last executing test programs:

15m11.257479067s ago: executing program 1 (id=64):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = memfd_create(0x0, 0x7)
fcntl$addseals(r2, 0x409, 0xe)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4)
syz_io_uring_setup(0x186, 0x0, &(0x7f0000000100), &(0x7f0000000000))
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, 0x0)
syslog(0x3, &(0x7f0000000200)=""/90, 0x5a)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180), 0x4)

15m10.314903123s ago: executing program 1 (id=68):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900))
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x8d3, &(0x7f0000000500)={0x0, 0x1, 0x20, 0x5, 0x39d}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\"\xa2:\x04\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\xb0\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\xa6\x00\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJbI\x14/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i\x05\x00\x00\x00\x00\x00\x00\x00\x1f\xed\xa9P\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G\xff\a\x00\x00A\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8e\x05\x00\x00\x00\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafi', 0x7)
fcntl$addseals(r1, 0x409, 0x8)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, 0x0, 0x0, 0x4)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000100), &(0x7f0000000000))
syslog(0x3, &(0x7f0000000200)=""/90, 0x5a)

15m9.394820187s ago: executing program 1 (id=72):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x9)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x20000014})
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1}, './file0\x00'})

15m9.243047527s ago: executing program 1 (id=75):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xf6ffffff, 0x0)

15m9.240762668s ago: executing program 1 (id=76):
r0 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x107900, 0x0)
sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000780)={0x1e8, 0x0, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x70, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1d1}}, {0x14, 0x2, @in={0x2, 0x4e20, @broadcast}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xd}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x412}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK={0xcc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6a}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xc}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3c5}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x89}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xd5a9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xb5a4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffffb}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x57ba783b}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xec90}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x401}]}]}, 0x1e8}, 0x1, 0x0, 0x0, 0x28800}, 0x40000000)
ioctl$CDROM_GET_MCN(r0, 0x5311, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
r1 = open(&(0x7f0000000000)='./bus\x00', 0x60942, 0x0)
utimes(&(0x7f0000000140)='./bus\x00', 0x0)
r2 = openat$adsp1(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
r5 = socket(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$ethtool(0x0, r5)
sendmsg$TIPC_NL_KEY_FLUSH(r5, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80001000}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x7c, r4, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x38, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3ff}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x80}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}]}, @TIPC_NLA_SOCK={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xb}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x101}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ae3}]}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
ftruncate(r3, 0x8)
ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000740))
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$AUDIT_USER_AVC(r6, &(0x7f0000000700)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80446000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000680)={0x6c, 0x453, 0x400, 0x70bd26, 0x25dfdbfb, "9c3c4393f00d0c5bcf1ded77fb742942a708519c624247aa830d5c3729370acf87723fafb02c905bc1f4a4d4323d1e81c5510155c7cc8b51ef493a0b56c77dcc99c47d0aa4b91ce077a43c0443fb13d2e36c613bc4ab4218e3fe16", ["", "", ""]}, 0x6c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20040080)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1c00000021006bcd210002006e04000081000010000000017aa60864", 0x1c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bind$inet(r3, &(0x7f0000000300)={0x2, 0x4e22, @multicast1}, 0x10)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, 0x0)

15m8.992805641s ago: executing program 1 (id=77):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x84b06c5442c26536})
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
r2 = gettid()
r3 = openat$nvram(0xffffff9c, &(0x7f0000000040), 0x260642, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = epoll_create1(0x0)
r5 = fcntl$dupfd(r4, 0x2, 0xffffffffffffffff)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="186f40adae7722a0ca7cc606b5c5bf000042d178ab0a406b7ccbe0214f024a0462aeb206659bdc3a8c17b98b13f99dfb91b913f4fb4f732e5bea63ec130dff9cede43c10adce44ab7c9f24c764ff6df428f402785bcf2184f85bbd3a125a0559546cd7bba195a04b17ed262c59d7d0a9e386ebcc0f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000500)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="1100000000000000", @ANYRES32=r5, @ANYBLOB, @ANYRES32, @ANYBLOB="25ba9d6926589e3a788b9b8589bac26ba0221415c9eb206ccbc10d27808dbe7b695cf40728be41247327d3c0484e4ce1e1399afa24ad93cc65f5a56075c5aa36b8fd3e82ef826aac820ebcbbe494bb16a817fb0fe7fd74a5b78cdd8c09dc8972c0b5e3604454bb339a0f3b20c52e9009a0de81b17955b69f3c91d210cf46a9aac67e9f03000000000000001c2ccf33c266fc3ffff43a0a8a0574295f6a55b6b4c1a68ad15916fdb2fd6320153c1a475f9fde46f42df46b2433fe35b4a1bc732340bb5d1a3e9560462850ee80d5fa04b929e7bb144f48cad4fd21e75b51083b3a3852488b99210835d46886104f08444a6e87b733ae4d", @ANYRES64=0x0], 0x11)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x80010, r3, 0x10000000)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000200)={0x6, 0x3, 0x9, 0x0, 0x2})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.stat\x00', 0x275a, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$PNPIPE_HANDLE(r7, 0x113, 0x3, &(0x7f00000000c0), &(0x7f0000000140)=0x4)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0])

