d8055296868f28bc7f7d52c707faa0b8bc44bb6ea489142aa517d8b0320ec0c990d325db3a70c12356a85e345680b772cffeb8fbbc0def6b6ea74fa59c4aaf646f74c0b3c61a4fe557496411691d8080ec561bc3c5342ac03ed122cee49328350f62f0334be6a2c2685c53b7413b062bf34153849596e5fc65e417f621d7be2a802f7f6329fe9b0a24f3be055def5c7d48a4d328f4dcac4362e21e83f9d0f1b9106883608818d160fb4be2a89cfe59f36888d6912fe1b1202c224b4cc21eafa7267ee2a53bb636acfa86e5bee92ac77ea337dedf84a9264ed274608b70e2b470a50644a4f1afb7ef0238e549647df021a8a59ce989d3460714860f85d9565024e7a406ddaab617ed1e4974ad35f5f16ef91765106c5bef41ce67747a4c85fcb168d34b0c07c22258ed1c102be2a7ffff612823ef5d5a32ebddf58efa6f08964c96d1e7cee3b0ed2f7e8a9fd64203aacc13108b8851d0d395d12348efe39f8604b8f95ff85541a2433bccf628a73212a5407390d2d7d1b8cc4ca9b63ec62e8e4e6002208f8b6da770424c7c458e8723a8dc71250fa641860c9f51dc7d39971806e128508ef90e335313f262127a10907487b8b8efc3b858696f8d03f2cd0e25dcaa5a3c0fe9c5ff0de556b6642c496901f7b969d239e7c13ca813813dadad8592e0a7d5beb43e09137596fb88d15b02d738fad7920ae4cba226530e325d6c082b079d112fbc8335f11fba0bd251235f0ac63932c28c11d8787b88e2c234824e517cba21ef1d07753d4b9a64616cb517d0b01c372e64da3e067251b91f25e912595df5b481d7182e28738f3ecbf4fb80fe7d29d8efdd5810c1f72322385d923a72c165b712077a9d430333fa50ea9448424964680481696c575b148d283767fbb378765ecb5398f51f649aee1ccf7da14e3d290dec8d7ac9162791e218903deb831dad24fb29e626dd560363358aca28045cfcfc15b313ce622446c146a59245afe777fbf4d6668ac0b5c344553dc32a192dfdeec1a6dfc254f1fd5cd83bda63f921771c93c0d4e1f6305628df2cfa1ade47b3d0ca9b60817bf5941ae569d304133fcc5b6faaec55b6ee08fb9b30b75f70b3de3e41117da352235af6cde0f0ca7589a8ee6e78b2ced30f6137cbfcfbf0e1995b89a688435647b1ac15d5541135cce704c138de2cc9304f57ab2d9d160abb0efadf3e651d2f32ae83150822451078a273f773a5e5452f0b6bc0582e4f01238a2686137de6bc5bba87be46e6d745b11594607fd6a3b259637b407fc027675cdbac55ac258674d304f3954d2555ba482014e7e19d7a9a47a0b778341c3afa0ea3a92576cbfd7c0800aee356d510ced0fdacf5415765670a3f1a6f6888b8478623784ac3c69f32c76a7bf20a83bc119a1b5e7d6a2f5e4014a16e42db6f5f83406a5676b2d546d181480cc352763500fbf69842c9c8ceb3a57e57a695060a478bdbe8bc1f27f345b543f20bc8a95683f9daefee2817107b88b8d9bf13075a02c22ee37b184649ff66f6809ee569829ee1996f1a4dd49156cbdead34e72056f87eb7be96cc2d99ceff935d9a0889a5411258101a9bc19b1e3eecaa55662b715fe6a1d54683958e6dc0b7ee2df4da7c908dddac15a31ae32407e61ee91afbfeb7f5dd5cb2d54a04ba34bb2c9a6658d280b552803e2cb443aef85243bf8a48a6443761f904b549be3c916ac2efc5c646adbb645acb2cf159408f3bfaffcdeb2d53084565b176bac3ccb21ecc3296d0746bbffc72439e5ccbbea7524888c188250a5eb3193b0ad4f87467b68386e3194ae290fd9f41a0a90c142784bb424e2c9e495df8f2adf5ed9730d7ec3fae4c274baa2f03c7dd9285a2c3fb788847399bc36fa1f7b9a194f7d9657d8605b1fafd7b5334394b874bfd38302fcd1f6fbbef7450d6a56a29a5ae660d5c6fe9929eba346a283b031e31a88350bcf89ef8cabfe92604f086613c0964fd3199e3684666f5e6d98f8043bf3664617d21ffba2af0db6e39e957529de6612ad5a40be44d3c31bb9efa9e8580f21344f99c665a378c639d8fa031ce9339e3864d7b674bd1df591ee6ab697cbaaa9eed37fd3b2b1e14d76a37e1fa6e3903ada4fb16ea31d6a520de689ca5d5882a6d2d303d5f3c02be37d1476c521e7924c19ec39ae795ae27427d2a73ab0ad8757f30252f2eb7a31e0349864a13161d9e250414c67802276eeb7f370aee44056b44917ff24b9827047ec1cda75e8ba421b86a2e777a92daf5ad6d7b007523d0e337ee06ebc8e1115a70cbcd8abffe5c82dec9883c8071e5f0e070576ee833f274520b7ba4068e989901b03610f7223634ee3894bf0467922143d2f0e4debe784c84fda60b48f67fa069c815cd0a988a0935cb57fdc0d513ad9fbcf798f3a5372f4d3d0972e8f3149424a0634d915ab32ac102d857266ed3eccd75e59fcadd803e481272f7d0cd77432f3fb0cbf1ed0239085f95262b3ff58ab55547e3f79d892c37a59b09f0053dc55d26abc55f8b1f8cd4a1e85cc7c594d54efd33c79a7ed2ccd3c9f1074a71de447b79ef1378504496a200aaf80ef48de9cbcebdd115300766eeb4301fc635fd44b1f3b49cbc64fed92806a03c24d268ab702ece3feaece87fd05fcc76f04c2b0ff00c20944b7ff8c967afa49a62ac0a6c3d11b96cdc60a758a7065e338ede9e743a4e694a1cee1189a539e7bb5252a5d43330c40dfe89b7d8f8e9b12d064df36580e5caaa9663a641b1f273bbcd43f3faf3adf151444695c2496588776d7cc497fe665261c2a9439d3c999cf30577ad490e5ceb766bc303368b8dfb774ff11ebd02c2767bf106d6f52b79ac566027347d39f8cf310fa123669a758184d04620c0e8ef3eaf369583fa570d59a6fe3d316f70fc214a5ae07d22c1de3e4eb70f41f872cead75962db8b643213568532c4137536225588022fad373ea0dd6131d09655403b0a84f5e43b51bd9cb2a419ceb1e232a906a62348f6bf668340f782790a08cb78b105e5411ba1ea3faa41c9e636d7d1a7fcb9f13e578098ccec35205ca0db5b36bcc72e9fecc6ccbccc645a63d89e37149578e1249561b152c2343895714a600d8129992bb703327513bcfd133a0c30bf64fce7756ee3fc8de4cacee9e74c6c138b14fa0d9648bc19218f9437db51845d53a95b51da598b84da371ae10bf09446dd2989207f17f203d0fded212629ff3b7452a79436be2d184f55cefc7ae354fb5d9d999ba6931f2734269f3e3b08de08832446dc4c1275080329a12d1560fe439b2a50e1b4e35aa2564ad8aec0f7e586e7843165bf0d8c6190635ca7f6067142e1735926c03331910391618a7ceba9be7b845c87a7b6ab6e3cb2f8f524844deefefe581c1640deeb50bc51d0cdfadc08f159f3110e5741fab4525fae2dee75c3df82bd3ba9778b484ddc7efff85dc7394710c8a50ed809cdb830c32eaff7da80e05bc8cfb715cbb515105bc24c7436440c2ff72128bdfffae5177ead123acf3a031bfc740ce9dd46340f8a75adb86702e0511f709706ae9f510f797c7b7f3818fe218a73ec2ef70639ff6277243efcd425c6c507af0eb305d334dd237a3586aae4db8d0bb056e568d524950dacb4c36910a206f6bf3ceca69d0cf2e9be226d0424aeb97faf15ac44395ba476bdfa2fb5a9585a84496cc31117555cc47eed1f4d46f7f2a1b877a852c792d6a37a95936453dc869090678b49df07f36e990adf93b2e4dc9b2d178c45dd20860eed33476193ad052b483423c2d7c0b07157f9e4b36154347f76406a977fe61672246311ca4ce2b26b72e81869a97fad14543999d1bd3cf404f6cb74bb72d2fe7510e1a0e02704a4be8f1d990bad988a66cb18ede84af27112c213fcaa3baffeb485e4e2cbf3f55a54f4a5b6ca7b556b2b5109ef24c90ef10c3663c37a04ac72511bb294cd91e04620d49e81b93b7195d4c2854c7dfdbff17c0be284c7c1d1481730aaf4eaa7cb50fbefade4ca32a40e7c5918c74e7e0aaf9d3f7b550d363243ce3b427fc1ae7fff94d83b9a867c533caf6652410ddf3378da9b3b6f930e047782ee7e2893a0ed8c285fe590f7a7958f5087cf91f002ec782c24af8fbf707f462f76771263b8f8c028aea220906e7f4d9b6feb77e38be38eb90ea2d7790daf6e70693d80cb3793baf38c02a2fbfadb8e0c7995a5f23ea508729ea4791bfa0b0a2900fef7145519c49cbba13ab06e6ac722fa5dcf9fde8020bafe6d09e9c8fe695760a720df413d047f6a030db0fd9b5d2ba3faa7c14eb13004cb80ed03a6fa5464881842363492b3ffe440307caac7da2148f533752859b0fe36a05497ca9634e148f9ca58adf5e01a390bdc69df3f7f5b52ffe4f706a4405de5cdf318d9bc19bb35c11aa7a09e7b46a4ed1ba71cafafbe4e735b7ee339f3ecc2d041d386decb61ee632666d3a43a28e84f4043c8ec28f1b774290d6f2df93d7f454d651c3ca33b044a39a19209e2376910562dcc63690552e47c37117178703e5ae759eb12f50b969ea1213be667d826d1b3eecf6a74ec5e888bc6c32a34726b3454698ed07f09a20cfaf9cfc53698d92aed5923ee79a334e092a9f831b5f1b447e718d0f478b55641be634ce3ab69ef2130e0a97870c151455a823375bc7ac0d59b8c97130d828fb4c5f4a3001da3ede4e99783540ea99d21e900722997aacb58fca24ea93ceb03e9d55a79cc173f1ccfac013054fcfffa36e1144b"}]}, @NFTA_SET_ELEM_KEY_END={0x58, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x144, 0xb, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x3}]}}}, {0x60, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x54, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x23509b6a06149e8b}, @NFTA_DUP_SREG_DEV={0x8}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x4}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_BITWISE_OP={0x8}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}, {0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}, {0x38, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0x81}, @NFTA_BYTEORDER_OP={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0x74}]}}}, {0x2c, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x1000}]}}}]}, @NFTA_SET_ELEM_USERDATA={0x45, 0x6, 0x1, 0x0, "833e7f248fdca95254d92caf1b37a5d794938b58ac8cd2d9a6614839a359255011d69006c87f5b6c9e96b6c1416f6fd3967e55bc1a2a98bd7b2dc4678c29278742"}]}, {0x5b8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0x390, 0xb, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @void}}, {0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4, 0x2, 0x0, 0x1, ["", "", "", "", "", "", "", "", "", ""]}}}, {0x30, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x1a}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}]}}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}, {0x32c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x320, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x34, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}]}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CMP_DATA={0xa4, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6d, 0x1, "57ee3db374d35137656c4b81957735e9266c73f2a0adf1eaca82d2adea331a8a2af5c6f2e6b64179c03567c26bd6719edfd9ec2ae886fe33c24314f1b2c759f082a8b095686fcd7db54b2410deb9d1aacfcc7e86ef07f7911013bebc2c8cb5d092998cef0b4af83285"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_CMP_OP={0x8}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_CMP_DATA={0x214, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x42, 0x1, "41084a371a249a1969be89f45ebdbc3cc9a2253695e691ba1a8eef3fdc203dbfba56b3ef50de068ee184a738b484fc85a22e31330297e0ca876c6fbfdddf"}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0x26, 0x1, "78620474baa99ccc338dd6f0672d1daa9ad865c70a0609d25c46879d469c17db5f6b"}, @NFTA_DATA_VALUE={0xbd, 0x1, "0ebf74ba889bc48d38ad6884a8744bf4a6c26f08c77303856190facce5680fcdbc98e07f9872a0dd8b9eca6d4c4dff6759d57dd732728cb8a89afc523b47d2728bd7839c3e325ef4a93a8ac2056356e569b741210e32e2fec0956a29ca524422d2c53df552fc3c0170591fc4ba6da3c4f24dcab1e218dc5c375c0085469a2081af44215eec7fc76b563a715ea9c96d533591437191123bb4c33d0b799a39f84cdf9695b19d1d975049e7c473fa03b1899fc83f9018b7abd386"}, @NFTA_DATA_VALUE={0xd6, 0x1, "f6d4b2170f907cc47797f68992097eb416867557374cfcc640437cfa7307c7c6dc3041d22dca1e9a96640b47396d52210282bcb3ef4a7a25b32759d1b0606c486ed746e7a33a208700ab2a0d63bb54ddf910113ee8047515b79404aae5448f00a675462011b1b607ac1ee533c3528132793ebf9af326419604f1c0041ae92a1379d2c939720ef1ce9491be44e4a49280ec4b78d00a321828998aecb137afba20ea381b0f0e0b8915fcf5314deb8f6103af43343fe389a1b55033b3ffe4a4a164af53702132179997fe15204f538d1e438480"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_ELEM_KEY={0x218, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x90, 0x1, "b7abd79611b36cbfca935f90cb0e9788d6e87c8699e4bac0d6bfdb4dda68e6ff7c6b7fef8c217e2fc26a249e26cded5e9883a80acd54f49cda8568904b55b1d2649059e15e1c642420aa5bf8f90281c666049571fd59920324df658a8cc31d06215176daa80a3cb3e7d2f09b051c331d31c4e73b400461080ef7b1e2b85f32f3086fd8ac4018cd2216dc3e18"}, @NFTA_DATA_VALUE={0xde, 0x1, "fb5fdee1778842fa1364ef387b37f0422116f4afddfe832c62f9cbcef23dc39c801dabe4678751fc98d8d4198e783e17d1a9dd25fb69924688d8493b79ca5444dfc2754f1af71df02d84fb9283cbb70f15a8d46abe8fe1607033acd9707c7652ff520e22ae902524f7acdc950ef280745f741a5c6e1a588a6b7ddba2956a1f2e171e287ebc3a03d8a7bd78b98cca43fa0232b92ee48cf5340e20adef49f1a78ce57720f5e65ddee515302d2dccdc31cf1b5495f2ae836348d4873a99a29b00891f05f3036f8ef021848eab70f13b91a3ddd6d355e942b6e251ee"}, @NFTA_DATA_VERDICT={0x48, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0x29, 0x1, "baa7d5fae0e922e9d36d1b39c3a77d839771bd3b3e17a07f717ff407f74c9c5a21c1b661c7"}]}]}, {0x39c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x398, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x3b, 0x1, "8324be1a30b52cf9f12bdd3f0e39072169111614ca5664ba7478bef8b2a80a8ac6782b96fcf905896782fd8a2b7a6878a3e77f430d9db3"}, @NFTA_DATA_VALUE={0x92, 0x1, "7ad79682265947d81f31b960c239224fb1509c43f8c7240e2976bb8e16bf02922f2b577c36aa7a0804e4084479750b1ccbcea4a0cc0ca503ee071081144353bb20d87eca74e92fc0dc6ea2024e03fb4fbcbf73b4e9bb45e3b7be0b345bc78c548ff2adf29539a79af4d4b152da5af20310e34686d9825fd59445f44c32a9aa5c4493b0dc71f1cace7147f16d914c"}, @NFTA_DATA_VALUE={0xdc, 0x1, "a022ed52a32e0c323017f5f44e12224ea40b7ce4be7133756f4067a1106c4e63bcb8a3776a483f8948075e5f004e58fd6dad55661199973c77b72be7bd37adb04d7902faf22a7b13e948ce6c93349aa435c9262a732acf78035a1f69e654e4fa42ef7e964e072738f7a82182d856fe869568f3a381b80f5531891c9a0c56792bed46885ff648af759ac612ca0c2909280e3cc22640e2a59f1a0cf310b2dd1aa16ede365f8025daefa1575a214cf9fb717cfedbc15784f9be05778b27435a71206575734ec5d07112913f247fdd682f65f07a5e23b98b14f4"}, @NFTA_DATA_VERDICT={0x34, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0x85, 0x1, "11b1d79a2d931aee68ae054587aedf1f1c5bde23a13aa4c826a78bd399a69582b546cb64299fffaa11a8675572d93bf46939b1aacd415864725c3eb108cd4b9f069dfc4b517bc3a5bd5224add2500eca32f15666a2b5ddf970a3ad0b9b8cb44271bfe857d4d9023a3c1bf070c9de99bed09cc1474c6cc42bcfaf15c2c5343a906e"}, @NFTA_DATA_VALUE={0x4a, 0x1, "f03adb53d9d44cd12e931a3f2307188bfa561d5d13be9c1b3da393cc05da2f65098c5ced2c82d58ac49ce2f0c00b79743e9b2a51340606ffd9dd987aac4d937f7f30344bb38e"}, @NFTA_DATA_VALUE={0x14, 0x1, "79e3756b74ab4d8b1636734c621b7c3d"}, @NFTA_DATA_VALUE={0xca, 0x1, "2911ea03225f80a5ee5ca2a483e651aecd61863f332333e3a4301f991a37056ea83b25f29db0f7608131df026804be800378b547c159dd2e15e1800bcd1be4822c36bb9191a6b1a6632ff912e5f71ed1eb1a45b9191a92e049acff3dec65772c42b9f42717ec01696906032323214668806cd3c9e4654d7a425b735a777d7ca5f10038e6824a9b28378d4184040eae5b2c884b324be3638d328494ccb36ecf135c7904cade030b43db2ff4cbfa5e7e9b00d9a2ba65ef3cca6a3f133536a78a57b5243b103ebc"}]}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x190, 0x0, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_USERDATA={0x100, 0x6, "ece71f01a104b80c25beaf35522f009446cdfeb69afc18a7885f8b17ccac3a29bd4e7cc23e7007f2905fecd19581daf434a47de23b95cb55bdc1991bf4c68c9ca5a739930237bc3ca4a890380229b4fb04bba8765b872646d4f236f6fbd07e6f1283498f51026f7a99782fa81b4766cd8992086f96dc1b76fc722c9db9cdc67ba2501c38b2b5ae6fbc27e8dcd32b25e96f7af7272c8c790c577c894747812a51fdb6aa07aeb1eee4e6c8d427438d43a876289170c2fce267630d966f098cd9bf2cf225c55ff7081b431831100ff94c8395865b491d34c80d3ee076a0a9258d35105a3bbc3d894faebf89fa63f797912f334503c7d286d5fe8a61d85c"}, @NFTA_TABLE_USERDATA={0x3b, 0x6, "4162bb1827a5d8d20e118ad2da23942fee479f39f86be3fc4bd153762c7e57214d235c1c261d716178067599773b5dc79dbd59159db2c7"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x2a24}, 0x1, 0x0, 0x0, 0x4040054}, 0x4000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f00000000c0)={[{@subsystem='cpu'}, {@subsystem='memory'}, {@xattr}]})
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000003480)={0x2020}, 0x2020)
getsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000280)={@multicast1, @multicast1, <r6=>0x0}, &(0x7f0000000300)=0xc)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0xf5, r6, 0xb07d}, 0xc)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x10, 0x0)
r7 = dup(r0)
ioctl$sock_inet_udp_SIOCINQ(r7, 0x541b, 0x0)

4.164236764s ago: executing program 0 (id=2915):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x134, 0x10, 0x1, 0xfdfffffe, 0x100, {{@in=@rand_addr=0x64010100, @in6=@local, 0x1, 0x715, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x3c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3502, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x4040}, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = dup(r3)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) (async, rerun: 32)
write$tun(r2, &(0x7f0000000480)={@val={0xa, 0xd}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random="00001300", @void, {@ipv6={0x86dd, @generic={0x9, 0x6, "ee0520", 0x0, 0x0, 0xff, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2}}}}}, 0x3a) (async, rerun: 32)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc01c586a, &(0x7f0000000140)={<r7=>r6, &(0x7f0000000000)='/dev/kvm\x00', 0x400, &(0x7f0000000080)={@align=0x7f, {0x0, 0x4, 0xfff, 0x1ff}}, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x6})
ioctl$KVM_HYPERV_EVENTFD(r7, 0x4018aebd, &(0x7f0000000180)={0x4}) (async)
ioctl$KVM_GET_MSRS_cpu(r6, 0xc008ae88, &(0x7f0000002580)={0x1, 0x0, [{0x40000101, 0x0, 0xb}]})

4.001630724s ago: executing program 5 (id=2917):
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
pipe2(&(0x7f0000001440)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r2, 0x0, r1, 0x0, 0x6, 0x0)
write(r1, &(0x7f00000002c0)="fe", 0xfdef)
read$watch_queue(r0, &(0x7f0000000780)=""/221, 0xfdef)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000010901"], 0x14}}, 0x0)

3.732775081s ago: executing program 0 (id=2918):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f0000000280)) (async)
ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f0000000280))
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00)
io_setup(0x3, &(0x7f0000000180)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) (async)
io_submit(r4, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x2, 0x0, 0x0, @str='\x00\x00'}]}, 0x1c}}, 0x40000) (async)
sendmsg$nl_generic(r5, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x2, 0x0, 0x0, @str='\x00\x00'}]}, 0x1c}}, 0x40000)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000500)={0x301100, 0x0, 0x4}, 0x18) (async)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000500)={0x301100, 0x0, 0x4}, 0x18)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5a, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc92, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffcc4, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x100003, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4522, 0x0, 0x934a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})

3.622987173s ago: executing program 5 (id=2919):
r0 = syz_io_uring_setup(0x4b2, &(0x7f0000000100)={0x0, 0xffffffff, 0x40, 0x0, 0x162}, &(0x7f0000ff0000), &(0x7f0000000000))
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=@newqdisc={0x338, 0x24, 0x200, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffeb, 0xb}, {0xfff1, 0x8}}, [@TCA_STAB={0xc8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x89, 0x1, 0x2, 0x7, 0x2, 0xc, 0x7, 0x4}}, {0xc, 0x2, [0x2, 0x200, 0x8, 0x2]}}, {{0x1c, 0x1, {0x23, 0xff, 0x3, 0x280, 0x1, 0x800, 0x8, 0x8}}, {0x14, 0x2, [0x400, 0xff, 0x400, 0x15, 0xf1df, 0x4, 0x2, 0xff]}}, {{0x1c, 0x1, {0x0, 0x50, 0x3, 0x2, 0x2, 0xc2, 0xffffffff, 0x2}}, {0x8, 0x2, [0x7f, 0x200]}}, {{0x1c, 0x1, {0xc, 0x4, 0xfff, 0xffffff80, 0x1, 0x7ff, 0x2, 0x1}}, {0x6, 0x2, [0x2]}}, {{0x1c, 0x1, {0x7, 0x1, 0xcb, 0xc000000, 0x2, 0x4, 0x4, 0x2}}, {0x8, 0x2, [0x0, 0x1000]}}]}, @qdisc_kind_options=@q_gred={{0x9}, {0x110, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "1cef627e9e155a911457d6ebb73b1f9b8d92b56a221b51a9b7b69a9ac3556bfd6c650114fc312e509f346f1b48e977e0be7d582748bb466332b7cda1d78c30c1aac63de9ed800fd0cb7c4ce43c5a6137b2c871bfc34826695deefd7d0473312add048c5d7ffa22b25e3ae4796df91ccd543868798b16ca5548c5cc6799ebca9426fa62f3ef7ada6f4d1e23386799da57ba8ebece5a7ea05975a520dc96876b0926cb2d811c4fcdaae891f8a62463192447471e921c3d3496dbd08ce6c0c475a94865f5f41c93d283dd41428028732aee0ce9db4f3b985e9e4c4e38783b4abe511ea1e6e34562417db42eea098a535b36883482f4833cc756682dfabfc42b86fe"}, @TCA_GRED_MAX_P={0x8, 0x4, 0x940}]}}, @TCA_STAB={0x130, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0x2, 0x7, 0x2, 0xb, 0x6, 0x3}}, {0xa, 0x2, [0x6, 0x401, 0x7fff]}}, {{0x1c, 0x1, {0x40, 0x7, 0x2, 0xfffffff7, 0x1, 0x800, 0x7, 0x2}}, {0x8, 0x2, [0x8, 0x6]}}, {{0x1c, 0x1, {0x2, 0x9, 0x7fff, 0x8, 0x2, 0x1, 0x7e, 0x7}}, {0x12, 0x2, [0x9, 0x4, 0x0, 0x0, 0x8001, 0x800, 0xa]}}, {{0x1c, 0x1, {0x0, 0x7, 0x4, 0x2, 0x2, 0xdf, 0x0, 0x7}}, {0x12, 0x2, [0xfff, 0x6, 0x0, 0x3, 0x6, 0x101, 0x3]}}, {{0x1c, 0x1, {0x38, 0x6, 0x9, 0x7, 0x0, 0x8, 0x2, 0x4}}, {0xc, 0x2, [0x8000, 0xfeff, 0x8, 0x8]}}, {{0x1c, 0x1, {0x4, 0x0, 0x0, 0x1ff, 0x0, 0x200, 0xffff, 0x8}}, {0x14, 0x2, [0x0, 0x5, 0x3, 0x0, 0x1, 0x8, 0x0, 0x0]}}, {{0x1c, 0x1, {0x7, 0x66, 0x1, 0x9, 0x1, 0xe, 0x2, 0x3}}, {0xa, 0x2, [0x10, 0x4, 0x0]}}]}]}, 0x338}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffff"], 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r2)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r3, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x1e1730a30afb6559, 0x8014)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, 0x0, 0x40010)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='map_files\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
read$FUSE(r4, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)=""/14, 0xe}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000040)=""/6, 0x6}], 0x0, 0x2}, 0x20)

3.142394363s ago: executing program 1 (id=2920):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002955a4f40f30c19e04ffb0102030109022d000180002002090494090274833180090507000000060800091162b367e12306af0905050310"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f00020000"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
munmap(&(0x7f0000003000/0x4000)=nil, 0x4000)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0xfffff801, 0x404100)
ioctl$EVIOCRMFF(r6, 0x40044581, &(0x7f0000000040)=0x7fff)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x304, 0x8, 0x0, 0x2, 0x0, 'syz1\x00', &(0x7f0000000180)=['\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0x11})
syz_usb_control_io(r1, 0x0, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x5b04, 0x0)

3.074098786s ago: executing program 0 (id=2921):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xbecd6000)
open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f00000001c0)='./file0\x00', 0x4000064f)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x4c0f, 0x400, 0x3, 0x288}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x12a8f, 0xf264, 0x40, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYBLOB="50000000090601420000000000000000010000030900020073797a31000000000500010007000000280007800c000180080001407f0100010c00148008000140ac1414100c00028008000140"], 0x50}, 0x1, 0x1000000, 0x0, 0xd24f4d577c621506}, 0x44)

2.713915629s ago: executing program 5 (id=2922):
r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @broadcast}, &(0x7f0000000040)=0x10, 0x80000)
setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000080)="2b6a17129cd7f01ee935f20310ed18b7313218fd7dd9acf854e3feb53fb8d218494641ed91f0f6f1daab3f9746c7e10f7a087cb963915ad330d68ab9c7363b09145a51541746b15b3e5f37ce5e51bf04af2af3b86c8338603e1621e5cf8fa76d16157d3ee19e2312bf875e73f793cf02f71990193f2b14f5b6", 0x79)
r1 = openat$dlm_plock(0xffffff9c, &(0x7f0000000100), 0x8141, 0x0)
connect$unix(r1, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
write$binfmt_register(r1, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x3e2b, 0x3a, '', 0x3a, '', 0x3a, './file0', 0x3a, [0x43, 0x46, 0x43]}, 0x2a)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000200), &(0x7f0000000240)=0x30)
read$FUSE(r1, &(0x7f00000005c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
getgroups(0x6, &(0x7f0000002600)=[<r3=>0xee00, 0x0, 0xffffffffffffffff, 0xee01, 0xffffffffffffffff, 0xee01])
r4 = syz_clone3(&(0x7f0000002800)={0x8000, &(0x7f0000002640), &(0x7f0000002680), &(0x7f00000026c0), {0x2f}, &(0x7f0000002700)=""/119, 0x77, &(0x7f0000002780)=""/32, &(0x7f00000027c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0], 0x5, {r1}}, 0x58)
statx(r1, &(0x7f0000002880)='./file0\x00', 0x4000, 0x8, &(0x7f00000028c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fstat(r0, &(0x7f00000029c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
fcntl$getownex(r1, 0x10, &(0x7f0000002a40)={0x0, <r7=>0x0})
read$FUSE(r1, &(0x7f0000002a80)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
getresgid(&(0x7f0000004ac0), &(0x7f0000004b00)=<r9=>0x0, &(0x7f0000004b40))
r10 = socket$kcm(0x29, 0x5, 0x0)
r11 = syz_open_dev$sndpcmc(&(0x7f0000004f80), 0xd8bf, 0x10101)
r12 = fcntl$getown(r0, 0x9)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000004fc0)={0x0, <r13=>0x0}, &(0x7f0000005000)=0xc)
getresgid(&(0x7f0000005040), &(0x7f0000005080)=<r14=>0x0, &(0x7f00000050c0))
r15 = syz_socket_connect_nvme_tcp()
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000005100)={0x2, <r16=>r0, 0x2})
lstat(&(0x7f0000005140)='./file0\x00', &(0x7f0000005180)={0x0, 0x0, 0x0, 0x0, <r17=>0x0})
lstat(&(0x7f0000005200)='./file0\x00', &(0x7f0000005240)={0x0, 0x0, 0x0, 0x0, 0x0, <r18=>0x0})
r19 = getpgid(0x0)
stat(&(0x7f0000007b00)='./file0\x00', &(0x7f0000007b40)={0x0, 0x0, 0x0, 0x0, <r20=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000007bc0)={0x0, <r21=>0x0})
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000007c40)={{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r22=>0x0}}, {{@in=@remote}, 0x0, @in6}}, &(0x7f0000007d40)=0xe4)
fstat(r0, &(0x7f0000007d80)={0x0, 0x0, 0x0, 0x0, 0x0, <r23=>0x0})
syz_clone3(&(0x7f0000008000)={0x100000000, &(0x7f0000007e00), &(0x7f0000007e40), &(0x7f0000007e80)=<r24=>0x0, {0x27}, &(0x7f0000007ec0)=""/147, 0x93, &(0x7f0000007f80)=""/63, &(0x7f0000007fc0)=[0x0, 0xffffffffffffffff], 0x2, {r1}}, 0x58)
sendmmsg$unix(r1, &(0x7f0000008700)=[{{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000300)="106117ce8072d257151169b2b224f93d32c5013a1a5ac70281e8a5b85f6b93b4f2df0270398c56e0", 0x28}, {&(0x7f0000000340)="7d94e26572d5cab551aa3beae70016acc4cacc5f91c8d9028b1d96c9cdd105d413ca00b9be780c434bfc000e17d3a052cf5c5f8b48e1dc8f47772a5f3185bc3e41d1b81614aba7130eab26c245244578261d4213bfd1f80945f5f1091074862f7543f0517e79e296761bb4401b69bb8dcd6a0ad07bac76789263b5666cefca1e1008e69be1da44cab0168ea89c26149c119f0d4aa460fc48facbee782187d059d6362058b82b8ca21a514ca22b7b69cbd1db4a14f3f3d33b319bd463", 0xbc}, {&(0x7f0000000400)="47d567d8899ea5dbc34850c701e7c9c2d7582ecfeeb382afb72e53f3ac6113d954d81a47fdd81d469ee27980d0844a2828cee26b22", 0x35}, {&(0x7f0000000440)="82b9c01043b6a4a024350ea22269c9f9e45db9973bc211f19b901b1b9834ada74afabf7cf0256829fd008671421aea5d29b5657f1d1c7261cc490c3037927b7e85ffc91db412ebc7e3280b79844a1e5a07f95e8ac73622a3a67434d4c8042c63d94527a9a49bf21c9a5b25d282cb92e9415086e283fa066561dbb5da37195f885c9ff2d418d2753cec635724d107b6b58ad2e3b8ccac1e4a097d48d645eca0dff4f4a3cffa2cd48753b23284ddd94bcd135d780acf16459a90e135a917eb872d84bcaa6b", 0xc4}, {&(0x7f0000000540)="701f13c0ad56cdd108bd55086f45365059dbdc642ba25ccab9ff81221dbc85780a2f7fbc46a0037ee87decef330688dc85dca5f69e0649d8d3d39cbe602742", 0x3f}], 0x5, &(0x7f0000004b80)=[@cred={{0x18, 0x1, 0x2, {r2, 0x0, r3}}}, @cred={{0x18, 0x1, 0x2, {r4, r5, r6}}}, @cred={{0x18, 0x1, 0x2, {r7, r8, r9}}}, @rights={{0x14, 0x1, 0x1, [r1, r1]}}], 0x5c, 0x4}}, {{&(0x7f0000004c00)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000004f40)=[{&(0x7f0000004c80)="210b6edc34016e6ae3c2ff0d7da1956a160fcbb9e39a141bce8d06ea01ffc7e249db67558d59365c12c54f5632d67bed25e9618ca2ab65537fa61a8c87b31eab51320859066acfab8e3204e1f38b7bbbbf0d954029f3b3177fb718e290ac31bec310e3099132eddc05bafec9b79919e4a52bf8bc215b57aaf7ea91a4ce2eda3678b09c46c3d61fc78ee4b608f7700e7e85d8c1767c0bfb6f3c55ef", 0x9b}, {&(0x7f0000004d40)="18dc73007137f8ceaf9f67d66a9f4ea8ce4bdade046c22b6cc24855c1301142eaba29e765313d7b355f017c1482e8a0eea405b8dc3790cf60fd1c0afff6317546dfa1549bf", 0x45}, {&(0x7f0000004dc0)="0ca8d2437811d69713a499ead37d21a9fe4fc5ad099f871a2abd967488bdfc31753195adf097dfb9ce1b7fd9d81bfa7f0becb2ba08ecad5c95890d", 0x3b}, {&(0x7f0000004e00)="8e6aeec74d536ae036cf12255b53ab7d9a27e91791bcdd3bde605a379790742ecb13cb79142dfce75d8f7073b3c1783faa5f45ab10bad461acad8afcdedcc91bb8332233d3c6581b6078291eadf6166be6170e92d3a4c147a18a6cb6a305523b56a3feb3b08f7e718748e438dbd520d1ce9afd7942d13266c06bdf5412dd38f2523b5de3986b63eb4784b536131b7ecbd1fdb9229f5870bd1b4fd4797312b5379bfecb4b938bcb7d5991e64cfc2f95890e68339785b7f0bf58abda2bc510f8ddd9eb18492859f59d32f908f17b27da64b4a61d71d057a7c3b76b0d738be99a277cfb232a2b3446b8c52aee845d975f732fc33dbef4791a", 0xf7}, {&(0x7f0000004f00)="b6d118c2c32b84570ce62212a4f980624a35a474fb2969db185fbd949719b28be21b75dd6def", 0x26}], 0x5, &(0x7f00000052c0)=[@rights={{0x34, 0x1, 0x1, [r1, r10, r0, r1, r0, r11, r1, r1, r0, r1]}}, @rights={{0x14, 0x1, 0x1, [r0, r1]}}, @cred={{0x18, 0x1, 0x2, {r12, r13, r14}}}, @rights={{0x30, 0x1, 0x1, [r1, r1, r15, r0, r1, r1, r0, r1, r0]}}, @rights={{0x34, 0x1, 0x1, [r1, r1, r1, r16, r1, r0, r0, r0, r0, r0]}}, @cred={{0x18, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee01}}}, @cred={{0x18, 0x1, 0x2, {0x0, r17, r18}}}], 0xf4, 0x20004080}}, {{&(0x7f00000053c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000067c0)=[{&(0x7f0000005440)="84eaa235a66db1c6307c05485b8e99185ffd6af2b76b8834ba9a6e3040139a2dcae702893c35b9fac1aa6a573e972c4b057de376fb75ad97cb258616a12417a3959c442bbbe7292d4eb7c5a592e6ccae3304dd355ed9547854102314325e08b2350baa56b278959419a7f7e322d987814956457fa8", 0x75}, {&(0x7f00000054c0)="38057a2bc2d694093926a3f4ccae6dc198f1705d620a260c51ad649fe5c3b2c3ebd77ff7a6257990a65a52b596b8e2906da3341c6b44f35ea77294afa280520fbb3b3c3c79d9b046b8f3c002036f6e9881e99670b831d0ed86e5ddb8f8114541ff29fa06c7f2bba995b33452bd8fedcdbdcabc903bba9f5a1c390c70", 0x7c}, {&(0x7f0000005540)="8d922c2257b914bb3ade50278abfa8b655dfd78759c82aaa82e755424af95dd9be39bb66a070d78abc438b31b0ab7d9677b91732cea470d7d8ebbf601d2db75b6fccd96c2e82c3ee3931288f88707bd7f8cd709982400a0030025230db446d720b49c3953394adf6046a1d1cc1a467d65873fc933a7deaf75907cdb00056de1fc12698ca949063f251aab7650dd1aaa2ea1d45af10d978a4e2fafa01544de7d6c9349206bc022726992daad05f9304e02b568adb11ec8de1710eff246ebbba5ed6c6d8876344a7e23aea52b947d594bc79ad1de35a9d5fdf022354a40df79be9b112c8e0ba80b6f0aaac6383ffe04f467abaa395c9dd59e4656cccd864ed69c4b52cb96332ea9be9cf1c9975cb572c6679ec95b3a9cca3e9168e7d684e74a2f38cd1d1c5e72cfb8ef0072f90384066e290a58b4bbc5c4e21aa64caca670b92ef6304b4c8de04cbf58b2d6cfc07c1e11dc1812ab6a8ffa4571706c64a0544bd6933584dd41086a680851aa588d649f633a3884f0cf0c22dc65602d40fd42d2d9c90f3e12cd34e1817c2400956ec360fd9e06b91ef092cbcaff8ce8d2e61827e426e10a45c5135f11c397e3f26bc3b77152580fa3799a3cfd55a9e0be02e38e87c343b799e0e70f43f167cb955d6e7514f787dbdbcaa3ccb282b902fd261a8a811f57f2848a63131681929c74870bc645c81a3822643c5a7c34158110369c2931231513a9b3cef57ea8bbfbe816e1ccffa315960d6ce76defa9141b048174baa3b21b429d12c827ce9a10a4f806bbde23b747667427e18fce814d6e5e8884986a7e2baa09213ae18f8b65e981d88f6f95fac2dc1440398a42511c539dcf807116eafeea3826fbdbbde36682d510aadfa13490be0a69d3b312867db5cf0823323b46c5eeeef7cc84ce909e13485bb52c3a455a725afd04325f00381a12784a4927ea5bad8c072cc1bf6e1215e159edd597710dea9269c5b36211f8cae1b6b29ae825ee8152ecc4699d34077bbcc84960e40f031ceb31cf8674e46e42db9abb50612761048524c0e2e1cd3e3f63ca30b4b932e3a2f38221ed61463142a1b9658932d9114a93f286bec41f0ec2870976da2be68bc2d4c87c9d0c8f98ae42d3d297aa5c00ae0c41a755918e4e4faf81eac0724e83f98846f8c627f0df5ae5c7706a7944d3d5722c33408a795785ae4c9d7900062854f696f6d937d648237fd0af2baae8c6691f32f9f827441ab3a0434246e8b5b45a14c4e13a6d16db3d07cc5ada087e41bd0c8d399c92230976b9530e816b35af7aaab4bcbe9f64ed3ac9b914d4127a9097004b49c39b11d6f7da8e966c154ffd07081bf162432fca86b635a5c478ccf5db2baad42dbbc3bc5158564615d510aadf405f0fa0cf0d6148790f9b2329e34d15ea20134102a8f503b19f0ba8ee77e0700517e09bd27eb611157bf224eb9a3d296806e133b0f92a23ae7570d6db8ad8b4b43e2f74046dffccc57a87fead7fae15a3bbc7c09e745b2dfbb148f79f2237ec68b00e69e84a814b65ca0c6bdfca410883eb5a0f47ca8d43e1f19db632837d0639ae76af74a00a67bc3a75deac1529c218c58c6581e3d2304a619daecec07ed3d606a0d9a13b5f1f45250de5f90408417cdcfcafc48dbbc343b3aa8e815fe4b5d4ee0d082def81580f4dfb78ff86efa8abe5964c39f55e7f134928aaded556a4e739d59c14b76564c75b0fbd47142a352e03e7af45a9a2af9761055709097b00450f5de6b439798b597b88815c9b0f89d71cd3ce416d10a9a42e2bd5688465a812fe6272414ab3077c0be823934a157c7721d99ff9e484976b035189a5e984df933dca4345a9c41bea610068fcca0c2b9188a7ccb80be9ac851edb7c0da09c895773424cb50cb726c8b701ba1ef036bd013992f0271689f515a67ec5aeb37d449aa5d8bb45890d3f0d478ac09f43ce10f8b05d3abe837291712314a1c537e7fe8a955298f51a9215041cf947fadf7e8b158d6c3257ef8b0ea12fe570348cfd808865a31490a3e8a19ab42e13d3652556e2082e977185652fa4acc6fb7f17ebe63f92bede228228ce4fb274d383a54e75e7d131fcd02f6b15b809a1e862fb7e3efa0f3e54b610d6ba6bf23b1dd54ab6878d7e9bf009cdb032ee67fcf3b70c15ba3e83cb73332ea7ea52b9024e50091b75e36cb1fd8428428d961267fd7380512d8868941cbfc47b4acd10d7ca569bc4b07a776b860701fb1c723076d579a7a95c8a912976ca295452bc2032056f4ac676b97ab454e5aa0078c5c46ff0220f704bd4e1c5756edd279f6107db6a5fdbece55b7bd989b47facbba47e1e564b6808824f283461a8ae40380bf921c211635d9baa4255f11d40389dd64d04987a22cbd74b23e7448ce93ae0c8ad9bc54a7585716be274eaef2df7ca93287a5097506b6f0558b7a3478bfd216a1a7b7310a8e9f4abcc0830c1f4b2632fed5133940279147c88bad3383f4eb03ab5ef9aec6b4ceb1be6bf02e271e42a7e0680bc7dba009b659a76b9df9b25bf70d9d0fc7aa6a4b19fd4d0057881adbb337b53d123a6ae02bfb908c6a4f98d09e895cfaf119db57f317007d9b6626402abd267d0c3c1ac09bfc86e2fbf809d4487fab1d370893170796e6f6ad3eac2f880d805aa89d4e2e9651bed059f98a18c74adf7f33a478be77dae81cf69f36492a2c2817153e4ab801315cf1f33789b971cb4e70b204793aa0ae6e4fc7d825ad556e7752f62bdeca50efc8f0afdc4770144d7f72388b0efcd10de140e6b16de409747733a88b7ba201734adca63fc5d05021de919a46561542f52936636ba1d6e547ebc30aaf897748a0e64fd5b5419c68029355c13029d9e91d8cb12c2b34defd020362427d9fbc550bf0b5fb6db137eee9c1a5411a300e2a39431f84f44baca5c47c55014568ce4545eb2f297914ffd7da85ee776621c95e3e1a5d8f6100f45038a7e22aa8fdcbf8e6fc4cdfa9d2cd004e6e03d1b8a4929885bc877ed6fb37bbc84ee78df9643700444d192997bc525b1831655a3a54ac6561709712de226379edcab6b838b65045001cb3193d53e31b37a8cd80d189525f78e9bd6112e950dc7939a50b2d9a42e4b346dbf15d1e5070588ecd47a3924962fb34174b50e4d4cc5a4d8293308fcb4bee64382eb92a64f4862b1d306659d05abe0ce524a10b8017320742471bcf7b08c53c43c1476f219677630dda3f88441b6efff724d83e1e00394b1bf8edee9d8b2792d57fbfda4069d7be570a9bd5b57b7d5a9fa7dae95b69768fcb1b48d02064b5b3779743c7624e4d7bad5f8fe5b28b05c9f74e75a047feadeebe2e9ff76991e9ec4de1834c049faf3255a9de77ae8a64d72a74fdec79ae695a36df72c15beb3ff159803032f34458d71691f8457d344d44a4a144736f8a105643a0c51a7fa8f5eedbe7abaec1edd6e8bcd09490a968467eb81a3f7e7ea042b4b50a9b92244fe55ae4b56ae732d0879670ae9e44a1d8caa9f3199e8da65ef0b3366a96d1299b20cc8e10d669ab1facda81260bee07a6330a5ad7650355901d9d405b7b1f5b02b6b0ff1dad5b7c4b65a3ba47c1556f2a7615031ce7f5c4900dca5a38b90ad833e45fafd46c48536c80ac84a607eac0aa6c687886eda3e3b5e00a67e3853dd629c55901de6daa3a7d48072a12715e12168eec17e33819acaa3a11855ce9062d5271549eac901109499102afef5778e1861d9a187915624a07a21175d3489bcdba7a19d2982535da636f0f9c500f81ec942f5f754dccddd8b7c0aed85bf9c68ac3207c6e1eb6434a4a0ffeceaac18e78bec2537d3ce89ffff994b81264cd5f899064935d62ec0d7ecc0f45866daf2d2aa90b6cd8bbb0a1a2fa1f6e246a12d544e525e3d38bd6f0e8bf90560e71bf42368b0cb8de6c333ae399e96392badc5c3408c3e724982a491e8c38eb1e11e4cd7ed3eb73111207fe37f5850baee7e2043a22705207613b38661d1edb12fdcb026cd468fbaa00b84015aeb9023fb436d335ae0fa49732b1519869e0fd3bce3d56979535aa7da3e9eec26c858b4f45e1ed66d753d2ad5f525aaf240e47ebc5e52d229c52687977ebae114295acfb9cdef4030818f219d75356cb21c5fa1b10a8fe164a1419c1ad81819f50f33b2ae42030e5a148a6f6b8142e2c26326e0d6841ac51908d17cae3befd41f738ce2d6da22b2062aa10340188ec3eae2cea62f1dc7be9ee678f075b4e66bbe7274524f82f0a196a9a64ed09eda4e6fbd235001cb0900a922aca8517fe467bf816d4f6d38b3eea2c79e79f891bf427b981a533264b86c47a867c026316a9e96041edf6b9a3081c642ed0297cf939cebe8cf6ba4d2b83dc04cc646ca5eee19657d05545a8cff59e8da0f60c8169645fc2883a294ba33d7969b96a7cfc3506e1b5072058b7ed99594e4535c82bfe663a28103fd2109b5017dded57ee955417ebbdef6880a4d0bd6107fb023ce5c03e1b92ee1a5302869e9f70719178077a360bac2c2ddea14d7f27dba316f82f58bcffe7571e4d9b423247738e5f8a2fd1c1d86637b8cbf66f6effc3e52bc45bf4c847d3fae7bd85e683b13efcc28a4963d2f3e1c0a1beaa8da93664073a272d9029ca2bf6c39634791b9e48c90fb2b9e7c65ba7a9ab91fae23a542a0e98e83b5a49908af7e47eb86204fcad7ff72487281aeebc72940a0086d417290ee4deef719476f9a6c85ba5e7ceb228d1078cd91e9c34ed2db060cc23706902e89fef4296d6a127addec604ea0680aa457e633fbb4dfd49251af505a7d7463d51dd02a74654931aa126323d856b6d45c15747cf29355cbf34be27b414d573882ff4b829cdba34099801664ca73d91c903a602f526d6ecd5952ece89d5bc4daf1408c32a5813a0eba968fb1bf8e5145d8521b9e11d1b298472a7632e89a90a9a453bbedd8a81e5e6ae237eb024910b522b5ea2af09060add7ff5849c7ae98cca31169add9f2ff4b9dbdcb267a8a3f34a7dc9e7a9af2f79bd6620a7b6655fbce7efc0c8c7e813ec8e15b713d2a634cbe142d97ca7399c40c858255220e38267a6beb4f8ac7367c91aa7d486e67c70c37eb915402d562c7c9d3fcbc08ab001384c8cbe117a7d049806232ecd105d2d0394cc6db7ee8811cfb7fba4b25243d532fa92e5087e33e3077eef5841408c6c52ccb95341185030b5d40897e0d645a2d09b15ead34008f8f4e8b5ef0b5338f1da40ec9b99a60b6411045fdda9364146ca32c00f276c5985987410be7972c74f2606199005f9303ac8a80c021fe8b5523359924e4db747574439c445b8ff7fa086f7f134d113f4753ed54f2fc84e6d86990654684463ee2498f9f7d2f80a3b1959fd5baa1d1414abdb20e6b97e00e6d07e976075f84066ae17d1dbb4bceae9acd34a467aef9988c1792347e1ad8341a6f7b00c0634706f816f3bb016aa38a495c0636948fd5b7f674889bc657f138fb2d4cab9e143d05620577360d5003aa54f4a015c3f78f840d9ac41b2b428af4bb158112cb5a91137199bc79b7a5d14573f83b2f1b66c3198219f7913f959c814a39660b19843b2adc6295c9d633dc7a4f7caa1a3a2c4f1dd3ce6229916bb2ec4a2f4c2e0dcdd2f7dac8bbfe326e2943cc2f010b0234fe3ba56cfbe8f05c4214a0d8c78e41c384b4dc3556ace3e3fa5542297f5b0d91d77eda31778f8ebfacdd5f329b5ecaa5e9ece287fd6d6b67b708bff509cac575d6a39dbf92e28c65ccdc788c86e051fd47627b4978588e1d577e5fb2e04b91a57165b8f3289783fe34693f346188605577a1b6ea72747c591d214", 