15m8.932802698s ago: executing program 32 (id=77):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x84b06c5442c26536})
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
r2 = gettid()
r3 = openat$nvram(0xffffff9c, &(0x7f0000000040), 0x260642, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = epoll_create1(0x0)
r5 = fcntl$dupfd(r4, 0x2, 0xffffffffffffffff)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="186f40adae7722a0ca7cc606b5c5bf000042d178ab0a406b7ccbe0214f024a0462aeb206659bdc3a8c17b98b13f99dfb91b913f4fb4f732e5bea63ec130dff9cede43c10adce44ab7c9f24c764ff6df428f402785bcf2184f85bbd3a125a0559546cd7bba195a04b17ed262c59d7d0a9e386ebcc0f"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000500)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="1100000000000000", @ANYRES32=r5, @ANYBLOB, @ANYRES32, @ANYBLOB="25ba9d6926589e3a788b9b8589bac26ba0221415c9eb206ccbc10d27808dbe7b695cf40728be41247327d3c0484e4ce1e1399afa24ad93cc65f5a56075c5aa36b8fd3e82ef826aac820ebcbbe494bb16a817fb0fe7fd74a5b78cdd8c09dc8972c0b5e3604454bb339a0f3b20c52e9009a0de81b17955b69f3c91d210cf46a9aac67e9f03000000000000001c2ccf33c266fc3ffff43a0a8a0574295f6a55b6b4c1a68ad15916fdb2fd6320153c1a475f9fde46f42df46b2433fe35b4a1bc732340bb5d1a3e9560462850ee80d5fa04b929e7bb144f48cad4fd21e75b51083b3a3852488b99210835d46886104f08444a6e87b733ae4d", @ANYRES64=0x0], 0x11)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x80010, r3, 0x10000000)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000200)={0x6, 0x3, 0x9, 0x0, 0x2})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.stat\x00', 0x275a, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$PNPIPE_HANDLE(r7, 0x113, 0x3, &(0x7f00000000c0), &(0x7f0000000140)=0x4)
openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0])

3m57.190310327s ago: executing program 4 (id=3598):
syz_emit_ethernet(0x4f, &(0x7f0000000100)={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "900006", 0x19, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, {[@fragment={0x1d, 0x0, 0x4, 0x0, 0x0, 0x0, 0x65}, @hopopts={0x97, 0x53}], "08d721b50c4bf4a8a5"}}}}}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000000)={0x38, 0x0, 0x20, 0x10, 0xff, 0x4, 0x2, 0xa, 0xffffffae, 0x2aa}, 0x0)

3m57.128294766s ago: executing program 4 (id=3599):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='status\x00')
futex(0x0, 0x84, 0x0, 0x0, 0x0, 0x0) (async)
readv(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/140, 0x8c}], 0x100000000000002a) (async)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_AIE_ON(r0, 0x7001) (async)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x0, 0x2c, 0x0, 0x6, 0x0, 0xa9, 0x3, 0x2, 0x1})

3m57.127923436s ago: executing program 4 (id=3600):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, &(0x7f00000002c0)='cache=none')

3m56.894763789s ago: executing program 4 (id=3602):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000500))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x29, 0x5, 0x0)
splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0xf3e, 0x0)
timer_create(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(r3, &(0x7f00000000c0), &(0x7f0000000280), 0x2, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e}, 0x94)