0x1000}, {&(0x7f0000006540)="0fafb63e767a5eef3134b32422305ff17a03259d8a742124666ecc28b683fd5294a08b", 0x23}, {&(0x7f0000006580)="debe94088c659962363ac22406600b2c68c2f8c686cfe416929beba95ce3ae77e2f4edee9b4197bee64166e963e098613c464e99e0d538d7224f76f1c599de2a6369275deeedc8dd44575fb41c42f6754309506626195cc736c13097ca66414d638764957925696fbc82f5b9a182c6c1d5be17d145508e9dda45cc2535887b03985d01ae15854724bdade0841a256fe18ccc67033e32beaf34155185516902e02ddfb47fecbdb6563110abd3c3b6f0d14f0aeca138231cee8fe2ff0b1804b0f05da388a8ca8ac91955c05206d19f6e9f", 0xd0}, {&(0x7f0000006680)="303f63e61aeb384d57184bf05943f7560f13ff58ad524c8b5312a5630f7456c1293fee3e7c2ebb9c98183a49669408dee46fb3f8351a5dc88de1f1a018a1ba7251f275116dad7db4b2be8e218450afa3a649c875dbc79fa22019cc651db3920b972740d65822508a6445e248e1ebf9accdad6f870ca2db31b9c21bb9369dc33e2898933c13dea196d7ac5d1ca2b7f6bd791672cab5d86376daa90180dd14ff02c1aad165ed21ad3861ea3aa4663be8b870995af424fd8bdd0fd7e34ea55f35c13e76b97d11c5614fa576f862550426", 0xcf}, {&(0x7f0000006780)="02d5b27214f12fb5ce168e9f11059713297fa666e234fab77e0dc090df0fb1c38231a96673ff375666c8065a2ce2c74d1ead", 0x32}], 0x7, 0x0, 0x0, 0x8000}}, {{&(0x7f0000006800)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000006a80)=[{&(0x7f0000006880)="e674703019add2809fffa84affa4e9be4b805d3d9c1c1ef6067607eb33da700e40efe0eb1deab45b54af263ad3771fa33c81d2a21afa56978669588534820b2cd9fcc9ac987435795e146effd64e595e9046c40ce4c6bebc4970364a9d54b001d0576906516879f564f3845f377cbcabc2eb98f431ccca8d32f6724da1c59c38b7898464b0bc4449fa895d50c40cd3bd577962d101ed9e0342904c2f87969b42839be1ac89829845d2321674747ca3a8b60db20e8693b02b3f96c16825156be76c6da65f558d093c8ec90b73a2acbb96f61c7a1603a77fbd7d983c295c9cd67d7d3fe27ea7b15402511f0bee329835c0d26961635cda", 0xf6}, {&(0x7f0000006980)="426b0def8ab495eda0d05280c520fcbcc38b25215d3315f9c6a14fe4999a9036f531b9f5d368a0ae1dd0672a3d544113f405eaeb3ff374bf314c8473c6b43f256d04e78dda49bf12dc4bc9714a39b97ea15491d38b9b571d3340c003a78834d10c67bb8a2961fec19fba1ace0d05acfbc69ef1e6356cea4b36ec71e536d72cee9a0de227c45dae4bdb8d526782be409f9fa3ef01", 0x94}, {&(0x7f0000006a40)="593cda330857050cbed650fcf2e4259f23752cf4dd9915deda9ab29cb9ebdc7e8a6587db58573008cddf", 0x2a}], 0x3, 0x0, 0x0, 0x4000}}, {{0x0, 0x0, &(0x7f0000007ac0)=[{&(0x7f0000006ac0)="4368527563fffdc1c9040f259c1ccea37c0744a26eea7d55bc16d3317a18c55150226ab9e962bd861022e37acb36174aaef6751d96cc4170180f77c896259b50b1caa608cc5c9400acf842a4f635a3f722d16e359f175012022b8766b2557cadc410dd5b13eef08ae6ad6fadaf76dc01d773bc5b79e92396593cc58c78673b13d2ec857c0a81fd57080297f40cab3a484d108e712c737e8282cb8d645a6ed62827337a56675f74e8ad7e1fdd5636ec040c2302b1d2cc5644acd92b21095c99922cdb15d5e15a47679a301e7da74dbe1945a9f825d7720c7f5e2723e972a83dd063212cd6264b4c43b5e5e78210bb9b565e4e10e550f06aedacd6f46cd843d14d94fb523e0c6e62d901abfbe1dc42173c5e39da9f16289b3579528874d55861179e056494677abd3bad3678a53268b6c894e06f9a4180fe000aab0390044ecf5d1ce00ce992136fea2726c1864f2ad5c690488c0f2de1c87c6d1a9ea1fa833fe086ecdce2d84cd2e6091ea69d6a59d4392a5c4c06b7afc46e072590ed5561cade52f77eab8d111ee368c39e29e8535f88a81457936b95369344a9d2ea74d2cb3704109cb39389a7947b496cdc49f309675e1c64344b3ac71496ca4e8608948b2e170129ec9d12c0cb03de26b094d010d9b799e0fc63bca40779767be7eef2867797e7fe89f8630d649c9167e4ed1a3071a26f89e76150ac4a05559f01501dc1485125ed02cb855d5438e2c266510f1bfe3b2f083566d0cb1025dc384e495e0158dcfdddcaa06aadc58fb62dbc7c2d5e6ed6755660874ba05c5e23626c82cc7d94a22e930c532c5c7d8a7032dee95b7fd72bfbb5fe8fc0522e4d13d037d3fe56192ee2beef0e2aa391807c403abec827bce7ca8e4bcd55a28ffddd4f20b630ab255b951635697536d490eba05c246dab79d4c7151578cf8237f2e08b344e83a411524f1c23ef0096e38b874dc92018c9ee0873463ccae39ca9c003af1f31c5a0cd773b7878223cc5adc20578fefce49563a1d45ca2d6c0a81908c86a9e17cfe3e2c53d16eb7e6014ac09116b8893293ad38826582afd77e58f2f2af6c152c34258a51dc6f047d53859c82433f6383d22cd6b54d7c0cf22c90a2e6403cbc2eba247da5104ea8fae3866414459e09b07784702d523b43dade90bedb2a09f64b9fdc190034b7cabd38e564245a573281e23dbe3b314e3fdbe1908537edc0b22bba914d27e3ac16df19a53d948f5ad7aea3bb4530981d518a95f1ce409f116931fe0c5c14c5ff5c58a904fc5758282886cf93f06cb2f57b667754180947ba4aaf3cbc859e1b1a728e8b9a95db466db5f244a345adf5e4a04b87d04fe2929474c5ff950dae5561e889dcaa5c866a11a7906fecb29c3422f28e6abcdd352f3ce5fc7c3e85a1f80eab4f5a311dda6f253f177588cf71cd08281b5f45955dcfce05a5f603ee425d9ebb4a40b61d89c063fb55c2aa1740a51112b0eeacf2417aa3b8bc46b39cf954174d28fedcde85414989bd2c45ae1bb4e67a633b5b2dcbc2c48d2217f102e005e1b184a11869d54968dba952ba03119ebaccd581d94abe247f690e9667401d1b5e0695a1252eb15e52e1b3db9e543dbb3a0923902c03012963e0b7b4317b230d4213fc56fefd312c56d43f18eb73b18ace64166e6ee7228e2054f05019b6e9ad7838412e400b2b373640029caf6c40fe041687a1607bd2eec39d9b53e791618cf6d74a74afd813e64e710741ce11a693123742a2cc8831886574a242b5a6140f9aca55fba3bb873ae183b0b4197af7034f8b9372c96f169db41d79588abdb1440c08217987fe0a3a51cf9234d69b22b61a4cf504ecc6488bb38045629a2dded82744ef1bbacd59d16a72021270c0e2b3717347aa8f69553f22b687fb58a97f7a6ccc8bae0bfc44844bf710cf50836862b5c93fdda40b19316e951fdeed1bdf70a328205b1e6b8ded87f33b2b7d1c9d8918402326541b6efe1a71abd84943647c5424fca9f43048af2324584c245ecd5e511cf29d15ca273b22a2741b31eba879458bad0bc2834189b0a2372e1e54f837dd5419e1b377f8fbe9520a93d9d74ffd14d3202cef04fb3db6624146a918397ede716d4c42f077254f707f139de2d7a5ff7ad047af23d059a0ec4436432259198af131ba13ad03418590b06d49b7961175ce072e08a4a58443a6522cae28a3a5e4579001c96a909ebf27cf274284f084aea419af6173205a2353f02225365201dab5af9be8fffc86b756fe309822c8e15ec0cd78b869c88a6e4a2c00cada7677a2781bc13369bc0289e1ed14bda2d1072df019f5eb3ddb7d2cc457c9e63db0f0936406cd4d6fe621a64439fec86660a4c6413f0ff4e95ca877d79de17664f84af6c76047c7c0030d2c454c495f1454bf1fd5ce1b06eb139016cc053e1e537a53462b0d864670a7b0e2cf389e7e2b70563e73054f0074d64bddad3d98e817827a0638635c2ff03e6f1e7e2672c1dc158b92cad86c39741cde097e995a875f6da61a15d94f3ed1a1f0be914c6dfd3ccfd151cc2f81c53ed43991883d6fd99aa59a27fd7f77a9eb836911ef0a39ce0fa5aa7d3edc3fd9dd40ef1fc6698d48e92802bbe146e62792fb85ced5a6a5c83935fccc20a15357702aee0a781b07bb9f26186ce23396d7def77c97d7a2b6be8c1e728fd3f1a3cf4d940dc21c26c3bfd058eb4422f4f6bc33c98f0d6226f1e7b505e845827fc19aa73140a3b856bacfab19e2180dfbce695a188f6f0fc2f68af5df551772656c341c444f044d149cccb7770a784fb37226102c8225269ae259fdd42d8b66762bf1c46e3fa42dfaa5bb0ba4889661a9595a7f62e0bd798586ec5c93d6aef2d2579c689f519376ca4ad19f3a76989557ee3650bf3f707d89cb363fc8a321b7119bd2705b62a2f5cf6ab2e564ad257bade309be2acd9b9c2c17371987ba7d582a5e8ca51949db6335b351f78e841bea7b1f3050f2906f9eda0760109f177d8c38e619f7fc9c72130be9d81152b0ee0deab5005ab1a08ecad554bf41a0abe674104c4b8d533b22fa0440df622202ca1fd5bb1e6fec433591436948a055079f6dc25669dc8dfce2fd944c2849b6d0ade52e58b1972df8a791f8eedd889c78a2e586b42831e476d99b109dc1017d81dd2343a8c5f01ece30e161c24fadcea4fa82459eaff19d49468ce081200afe77919233c38bd7f61473ee1cb31c2ba07ad9d5619e32b717eab85b6b0bebd4978aae1f4aaa179f75cba6dfb0195f265e4a4c66a05ed949e0c60b85bba81eb0930ece3f4d681c8a314e21db843d86233b93102acabe57d009f87ac935142eb9939df2d0b44a4ebb1437b7f1d5f78f6773215ef446a4935d2efc0ef8e96156cdc6a92d56cb77b7cbf8ab3dce70f92697f2a48d1d8fafe3e4945338cc3aaeff64ebc89955ebca27cef6751a3d33c250850caf31a65fbf985f4f0c199f1e8c5260a300f8d653f9f965625cc289a35c855e3673014f4875d8ec753860b299a47e03a0f96ae68c5e832fbe7c5e7c41df19df73fd55ded702e66a0de0ea67a51192989912c7ff88f1d279809abb7d7ed83625f333fa0153de6acd1899dcda98ec6e361dc878c5a3daf84b3686fa8b41f5f1cb39af0d137b8eb65bee7a08bb6c8cd0d630d699ffd8c67ef5dc15fca67805a5f2ee1e75445b3f3c8ab9e56c1c814f493abbd1f4b984252dcab0c771f0401160b2904280d53840b2ee0ca7ae724cb796c9ee1bb6a6e28d05529c9f7998c42f912f70e8604ee2adf8132e9b90fd2923ee8b3518203af0996e1eb22fef54d361c8871f5920c3b4686f4108c1d84fe085b9ef192889bcc580008affbe9ae3968eace188209d21cc6df1e5f1e46fde737b7dd81f2470ec0458d08a8d0403461758f62eaf876d8b22c7ebe66ae16652cd21414be24e0d2b89e572d2bd33722dc0fdb1f7a028709a55f2de606663884fb9a711ecf69129186a156598c5c03bc5b96664faaec0bdff79dc1cdcc200120b1902f76f4d16d240bc417ed52a2f5b7a8dac2a9f8b3b68df9e88b80c4f22a2ed279810a46a7fa0b917e70732af3dc388dfad7ae9a585b76657c6dc45a57912ecfc2bf5f84d4e51db7f4fe028a9b3776e9babede5042a726705cbc6e61898252540e2d0343e4f17adb70f2829514077253abf572a2e4542eae9586968172cf91469022b6c151229d50df3137378c0c3be477ffd3d00682cd06158dd2f870ea77444fd4c638ab57768a98429ea813fa2d0d79a13608c9c32009bf83d64ddc5c03df506bde1f748dd59455a96d25b851e9a252db64deb23e46cdb2244b1dec6c290ba235e64f898fec4844f5830bd28ed3bac4ef5586007e0719e32f1ead12672c57a377a15f419a73a5e0cfbcb59208c63da22e27b6c92e5a953a2bb7cb60487008c1044b3a2533ae1d160f24896fa9011b56dce13e85481048772a42fcc7c185c653dd388b22e5b6b41501202cc9ff464d2ede72fa74a51dd5a35abce92b26ee3eb6c821ebbae1a4b2d84b1a30c154ead2af6d5ce42b38372dce399e20ecd5d087473ea130c130ed70017132a3f891d3935c9c4cbaea5e76225b0e1201b17431065ee49db58c71f0f5d66bb79cef0a77ba3e61ccd5bfaf46a0691a74886222cdc04b6154888bcc732a9fa06ff94cd1a93afbd9ddd3b180c91b1a49bafa433c50f2fef0ccf7674d0a9ecdbad347069aa691f5714e69585cacb3276255a252d0760a72a27147ce0e3f4ca6ecd8eeee47c9a1e7056199d6194da0249e356bccf8349951b7ed4b979be7f9ec68568b03822580e4e17f4dc22ed80e4afc158ac2f4a49b8d75ac4a5017ceb29ed1b69eff841c1c2da388259702dc5375e3cd412eeab0d77ca5d3446898b1e2ed90ad5edfe2cfc90160c0d5a248da8c3e58100c5aef276354b9b303df36c9b59e416392fd2462ca5ef6d9fa8b389569ddc5cb893426609652bc2020a007156b205d98ae38285debc43c35df5cb2e14cb245cd401e415e85e841a5b0c7398ab692ebaf8890d47678b5bd0439ddb97b08b13621e1c8de183a5db29a2ef64fd1a84d518047067e21c8f1d1c1d2793453202c9fb243327edff566bcaaf9c0cee645f5c60b689d80ddefaba9ab3a0bef17fed07c3ab44af2261a0dc524d627abaea24991c4edbcb69a8774b6959f8add69991d378542f72c8dc7b5cb3008ddaf771d03ce08e81995af688be2fbacc95730b2e2bd7ec9062cdbc093ce02c9bf0aa8bd2332986049f4275306a45b9c72c22deb0da45c0da750eb91cd4d9ae6085065f19c62e280b55c0b7d3f35f7384bf07e41dfe13e2a5383eab6a89781fbdf41ecab6afef295897b748f75c5b695c6bddcb9c5dc47c4d5266714b4e628efc10165b998cd758e9508140ef24426d0e9fe6659ef310c9b5e615bbdb657eec56acb2a7c79e3d91a739c7174d7aa6d848c6c712cb6605332bb37857fac8e864d446a2a2a8be33ba24da9381e57329169a8076f4f5f6a4f6d8b6a402851003236077e19b79f3f768686f42d22f3ea99d656f0c7c8eb048b072a0da8987741adfcec957c3654f17f8cdd9dbe8338043489648a629f8059705bb98fa0210bfc2acaba08a4d79ebaab6d10cfcec2c6f567d9e20cabcc5c599d64587e8d790af3eff23859bc1953632f5f90ccd0cf724d9b5d14e15fb0eeb2eda4745af898f2eb8048501aa21d1396803eaf709f185930bc18fdbc95618e3840217f3a53f13448091e2e779fca4a723b27a7a4ef687474bcca379c8ea412a8d9d07dbc6c68c8a5470606b3b4059b53c30ac0c12cbab38f51", 0x1000}], 0x1, &(0x7f0000008200)=[@rights={{0xc}}, @rights={{0x1c, 0x1, 0x1, [r1, r1, r1, r0]}}, @cred={{0x18, 0x1, 0x2, {r19, r20, 0xee00}}}, @cred={{0x18, 0x1, 0x2, {r21, r22, r23}}}, @cred={{0x18, 0x1, 0x2, {r24}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r1, r0, 0xffffffffffffffff, r1, r0, r0]}}], 0x98, 0x4000}}, {{&(0x7f00000082c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f00000086c0)=[{&(0x7f0000008340)="288f2c883aac9ebfde92f685f593e6d97e178dab77d451358b30bbe9aa9f0735daf78ab563a88ae88d91ca685b9d6ed214e4b2c12dd730e4d12fe465df50aae5e7ba63f8ba216487cccc58098dad3348aa51419dbf994dd41ba4db1bff00aec7dc93dad61306354112a5fc965450766d9e06c90ccc8228f18658925c6a428c12a8825a43dcea58d14ca5fcc89a2fc2b5f94d771cbed04cfcec3fb5d38aa7b3ca5ff6ea8c59ddc621c1227f4c599af9e9287267c38c7d44dd9d7f0f4cd847cad06584c54ba1cd8acf2dba046f2b7ebcef525495db45ce80a6b8525244586a3f86ff7056394df7294e35dc89cf72d511318bf108a3", 0xf4}, {&(0x7f0000008440)="84821dd69e75b7109f0610af4762a70a516c6fa57a4d7cdcf4999de924212c981e082fad98a2082a66182d872dc3d0040e4e89ed504b39d747565a31dda698f19407bb096a32a610aaf9bc88", 0x4c}, {&(0x7f00000084c0)="4cecaf09cb7209f2f984b56576cf6182c7ac8dd3800c0f2801f7526b126d5872299f4e19a30f2341451cd61d680d9b44fd014e9e47d427dea084f9f820ec56886497d5867e4a39da9bb16d8c2f89633de63b2aeed9bacad53eb5953b4e5a13a525860cdcc13b9e7869d408c49419172d6bdfb1e74918617406457bafbe3d5df7b65805cebfc6f5ae4eff8170425870e0af87c48505d3c8910a7efc2eea14271084b8", 0xa2}, {&(0x7f0000008580)="5ab9ac43af7c5ea74015d6e2f4ddba6d38c4cff6588ba6e50ea65039dfff53bec978c790b7", 0x25}, {&(0x7f00000085c0)="43cdfd4a60cb79fba4ddcc7377fad3c2aca79c1b3067a8b0791d7d9a8aed83b7b861aa2dfe8a712f6708df6070d2", 0x2e}, {&(0x7f0000008600)="363b28d610e9176c17a14c918d704ebd60e0b1a7b1caa6599d11e62213e1eeb17cff42a63f845975a0f5017f0edf168942aaa8b4cf09024eae2b761f1360d3cbb6262c8b931906a37296b1b469acba4ec4876d35c6b9eb5e9ae4c0836bd085eaaac8c4b30882f86668fe1ee807d7d90df3617a412be7f7c03b4d404568e29aa81f4d6f7e84ae7d9d69d7e1a54c44bb8abf86e83cb1982b2a0882c1f682dcb31e43c8b2fc2dc14d9f028a4603cb744ba9e4740c70f79146af026d76a3a567eb", 0xbf}], 0x6, 0x0, 0x0, 0x4000}}], 0x6, 0x1)

2.316040326s ago: executing program 5 (id=2923):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
r2 = syz_io_uring_complete(0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000200)=@arm64)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x6}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x81000002, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x11}]}}]}, 0x38}}, 0x4040000)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x8000010000, 0x0, 0x0, 0xf1, 0xc, 0x8, 0x5, 0xfffffffffffffff7, 0x9, 0x0, 0x0, 0xfffffffffffffffc, 0x6f], 0x26000, 0x1c4292})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.877628079s ago: executing program 2 (id=2924):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x2, 0x100008b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000080), 0x4a)
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$cdrom(0xffffff9c, &(0x7f00000000c0), 0x880, 0x0)
ioctl$CDROM_LAST_WRITTEN(r5, 0x2272, &(0x7f0000000040))
flistxattr(r4, &(0x7f00000000c0)=""/15, 0xf)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
userfaultfd(0x80001)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
syz_io_uring_setup(0x63f4, &(0x7f00000003c0)={0x0, 0x1575, 0x1, 0x2, 0x3c1}, &(0x7f00000001c0)=<r7=>0x0, &(0x7f0000000280))
r8 = syz_io_uring_setup(0x7a9e, &(0x7f0000000440)={0x0, 0x166a, 0xc620, 0x3, 0x2da}, &(0x7f0000000500), &(0x7f0000000540))
syz_io_uring_submit(r7, 0x0, &(0x7f0000000640)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r8, 0x0, &(0x7f0000000580)="14fd028fccb77840e12a41161de9c06e8d97247e336ed57994e575326bf9fe9aa4e2b90b3c1d23b98caae521b917689b2d5e01ae48fff594daf399eba6febfa35ae27c0aac66ff32cd795373b0c7cdf2557aa26a55880552aaa0c1d623985ff21ab657d243f5aa557786cd3a0875acf473fc03f0266b10dd3ea4d703a53840c674088fc1a73ca895edf6996c304e34c617425e241cfb01110bbe6736820da95f64d0ddfb05d8f72d390bbb526622a1ca6beee630", 0xb4, 0x3, 0x1})
r9 = io_uring_setup(0x75b5, &(0x7f0000000100)={0x0, 0x6f8a, 0x0, 0x2, 0x85})
io_uring_enter(r9, 0x23fc, 0x3c45, 0x75, &(0x7f0000000180)={[0x8000]}, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffcb9}]})

265.795µs ago: executing program 5 (id=2925):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) (async)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00') (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r1, 0x2004, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r1, 0x80045104, &(0x7f0000000000)) (async)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r1, 0x80045104, &(0x7f0000000000))
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x0) (async)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000640)=[0x0, 0x0], 0x42af})
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)

0s ago: executing program 5 (id=2926):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x2)
unlink(&(0x7f00000002c0)='./file0\x00')
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x101080, 0x0) (fail_nth: 4)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
ftruncate(r2, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x2)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000000)=[0x6], 0x0, 0x0, 0x1}}, 0x40)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f00008c9000/0x1000)=nil, 0x1000, 0x1000000, 0x810, r1, 0x180000000)
creat(&(0x7f00000002c0)='./file0\x00', 0x51)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

ceived: -71
[  491.850924][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  491.853731][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  491.856494][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  491.859309][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  491.862129][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  491.865677][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  491.868967][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  491.871814][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  491.874638][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  492.133529][T12527] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  492.302263][T12527] usb 5-1: Using ep0 maxpacket: 8
[  492.307976][T12527] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  492.311623][T12527] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  492.322525][T12527] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  492.327000][T12527] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  492.442449][T13332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2063'.
[  492.532557][T12527] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  492.538992][T12527] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  492.549354][T12527] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.767488][   T40] audit: type=1326 audit(1772191575.825:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13336 comm="syz.1.2065" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700ef6c code=0x0
[  492.782520][T12527] usb 5-1: usb_control_msg returned -32
[  492.785206][T12527] usbtmc 5-1:16.0: can't read capabilities
[  494.925346][   T40] audit: type=1326 audit(1772191577.985:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13358 comm="syz.1.2070" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700ef6c code=0x0
[  495.369887][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2072'.
[  495.766817][T13374] FAT-fs (loop5): unable to read boot sector
[  496.822124][    C1] wdm_int_callback: 24707 callbacks suppressed
[  496.822149][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.826219][    C1] wdm_int_callback: 24707 callbacks suppressed
[  496.826233][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.830871][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.833604][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.836257][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.838718][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.841138][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.843364][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.845629][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.848180][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.850720][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.853152][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.855845][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.858230][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.860936][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.863849][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.866594][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.869058][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.871534][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  496.874234][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  496.974793][   T40] audit: type=1326 audit(1772191580.035:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13383 comm="syz.1.2079" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700ef6c code=0x0
[  497.809497][T13397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  498.162335][T13399] sctp: [Deprecated]: syz.1.2084 (pid 13399) Use of int in maxseg socket option.
[  498.162335][T13399] Use struct sctp_assoc_value instead
[  498.465125][T13408] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  498.599784][T13411] syzkaller0: entered promiscuous mode
[  498.603395][T13411] syzkaller0: entered allmulticast mode
[  498.762214][T13413] netlink: 'syz.5.2089': attribute type 16 has an invalid length.
[  498.772244][T13413] netlink: 'syz.5.2089': attribute type 17 has an invalid length.
[  498.775674][T13413] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2089'.
[  498.830244][T13413] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  499.399691][T13419] overlay: ./file0 is not a directory
[  499.622948][   T40] audit: type=1326 audit(1772191582.685:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13422 comm="syz.1.2093" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700ef6c code=0x0
[  501.832081][    C1] wdm_int_callback: 23886 callbacks suppressed
[  501.832106][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.837469][    C1] wdm_int_callback: 23886 callbacks suppressed
[  501.837493][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.844638][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.847443][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.851518][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.854794][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.861285][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.864027][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.871263][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.874431][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.878638][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.881350][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.889604][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.891996][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.894897][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.897554][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.900609][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.903020][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  501.905540][    C1] cdc_wdm 9-1:1.0: nonzero urb status received: -71
[  501.907759][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - 0 bytes
[  502.573263][T12303] bond0: (slave syz_tun): Releasing backup interface
[  502.635121][   T67] usb 9-1: USB disconnect, device number 11
[  502.638571][    C1] cdc_wdm 9-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  502.652336][    T9] usb 5-1: USB disconnect, device number 25
[  502.723939][T13452] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2101'.
[  502.727477][T13452] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2101'.
[  502.754548][T13452] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2101'.
[  502.773109][T13452] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2101'.
[  502.902967][T13458] ceph: No source
[  503.000338][T13466] FAULT_INJECTION: forcing a failure.
[  503.000338][T13466] name failslab, interval 1, probability 0, space 0, times 0
[  503.005906][T13466] CPU: 0 UID: 0 PID: 13466 Comm: syz.5.2106 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  503.005935][T13466] Tainted: [L]=SOFTLOCKUP
[  503.005941][T13466] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  503.005951][T13466] Call Trace:
[  503.005958][T13466]  <TASK>
[  503.005965][T13466]  dump_stack_lvl+0x100/0x190
[  503.006007][T13466]  should_fail_ex.cold+0x5/0xa
[  503.006024][T13466]  ? genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280
[  503.006056][T13466]  should_failslab+0xc2/0x120
[  503.006092][T13466]  __kmalloc_noprof+0xe0/0x850
[  503.006117][T13466]  ? rcu_is_watching+0x12/0xc0
[  503.006146][T13466]  genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280
[  503.006175][T13466]  genl_family_rcv_msg_doit+0xc7/0x300
[  503.006201][T13466]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  503.006224][T13466]  ? genl_get_cmd+0x3ef/0x720
[  503.006277][T13466]  ? kasan_save_track+0x14/0x30
[  503.006302][T13466]  ? __kasan_slab_alloc+0x89/0x90
[  503.006326][T13466]  ? __radix_tree_lookup+0x217/0x2b0
[  503.006359][T13466]  genl_rcv_msg+0x560/0x800
[  503.006385][T13466]  ? __pfx_genl_rcv_msg+0x10/0x10
[  503.006408][T13466]  ? __pfx_ieee802154_list_phy+0x10/0x10
[  503.006432][T13466]  ? __lock_acquire+0x4a5/0x2630
[  503.006459][T13466]  netlink_rcv_skb+0x159/0x420
[  503.006517][T13466]  ? __pfx_genl_rcv_msg+0x10/0x10
[  503.006543][T13466]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  503.006575][T13466]  ? netlink_deliver_tap+0x1ae/0xcc0
[  503.006598][T13466]  genl_rcv+0x28/0x40
[  503.006618][T13466]  netlink_unicast+0x5aa/0x870
[  503.006643][T13466]  ? __pfx_netlink_unicast+0x10/0x10
[  503.006663][T13466]  ? __pfx___might_resched+0x10/0x10
[  503.006696][T13466]  netlink_sendmsg+0x8b0/0xda0
[  503.006722][T13466]  ? __pfx_netlink_sendmsg+0x10/0x10
[  503.006747][T13466]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  503.006784][T13466]  ____sys_sendmsg+0xa54/0xc30
[  503.006812][T13466]  ? __pfx_____sys_sendmsg+0x10/0x10
[  503.006848][T13466]  ___sys_sendmsg+0x190/0x1e0
[  503.006874][T13466]  ? __pfx____sys_sendmsg+0x10/0x10
[  503.006928][T13466]  __sys_sendmsg+0x170/0x220
[  503.006949][T13466]  ? __pfx___sys_sendmsg+0x10/0x10
[  503.006978][T13466]  ? __pfx_ksys_write+0x10/0x10
[  503.007011][T13466]  __do_fast_syscall_32+0xe3/0x8c0
[  503.007033][T13466]  do_fast_syscall_32+0x32/0x70
[  503.007052][T13466]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  503.007072][T13466] RIP: 0023:0xf7f66f6c
[  503.007087][T13466] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  503.007103][T13466] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  503.007119][T13466] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[  503.007130][T13466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  503.007139][T13466] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  503.007148][T13466] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  503.007158][T13466] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  503.007181][T13466]  </TASK>
[  503.379028][T13475] netlink: 'syz.2.2109': attribute type 2 has an invalid length.
[  503.387743][   T40] audit: type=1804 audit(1772191586.445:1628): pid=13475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2109" name="/newroot/517/file0/file0" dev="9p" ino=74973251 res=1 errno=0
[  503.481107][T13471] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  503.487401][T13471] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  503.504553][T13471] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  504.740775][T13508] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2119'.
[  504.756550][T13508] netlink: 'syz.5.2119': attribute type 39 has an invalid length.
[  505.051083][T13519] i2c i2c-1: Invalid block write size 34
[  505.424006][T13533] netlink: 'syz.0.2128': attribute type 1 has an invalid length.
[  505.452361][ T5945] Bluetooth: hci4: command 0x0c1a tx timeout
[  505.638113][T13545] fuse: Unknown parameter 'grouN_éd'
[  505.667550][T13547] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2133'.
[  505.671256][T13547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2133'.
[  506.016019][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  506.498258][T13560] FAULT_INJECTION: forcing a failure.
[  506.498258][T13560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.506691][T13560] CPU: 0 UID: 0 PID: 13560 Comm: syz.5.2139 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  506.506722][T13560] Tainted: [L]=SOFTLOCKUP
[  506.506728][T13560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  506.506740][T13560] Call Trace:
[  506.506746][T13560]  <TASK>
[  506.506754][T13560]  dump_stack_lvl+0x100/0x190
[  506.506786][T13560]  should_fail_ex.cold+0x5/0xa
[  506.506808][T13560]  _copy_from_iter+0x1f4/0x1690
[  506.506839][T13560]  ? alloc_pages_mpol+0x25a/0x550
[  506.506857][T13560]  ? __pfx__copy_from_iter+0x10/0x10
[  506.506883][T13560]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  506.506910][T13560]  copy_page_from_iter+0xde/0x180
[  506.506940][T13560]  tun_build_skb.constprop.0+0x2ea/0x15d0
[  506.506975][T13560]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  506.506998][T13560]  ? unwind_get_return_address+0x59/0xa0
[  506.507017][T13560]  ? arch_stack_walk+0xa6/0xf0
[  506.507036][T13560]  ? __lock_acquire+0x4a5/0x2630
[  506.507074][T13560]  tun_get_user+0x16d0/0x3e10
[  506.507108][T13560]  ? __pfx_tun_get_user+0x10/0x10
[  506.507138][T13560]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  506.507165][T13560]  ? find_held_lock+0x2b/0x80
[  506.507180][T13560]  ? tun_get+0x191/0x370
[  506.507199][T13560]  ? tun_get+0x191/0x370
[  506.507227][T13560]  tun_chr_write_iter+0xdc/0x200
[  506.507253][T13560]  vfs_write+0x6ac/0x1070
[  506.507279][T13560]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  506.507305][T13560]  ? __pfx_vfs_write+0x10/0x10
[  506.507329][T13560]  ? find_held_lock+0x2b/0x80
[  506.507361][T13560]  ksys_write+0x12a/0x250
[  506.507385][T13560]  ? __pfx_ksys_write+0x10/0x10
[  506.507417][T13560]  do_int80_emulation+0x141/0x6b0
[  506.507441][T13560]  asm_int80_emulation+0x1a/0x20
[  506.507459][T13560] RIP: 0023:0xf7165cab
[  506.507473][T13560] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  506.507489][T13560] RSP: 002b:00000000f542644c EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  506.507507][T13560] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000000
[  506.507518][T13560] RDX: 0000000000000042 RSI: 0000000000000000 RDI: 0000000000000000
[  506.507528][T13560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  506.507538][T13560] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  506.507548][T13560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  506.507586][T13560]  </TASK>
[  506.833285][T13567] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2142'.
[  506.871587][T13565] wg2 speed is unknown, defaulting to 1000
[  507.364097][T13574] 9p: Bad value for 'wfdno'
[  507.438167][T13575] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2143'.
[  507.444328][T13575] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2143'.
[  507.540572][ T5945] Bluetooth: hci4: command 0x0c1a tx timeout
[  508.845306][ T5934] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  508.852244][ T5934] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  508.859131][ T5934] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  508.872570][ T5934] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  508.876817][ T5934] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  508.921596][T13586] wg2 speed is unknown, defaulting to 1000
[  509.341814][T13594] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[  509.476636][T13586] chnl_net:caif_netlink_parms(): no params data found
[  509.612407][ T5945] Bluetooth: hci4: command 0x0c1a tx timeout
[  509.730348][T13586] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.733946][T13586] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.737542][T13586] bridge_slave_0: entered allmulticast mode
[  509.741919][T13586] bridge_slave_0: entered promiscuous mode
[  509.773572][T13586] bridge0: port 2(bridge_slave_1) entered blocking state
[  509.777725][T13586] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.781877][T13586] bridge_slave_1: entered allmulticast mode
[  509.786170][T13586] bridge_slave_1: entered promiscuous mode
[  509.832659][T13586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  509.840105][T13586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  509.907634][ T6209] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.953986][T13586] team0: Port device team_slave_0 added
[  509.959305][T13586] team0: Port device team_slave_1 added
[  509.986137][T13586] batman_adv: batadv0: Adding interface: batadv_slave_0
[  509.988890][T13586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  510.000664][T13586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  510.005879][T13586] batman_adv: batadv0: Adding interface: batadv_slave_1
[  510.008653][T13586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  510.029294][T13586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  510.048681][T13608] binder: 13607:13608 ioctl 4018620d 0 returned -22
[  510.115935][T13611] overlay: Unknown parameter '/'
[  510.124942][ T6209] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.155377][T13586] hsr_slave_0: entered promiscuous mode
[  510.159267][T13586] hsr_slave_1: entered promiscuous mode
[  510.161571][T13586] debugfs: 'hsr0' already exists in 'hsr'
[  510.164353][T13586] Cannot create hsr debugfs directory
[  510.249399][   T24] wg2 speed is unknown, defaulting to 1000
[  510.252058][   T24] syz2: Port: 1 Link DOWN
[  510.254376][   T24] wg2 speed is unknown, defaulting to 1000
[  510.279864][ T6209] netdevsim netdevsim1 netdevsim1 (unregistering): left allmulticast mode
[  510.286603][ T6209] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.385063][ T6209] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.489348][T13616] erofs (device loop2): cannot find valid erofs superblock
[  510.520128][T13616] netlink: 'syz.2.2155': attribute type 1 has an invalid length.
[  510.902278][ T5945] Bluetooth: hci2: command tx timeout
[  511.193789][ T6209] bond0 (unregistering): (slave bond2): Releasing backup interface
[  511.198261][ T6209] bond0 (unregistering): Released all slaves
[  511.205943][ T6209] bond1 (unregistering): Released all slaves
[  511.217612][ T6209] bond2 (unregistering): Released all slaves
[  511.396350][ T6209] tipc: Left network mode
[  511.940975][T13658] tipc: Enabled bearer <udp:syz2>, priority 10
[  512.075746][T13668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2168'.
[  512.219327][T13586] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  512.235155][T13586] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  512.296338][T13676] netlink: 11 bytes leftover after parsing attributes in process `syz.0.2170'.
[  512.357347][T13678] netlink: 10 bytes leftover after parsing attributes in process `syz.5.2171'.