3m56.042619661s ago: executing program 4 (id=3606):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r2 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x3}]}]}}, 0x0, 0x32}, 0x28)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_MPP(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010380000000ffffffff1100000008008b42", @ANYBLOB="e3fb082ca3f10f80420b55c6fa7d0e7d21cc6a69a28396447322b2486c0ed73f4b30e7d7ff83468b891047a72058be3e2fc9e87bce65ad3b25c02ece32d810c88745129e688738ab98a2861f441cf3592b578d3ef2210dd1ed685ac2979f6aa37071eb2c5c034d59057d1af4b875dc8db698148bcf51c414c618b197914f8203c83e5f3c20f8f4a6d6694da259097c148623da6b0107caae49fea1c6be2a4ec4135042d6a0abb9a8e24d76142b233b1358bdd77cc9a1e94debc5fcb476ef3fbc2598cbb00f99167ef05e0f55a90e0e4824efe1ee060e930e0c25265e7a6a0e5a042c523f5f4f2e19174ede312f15157e58bebca6753855ef6ebe17e82143b7a83a5ab566014e979d01babda278757a130f12a35444406f6940cc2ee0e5b9f0cd932dc9778e03278e29f339e90126761d59ad5c974464d3268e7a4354bbe5210c5015ca2dd8f17eb17bc9086d35152300176f4ef5cc527a5b50ceb618eab7529d281c679eab086730bb1ca078a3bab3cbfb37222740622e777e4e3b09896f0ed7424911faba3f0a88652de631107b3718b80138cd0d08b35ee34ce10bc8ef1eb76c2cd670f3ebc3522092b9af6bc30879349e93ba9c5f6e7ceb9974310c427ef110dc36c3456a63f2598c1e8b82bc9f6f13dfdf5fa8169a52afa5677dab106c1bbfcbf37dfb9b36a2d30c1ba3d25aeb1420d880aefcc3fbb0f828909506c5722bb9852eeb7b907bed28ede72f93b189a7dffdd5eb73d718ac78946dadebdddc436db871c00ebd1048a96d4d8dd2ad8773a29b45f9ed401a8b2d61b9f4d0cc801adde9d3bcc0b45e1a2fee73bafd5a6184b4fcb3cac9752497f8f46e2af2b59907fb1f9cf2e7dbd3bd67a695b095f835736992860921424cda536e640d877af9fffbe30e22aa86edb788c6f65c6148ad3da02bc5df5f677b2f4993fb19092043be5dcb9fa05545b34b006a6c2528bb49490ef96ac89101bcb1bb7b55504fd66779ea20caefbeeab973f9058e2da7e9cf3589256706140a7f2a0b0b23b0da05c067ad721b00589cbc70bbfc47c1872824f23e9a37f585c54a7fa074d3d9cd201eff6562ae215ab56cddfe6f3cbcb842d9cbe99102f88d64de66b225a15e1fd36eae40aaade5848956080b87ea16bbf92600334fa778cfa2cc1d6ecfcbc8f7e0088ba0f5daa4491b5931d90c93e90ae64ad9d99a8f49f515a4ccd946d694feb4039cdf6a63b51960132651b597e6a06dc8a8199f74e1325744148995867a6a86c5c8a13209140d48d075cd8c586534fe9853ac587b52867dad7b32cb1ab1418355fe536b599dd1de18f7f95101312f2d205b2eabc06bf3d0a1031ab78256dc7a587166769815d0f83278cd5cf3f80b02a163b00d470b51ed6238c2350e179cb5c1127e9b2021461e92e457f13c332c111d7868e64029080bfba0bd9c080fb1a5df911e140a2ae048186a125a243f9dd699539ef81d4b80c831577773a149fe3733e9a720554862f05737f2d1b0241bbe42818e1f0a55fb1fdc05ae730495272714e5cc26cca2130544a02989739d22e3f4286421a3d66844cc52596aa19aae7c11045e07850ad97002cdb9c1766a46875be399b455d68d310d8bbbbf6383c37db035618b5f829e429fee82d7225828f1f96863e62cf65527d4fed787802832b518763c80153b07e598dd6aa686180ca30709fa07362312f67511eb677bf4e6c8341c7aca9da847c68e08a9af68184e11eec103ec7fb9571dd285e631697b7205019d46bf2ff2923fa4eafeb991706049f3623d437b7f89c14edb78530b465470d07a440786956ebb57fc0a29c230cafaefee8b88dd9b2c9cfad4e567aa73150550847369e8db363a3c2b5d06a04833cd6cbd0f0e266a52e11a624216828a29db25f0f4aa2062f1b8909701f5348bbd4b1a537f031b52685d85e514fd6341be40e2598b1343fe8cd422cac196265adc8747fb966000136fb7d7b5f25b1f953db5369b8e469ada60e33a1912a5d51f7cea7ee38409032f256b5f0dbe4ea01a39307d9a5d3e8b7612ae58ad0a6b708b0e7d8ef110cbc90a50abb17124403b85cc103fe6735ebd4f84261cc7c7834d1c61af714ebbeeacd0ff8cdb179e3029d29e14da8ff40c018c022892a0113e979e790a58aef5c112b6703fbbd7b6196bd3f4b54747ce97e14c5ea2b8472d7a853a7374cbfe260573796610bf71b38d7f9eab236b5564239eae945f14c730d95fb676b6680091bb743ac89872ff616c1e3dfef4dfeb582f306d89e5c672547e4aaf9c46548dd634d3286ded584e340905e6319cdd3967892efc9b80c8973f393c001858948152a85ec4c6be2c9a3e62e024911071ef1beba86203c6efc987a27f3a548037c4bb989b96f93ce8e98c173afd4691cf4a0a51ab16346a0b899731ecc3fe2e59e1bc0114f3bbde00b218ac051f072082edf996d6a37a53786b329bab810d28f3d99bc8344a8191b1d7862a06119911e5d2d91b714b139e7a5defc18952c4987d3e76210356b4d6266a289267ca539280942f0afd199b091d267d3d327776fcbe424e04baf442d4b3a4aea86e6c03a89046c9c4adba40f41969201ba5ceb099e56e42e4dcf5cb66e5fbf99a54d1bb7853afc0c1ae067a6d8271b8f2dc7e86f2571d2fd3afb92ed7c13fc65fc59e206dc198955dca41e4c4e96377f639d0e0208b68c245255b989555aefeeaac510668dc07ea3b8495fe02ea89a0deab13f2fece81fd4256fb441e2932e0092da91679702c6edcfa8d4e8ad3e9dec1a3f74961e54f4e26a31474b94f2087fa73aa04e188e4f5ffffa0c8dda9c2493e07e1a74f1b184df9a9455b51086ac75231e93743c4821f36a2952dbcaac47c5c4983fb18f569dbdd4a97b672ac38ab90dcc3834233db7c019715040d8430d5981d7547e183915ff8144ec44d7b4166b8c2fe87b5e332a10b533e1a5f9b7b28fcc5cf1b74f74c357694ac461b0cb79a4aed44e38b29d97b4371de1e5e07f73a9139cedc13274971d2781e463645398b23c6d133ce3925b410200e5be71eeeb94b9a3913ec6ce89d08d73052a4369cf0f795e5f34b75f08b60f4b9baad5d85875da023086e696ec35e764d2d70014bf5bf1baa08d2e926b12eafdfe00b907db12bb9caf06a0747604104687aa7d808f3e4a7d494269a4dd87d223e943c518f59c3fb8b029862da8d53c3c65ff478e725296399f2183e3704f65cad0c4a1b8f0d468d85696f07801abbcc9cd116a537dbb6599015cb62ffbb87f37e01c2fc436a9753daf1dd24efdd91f452f405bf9cdddbb72595c9cf7d28369b8ea13db8addc123acf277b8f7ffad656d5d0cc3622a62e0d5fe10147d067a7c1a74ac179fb79239cb2dc61ca9ffb7e9925b544c92f89a15b8c605da856536eeb1427635cc276bd9a3ccdf21188296f0463e20f8ccd9728b89ee1a43236ac4ac317256b0d56b895c5467ed8bab7d46856c020a0a95620dc2f5c9b5c1d292f7264f1bab0e1ba3dd23da29d60ef18fa60e7deb6a14b57dd76cad937b2039ca42b83e82d640a4fff2db487f4208e5c92fed8bbd4eaeb4f79061501f3dea04c1611e8c2c9497d19c6d13d5697c09a3c7a5af1a1cb357cfb993bf0a3fed99b755c15491b26a5ff84f87faea2f2fa1ab1255f9b683851e2833ddd4157bc79c219efdd32bd309dc708dbe4bd5e75b1e21c77d27bf6e0a9a780000dfb7212ebfdaeb59d6b83917b91b37ef0b20977d66a23adb13e781af6fa248c56e720f4103c46a093949e3239759fc8a717a26ee4ef084e68bcb061a2a4c37b38bb22f2b124b3947dae1fc27e8ab4c95cf7d413d9f167ac41f70a333123a8a0a6d9a9d2a7b235fb4647741e2897e3e759ab0c70c3a58efba790ab2700e96cdd03a37171d785a4281b6e43c6d48f04a378afddc5a39aa0a57b5cd58d6301fb479512a7d36a101abd86b89368316f73ad1a2a1e6f5d4d64aa8c5e1632cb9472d8e17b462880e74b6b2a39d2ac5cb22d275205e00e0620fcb7607ec4c3ffadf3689f5343c88d47f32f479e30a589e13c47396844f01e544f6cb3a391b1a984ec323e7daf77b4e9e613d47f8741fb39b5c68d9264e11a6b186a82393c9a37b26d6ad881c7d4dad526aba130403a173964bcdf30d8fd18ff1ad895e688a3f2d5527a7fcdad6b3d62173eeaf75ded1a5081d5b507e29e81301f89ea527eebf9a130e3d7bcd9d55ba9580e6de941cbac2d9dcc3d58b60a9c46adb4946bfcb8e857218543e60b6a1819f8fce7bbb80e84c25f2978407163835fae142d7e515252a2262d5b169182f7d946eb689381409bb9b9900cdc90808d21e5821346d9341188904fdd77c67a8d867cd60f7e19c61485d244168419a61899e2ab5308f073f8b490a3f12c3d9211a2c5273a49ab28ce4fad201d27476357e9daf10702721a90d95b425d3a5c23906b6b6055756cda2fc24abe6f94156f11f1634104754bbdbdf7d3f1b731913e7c90c72eb39d