[  512.391013][T13586] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  512.478588][T13586] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  512.802224][    T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  512.807249][T13586] 8021q: adding VLAN 0 to HW filter on device bond0
[  512.828569][T13586] 8021q: adding VLAN 0 to HW filter on device team0
[  512.872917][T13586] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  512.877187][T13586] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  512.934373][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  512.937520][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  512.943816][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.947162][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  512.977674][ T5945] Bluetooth: hci2: command tx timeout
[  513.078591][T13586] 8021q: adding VLAN 0 to HW filter on device batadv0
[  513.195034][T13586] veth0_vlan: entered promiscuous mode
[  513.221671][T13586] veth1_vlan: entered promiscuous mode
[  513.263284][T13586] veth0_macvtap: entered promiscuous mode
[  513.269864][T13586] veth1_macvtap: entered promiscuous mode
[  513.287459][T13586] batman_adv: batadv0: Interface activated: batadv_slave_0
[  513.312424][T13586] batman_adv: batadv0: Interface activated: batadv_slave_1
[  513.328565][ T1178] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  513.338400][ T1178] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  513.345024][ T1178] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  513.351944][ T1178] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  513.426817][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  513.429833][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  513.503128][ T1178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  513.507760][ T1178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  513.535211][ T6209] veth1_to_batadv: left promiscuous mode
[  513.852426][   T12] smc: removing ib device syz2
[  514.417642][T13712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2176'.
[  515.033485][    T9] usb 10-1: Using ep0 maxpacket: 8
[  515.040003][    T9] usb 10-1: too many configurations: 66, using maximum allowed: 8
[  515.046488][    T9] usb 10-1: unable to read config index 0 descriptor/start: -61
[  515.049677][    T9] usb 10-1: can't read configurations, error -61
[  515.052527][ T5945] Bluetooth: hci2: command tx timeout
[  515.184226][    T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  515.342304][    T9] usb 10-1: Using ep0 maxpacket: 8
[  515.348711][    T9] usb 10-1: too many configurations: 66, using maximum allowed: 8
[  515.370256][    T9] usb 10-1: unable to read config index 0 descriptor/start: -61
[  515.373837][    T9] usb 10-1: can't read configurations, error -61
[  515.390962][    T9] usb usb10-port1: attempt power cycle
[  515.599052][T13730] fuse: Unknown parameter 'f#dæ0x0000000000000004'
[  516.020659][ T6209] IPVS: stop unused estimator thread 0...
[  517.132336][ T5945] Bluetooth: hci2: command tx timeout
[  517.262455][   T67] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  517.412273][   T67] usb 6-1: Using ep0 maxpacket: 32
[  517.417828][   T67] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  517.422761][   T67] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  517.428822][   T67] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  517.434722][   T67] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  517.443490][   T67] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  517.447161][   T67] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.450303][   T67] usb 6-1: Product: syz
[  517.453043][   T67] usb 6-1: Manufacturer: syz
[  517.455570][   T67] usb 6-1: SerialNumber: syz
[  517.464950][    C3] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  517.471048][   T67] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/input/input33
[  517.674766][T13766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2191'.
[  517.679570][T13766] netlink: 'syz.0.2191': attribute type 5 has an invalid length.
[  517.683774][   T67] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  517.687359][   T67]  (id 0x00)
[  517.691088][T13766] netlink: 'syz.0.2191': attribute type 9 has an invalid length.
[  517.699046][T13766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2191'.
[  517.714711][T13766] geneve2: entered promiscuous mode
[  517.717634][T13766] geneve2: entered allmulticast mode
[  517.721411][ T1146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0
[  517.727319][ T1146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0
[  517.738513][ T1146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0
[  517.742893][   T67] rc_core: IR keymap rc-imon-pad not found
[  517.747212][ T1146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0
[  517.750936][   T67] Registered IR keymap rc-empty
[  517.753351][   T67] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  517.757063][   T67] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  517.894389][   T67] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0
[  517.900969][   T67] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0/input34
[  517.910733][   T67] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:9> initialized
[  517.992614][ T6107] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  518.166973][ T6107] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  518.171253][ T6107] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  518.200104][ T6107] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  518.229441][ T6107] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  518.236092][ T6107] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.243829][ T6107] usb 5-1: config 0 descriptor??
[  518.362647][T13778] tipc: Started in network mode
[  518.364359][T13778] tipc: Node identity 7a01662026ba, cluster identity 4711
[  518.367431][T13778] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  518.370697][T13778] syzkaller0: entered promiscuous mode
[  518.373435][T13778] syzkaller0: entered allmulticast mode
[  518.472621][T13778] tipc: Resetting bearer <eth:syzkaller0>
[  518.512610][T13778] tipc: Disabling bearer <eth:syzkaller0>
[  518.563319][T13782] imon:send_packet: packet tx failed (-71)
[  518.564264][    T9] usb 6-1: USB disconnect, device number 9
[  518.586566][T13782] imon:vfd_write: send packet #1 failed
[  518.665582][T13787] binder: 13786:13787 ioctl c0306201 0 returned -14
[  518.722178][T13788] binder: 13786:13788 ioctl c0306201 0 returned -14
[  518.726170][T13788] binder: 13786:13788 ioctl c01cf509 800017c0 returned -22
[  518.765144][ T6107] hid_parser_main: 48 callbacks suppressed
[  518.765163][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.772805][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.775775][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.778515][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.781338][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.785028][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.788435][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.791710][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.795238][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.798485][ T6107] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  518.816466][ T6107] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  518.854407][T13793] netlink: 'syz.2.2198': attribute type 1 has an invalid length.
[  518.884375][T13793] bond4: entered promiscuous mode
[  518.886711][T13793] bond4: entered allmulticast mode
[  518.895114][T13793] 8021q: adding VLAN 0 to HW filter on device bond4
[  518.926212][T13793] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2198'.
[  518.933488][T13793] bond4 (unregistering): Released all slaves
[  519.044507][    T9] usb 5-1: USB disconnect, device number 26
[  519.538234][T13801] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  519.541074][T13801] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  519.544170][T13801] vhci_hcd vhci_hcd.0: Device attached
[  519.606088][T13806] netlink: 'syz.0.2201': attribute type 1 has an invalid length.
[  519.630819][T13806] bond4: entered promiscuous mode
[  519.633860][T13806] bond4: entered allmulticast mode
[  519.636488][T13806] 8021q: adding VLAN 0 to HW filter on device bond4
[  519.651131][T13806] erspan2: entered allmulticast mode
[  519.656384][T13806] bond4: (slave erspan2): making interface the new active one
[  519.659799][T13806] erspan2: entered promiscuous mode
[  519.662999][T13806] bond4: (slave erspan2): Enslaving as an active interface with an up link
[  519.671506][T13806] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2201'.
[  519.708091][T13806] bond4 (unregistering): (slave erspan2): Releasing active interface
[  519.711879][T13806] erspan2: left promiscuous mode
[  519.715892][T13806] bond4 (unregistering): Released all slaves
[  519.842249][ T6107] usb 42-1: SetAddress Request (18) to port 0
[  519.847463][ T6107] usb 42-1: new SuperSpeed USB device number 18 using vhci_hcd
[  520.120477][T13815] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2203'.
[  520.290546][T13803] vhci_hcd: connection reset by peer
[  520.297775][   T12] vhci_hcd vhci_hcd.2: stop threads
[  520.300235][   T12] vhci_hcd vhci_hcd.2: release socket
[  520.312799][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  520.422439][T13824] IPVS: persistence engine module ip_vs_pe_sir not found
[  521.649190][T13853] Invalid argument reading file caps for ./file0
[  522.479793][T13854] delete_channel: no stack
[  523.028499][T13864] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  523.532699][T13895] netlink: 'syz.1.2224': attribute type 32 has an invalid length.
[  523.536363][T13895] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2224'.
[  523.593278][T13895] bond1: Setting coupled_control to off (0)
[  523.844333][T13903] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2225'.
[  523.864111][T13903] team0: Mode changed to "loadbalance"
[  523.890165][T13903] sp0: Synchronizing with TNC
[  523.931165][T13900] [U] è
[  524.902226][ T6107] usb 42-1: device descriptor read/8, error -110
[  525.237563][T13928] Invalid source name
[  525.239258][T13928] UBIFS error (pid: 13928): cannot open "ubifs", error -22
[  525.953110][ T6107] usb usb42-port1: attempt power cycle
[  526.852416][T13950] tipc: Started in network mode
[  526.854567][T13950] tipc: Node identity f2e2ab29c677, cluster identity 4711
[  526.868535][T13950] tipc: Enabled bearer <eth:hsr0>, priority 10
[  527.026908][ T6107] usb usb42-port1: unable to enumerate USB device
[  527.054273][T13955] kvm: pic: single mode not supported
[  527.054295][T13955] kvm: pic: level sensitive irq not supported
[  527.080547][T13955] kvm: pic: level sensitive irq not supported
[  527.751547][T13964] mmap: syz.5.2240 (13964) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  527.982123][   T59] tipc: Node number set to 882223913
[  528.658802][   T40] audit: type=1326 audit(2000000016.579:1629): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.668854][   T40] audit: type=1326 audit(2000000016.579:1630): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.678787][   T40] audit: type=1326 audit(2000000016.579:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.688970][   T40] audit: type=1326 audit(2000000016.579:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.692446][T13984] netdevsim netdevsim5: Direct firmware load for /
[  528.692446][T13984]  failed with error -2
[  528.696209][   T40] audit: type=1326 audit(2000000016.579:1633): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=276 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.703163][T13984] netdevsim netdevsim5: Falling back to sysfs fallback for: /
[  528.703163][T13984] 
[  528.710917][   T40] audit: type=1326 audit(2000000016.579:1634): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.723231][   T40] audit: type=1326 audit(2000000016.579:1635): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.732097][   T40] audit: type=1326 audit(2000000016.579:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.742128][   T40] audit: type=1326 audit(2000000016.599:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.750623][   T40] audit: type=1326 audit(2000000016.599:1638): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=13983 comm="syz.5.2246" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f66f6c code=0x7ffc0000
[  528.937096][T13991] netlink: 'syz.0.2249': attribute type 2 has an invalid length.
[  528.942359][T13991] netlink: 'syz.0.2249': attribute type 1 has an invalid length.
[  529.446392][T14000] gtp0: entered promiscuous mode
[  529.453673][T14000] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2251'.
[  529.692153][   T59] usb 5-1: new low-speed USB device number 27 using dummy_hcd
[  529.844390][   T59] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  529.847462][   T59] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  529.853868][   T59] usb 5-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  529.859858][   T59] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  529.865158][   T59] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  529.869887][   T59] usb 5-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  529.887944][   T59] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  529.891180][   T59] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  529.896397][   T59] usb 5-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  529.905259][   T59] usb 5-1: string descriptor 0 read error: -22
[  529.908314][   T59] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  529.912360][   T59] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.924883][   T59] adutux 5-1:168.0: interrupt endpoints not found
[  530.147649][   T24] usb 5-1: USB disconnect, device number 27
[  532.655046][T14064] FAULT_INJECTION: forcing a failure.
[  532.655046][T14064] name failslab, interval 1, probability 0, space 0, times 0
[  532.660676][T14064] CPU: 2 UID: 0 PID: 14064 Comm: syz.2.2272 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  532.660714][T14064] Tainted: [L]=SOFTLOCKUP
[  532.660723][T14064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  532.660736][T14064] Call Trace:
[  532.660745][T14064]  <TASK>
[  532.660756][T14064]  dump_stack_lvl+0x100/0x190
[  532.660796][T14064]  should_fail_ex.cold+0x5/0xa
[  532.660825][T14064]  should_failslab+0xc2/0x120
[  532.660848][T14064]  __kmalloc_cache_noprof+0x7a/0x6f0
[  532.660877][T14064]  ? tc_new_tfilter+0xdb0/0x23b0
[  532.660903][T14064]  ? tcf_chain_tp_find+0x2b5/0x470
[  532.660932][T14064]  tc_new_tfilter+0xdb0/0x23b0
[  532.660984][T14064]  ? rcu_is_cpu_rrupt_from_idle+0x270/0x270
[  532.661021][T14064]  ? kasan_quarantine_put+0x104/0x240
[  532.661052][T14064]  ? lockdep_hardirqs_on+0x78/0x100
[  532.661077][T14064]  ? __pfx_tc_new_tfilter+0x10/0x10
[  532.661107][T14064]  ? kmem_cache_free+0x124/0x6a0
[  532.661133][T14064]  ? skb_release_data+0x7a0/0x9d0
[  532.661166][T14064]  ? __lock_acquire+0x4a5/0x2630
[  532.661212][T14064]  ? find_held_lock+0x2b/0x80
[  532.661235][T14064]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  532.661265][T14064]  ? __pfx_tc_new_tfilter+0x10/0x10
[  532.661295][T14064]  rtnetlink_rcv_msg+0x95e/0xe90
[  532.661326][T14064]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  532.661361][T14064]  ? ref_tracker_free+0x37e/0x6c0
[  532.661388][T14064]  netlink_rcv_skb+0x159/0x420
[  532.661416][T14064]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  532.661445][T14064]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  532.661483][T14064]  ? netlink_deliver_tap+0x1ae/0xcc0
[  532.661515][T14064]  netlink_unicast+0x5aa/0x870
[  532.661545][T14064]  ? __pfx_netlink_unicast+0x10/0x10
[  532.661582][T14064]  netlink_sendmsg+0x8b0/0xda0
[  532.661613][T14064]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.661644][T14064]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  532.661678][T14064]  ____sys_sendmsg+0xa54/0xc30
[  532.661714][T14064]  ? __pfx_____sys_sendmsg+0x10/0x10
[  532.661758][T14064]  ___sys_sendmsg+0x190/0x1e0
[  532.661790][T14064]  ? __pfx____sys_sendmsg+0x10/0x10
[  532.661859][T14064]  __sys_sendmsg+0x170/0x220
[  532.661885][T14064]  ? __pfx___sys_sendmsg+0x10/0x10
[  532.661920][T14064]  ? __pfx_ksys_write+0x10/0x10
[  532.662010][T14064]  __do_fast_syscall_32+0xe3/0x8c0
[  532.662045][T14064]  do_fast_syscall_32+0x32/0x70
[  532.662082][T14064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  532.662109][T14064] RIP: 0023:0xf6ffef6c
[  532.662127][T14064] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  532.662147][T14064] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  532.662169][T14064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580
[  532.662183][T14064] RDX: 000000002008c010 RSI: 0000000000000000 RDI: 0000000000000000
[  532.662194][T14064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  532.662206][T14064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  532.662218][T14064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  532.662247][T14064]  </TASK>
[  533.436347][T14089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2280'.
[  533.496638][T14089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2280'.
[  534.195343][T14099] netlink: 'syz.5.2283': attribute type 5 has an invalid length.
[  534.491192][T14099] input: syz1 as /devices/virtual/input/input35
[  534.505958][T14099] usb usb7: usbfs: process 14099 (syz.5.2283) did not claim interface 0 before use
[  534.510270][T14099] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  534.770846][T14077] delete_channel: no stack
[  535.608383][T14113] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2287'.
[  535.808937][T14121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2291'.
[  535.825429][T14122] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2291'.
[  535.989784][T14130] syz.5.2294: vmalloc error: size 1986356271, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  535.998442][T14130] CPU: 3 UID: 0 PID: 14130 Comm: syz.5.2294 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  535.998473][T14130] Tainted: [L]=SOFTLOCKUP
[  535.998479][T14130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  535.998491][T14130] Call Trace:
[  535.998498][T14130]  <TASK>
[  535.998506][T14130]  dump_stack_lvl+0x100/0x190
[  535.998537][T14130]  warn_alloc.cold+0x95/0x1c1
[  535.998564][T14130]  ? __pfx_warn_alloc+0x10/0x10
[  535.998605][T14130]  __vmalloc_node_range_noprof+0x1252/0x1530
[  535.998628][T14130]  ? lock_acquire+0x1cf/0x380
[  535.998650][T14130]  ? ip_set_sockfn_get+0x18e/0xd20
[  535.998677][T14130]  ? __lock_acquire+0x4a5/0x2630
[  535.998697][T14130]  ? __mutex_lock+0x26a/0x1b90
[  535.998715][T14130]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  535.998733][T14130]  ? find_held_lock+0x2b/0x80
[  535.998751][T14130]  ? rcu_is_watching+0x12/0xc0
[  535.998777][T14130]  ? ip_set_sockfn_get+0x18e/0xd20
[  535.998801][T14130]  __vmalloc_node_noprof+0xad/0xf0
[  535.998821][T14130]  ? ip_set_sockfn_get+0x18e/0xd20
[  535.998851][T14130]  ip_set_sockfn_get+0x18e/0xd20
[  535.998877][T14130]  ? __pfx_ip_set_sockfn_get+0x10/0x10
[  535.998904][T14130]  ? nf_sockopt_find.isra.0+0x222/0x290
[  535.998930][T14130]  nf_getsockopt+0x7c/0xe0
[  535.998952][T14130]  ip_getsockopt+0x192/0x1e0
[  535.998977][T14130]  ? __pfx_ip_getsockopt+0x10/0x10
[  535.999011][T14130]  raw_getsockopt+0x4d/0x1f0
[  535.999035][T14130]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  535.999058][T14130]  do_sock_getsockopt+0x259/0x3d0
[  535.999086][T14130]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  535.999121][T14130]  __sys_getsockopt+0x133/0x1d0
[  535.999159][T14130]  ? __ia32_sys_getsockopt+0xbc/0x160
[  535.999182][T14130]  __ia32_sys_getsockopt+0xbc/0x160
[  535.999203][T14130]  ? __do_fast_syscall_32+0x94/0x8c0
[  535.999221][T14130]  ? lockdep_hardirqs_on+0x78/0x100
[  535.999234][T14130]  __do_fast_syscall_32+0xe3/0x8c0
[  535.999251][T14130]  do_fast_syscall_32+0x32/0x70
[  535.999266][T14130]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  535.999282][T14130] RIP: 0023:0xf7f66f6c
[  535.999294][T14130] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  535.999308][T14130] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 000000000000016d
[  535.999321][T14130] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000000
[  535.999329][T14130] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000080000240
[  535.999336][T14130] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  535.999343][T14130] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  535.999350][T14130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  535.999366][T14130]  </TASK>
[  535.999371][T14130] Mem-Info:
[  536.127387][T14130] active_anon:7034 inactive_anon:396 isolated_anon:0
[  536.127387][T14130]  active_file:11448 inactive_file:4838 isolated_file:0
[  536.127387][T14130]  unevictable:1768 dirty:378 writeback:0
[  536.127387][T14130]  slab_reclaimable:7237 slab_unreclaimable:66800
[  536.127387][T14130]  mapped:26599 shmem:4854 pagetables:1377
[  536.127387][T14130]  sec_pagetables:319 bounce:0
[  536.127387][T14130]  kernel_misc_reclaimable:0
[  536.127387][T14130]  free:64778 free_pcp:12206 free_cma:0
[  536.147527][T14130] Node 0 active_anon:8kB inactive_anon:48kB active_file:0kB inactive_file:480kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:8kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8588kB pagetables:1488kB sec_pagetables:1160kB all_unreclaimable? yes Balloon:0kB
[  536.147584][T14130] Node 1 active_anon:28228kB inactive_anon:1536kB active_file:45792kB inactive_file:18872kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:106308kB dirty:1504kB writeback:0kB shmem:15880kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5120kB pagetables:4120kB sec_pagetables:116kB all_unreclaimable? no Balloon:0kB
[  536.147633][T14130] Node 0 DMA free:2428kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  536.147688][T14130] lowmem_reserve[]: 0 285 285 285 285
[  536.147725][T14130] Node 0 DMA32 free:18244kB boost:2048kB min:15120kB low:18388kB high:21656kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8kB inactive_anon:48kB active_file:0kB inactive_file:480kB unevictable:3536kB writepending:8kB zspages:300kB present:1032196kB managed:292656kB mlocked:0kB bounce:0kB free_pcp:12176kB local_pcp:3976kB free_cma:0kB
[  536.147786][T14130] lowmem_reserve[]: 0 0 0 0 0
[  536.147824][T14130] Node 1 DMA32 free:238216kB boost:4096kB min:51240kB low:63024kB high:74808kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28228kB inactive_anon:1536kB active_file:45792kB inactive_file:18872kB unevictable:3536kB writepending:1504kB zspages:4020kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:36448kB local_pcp:8404kB free_cma:0kB
[  536.147887][T14130] lowmem_reserve[]: 0 0 0 0 0
[  536.147927][T14130] Node 0 DMA: 33*4kB (U) 13*8kB (U) 5*16kB (U) 8*32kB (U) 1*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2428kB
[  536.148383][T14130] Node 0 DMA32: 459*4kB (UME) 47*8kB (UME) 18*16kB (UME) 58*32kB (UME) 21*64kB (UME) 18*128kB (UME) 10*256kB (UM) 7*512kB (UM) 4*1024kB (UM) 0*2048kB 0*4096kB = 18244kB
[  536.149767][T14130] Node 1 DMA32: 3076*4kB (UE) 2290*8kB (UME) 2031*16kB (UME) 386*32kB (UME) 243*64kB (UM) 159*128kB (UME) 82*256kB (UME) 91*512kB (UM) 40*1024kB (UM) 5*2048kB (M) 2*4096kB (U) = 238352kB
[  536.149979][T14130] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  536.150000][T14130] Node 0 hugepages_total=1 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  536.150017][T14130] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  536.150035][T14130] Node 1 hugepages_total=5 hugepages_free=0 hugepages_surp=2 hugepages_size=2048kB
[  536.150051][T14130] 21985 total pagecache pages
[  536.150060][T14130] 847 pages in swap cache
[  536.150069][T14130] Free swap  = 109640kB
[  536.150076][T14130] Total swap = 124996kB
[  536.150085][T14130] 524155 pages RAM
[  536.150092][T14130] 0 pages HighMem/MovableOnly
[  536.150099][T14130] 210098 pages reserved
[  536.150106][T14130] 0 pages cma reserved
[  536.313297][T14140] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2296'.
[  536.354078][T14142] FAULT_INJECTION: forcing a failure.
[  536.354078][T14142] name failslab, interval 1, probability 0, space 0, times 0
[  536.359873][T14142] CPU: 0 UID: 0 PID: 14142 Comm: syz.0.2297 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  536.359902][T14142] Tainted: [L]=SOFTLOCKUP
[  536.359908][T14142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  536.359919][T14142] Call Trace:
[  536.359926][T14142]  <TASK>
[  536.359934][T14142]  dump_stack_lvl+0x100/0x190
[  536.359962][T14142]  should_fail_ex.cold+0x5/0xa
[  536.359982][T14142]  should_failslab+0xc2/0x120
[  536.359998][T14142]  __kvmalloc_node_noprof+0xfa/0xa00
[  536.360021][T14142]  ? bpf_check+0x20c4/0xcbd0
[  536.360047][T14142]  ? ns_capable+0xd2/0xf0
[  536.360066][T14142]  bpf_check+0x20c4/0xcbd0
[  536.360091][T14142]  ? __lock_acquire+0x4a5/0x2630
[  536.360119][T14142]  ? css_rstat_updated+0x1ce/0x5a0
[  536.360145][T14142]  ? __lock_acquire+0x4a5/0x2630
[  536.360170][T14142]  ? __pfx_bpf_check+0x10/0x10
[  536.360199][T14142]  ? find_held_lock+0x2b/0x80
[  536.360213][T14142]  ? bpf_prog_load+0x1b83/0x2c20
[  536.360234][T14142]  ? __asan_memset+0x23/0x50
[  536.360255][T14142]  ? lsm_blob_alloc+0x2b/0x90
[  536.360277][T14142]  ? bpf_prog_load+0x1c86/0x2c20
[  536.360293][T14142]  bpf_prog_load+0x1c86/0x2c20
[  536.360308][T14142]  ? _parse_integer_limit+0x17f/0x1d0
[  536.360332][T14142]  ? __pfx_bpf_prog_load+0x10/0x10
[  536.360356][T14142]  ? __lock_acquire+0x4a5/0x2630
[  536.360406][T14142]  __sys_bpf+0x223a/0x4b90
[  536.360432][T14142]  ? __pfx___sys_bpf+0x10/0x10
[  536.360472][T14142]  ? proc_fail_nth_write+0x9f/0x220
[  536.360493][T14142]  ? find_held_lock+0x2b/0x80
[  536.360514][T14142]  ? find_held_lock+0x2b/0x80
[  536.360529][T14142]  ? ksys_write+0x190/0x250
[  536.360555][T14142]  ? __mutex_unlock_slowpath+0x15c/0x790
[  536.360588][T14142]  ? fput+0x79/0x100
[  536.360604][T14142]  ? ksys_write+0x1ac/0x250
[  536.360629][T14142]  __ia32_sys_bpf+0x79/0xf0
[  536.360646][T14142]  ? lockdep_hardirqs_on+0x78/0x100
[  536.360665][T14142]  __do_fast_syscall_32+0xe3/0x8c0
[  536.360687][T14142]  do_fast_syscall_32+0x32/0x70
[  536.360706][T14142]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  536.360726][T14142] RIP: 0023:0xf703ef6c
[  536.360740][T14142] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  536.360756][T14142] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  536.360773][T14142] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000200
[  536.360783][T14142] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  536.360793][T14142] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  536.360802][T14142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  536.360811][T14142] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  536.360833][T14142]  </TASK>
[  536.494894][T14144] genirq: Flags mismatch irq 4. 00200000 (pcl816) vs. 00200080 (ttyS0)
[  536.602460][T14148] sock: sock_set_timeout: `syz.0.2299' (pid 14148) tries to set negative timeout
[  536.672407][T14153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2300'.
[  537.389453][T14172] overlayfs: missing 'lowerdir'
[  537.987449][   T40] kauditd_printk_skb: 419 callbacks suppressed
[  537.987461][   T40] audit: type=1326 audit(2000000025.909:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.000991][   T40] audit: type=1326 audit(2000000025.919:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.011570][   T40] audit: type=1326 audit(2000000025.919:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.020330][   T40] audit: type=1326 audit(2000000025.919:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.056798][   T40] audit: type=1326 audit(2000000025.919:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.078131][   T40] audit: type=1326 audit(2000000025.919:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.119056][   T40] audit: type=1326 audit(2000000025.919:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.128870][   T40] audit: type=1326 audit(2000000025.919:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.137816][   T40] audit: type=1326 audit(2000000025.919:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  538.149022][   T40] audit: type=1326 audit(2000000025.919:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14187 comm="syz.1.2310" exe="/syz-executor" sig=0 arch=40000003 syscall=373 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  539.306219][T14204] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2313'.
[  539.354332][T14204] vxlan0: entered promiscuous mode
[  539.362183][  T103] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  539.386461][  T103] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  539.390255][  T103] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  539.395406][  T103] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  539.936081][T14218] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2320'.
[  540.190591][T14230] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  541.716300][T14263] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2332'.
[  541.732868][T14263] 8021q: adding VLAN 0 to HW filter on device team0
[  541.741699][T14263] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  542.498952][T14277] netlink: 'syz.5.2336': attribute type 1 has an invalid length.
[  542.526036][T14277] bond1: entered promiscuous mode
[  542.528674][T14277] 8021q: adding VLAN 0 to HW filter on device bond1
[  542.616893][T14277] bond1: (slave gretap1): making interface the new active one
[  542.620985][T14277] gretap1: entered promiscuous mode
[  542.626681][T14277] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  542.700225][T14277] macvlan2: entered promiscuous mode
[  542.710493][T14277] macvlan2: entered allmulticast mode
[  542.721824][T14277] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  544.237365][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  544.237383][   T40] audit: type=1326 audit(2000000032.159:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.383681][   T40] audit: type=1326 audit(2000000032.159:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=283 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.394131][   T40] audit: type=1326 audit(2000000032.159:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.404705][   T40] audit: type=1326 audit(2000000032.159:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.420757][   T40] audit: type=1326 audit(2000000032.159:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.420803][   T40] audit: type=1326 audit(2000000032.169:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.420839][   T40] audit: type=1326 audit(2000000032.169:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.420875][   T40] audit: type=1326 audit(2000000032.169:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.420910][   T40] audit: type=1326 audit(2000000032.169:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.420947][   T40] audit: type=1326 audit(2000000032.169:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14323 comm="syz.2.2347" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  544.893839][T14348] sp0: Synchronizing with TNC
[  545.771937][T14360] xt_cgroup: xt_cgroup: no path or classid specified
[  546.408149][T14369] tmpfs: Bad value for 'nr_blocks'
[  547.681029][T14405] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2368'.
[  547.685190][T14405] netlink: 90 bytes leftover after parsing attributes in process `syz.5.2368'.
[  547.689443][T14405] netlink: 90 bytes leftover after parsing attributes in process `syz.5.2368'.
[  548.712723][T14424] syzkaller0: entered promiscuous mode
[  548.715035][T14424] syzkaller0: entered allmulticast mode
[  548.915961][T14429] syzkaller0: entered promiscuous mode
[  548.918756][T14429] syzkaller0: entered allmulticast mode
[  549.130535][    C3] sr 2:0:0:0: [sr0] tag#21 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  549.135498][    C3] sr 2:0:0:0: [sr0] tag#21 CDB: Write(16) 8a 85 d3 3c 8d eb 76 31 50 b9 d9 b3
[  549.168299][T14432] syzkaller0: entered promiscuous mode
[  549.172696][T14432] syzkaller0: entered allmulticast mode
[  549.235223][T14438] 9p: Bad value for 'rfdno'
[  549.696542][T14443] netlink: 'syz.1.2379': attribute type 1 has an invalid length.
[  551.384560][T14458] fuse: Unknown parameter 'smackfstransmute'
[  551.662622][T14461] 9p: Bad value for 'rfdno'
[  551.682686][T14461] FAULT_INJECTION: forcing a failure.
[  551.682686][T14461] name failslab, interval 1, probability 0, space 0, times 0
[  551.688580][T14461] CPU: 1 UID: 0 PID: 14461 Comm: syz.5.2385 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  551.688610][T14461] Tainted: [L]=SOFTLOCKUP
[  551.688615][T14461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  551.688626][T14461] Call Trace:
[  551.688633][T14461]  <TASK>
[  551.688640][T14461]  dump_stack_lvl+0x100/0x190
[  551.688668][T14461]  should_fail_ex.cold+0x5/0xa
[  551.688687][T14461]  ? tomoyo_realpath_from_path+0xb6/0x690
[  551.688705][T14461]  should_failslab+0xc2/0x120
[  551.688720][T14461]  __kmalloc_noprof+0xe0/0x850
[  551.688747][T14461]  tomoyo_realpath_from_path+0xb6/0x690
[  551.688769][T14461]  tomoyo_path_number_perm+0x23c/0x580
[  551.688791][T14461]  ? tomoyo_path_number_perm+0x22e/0x580
[  551.688821][T14461]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  551.688866][T14461]  ? find_held_lock+0x2b/0x80
[  551.688880][T14461]  ? hook_file_ioctl_common+0x146/0x410
[  551.688903][T14461]  ? __fget_files+0x215/0x3d0
[  551.688929][T14461]  ? __fget_files+0x21f/0x3d0
[  551.688956][T14461]  security_file_ioctl_compat+0xd3/0x230
[  551.688981][T14461]  __ia32_compat_sys_ioctl+0xc2/0x360
[  551.689006][T14461]  __do_fast_syscall_32+0xe3/0x8c0
[  551.689029][T14461]  do_fast_syscall_32+0x32/0x70
[  551.689047][T14461]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  551.689068][T14461] RIP: 0023:0xf7f66f6c
[  551.689082][T14461] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  551.689098][T14461] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  551.689114][T14461] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000009201
[  551.689145][T14461] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  551.689154][T14461] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  551.689163][T14461] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  551.689173][T14461] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  551.689195][T14461]  </TASK>
[  551.689436][T14461] ERROR: Out of memory at tomoyo_realpath_from_path.
[  552.449310][T14443] bond2: entered promiscuous mode
[  552.452440][T14443] 8021q: adding VLAN 0 to HW filter on device bond2
[  552.481735][T14446] bond2: (slave gretap1): making interface the new active one
[  552.494158][T14446] gretap1: entered promiscuous mode
[  552.502502][T14446] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  552.524424][T14450] macvlan2: entered promiscuous mode
[  552.533225][T14450] macvlan2: entered allmulticast mode
[  552.539533][T14450] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  555.242245][T14508] comedi comedi2: reset error (fatal)
[  555.420457][T14528] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  555.423737][T14528] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  555.463065][T14528] vhci_hcd vhci_hcd.0: Device attached
[  555.736972][T14528] netlink: 'syz.0.2402': attribute type 12 has an invalid length.
[  555.742216][ T6107] usb 38-1: SetAddress Request (19) to port 0
[  555.749769][ T6107] usb 38-1: new SuperSpeed USB device number 19 using vhci_hcd
[  556.652577][T14529] vhci_hcd: connection reset by peer
[  556.692541][  T114] vhci_hcd vhci_hcd.0: stop threads
[  556.695232][  T114] vhci_hcd vhci_hcd.0: release socket
[  556.697880][  T114] vhci_hcd vhci_hcd.0: disconnect device
[  557.674258][   T40] kauditd_printk_skb: 29 callbacks suppressed
[  557.674272][   T40] audit: type=1326 audit(2000000045.599:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14546 comm="syz.0.2406" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703ef6c code=0x0
[  559.958140][T14561] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  560.812166][ T6107] usb 38-1: device descriptor read/8, error -110
[  561.213836][T14582] bridge0: port 2(bridge_slave_1) entered disabled state
[  561.219599][T14582] bridge0: port 1(bridge_slave_0) entered disabled state
[  561.232831][ T6107] usb usb38-port1: attempt power cycle
[  561.427694][T14587] netlink: 'syz.5.2420': attribute type 1 has an invalid length.
[  561.486730][T14590] netlink: 'syz.2.2418': attribute type 1 has an invalid length.
[  561.487665][T14587] bond2: entered promiscuous mode
[  561.495514][T14587] bond2: entered allmulticast mode
[  561.498605][T14587] 8021q: adding VLAN 0 to HW filter on device bond2
[  561.520267][T14594] 9p: Bad value for 'rfdno'
[  561.537724][T14595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2418'.
[  561.542256][T14587] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2420'.
[  561.563878][T14590] bond4: entered promiscuous mode
[  561.566978][T14590] bond4: entered allmulticast mode
[  561.578487][T14590] 8021q: adding VLAN 0 to HW filter on device bond4
[  561.624166][T14591] erspan1: entered allmulticast mode
[  561.664599][T14591] bond2: (slave erspan1): making interface the new active one
[  561.671744][T14591] erspan1: entered promiscuous mode
[  561.685325][T14591] bond2: (slave erspan1): Enslaving as an active interface with an up link
[  561.709833][T14595] bond4 (unregistering): Released all slaves
[  561.732623][T14587] bond2 (unregistering): (slave erspan1): Releasing active interface
[  561.736620][T14587] erspan1: left promiscuous mode
[  561.743413][T14587] bond2 (unregistering): Released all slaves
[  561.853094][ T6107] usb usb38-port1: unable to enumerate USB device
[  563.347746][T14631] netlink: 'syz.5.2431': attribute type 10 has an invalid length.
[  563.936352][T14644] syzkaller0: entered promiscuous mode
[  563.939248][T14644] syzkaller0: entered allmulticast mode
[  566.388553][T14659] netem: incorrect gi model size
[  566.391742][T14659] netem: change failed
[  566.848410][   T40] audit: type=1326 audit(2000000054.769:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14669 comm="syz.2.2440" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6ffef6c code=0x0
[  566.953967][ T5968] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  567.223932][ T5968] usb 5-1: Using ep0 maxpacket: 8
[  567.228945][ T5968] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  567.233634][ T5968] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  567.237283][ T5968] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  567.240907][ T5968] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  567.247363][ T5968] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  567.250678][ T5968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.456849][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  567.471644][ T5968] usb 5-1: GET_CAPABILITIES returned 0
[  567.474530][ T5968] usbtmc 5-1:16.0: can't read capabilities
[  567.684558][    T9] usb 5-1: USB disconnect, device number 28
[  568.434778][   T40] audit: type=1326 audit(2000000056.349:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14692 comm="syz.5.2446" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  570.715401][T14724] ipt_ECN: cannot use operation on non-tcp rule
[  572.314544][T14741] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  572.749006][   T40] audit: type=1326 audit(2000000060.669:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14753 comm="syz.5.2469" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  574.455885][T14772] FAULT_INJECTION: forcing a failure.
[  574.455885][T14772] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.461440][T14772] CPU: 2 UID: 0 PID: 14772 Comm: syz.0.2473 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  574.461469][T14772] Tainted: [L]=SOFTLOCKUP
[  574.461481][T14772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  574.461490][T14772] Call Trace:
[  574.461496][T14772]  <TASK>
[  574.461503][T14772]  dump_stack_lvl+0x100/0x190
[  574.461534][T14772]  should_fail_ex.cold+0x5/0xa
[  574.461556][T14772]  _copy_from_iter+0x1f4/0x1690
[  574.461588][T14772]  ? __pfx__copy_from_iter+0x10/0x10
[  574.461636][T14772]  ? __pfx___might_resched+0x10/0x10
[  574.461667][T14772]  ? aa_sk_perm+0x309/0xaa0
[  574.461695][T14772]  hci_sock_sendmsg+0x4a1/0x2620
[  574.461719][T14772]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  574.461737][T14772]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  574.461764][T14772]  sock_write_iter+0x566/0x610
[  574.461790][T14772]  ? __pfx_sock_write_iter+0x10/0x10
[  574.461812][T14772]  ? get_pid_task+0xfc/0x250
[  574.461868][T14772]  ? bpf_lsm_file_permission+0x9/0x10
[  574.461893][T14772]  ? security_file_permission+0x76/0x210
[  574.461922][T14772]  ? rw_verify_area+0xce/0x6d0
[  574.461947][T14772]  vfs_write+0x6ac/0x1070
[  574.461987][T14772]  ? __pfx_sock_write_iter+0x10/0x10
[  574.462013][T14772]  ? __pfx_vfs_write+0x10/0x10
[  574.462036][T14772]  ? find_held_lock+0x2b/0x80
[  574.462066][T14772]  ksys_write+0x1f8/0x250
[  574.462092][T14772]  ? __pfx_ksys_write+0x10/0x10
[  574.462117][T14772]  ? __pfx_ksys_write+0x10/0x10
[  574.462146][T14772]  __do_fast_syscall_32+0xe3/0x8c0
[  574.462171][T14772]  do_fast_syscall_32+0x32/0x70
[  574.462190][T14772]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  574.462213][T14772] RIP: 0023:0xf703ef6c
[  574.462228][T14772] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  574.462244][T14772] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  574.462261][T14772] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000000
[  574.462272][T14772] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  574.462282][T14772] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  574.462292][T14772] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  574.462302][T14772] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  574.462324][T14772]  </TASK>
[  574.958623][T14777] Process accounting resumed
[  575.202896][T14784] overlayfs: missing 'workdir'
[  575.847561][T14789] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2476'.
[  577.048522][T14805] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.052284][T14805] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.180021][ T5934] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  577.193072][ T5934] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  577.201195][ T5934] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  577.212371][ T5934] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  577.244656][ T5934] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  577.847688][ T9253] bond0: (slave syz_tun): Releasing backup interface
[  578.034543][T14807] chnl_net:caif_netlink_parms(): no params data found
[  578.364871][T14807] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.368613][T14807] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.375029][T14807] bridge_slave_0: entered allmulticast mode
[  578.384733][T14807] bridge_slave_0: entered promiscuous mode
[  578.395282][T14807] bridge0: port 2(bridge_slave_1) entered blocking state
[  578.402250][T14807] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.405382][T14807] bridge_slave_1: entered allmulticast mode
[  578.408349][T14807] bridge_slave_1: entered promiscuous mode
[  578.465892][T14807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  578.471348][T14807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  578.505472][T14807] team0: Port device team_slave_0 added
[  578.510520][T14807] team0: Port device team_slave_1 added
[  578.537120][T14807] batman_adv: batadv0: Adding interface: batadv_slave_0
[  578.540190][T14807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  578.562851][T14807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  578.573911][T14807] batman_adv: batadv0: Adding interface: batadv_slave_1
[  578.576934][T14807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  578.603357][T14807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  578.684869][T14807] hsr_slave_0: entered promiscuous mode
[  578.687526][T14807] hsr_slave_1: entered promiscuous mode
[  578.692133][ T6107] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  578.719232][T14807] debugfs: 'hsr0' already exists in 'hsr'
[  578.728259][T14807] Cannot create hsr debugfs directory
[  578.802503][   T40] audit: type=1326 audit(2000000066.729:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14825 comm="syz.0.2489" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703ef6c code=0x0
[  578.843815][ T6107] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  578.847579][ T6107] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  578.862074][ T6107] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  578.868171][ T6107] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  578.874614][ T6107] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  578.890822][ T6107] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  578.895032][ T6107] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  578.899969][ T6107] usb 10-1: Product: syz
[  578.901801][ T6107] usb 10-1: Manufacturer: syz
[  578.971281][ T6107] cdc_wdm 10-1:1.0: skipping garbage
[  578.989122][ T6107] cdc_wdm 10-1:1.0: skipping garbage
[  578.995042][ T6107] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  578.998305][ T6107] cdc_wdm 10-1:1.0: Unknown control protocol
[  579.017226][T14807] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.111252][T14807] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.221621][T14807] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.314506][T14807] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  579.372215][ T5934] Bluetooth: hci1: command tx timeout
[  579.383491][ T5931] usb 10-1: USB disconnect, device number 5
[  579.575169][T14807] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  579.586417][T14807] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  579.596734][T14807] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  579.605642][T14807] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  579.732497][T14807] 8021q: adding VLAN 0 to HW filter on device bond0
[  579.752160][T14807] 8021q: adding VLAN 0 to HW filter on device team0
[  579.761734][ T6209] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.765110][ T6209] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.785427][ T6209] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.788767][ T6209] bridge0: port 2(bridge_slave_1) entered forwarding state
[  580.067681][T14807] 8021q: adding VLAN 0 to HW filter on device batadv0
[  580.125842][T14807] veth0_vlan: entered promiscuous mode
[  580.134793][T14807] veth1_vlan: entered promiscuous mode
[  580.161667][T14807] veth0_macvtap: entered promiscuous mode
[  580.168451][T14807] veth1_macvtap: entered promiscuous mode
[  580.206129][T14807] batman_adv: batadv0: Interface activated: batadv_slave_0
[  580.217153][T14807] batman_adv: batadv0: Interface activated: batadv_slave_1
[  580.230223][ T6209] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  580.235441][ T6209] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  580.308978][ T6209] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  580.313333][ T6209] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  580.866487][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  580.869530][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  580.893020][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  580.896469][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.038867][T14856] syzkaller0: entered promiscuous mode
[  581.044500][T14856] syzkaller0: entered allmulticast mode
[  581.458374][ T5934] Bluetooth: hci1: command tx timeout
[  581.554567][T14873] FAULT_INJECTION: forcing a failure.
[  581.554567][T14873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  581.563298][T14873] CPU: 2 UID: 0 PID: 14873 Comm: syz.2.2499 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  581.563332][T14873] Tainted: [L]=SOFTLOCKUP
[  581.563339][T14873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  581.563351][T14873] Call Trace:
[  581.563358][T14873]  <TASK>
[  581.563367][T14873]  dump_stack_lvl+0x100/0x190
[  581.563401][T14873]  should_fail_ex.cold+0x5/0xa
[  581.563425][T14873]  _copy_to_user+0x32/0xd0
[  581.563456][T14873]  __ia32_sys_sched_getparam+0x16c/0x300
[  581.563479][T14873]  ? __pfx___ia32_sys_sched_getparam+0x10/0x10
[  581.563500][T14873]  ? syscall_user_dispatch+0x76/0x130
[  581.563531][T14873]  __do_fast_syscall_32+0xe3/0x8c0
[  581.563558][T14873]  do_fast_syscall_32+0x32/0x70
[  581.563580][T14873]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  581.563605][T14873] RIP: 0023:0xf7ff4f6c
[  581.563621][T14873] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  581.563640][T14873] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 000000000000009b
[  581.563660][T14873] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800001c0
[  581.563677][T14873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  581.563688][T14873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  581.563699][T14873] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  581.563709][T14873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  581.563735][T14873]  </TASK>
[  582.161683][T14879] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2502'.