60e29abbaaec187b73c2ee8cfb86470a69921c9a7742fe37ed52bf31eff70a5216266bfbb13638de425e4d5ad9e9b9e0d707949a518ed1281ace9b30e5bcf46ee4f97dac202096e034af407e570a4de50438c5d1b9f3b35e4dc647e3e74049329e362d871fc89ce554f059206861b9971d5bb3483e98e59b32228836f32cc24c41d0dd076b83242f2a6a735f8588e272c7b363435a606ab6ae3832c31c2bca886501cbf56fe9fbe9e7891f1b822467bba619b08062d5e887f5f02bbdc2fd1a96cec503fd570853cff1e02cb14841840fd60f29c9964232c5fab17371a760aa9b6ba48a0386756c7baaba70f516f8bf6ca8376ea19b2c39b6bd96575d5c8d7bd722a870eb1e26f7973f975f784728ac77615f908d244a3f5b44000ae1bb432478aff27358e2b0aa42280ba70f9ea29b9b04c0aa582df0b4e756f647346dad694121d2414a61df2135093439b49a68f631081bacea16f8a25db50e85662af93b8d1f1b722a8d99238b5b65c661bb7d26d2d6900c80029f9649519252705e5258168437ac351ef3a0c839b453a7bfdd7e40383a710eea4240fd048514cc6ef371243e74e0000f98b920c04b7fe078b197c6414e58ed7ab2d00653ffa218186ae01fc92adc10aadb1659eb794fdad1ef7c6ce921672a2ab21fe451e9b9739db0d5065071c9e359a31ec34588d359f4baa783cf7d2c1b5363ec32f53741edcb2676d833bcbd41e6b1b1535cd52f3908af966b4a1a5c008e10523429513a24a0817158a02faf3dad417187bf9beae4d3c346979340cbce9b3feb0765b877126ff41808763382f5169d85ca5768e8ab767223b4fedfca143c1810b37486c400e24d055714a2d656d62f731520a39a81ed7103a41f3cb6ea6c8bd110de1b97b559c5cf3df8428bbdb73a7ed8a89fec2c5a18332f1e19d2fdc4ef1cba96d4e43964b44c623ab5e7912f802374ad44046bd7bbd8755d04469af3c2f606e7082e6620c1e435fc6fd678b6179824f7ad200a79d101fd7b7d721aa88f76487c73af4306943cbe3cc628d2ad4ee1494ec5493ffb7f229db9b3b52343c459cdfb774bf085be420d849b729c044e4dd4bb1453c41232e11cf1e33d1f16ce38a7438892f137234665304e17b308e1df44145603826624914867c9f84580e0066b39330d91457d5eb23b1d44524308ba96c1d6ad8d0b2e60c040e5d51e2250534260aec54439f149455c6ecae93b33af504bd3fe0c298ec467b7a430faa0168bb7162a8556c412e9b2969295989b17cef91c852a3658f561d4fda39ab9ad6b22d4cff0d35ad9", @ANYBLOB], 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'vlan0\x00'})
socket$kcm(0xa, 0x5, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = openat$zero(0xffffff9c, &(0x7f0000000180), 0x1, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000001300)={@val={0x800e}, @void, @eth={@local, @local, @val={@val={0x88a8, 0x0, 0x1, 0x3}, {0x8100, 0x6, 0x1, 0x1}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x68, 0x6000, 0xe, 0x2f, 0x0, @remote, @private=0xa010100}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x1, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x4, 0x3, 0x0, 0x1, 0x1, 0x9}, 0x1, {0x46}}}, {0x8, 0x22eb, 0x6, {{0x4, 0x2, 0x9, 0x1, 0x1, 0x0, 0x2, 0x29}, 0x2, {0x4, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x3}}}}}}}, 0x72)
io_uring_enter(r6, 0x3097, 0xdc63, 0x19, &(0x7f00000001c0)={[0x200, 0x7f]}, 0x8)
r9 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1e42b61bfc97387f0000000500030f000006000000280c0600000000000000800000ff00", @ANYRES32, @ANYBLOB="010000004b90e9718a6c8b5929698b0000000000", @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="0500000002000000000000000400"/28, @ANYRESDEC=r5, @ANYRES8=r2], 0x50)
unshare(0x2000000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r10=>r9, {0x4}}, './file0\x00'})
bind$inet(r10, &(0x7f0000000040)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r3}, 0x8)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r11, 0x0, 0xd}, 0x18)
socket$inet_sctp(0x2, 0x1, 0x84)
gettid()

3m54.355187516s ago: executing program 4 (id=3616):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x480)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_JOIN_FILTERS(r3, 0x65, 0x6, &(0x7f0000000980), 0x4)
syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r6)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (fail_nth: 20)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec9", 0xc}, {&(0x7f0000000440)="9c74dfbf77", 0x5}], 0x2)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
fanotify_init(0x200, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x80010023, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x400, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000280))

3m39.811352177s ago: executing program 33 (id=3616):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x480)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_JOIN_FILTERS(r3, 0x65, 0x6, &(0x7f0000000980), 0x4)
syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r6)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (fail_nth: 20)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec9", 0xc}, {&(0x7f0000000440)="9c74dfbf77", 0x5}], 0x2)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
fanotify_init(0x200, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x80010023, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x400, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000280))

9.374766169s ago: executing program 2 (id=4648):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r1 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0xff, "d4e9002b2c000000ff00"})
r6 = syz_open_pts(r5, 0x0)
r7 = dup(r6)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCFLSH(r6, 0x540b, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r4, &(0x7f0000000000)={0x4})
sendto$inet(r4, &(0x7f0000001600)="09268a927f1f6588b967481241ba7860fcfaf65ac635ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcec8044ab4ea6f7ae55d88fecf90b1a7511bf746b152124eb38d6c7a207112eb1bf554bc070626792d394df5adf7355fa5f8deb9db3da042d88", 0xfdef, 0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240), &(0x7f0000000200))
openat$userio(0xffffff9c, &(0x7f00000001c0), 0x401800, 0x0)

7.773961328s ago: executing program 2 (id=4655):
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_rdma(0x10, 0x3, 0x14)
fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000300)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
fsmount(0xffffffffffffffff, 0x1, 0x8c)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00'}, 0x18)
r1 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)={r1})
r2 = socket$inet(0xa, 0x1, 0x7)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0xfffc, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, &(0x7f0000000080)=0x4f, 0x4)
accept4(r2, 0x0, 0x0, 0x80000)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioperm(0x2, 0x7, 0x13)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000700)=""/200, 0xc8, 0x0, 0x0)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r5 = shmget$private(0x0, 0x800000, 0x1, &(0x7f0000173000/0x800000)=nil)
shmat(r5, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)

6.080166692s ago: executing program 3 (id=4659):
unshare(0x28040680)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, 0x0)
r2 = eventfd2(0x8, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x4})

5.905188267s ago: executing program 3 (id=4661):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r3)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="3c00777f22986fc96b4d1d3ad440584b12585481f086066c822f65577422f5ac2ee75fcdddfce842a50b2f1d63d191da3f745d578362a5d042753dbfc5a17daa7298936a806f0a2b5d908f5065a5db1fed8dfc19ec4ebe81c19ab89cbfed5afa413c3365dfd42b7344b9fd353c9fa2e0e22b99270a6812f75e4a26a47d4fc0c544df76", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2509000000050008000700000008000100010000000500070001000000"], 0x2c}}, 0x64000)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x62881, 0x19d)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01134f9b3a000000fc006700000008000300", @ANYRES32=r7, @ANYBLOB="0c00990000000000000000000800c300741300000800c4"], 0x3c}}, 0x40000)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))