[  582.449155][T14879] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.465916][T14879] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.472899][T14879] bond0 (unregistering): Released all slaves
[  583.398055][T14895] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2507'.
[  583.532113][ T5934] Bluetooth: hci1: command tx timeout
[  584.473372][T14913] syzkaller0: entered promiscuous mode
[  584.475760][T14913] syzkaller0: entered allmulticast mode
[  585.549468][T14925] program syz.0.2516 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  585.612304][ T5934] Bluetooth: hci1: command tx timeout
[  585.939907][T14935] Cannot find del_set index 0 as target
[  586.015051][ T1109] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  586.018123][ T1109] ata1: failed to read log page 10h (errno=-5)
[  586.021255][ T1109] ata1.00: exception Emask 0x1 SAct 0x20000 SErr 0x0 action 0x0
[  586.028016][T14942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2520'.
[  586.036153][ T1109] ata1.00: irq_stat 0x40000000
[  586.038391][ T1109] ata1.00: failed command: WRITE FPDMA QUEUED
[  586.041465][ T1109] ata1.00: cmd 61/58:88:36:81:08/00:00:00:00:00/40 tag 17 ncq dma 45056 out
[  586.041465][ T1109]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  586.055612][ T1109] ata1.00: status: { DRDY }
[  586.065832][ T1109] ata1.00: configured for UDMA/100
[  586.068604][ T1109] ata1: EH complete
[  586.271444][T14950] input: syz0 as /devices/virtual/input/input36
[  586.309253][T14948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2519'.
[  586.392706][T14935] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.396514][T14935] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.495425][T14961] FAULT_INJECTION: forcing a failure.
[  586.495425][T14961] name failslab, interval 1, probability 0, space 0, times 0
[  586.501259][T14961] CPU: 2 UID: 0 PID: 14961 Comm: syz.5.2526 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  586.501288][T14961] Tainted: [L]=SOFTLOCKUP
[  586.501295][T14961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  586.501305][T14961] Call Trace:
[  586.501313][T14961]  <TASK>
[  586.501321][T14961]  dump_stack_lvl+0x100/0x190
[  586.501353][T14961]  should_fail_ex.cold+0x5/0xa
[  586.501375][T14961]  should_failslab+0xc2/0x120
[  586.501397][T14961]  __kvmalloc_node_noprof+0xfa/0xa00
[  586.501422][T14961]  ? xt_alloc_table_info+0x44/0xa0
[  586.501444][T14961]  ? xt_find_target+0x1dc/0x280
[  586.501471][T14961]  xt_alloc_table_info+0x44/0xa0
[  586.501496][T14961]  translate_compat_table+0xa78/0x1750
[  586.501561][T14961]  ? __pfx_translate_compat_table+0x10/0x10
[  586.501607][T14961]  compat_do_replace+0x279/0x500
[  586.501634][T14961]  ? __pfx_compat_do_replace+0x10/0x10
[  586.501665][T14961]  ? lock_acquire+0x1cf/0x380
[  586.501695][T14961]  ? bpf_lsm_capable+0x9/0x10
[  586.501718][T14961]  ? security_capable+0x80/0x260
[  586.501744][T14961]  do_ipt_set_ctl+0x562/0xaf0
[  586.501768][T14961]  ? nf_sockopt_find.isra.0+0x222/0x290
[  586.501798][T14961]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  586.501823][T14961]  ? sockopt_release_sock+0x57/0x70
[  586.501842][T14961]  ? __local_bh_enable_ip+0x9e/0x120
[  586.501863][T14961]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  586.501899][T14961]  ? nf_sockopt_find.isra.0+0x222/0x290
[  586.501925][T14961]  nf_setsockopt+0x8d/0xf0
[  586.501963][T14961]  ip_setsockopt+0xcb/0xf0
[  586.501992][T14961]  raw_setsockopt+0x60/0x1b0
[  586.502013][T14961]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  586.502034][T14961]  do_sock_setsockopt+0xf3/0x1d0
[  586.502055][T14961]  __sys_setsockopt+0x119/0x190
[  586.502089][T14961]  __ia32_sys_setsockopt+0xbc/0x160
[  586.502104][T14961]  ? __do_fast_syscall_32+0x94/0x8c0
[  586.502122][T14961]  ? lockdep_hardirqs_on+0x78/0x100
[  586.502137][T14961]  __do_fast_syscall_32+0xe3/0x8c0
[  586.502155][T14961]  do_fast_syscall_32+0x32/0x70
[  586.502171][T14961]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  586.502188][T14961] RIP: 0023:0xf7f66f6c
[  586.502201][T14961] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  586.502216][T14961] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  586.502231][T14961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  586.502240][T14961] RDX: 0000000000000040 RSI: 0000000080000580 RDI: 00000000000002b0
[  586.502249][T14961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  586.502257][T14961] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  586.502266][T14961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  586.502285][T14961]  </TASK>
[  586.909438][T14935] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  586.919381][T14935] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  587.768137][T14948] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.887667][ T6209] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  587.898424][   T68] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  587.902330][   T68] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  587.923766][T14968] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  587.967238][T14970] affs: Unknown parameter 'grpquota€
'
[  588.078403][T14978] netlink: 'syz.5.2532': attribute type 1 has an invalid length.
[  588.098909][T14978] bond2: entered promiscuous mode
[  588.100929][T14978] bond2: entered allmulticast mode
[  588.105185][T14978] 8021q: adding VLAN 0 to HW filter on device bond2
[  588.129769][T14979] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  588.130183][T14978] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2532'.
[  588.150846][T14978] bond2 (unregistering): Released all slaves
[  588.248800][T14983] overlayfs: failed to clone upperpath
[  589.488082][T15005] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  593.263104][T15045] binder: 15037:15045 unknown command 0
[  593.265506][T15045] binder: 15037:15045 ioctl c0306201 80000080 returned -22
[  593.271593][T15045] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2547'.
[  593.581259][T15049] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2551'.
[  593.652984][ T5945] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  593.663030][ T5945] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  593.675897][ T5945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  593.681685][ T5945] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  593.687142][ T5945] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  594.071114][   T68] smc: removing ib device syz1
[  594.779755][T15050] chnl_net:caif_netlink_parms(): no params data found
[  595.015846][T15066] overlayfs: failed to clone upperpath
[  595.148094][T15050] bridge0: port 1(bridge_slave_0) entered blocking state
[  595.154520][T15050] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.158293][T15050] bridge_slave_0: entered allmulticast mode
[  595.189001][T15050] bridge_slave_0: entered promiscuous mode
[  595.219051][T15050] bridge0: port 2(bridge_slave_1) entered blocking state
[  595.236516][T15050] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.239815][T15050] bridge_slave_1: entered allmulticast mode
[  595.279678][T15050] bridge_slave_1: entered promiscuous mode
[  595.340649][T15050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  595.368317][T15050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  595.454301][T15050] team0: Port device team_slave_0 added
[  595.471767][T15050] team0: Port device team_slave_1 added
[  595.556046][T15050] batman_adv: batadv0: Adding interface: batadv_slave_0
[  595.569893][T15050] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  595.609878][T15050] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  595.640619][T15050] batman_adv: batadv0: Adding interface: batadv_slave_1
[  595.652042][T15050] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  595.682386][T15050] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  595.782137][ T5934] Bluetooth: hci0: command tx timeout
[  595.828084][T15050] hsr_slave_0: entered promiscuous mode
[  595.842643][T15050] hsr_slave_1: entered promiscuous mode
[  595.846889][T15050] debugfs: 'hsr0' already exists in 'hsr'
[  595.849764][T15050] Cannot create hsr debugfs directory
[  596.082644][ T1139] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  596.292239][ T1139] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  596.499044][ T1139] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  596.659155][ T1139] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode
[  596.683799][ T1139] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  596.978738][T15085] overlayfs: overlapping lowerdir path
[  597.656215][T15100] IPVS: persistence engine module ip_vs_pe_sir not found
[  597.852176][ T5934] Bluetooth: hci0: command tx timeout
[  598.068624][ T1139] bond0 (unregistering): Released all slaves
[  598.076771][ T1139] bond1 (unregistering): Released all slaves
[  598.113861][ T1139] bond2 (unregistering): Released all slaves
[  598.141532][ T1139] bond3 (unregistering): Released all slaves
[  598.384020][ T1139] tipc: Disabling bearer <eth:hsr0>
[  598.406377][ T1139] tipc: Disabling bearer <udp:syz2>
[  598.423421][ T1139] tipc: Left network mode
[  598.956227][T15050] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  598.971034][T15050] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  598.984735][T15050] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  599.000410][T15050] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  599.280485][T15050] 8021q: adding VLAN 0 to HW filter on device bond0
[  599.317917][T15050] 8021q: adding VLAN 0 to HW filter on device team0
[  599.330069][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.333366][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[  599.350664][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.353881][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[  599.692562][ T1139] hsr_slave_0: left promiscuous mode
[  599.944869][ T5934] Bluetooth: hci0: command tx timeout
[  600.551841][T15145] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  600.874770][ T5931] IPVS: starting estimator thread 0...
[  600.966090][T15148] tipc: Started in network mode
[  600.968210][T15148] tipc: Node identity d2c960448268, cluster identity 4711
[  600.970988][T15148] tipc: Enabled bearer <eth:hsr0>, priority 10
[  600.974145][T15151] IPVS: using max 26 ests per chain, 62400 per kthread
[  601.006879][T15050] 8021q: adding VLAN 0 to HW filter on device batadv0
[  601.069555][T15050] veth0_vlan: entered promiscuous mode
[  601.078045][T15050] veth1_vlan: entered promiscuous mode
[  601.127231][T15050] veth0_macvtap: entered promiscuous mode
[  601.152249][T15050] veth1_macvtap: entered promiscuous mode
[  601.178895][T15050] batman_adv: batadv0: Interface activated: batadv_slave_0
[  601.189890][T15050] batman_adv: batadv0: Interface activated: batadv_slave_1
[  601.198980][ T1178] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  601.217259][ T6209] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  601.229551][ T6209] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  601.240632][ T6209] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  601.493267][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.496654][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.541175][ T6209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.554483][ T6209] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.916566][ T1139] IPVS: stop unused estimator thread 0...
[  601.962071][    T9] tipc: Node number set to 1352753220
[  602.012147][ T5934] Bluetooth: hci0: command tx timeout
[  602.489536][T15167] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  603.205957][T15177] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2577'.
[  603.431679][T15180] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  603.513920][   T40] audit: type=1326 audit(2000000023.429:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15174 comm="syz.0.2576" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705ef6c code=0x0
[  604.505923][   T40] audit: type=1326 audit(2000000024.419:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15188 comm="syz.1.2581" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  604.855188][T15196] libceph: resolve '0' (ret=-3): failed
[  606.696105][T15210] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2586'.
[  607.260263][T15212] tipc: Started in network mode
[  607.265468][T15212] tipc: Node identity eaee07cac3f7, cluster identity 4711
[  607.268413][T15212] tipc: Enabled bearer <eth:hsr0>, priority 10
[  608.402286][T13310] tipc: Node number set to 689506250
[  609.568247][T15255] vlan2: entered promiscuous mode
[  609.570391][T15255] vlan2: entered allmulticast mode
[  609.573790][T15255] hsr_slave_1: entered allmulticast mode
[  609.672482][T15256] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2597'.
[  610.129386][T15264] fuse: Bad value for 'fd'
[  610.665642][T15274] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  610.725556][T15275] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  610.751917][T15274] netlink: 'syz.5.2603': attribute type 1 has an invalid length.
[  612.262063][T15285] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  612.288110][   T40] audit: type=1326 audit(2000000032.199:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15282 comm="syz.1.2606" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  613.206863][T15297] syzkaller0: entered promiscuous mode
[  613.210113][T15297] syzkaller0: entered allmulticast mode
[  613.435796][T15299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  613.511815][T15301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  613.531224][T15301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  613.553212][T15301] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  613.599643][T15305] netlink: 'syz.5.2613': attribute type 4 has an invalid length.
[  613.607882][T15305] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2613'.
[  614.382194][ T1328] usb 5-1: new low-speed USB device number 29 using dummy_hcd
[  614.456781][T15315] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  614.522228][ T1328] usb 5-1: device descriptor read/64, error -71
[  614.762088][ T1328] usb 5-1: new low-speed USB device number 30 using dummy_hcd
[  614.902328][ T1328] usb 5-1: device descriptor read/64, error -71
[  615.013616][ T1328] usb usb5-port1: attempt power cycle
[  615.352086][ T1328] usb 5-1: new low-speed USB device number 31 using dummy_hcd
[  615.378913][ T1328] usb 5-1: device descriptor read/8, error -71
[  615.474629][   T40] audit: type=1326 audit(2000000035.389:2118): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.487149][   T40] audit: type=1326 audit(2000000035.389:2119): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.502397][T15331] netdevsim netdevsim1: Direct firmware load for /
[  615.502397][T15331]  failed with error -2
[  615.523100][   T40] audit: type=1326 audit(2000000035.389:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.532975][   T40] audit: type=1326 audit(2000000035.389:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.544068][   T40] audit: type=1326 audit(2000000035.399:2122): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=276 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.548296][T15331] netdevsim netdevsim1: Falling back to sysfs fallback for: /
[  615.548296][T15331] 
[  615.553518][   T40] audit: type=1326 audit(2000000035.399:2123): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.566958][   T40] audit: type=1326 audit(2000000035.399:2124): auid=4294967295 uid=255 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.582067][   T40] audit: type=1326 audit(2000000035.409:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.602717][   T40] audit: type=1326 audit(2000000035.409:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15330 comm="syz.1.2621" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cef6c code=0x7ffc0000
[  615.632395][ T1328] usb 5-1: new low-speed USB device number 32 using dummy_hcd
[  615.655968][ T1328] usb 5-1: device descriptor read/8, error -71
[  615.762652][ T1328] usb usb5-port1: unable to enumerate USB device
[  616.516227][T15347] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  616.574902][T15349] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  616.952049][T15357] xt_TPROXY: Can be used only with -p tcp or -p udp
[  617.089307][T15361] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2630'.
[  617.714393][T15371] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  618.164255][T15378] FAULT_INJECTION: forcing a failure.
[  618.164255][T15378] name failslab, interval 1, probability 0, space 0, times 0
[  618.174815][T15378] CPU: 2 UID: 0 PID: 15378 Comm: syz.5.2636 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  618.174845][T15378] Tainted: [L]=SOFTLOCKUP
[  618.174851][T15378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  618.174860][T15378] Call Trace:
[  618.174866][T15378]  <TASK>
[  618.174873][T15378]  dump_stack_lvl+0x100/0x190
[  618.174902][T15378]  should_fail_ex.cold+0x5/0xa
[  618.174922][T15378]  should_failslab+0xc2/0x120
[  618.174938][T15378]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  618.174960][T15378]  ? __pmd_alloc+0xbf/0x9c0
[  618.174982][T15378]  __pmd_alloc+0xbf/0x9c0
[  618.175001][T15378]  __handle_mm_fault+0xa99/0x2b60
[  618.175026][T15378]  ? mt_find+0x45e/0x8e0
[  618.175047][T15378]  ? __pfx___handle_mm_fault+0x10/0x10
[  618.175065][T15378]  ? __pfx_mt_find+0x10/0x10
[  618.175097][T15378]  ? find_vma+0xbf/0x140
[  618.175119][T15378]  ? __pfx_find_vma+0x10/0x10
[  618.175145][T15378]  handle_mm_fault+0x36d/0xa20
[  618.175170][T15378]  do_user_addr_fault+0x74c/0x12f0
[  618.175201][T15378]  exc_page_fault+0x6f/0xd0
[  618.175220][T15378]  asm_exc_page_fault+0x26/0x30
[  618.175235][T15378] RIP: 0010:_copy_from_user+0x93/0xd0
[  618.175260][T15378] Code: dd 14 fd 89 ee 4c 89 ef 48 b8 00 f0 ff ff ff 7f 00 00 48 39 c3 48 0f 47 d8 e8 e9 4b 80 fd 0f 01 cb 4c 89 ef 48 89 de 48 89 e9 <f3> a4 0f 1f 00 49 89 cc 48 89 cb 0f 01 ca 31 ff 48 89 ce e8 45 d8
[  618.175275][T15378] RSP: 0018:ffffc900068afd60 EFLAGS: 00050246
[  618.175289][T15378] RAX: 0000000000000001 RBX: 0000000080000080 RCX: 0000000000000012
[  618.175299][T15378] RDX: 0000000000000001 RSI: 0000000080000080 RDI: ffffc900068afde0
[  618.175309][T15378] RBP: 0000000000000012 R08: 0000000000000001 R09: fffff52000d15fbe
[  618.175319][T15378] R10: ffffc900068afdf1 R11: 0000000000000000 R12: 0000000000000000
[  618.175329][T15378] R13: ffffc900068afde0 R14: ffff888028c0a000 R15: ffff88801290dc00
[  618.175353][T15378]  move_addr_to_kernel+0x65/0x170
[  618.175379][T15378]  __sys_bind+0x11d/0x260
[  618.175403][T15378]  ? __pfx___sys_bind+0x10/0x10
[  618.175435][T15378]  ? ksys_write+0x1ac/0x250
[  618.175478][T15378]  ? __pfx_ksys_write+0x10/0x10
[  618.175506][T15378]  __ia32_sys_bind+0x71/0xb0
[  618.175528][T15378]  ? lockdep_hardirqs_on+0x78/0x100
[  618.175546][T15378]  __do_fast_syscall_32+0xe3/0x8c0
[  618.175574][T15378]  do_fast_syscall_32+0x32/0x70
[  618.175594][T15378]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  618.175613][T15378] RIP: 0023:0xf7f66f6c
[  618.175628][T15378] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  618.175643][T15378] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000169
[  618.175658][T15378] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080
[  618.175668][T15378] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000
[  618.175678][T15378] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  618.175688][T15378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  618.175696][T15378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  618.175719][T15378]  </TASK>
[  618.665783][T15393] binder: 15389:15393 ioctl 400c620e 0 returned -14
[  618.939226][T15396] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  620.288806][T15418] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2649'.
[  620.890426][T15425] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  621.500460][   T40] kauditd_printk_skb: 145 callbacks suppressed
[  621.500479][   T40] audit: type=1326 audit(2000524329.455:2272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15437 comm="syz.5.2657" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  622.411832][T15456] Mount JFS Failure: -5
[  622.416940][T15456] jfs_mount failed w/return code = -5
[  622.503472][T15460] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  622.609879][T15464] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2666'.
[  622.879605][   T40] audit: type=1326 audit(2000524330.845:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  622.921903][   T40] audit: type=1326 audit(2000524330.875:2274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  622.962674][   T40] audit: type=1326 audit(2000524330.875:2275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  622.972343][   T40] audit: type=1326 audit(2000524330.875:2276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=118 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  622.983686][   T40] audit: type=1326 audit(2000524330.875:2277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  623.001591][   T40] audit: type=1326 audit(2000524330.875:2278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  623.013469][   T40] audit: type=1326 audit(2000524330.875:2279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  623.058196][   T40] audit: type=1326 audit(2000524330.875:2280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  623.065851][   T40] audit: type=1326 audit(2000524330.875:2281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15465 comm="syz.2.2667" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  624.703461][T15488] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  624.784955][T15492] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2675'.
[  625.044747][T15499] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2678'.
[  625.466372][T15505] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2680'.
[  625.482378][T15505] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2680'.
[  626.977114][T15519] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  627.239356][   T40] kauditd_printk_skb: 243 callbacks suppressed
[  627.239374][   T40] audit: type=1326 audit(2000524335.235:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15520 comm="syz.5.2685" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  627.331164][   T67] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  627.482899][   T67] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.487443][   T67] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  627.491945][   T67] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.506260][   T67] usb 5-1: config 0 descriptor??
[  627.731014][   T67] usbhid 5-1:0.0: can't add hid device: -71
[  627.733827][   T67] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  627.747874][   T67] usb 5-1: USB disconnect, device number 33
[  628.205304][   T67] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  628.384110][   T67] usb 5-1: Using ep0 maxpacket: 32
[  628.393291][   T67] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  628.399240][   T67] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  628.403589][   T67] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.418102][   T67] usb 5-1: config 0 descriptor??
[  628.431191][   T67] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  628.442875][   T67] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  628.804935][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  628.986279][   T67] usb 5-1: USB disconnect, device number 34
[  628.996694][   T67] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  629.216898][T15545] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2689'.
[  629.605203][T15552] netlink: 'syz.0.2691': attribute type 16 has an invalid length.
[  629.611230][T15552] netlink: 'syz.0.2691': attribute type 17 has an invalid length.
[  629.635802][T15552] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  630.003475][T15560] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  630.697804][T15573] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2698'.
[  631.247193][T15576] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2698'.
[  631.873400][T15584] 9p: Bad value for 'rfdno'
[  632.081771][T15590] FAULT_INJECTION: forcing a failure.