5.746757571s ago: executing program 2 (id=4664):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000040)='veth1_to_bridge\x00')
capget(&(0x7f00000001c0)={0x3553128e}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregset(0x4205, r2, 0x200, &(0x7f0000000080)={0x0, 0x30})
capset(&(0x7f0000000300)={0x19980330, r2}, &(0x7f0000000480)={0x7f, 0x8, 0x2, 0x9, 0xc2e5, 0x9})
r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000180)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x8000000018, 0x0, 0x0, 0x0, 0x1a, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "91be8b1c551265406c7f306003d8a0f4bd004ab3fde500", [0x9, 0x800000000000007b]}})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x16, 0x301, 0x0, 0x25dfdbfc, {0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mem_return_failed\x00', r4, 0x0, 0x7}, 0x18)
getrusage(0x1, &(0x7f0000000340))
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd6002adf700383a00fe880000000000000000000000000001ff0200000000020090780000000060fd900400003aff00000000000000000000ffffac1414aa00000000000000000000ffffac1414aa1e520b4c951ee12e"], 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0xffffffff}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)

5.663484571s ago: executing program 2 (id=4665):
socket$inet6(0xa, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141121)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x81)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = socket$inet6(0xa, 0x3, 0xb)
setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(r2, 0x0, 0x0)
sendmmsg(r2, &(0x7f00000039c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1000000084008dbc334de7f973645a3c8d9e7f035a00"], 0x10}}], 0x1, 0x400c0)
r3 = socket(0x40000000015, 0x5, 0x0)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0xf00, &(0x7f0000000040)={0xa, 0x1, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xe79}, 0x1c)

5.088937383s ago: executing program 3 (id=4667):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000500))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, 0x0, 0x0, 0x0)
r5 = socket$kcm(0x29, 0x5, 0x0)
splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0xf3e, 0x0)
timer_create(0x0, 0x0, 0x0)
fsetxattr$trusted_overlay_opaque(r4, &(0x7f00000000c0), &(0x7f0000000280), 0x2, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e}, 0x94)
r6 = syz_open_dev$hiddev(0x0, 0x7, 0x20000)
ioctl$HIDIOCGCOLLECTIONINDEX(r6, 0x40184810, &(0x7f0000000140)={0x2, 0x100, 0x1, 0x1, 0x3})
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r7 = dup(r0)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)

5.08604654s ago: executing program 0 (id=4675):
syz_open_dev$usbfs(&(0x7f0000000000), 0x204, 0x129002)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0xf)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x220c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x3)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000200)="5800000c1400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x7d}], 0x1)

5.046768219s ago: executing program 0 (id=4668):
openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {0xffffffff}, {0x0, 0xfffffffe}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x20, 0x0, &(0x7f0000000540)="e0b9547ed387dbe9abc89b6f5becf61b68d90ac9143f14fd7c1596a59e13e72441e520c1af68fa5b3b01c6aa3998c45ba0f93fb476cb99de223544152c81084a55bb09c092366ca6a04aeaa325408a2c5bac081eeb1e83e9d40f16656bd4f6f8bcc7d20bb6d8d5f504bb43afe59d312d0014e8f2e76da4be1d9f40f8987a4a6e05f2551c29d5cd2e9d394e25f37d9b241150670e22cae915c64f488a942fb720bccb726054f5a78d5303c2ce3a16de1e4305dcceabe923e82572357904a38180f574958302aba6755fa9964ad25f", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
writev(r1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000280)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
connect$inet6(r6, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100))
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

4.813249984s ago: executing program 2 (id=4669):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xffff0000)

4.685001984s ago: executing program 2 (id=4670):
unshare(0x28040680)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5})
eventfd2(0x8, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, 0x0)

4.000255181s ago: executing program 5 (id=4673):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
socket$netlink(0x10, 0x3, 0x7)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x68000008})
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x800, 0x0, 0x2, 0x0, 0x0, 0x8c}, 0x20)
munlockall()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$evdev(0x0, 0x4, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = userfaultfd(0x80001)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000000000000})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r3, 0xffffffffffffffff, 0x2)
r5 = syz_open_procfs(0x0, 0x0)
read$FUSE(r5, &(0x7f0000000480)={0x2020}, 0x2020)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x800, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