[  632.081771][T15590] name failslab, interval 1, probability 0, space 0, times 0
[  632.100150][T15590] CPU: 1 UID: 0 PID: 15590 Comm: syz.0.2703 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  632.100180][T15590] Tainted: [L]=SOFTLOCKUP
[  632.100190][T15590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  632.100200][T15590] Call Trace:
[  632.100207][T15590]  <TASK>
[  632.100215][T15590]  dump_stack_lvl+0x100/0x190
[  632.100244][T15590]  should_fail_ex.cold+0x5/0xa
[  632.100264][T15590]  ? tomoyo_encode2+0xfb/0x3c0
[  632.100280][T15590]  should_failslab+0xc2/0x120
[  632.100296][T15590]  __kmalloc_noprof+0xe0/0x850
[  632.100316][T15590]  ? d_absolute_path+0x136/0x1b0
[  632.100348][T15590]  tomoyo_encode2+0xfb/0x3c0
[  632.100368][T15590]  tomoyo_encode+0x29/0x50
[  632.100383][T15590]  tomoyo_realpath_from_path+0x18c/0x690
[  632.100405][T15590]  tomoyo_path_perm+0x276/0x460
[  632.100426][T15590]  ? tomoyo_path_perm+0x262/0x460
[  632.100457][T15590]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  632.100479][T15590]  ? __lock_acquire+0x4a5/0x2630
[  632.100506][T15590]  ? __lock_acquire+0x4a5/0x2630
[  632.100537][T15590]  ? find_held_lock+0x2b/0x80
[  632.100552][T15590]  ? __pfx___up_read+0x10/0x10
[  632.100595][T15590]  ? kernfs_dop_revalidate+0x350/0x740
[  632.100618][T15590]  ? kernfs_dop_revalidate+0x350/0x740
[  632.100645][T15590]  tomoyo_path_rmdir+0x91/0xe0
[  632.100663][T15590]  ? __pfx_tomoyo_path_rmdir+0x10/0x10
[  632.100689][T15590]  ? lookup_dcache+0x66/0x170
[  632.100711][T15590]  security_path_rmdir+0x145/0x2b0
[  632.100734][T15590]  filename_rmdir+0x29d/0x5c0
[  632.100752][T15590]  ? __pfx_filename_rmdir+0x10/0x10
[  632.100796][T15590]  ? do_getname+0x191/0x390
[  632.100815][T15590]  __ia32_sys_unlinkat+0xf5/0x130
[  632.100835][T15590]  __do_fast_syscall_32+0xe3/0x8c0
[  632.100857][T15590]  do_fast_syscall_32+0x32/0x70
[  632.100876][T15590]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  632.100896][T15590] RIP: 0023:0xf705ef6c
[  632.100910][T15590] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  632.100925][T15590] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000012d
[  632.100940][T15590] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000140
[  632.100950][T15590] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000000
[  632.100959][T15590] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  632.100968][T15590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  632.100978][T15590] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  632.100999][T15590]  </TASK>
[  632.241594][T15590] ERROR: Out of memory at tomoyo_realpath_from_path.
[  632.409031][   T40] audit: type=1326 audit(2000524340.428:2526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15592 comm="syz.2.2704" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff4f6c code=0x0
[  632.477995][T15603] Attempt to restore checkpoint with obsolete wellknown handles
[  632.613610][   T40] audit: type=1326 audit(2000524340.639:2527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15599 comm="syz.1.2706" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  632.703383][   T40] audit: type=1326 audit(2000524340.729:2528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15606 comm="syz.5.2707" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f66f6c code=0x0
[  632.858524][T15609] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2707'.
[  633.791008][   T40] audit: type=1326 audit(2000524341.826:2529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15617 comm="syz.5.2710" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  635.158183][T15647] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.161734][T15647] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.974045][ T5934] Bluetooth: hci2: command 0x0406 tx timeout
[  636.621000][T15670] syzkaller0: entered promiscuous mode
[  636.623537][T15670] syzkaller0: entered allmulticast mode
[  637.938702][   T40] audit: type=1326 audit(2000524346.000:2530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15679 comm="syz.0.2733" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf705ef6c code=0x0
[  640.107081][T15700] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2738'.
[  641.610276][T15723] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  643.381857][   T40] audit: type=1326 audit(2000524351.469:2531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15747 comm="syz.1.2755" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  645.141570][T15782] batman_adv: batadv0: Adding interface: dummy0
[  645.144453][T15782] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  645.157582][T15782] batman_adv: batadv0: Interface activated: dummy0
[  646.071367][T15785] 9p: Bad value for 'rfdno'
[  646.324327][T15787] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2766'.
[  646.336713][T15787] batadv0: mtu less than device minimum
[  646.343017][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.348412][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.354272][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.359411][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.365081][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.370824][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.376135][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.381381][T15787] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  646.701217][   T40] audit: type=1326 audit(2000524354.805:2532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15790 comm="syz.1.2769" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  647.094380][T12527] kernel write not supported for file /input/mouse0 (pid: 12527 comm: kworker/1:2)
[  648.467558][T15816] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.2776'.
[  648.525056][T15816] virtio-fs: tag </dev/md0> not found
[  648.546707][T15820] net_ratelimit: 11 callbacks suppressed
[  648.546725][T15820] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 80:00:00:00:00:85
[  648.564232][T15818] pimreg: entered allmulticast mode
[  648.567325][T15820] FAULT_INJECTION: forcing a failure.
[  648.567325][T15820] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.575561][T15820] CPU: 3 UID: 0 PID: 15820 Comm: syz.5.2779 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  648.575593][T15820] Tainted: [L]=SOFTLOCKUP
[  648.575600][T15820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  648.575611][T15820] Call Trace:
[  648.575619][T15820]  <TASK>
[  648.575627][T15820]  dump_stack_lvl+0x100/0x190
[  648.575663][T15820]  should_fail_ex.cold+0x5/0xa
[  648.575687][T15820]  _copy_to_user+0x32/0xd0
[  648.575720][T15820]  simple_read_from_buffer+0xcb/0x170
[  648.575752][T15820]  proc_fail_nth_read+0x1af/0x230
[  648.575776][T15820]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.575799][T15820]  ? rw_verify_area+0xce/0x6d0
[  648.575823][T15820]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.575843][T15820]  vfs_read+0x1e4/0xb30
[  648.575901][T15820]  ? __pfx_vfs_read+0x10/0x10
[  648.575927][T15820]  ? find_held_lock+0x2b/0x80
[  648.575955][T15820]  ? __fget_files+0x215/0x3d0
[  648.575989][T15820]  ? __fget_files+0x21f/0x3d0
[  648.576025][T15820]  ksys_read+0x12a/0x250
[  648.576053][T15820]  ? __pfx_ksys_read+0x10/0x10
[  648.576088][T15820]  do_int80_emulation+0x141/0x6b0
[  648.576117][T15820]  asm_int80_emulation+0x1a/0x20
[  648.576136][T15820] RIP: 0023:0xf7165cab
[  648.576153][T15820] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  648.576171][T15820] RSP: 002b:00000000f54264bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  648.576191][T15820] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f54265d0
[  648.576203][T15820] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  648.576213][T15820] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  648.576224][T15820] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  648.576235][T15820] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  648.576262][T15820]  </TASK>
[  648.597103][T15818] pimreg: left allmulticast mode
[  649.591163][   T40] audit: type=1326 audit(2000524357.709:2533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15827 comm="syz.1.2782" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  652.447889][   T40] audit: type=1326 audit(2000524360.582:2534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15862 comm="syz.1.2793" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  652.641973][T15869] tipc: Enabling of bearer <eth:hsr0> rejected, already enabled
[  654.618198][T15889] binder: 15888:15889 ioctl ae41 0 returned -22
[  654.969037][T15897] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2803'.
[  655.311351][   T40] audit: type=1326 audit(2000524363.454:2535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15900 comm="syz.2.2804" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff4f6c code=0x0
[  659.882751][T15973] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2826'.
[  662.409105][   T40] audit: type=1326 audit(2000524370.583:2536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15994 comm="syz.2.2833" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff4f6c code=0x0
[  666.035352][   T40] audit: type=1326 audit(2000524374.226:2537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.1.2847" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cef6c code=0x0
[  667.870559][T16060] loop6: detected capacity change from 0 to 2560
[  667.875005][T16060] buffer_io_error: 27 callbacks suppressed
[  667.875020][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.880300][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.895116][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.903142][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.912169][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.922258][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.936003][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.946608][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.951919][T16060] ldm_validate_partition_table(): Disk read failed.
[  667.959869][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.964493][T16060] Buffer I/O error on dev loop6, logical block 0, async page read
[  667.967867][T16060] Dev loop6: unable to read RDB block 0
[  667.970230][T16060]  loop6: unable to read partition table
[  667.975051][T16060] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  668.330617][ T5340] ldm_validate_partition_table(): Disk read failed.
[  668.337195][ T5340] Dev loop6: unable to read RDB block 0
[  668.340344][ T5340]  loop6: unable to read partition table
[  668.354951][T16070] overlayfs: failed to clone lowerpath
[  668.474553][T16074] binder: 16073:16074 ioctl c0306201 0 returned -14
[  670.086618][   T40] audit: type=1326 audit(2000524378.280:2538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16087 comm="syz.5.2857" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  670.197808][T16103] Invalid logical block size (8353)
[  672.973618][T16143] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2873'.
[  673.199665][T16149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2877'.
[  673.828583][   T40] audit: type=1326 audit(2000524382.042:2539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.2.2881" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff4f6c code=0x0
[  674.604184][T16170] cgroup: fork rejected by pids controller in /syz0
[  674.679185][   T40] audit: type=1326 audit(2000524382.885:2540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16175 comm="syz.5.2884" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  674.732257][ T1328] usb 5-1: new low-speed USB device number 35 using dummy_hcd
[  676.420831][   T40] audit: type=1326 audit(2000524384.640:2541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.660066][   T40] audit: type=1326 audit(2000524384.640:2542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.676251][   T40] audit: type=1326 audit(2000524384.650:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.684670][   T40] audit: type=1326 audit(2000524384.650:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.694331][   T40] audit: type=1326 audit(2000524384.650:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.703242][   T40] audit: type=1326 audit(2000524384.650:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.713410][   T40] audit: type=1326 audit(2000524384.650:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.728682][   T40] audit: type=1326 audit(2000524384.650:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.737654][   T40] audit: type=1326 audit(2000524384.650:2549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.747408][   T40] audit: type=1326 audit(2000524384.660:2550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18713 comm="syz.2.2889" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4f6c code=0x7ffc0000
[  676.954671][ T1328] usb 5-1: unable to get BOS descriptor or descriptor too short
[  676.959137][ T1328] usb 5-1: no configurations
[  676.960961][ T1328] usb 5-1: can't read configurations, error -22
[  677.250479][T18717] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2890'.
[  678.553397][T18732] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000
[  681.175165][T18793] input: syz0 as /devices/virtual/input/input37
[  681.320796][T18798] can0: slcan on ttyS3.
[  681.388315][T18798] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  681.474835][T18797] can0 (unregistered): slcan off ttyS3.
[  682.318446][   T40] kauditd_printk_skb: 80 callbacks suppressed
[  682.318463][   T40] audit: type=1326 audit(2000524390.547:2631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18839 comm="syz.5.2919" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f66f6c code=0x0
[  685.793036][T18870] FAULT_INJECTION: forcing a failure.
[  685.793036][T18870] name failslab, interval 1, probability 0, space 0, times 0
[  685.812940][T18870] CPU: 1 UID: 0 PID: 18870 Comm: syz.5.2926 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  685.812972][T18870] Tainted: [L]=SOFTLOCKUP
[  685.812979][T18870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  685.812994][T18870] Call Trace:
[  685.813001][T18870]  <TASK>
[  685.813009][T18870]  dump_stack_lvl+0x100/0x190
[  685.813042][T18870]  should_fail_ex.cold+0x5/0xa
[  685.813063][T18870]  should_failslab+0xc2/0x120
[  685.813081][T18870]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  685.813105][T18870]  ? security_file_alloc+0x34/0x2c0
[  685.813133][T18870]  ? trace_kmem_cache_alloc+0xf3/0x120
[  685.813153][T18870]  security_file_alloc+0x34/0x2c0
[  685.813180][T18870]  init_file+0x95/0x480
[  685.813199][T18870]  alloc_empty_file+0x73/0x1c0
[  685.813221][T18870]  path_openat+0xe8/0x31a0
[  685.813237][T18870]  ? kasan_save_stack+0x3f/0x50
[  685.813260][T18870]  ? kasan_save_stack+0x30/0x50
[  685.813285][T18870]  ? kasan_save_track+0x14/0x30
[  685.813309][T18870]  ? __kasan_slab_alloc+0x89/0x90
[  685.813333][T18870]  ? kmem_cache_alloc_noprof+0x241/0x6e0
[  685.813355][T18870]  ? do_getname+0x35/0x390
[  685.813373][T18870]  ? do_sys_openat2+0xc5/0x1e0
[  685.813394][T18870]  ? do_fast_syscall_32+0x32/0x70
[  685.813414][T18870]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.813440][T18870]  ? __pfx_path_openat+0x10/0x10
[  685.813468][T18870]  do_file_open+0x20e/0x430
[  685.813488][T18870]  ? __pfx_do_file_open+0x10/0x10
[  685.813535][T18870]  ? alloc_fd+0x476/0x790
[  685.813564][T18870]  ? do_getname+0x191/0x390
[  685.813586][T18870]  do_sys_openat2+0x10d/0x1e0
[  685.813608][T18870]  ? __pfx_do_sys_openat2+0x10/0x10
[  685.813640][T18870]  __ia32_compat_sys_openat+0x12d/0x210
[  685.813664][T18870]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  685.813722][T18870]  __do_fast_syscall_32+0xe3/0x8c0
[  685.813746][T18870]  do_fast_syscall_32+0x32/0x70
[  685.813767][T18870]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.813788][T18870] RIP: 0023:0xf7f66f6c
[  685.813804][T18870] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  685.813820][T18870] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000127
[  685.813839][T18870] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080
[  685.813850][T18870] RDX: 0000000000101080 RSI: 0000000000000000 RDI: 0000000000000000
[  685.813860][T18870] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  685.813871][T18870] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  685.813881][T18870] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  685.813905][T18870]  </TASK>
[  685.919485][ T1328] ------------[ cut here ]------------
[  685.935885][ T1328] [CRTC:35:crtc-0] vblank wait timed out
[  685.938402][ T1328] WARNING: drivers/gpu/drm/drm_atomic_helper.c:1921 at drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0, CPU#2: kworker/2:2/1328
[  685.944273][ T1328] Modules linked in:
[  685.948288][ T1328] CPU: 2 UID: 0 PID: 1328 Comm: kworker/2:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  685.953623][ T1328] Tainted: [L]=SOFTLOCKUP
[  685.955595][ T1328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  685.960202][ T1328] Workqueue: events drm_fb_helper_damage_work
[  685.962990][ T1328] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  685.966777][ T1328] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d a8 a7 44 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 33 de 67 fc e9 7c fe ff ff e8 b9
[  685.975693][ T1328] RSP: 0000:ffffc900075ff6f0 EFLAGS: 00010246
[  685.978475][ T1328] RAX: 0000000000000000 RBX: ffff888024b09320 RCX: 1ffff1100496127f
[  685.982168][ T1328] RDX: ffff8880258b9880 RSI: 0000000000000023 RDI: ffffffff90e4c4e0
[  685.985836][ T1328] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  685.989692][ T1328] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  685.993384][ T1328] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802a82f600
[  685.997077][ T1328] FS:  0000000000000000(0000) GS:ffff88809734f000(0000) knlGS:0000000000000000
[  686.001665][ T1328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  686.004801][ T1328] CR2: 000000008000d000 CR3: 000000006c375000 CR4: 0000000000352ef0
[  686.008257][ T1328] Call Trace:
[  686.010181][ T1328]  <TASK>
[  686.011907][ T1328]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  686.015277][ T1328]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  686.018359][ T1328]  ? lockdep_hardirqs_on+0x78/0x100
[  686.021152][ T1328]  ? __pfx_autoremove_wake_function+0x10/0x10
[  686.023678][ T1328]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  686.026438][ T1328]  drm_atomic_helper_commit_tail+0xff/0x130
[  686.029140][ T1328]  commit_tail+0x338/0x430
[  686.031276][ T1328]  drm_atomic_helper_commit+0x303/0x380
[  686.034501][ T1328]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  686.038250][ T1328]  drm_atomic_commit+0x230/0x300
[  686.040512][ T1328]  ? __pfx_drm_atomic_commit+0x10/0x10
[  686.042972][ T1328]  ? __pfx___drm_printfn_info+0x10/0x10
[  686.045438][ T1328]  ? drm_mode_object_get+0x108/0x170
[  686.047843][ T1328]  drm_atomic_helper_dirtyfb+0x603/0x790
[  686.050427][ T1328]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  686.053246][ T1328]  ? do_raw_spin_lock+0x128/0x260
[  686.055563][ T1328]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  686.059236][ T1328]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  686.062392][ T1328]  drm_fb_helper_damage_work+0x348/0x640
[  686.064929][ T1328]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  686.067636][ T1328]  ? rcu_is_watching+0x12/0xc0
[  686.069892][ T1328]  process_one_work+0x9d7/0x1920
[  686.072173][ T1328]  ? __pfx_process_one_work+0x10/0x10
[  686.074651][ T1328]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  686.077655][ T1328]  worker_thread+0x5da/0xe40
[  686.080602][ T1328]  ? __pfx_worker_thread+0x10/0x10
[  686.083056][ T1328]  ? kthread+0x13a/0x450
[  686.084789][ T1328]  ? __pfx_worker_thread+0x10/0x10
[  686.086936][ T1328]  kthread+0x370/0x450
[  686.088649][ T1328]  ? __pfx_kthread+0x10/0x10
[  686.090922][ T1328]  ret_from_fork+0x754/0xd80
[  686.092955][ T1328]  ? __pfx_ret_from_fork+0x10/0x10
[  686.095207][ T1328]  ? __switch_to+0x7b4/0x1120
[  686.097764][ T1328]  ? __pfx_kthread+0x10/0x10
[  686.100338][ T1328]  ret_from_fork_asm+0x1a/0x30
[  686.102518][ T1328]  </TASK>
[  686.103818][ T1328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  686.106713][ T1328] CPU: 2 UID: 0 PID: 1328 Comm: kworker/2:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  686.110827][ T1328] Tainted: [L]=SOFTLOCKUP
[  686.112510][ T1328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  686.116646][ T1328] Workqueue: events drm_fb_helper_damage_work
[  686.119477][ T1328] Call Trace:
[  686.121249][ T1328]  <TASK>
[  686.122522][ T1328]  dump_stack_lvl+0x100/0x190
[  686.124403][ T1328]  vpanic+0x552/0x970
[  686.126054][ T1328]  ? __pfx_vpanic+0x10/0x10
[  686.127959][ T1328]  panic+0xd1/0xe0
[  686.129561][ T1328]  ? __pfx_panic+0x10/0x10
[  686.131229][ T1328]  ? check_panic_on_warn+0x1f/0x90
[  686.133087][ T1328]  check_panic_on_warn.cold+0x19/0x34
[  686.135096][ T1328]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  686.137937][ T1328]  __warn.cold+0x191/0x348
[  686.139889][ T1328]  __report_bug+0x296/0x3d0
[  686.142169][ T1328]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  686.145342][ T1328]  ? __pfx___report_bug+0x10/0x10
[  686.147354][ T1328]  ? lockdep_hardirqs_on+0x78/0x100
[  686.149566][ T1328]  report_bug_entry+0xe1/0x290
[  686.151944][ T1328]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  686.154865][ T1328]  handle_bug+0x1c9/0x2a0
[  686.156720][ T1328]  exc_invalid_op+0x17/0x50
[  686.158598][ T1328]  asm_exc_invalid_op+0x1a/0x20
[  686.160647][ T1328] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  686.164384][ T1328] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d a8 a7 44 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 33 de 67 fc e9 7c fe ff ff e8 b9
[  686.171690][ T1328] RSP: 0000:ffffc900075ff6f0 EFLAGS: 00010246
[  686.174205][ T1328] RAX: 0000000000000000 RBX: ffff888024b09320 RCX: 1ffff1100496127f
[  686.177283][ T1328] RDX: ffff8880258b9880 RSI: 0000000000000023 RDI: ffffffff90e4c4e0
[  686.180583][ T1328] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  686.183706][ T1328] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  686.186847][ T1328] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802a82f600
[  686.189902][ T1328]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  686.192884][ T1328]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  686.195171][ T1328]  ? lockdep_hardirqs_on+0x78/0x100
[  686.197452][ T1328]  ? __pfx_autoremove_wake_function+0x10/0x10
[  686.200230][ T1328]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  686.203099][ T1328]  drm_atomic_helper_commit_tail+0xff/0x130
[  686.205482][ T1328]  commit_tail+0x338/0x430
[  686.207288][ T1328]  drm_atomic_helper_commit+0x303/0x380
[  686.209612][ T1328]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  686.212133][ T1328]  drm_atomic_commit+0x230/0x300
[  686.214283][ T1328]  ? __pfx_drm_atomic_commit+0x10/0x10
[  686.216500][ T1328]  ? __pfx___drm_printfn_info+0x10/0x10
[  686.218688][ T1328]  ? drm_mode_object_get+0x108/0x170
[  686.220355][ T1328]  drm_atomic_helper_dirtyfb+0x603/0x790
[  686.222067][ T1328]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  686.223797][ T1328]  ? do_raw_spin_lock+0x128/0x260
[  686.225259][ T1328]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  686.227032][ T1328]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  686.229311][ T1328]  drm_fb_helper_damage_work+0x348/0x640
[  686.231587][ T1328]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  686.234357][ T1328]  ? rcu_is_watching+0x12/0xc0
[  686.236717][ T1328]  process_one_work+0x9d7/0x1920
[  686.238831][ T1328]  ? __pfx_process_one_work+0x10/0x10
[  686.241065][ T1328]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  686.243624][ T1328]  worker_thread+0x5da/0xe40
[  686.245604][ T1328]  ? __pfx_worker_thread+0x10/0x10
[  686.247819][ T1328]  ? kthread+0x13a/0x450
[  686.249786][ T1328]  ? __pfx_worker_thread+0x10/0x10
[  686.252108][ T1328]  kthread+0x370/0x450
[  686.253846][ T1328]  ? __pfx_kthread+0x10/0x10
[  686.255901][ T1328]  ret_from_fork+0x754/0xd80
[  686.257869][ T1328]  ? __pfx_ret_from_fork+0x10/0x10
[  686.259642][ T1328]  ? __switch_to+0x7b4/0x1120
[  686.261207][ T1328]  ? __pfx_kthread+0x10/0x10
[  686.262815][ T1328]  ret_from_fork_asm+0x1a/0x30
[  686.264793][ T1328]  </TASK>
[  686.266819][ T1328] Kernel Offset: disabled
[  686.268457][ T1328] Rebooting in 86400 seconds..