3.886753048s ago: executing program 0 (id=4674):
r0 = openat$vsock(0xffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r2, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1400, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef)
ioctl$SIOCSIFHWADDR(r1, 0x8912, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x7fff}, 0x2}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
getresuid(&(0x7f0000000080), &(0x7f00000001c0), &(0x7f0000000240)=<r6=>0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', <r7=>0x0, 0x80, 0x80, 0x8, 0x8, {{0xd, 0x4, 0x0, 0xe, 0x34, 0x65, 0x0, 0x6, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, {[@ra={0x94, 0x4}, @cipso={0x86, 0x19, 0x2, [{0x6, 0x7, "402d18b9b6"}, {0x0, 0xc, "0d238ed1108e1d599bc1"}]}]}}}}})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@can_delroute={0x54, 0x19, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@CGW_MOD_UID={0x8, 0xe, r6}, @CGW_SRC_IF={0x8, 0x9, r7}, @CGW_MOD_OR={0x15, 0x2, {{{0x1ffffffb, 0x0, 0x0, 0x1}, 0x7, 0x2, 0x0, 0x0, "8e30f27077a43461"}, 0x3}}, @CGW_MOD_SET={0x15, 0x4, {{{0x0, 0x1}, 0x3, 0x1, 0x0, 0x0, "6fc0007ff11bd611"}, 0x2}}]}, 0x54}}, 0x40800)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x4, 0x0)
pipe2$9p(&(0x7f0000001900)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r10 = dup(r9)
write$FUSE_BMAP(r10, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r10, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])
chmod(&(0x7f0000000240)='./file0\x00', 0x0)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
chmod(&(0x7f0000000140)='./file0\x00', 0xfeff)
creat(&(0x7f0000000300)='./file0\x00', 0x0)

3.778190983s ago: executing program 3 (id=4676):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r3)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="3c00777f22986fc96b4d1d3ad440584b12585481f086066c822f65577422f5ac2ee75fcdddfce842a50b2f1d63d191da3f745d578362a5d042753dbfc5a17daa7298936a806f0a2b5d908f5065a5db1fed8dfc19ec4ebe81c19ab89cbfed5afa413c3365dfd42b7344b9fd353c9fa2e0e22b99270a6812f75e4a26a47d4fc0c544df76", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf2509000000050008000700000008000100010000000500070001000000"], 0x2c}}, 0x64000)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x62881, 0x19d)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01134f9b3a000000fc006700000008000300", @ANYRES32=r7, @ANYBLOB="0c00990000000000000000000800c300741300000800c4"], 0x3c}}, 0x40000)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))

3.43836427s ago: executing program 0 (id=4677):
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x4a141)
r0 = socket$inet6(0xa, 0x3, 0x9)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=@newsa={0x154, 0x10, 0x1, 0x8000000, 0x0, {{@in=@private=0xa010101, @in6=@empty}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {}, {}, {0x10, 0xd29}, 0x0, 0x0, 0xa, 0x1}, [@replay_esn_val={0x1c, 0x17, {0x0, 0x0, 0x0, 0x10000000}}, @algo_auth={0x48, 0x1, {{'sha256\x00'}}}]}, 0x154}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x3c, r3, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x3c}}, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_SIOCGIFBRDADDR(r4, 0x8919, &(0x7f00000000c0)={'veth1_to_hsr\x00'})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0xb, @private1={0xfc, 0x1, '\x00', 0x6}, 0x6}, 0x1c)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
eventfd2(0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x2, 0x7fffff7f}]})
openat$mice(0xffffff9c, &(0x7f0000000080), 0x8000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r7, 0x83625fc5352ba305}, 0x14}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x3, 0x0, 0xd410, 0xf69aa1672a50ebb1}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GENEVE_COLLECT_METADATA={0x4, 0xe}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x10)
close_range(r5, 0xffffffffffffffff, 0x0)

3.391974159s ago: executing program 5 (id=4678):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {0xffffffff}, {0x0, 0xfffffffe}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
read$msr(r1, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x20, 0x0, &(0x7f0000000540)="e0b9547ed387dbe9abc89b6f5becf61b68d90ac9143f14fd7c1596a59e13e72441e520c1af68fa5b3b01c6aa3998c45ba0f93fb476cb99de223544152c81084a55bb09c092366ca6a04aeaa325408a2c5bac081eeb1e83e9d40f16656bd4f6f8bcc7d20bb6d8d5f504bb43afe59d312d0014e8f2e76da4be1d9f40f8987a4a6e05f2551c29d5cd2e9d394e25f37d9b241150670e22cae915c64f488a942fb720bccb726054f5a78d5303c2ce3a16de1e4305dcceabe923e82572357904a38180f574958302aba6755fa9964ad25f", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
writev(r2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'bridge0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
connect$inet6(r7, 0x0, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r8, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r8, 0x540a, 0x2)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100))
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

3.217762896s ago: executing program 0 (id=4679):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(0xffffffffffffffff, 0x40045402, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/129, 0x81)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xffff0000)

2.918594466s ago: executing program 3 (id=4680):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000022c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000004c0)="625a6e8478822030f24ba77d9b355c0e289dab2ce3d93a5419b2189220fde06114dcd72526da6be9adff0ed573fd7b1077467203fe97b2280a4806ccd93654601b02a2c4b7118a933934598b34800ad18076ce1cfb8b0bd862caec96428a4d683bc0b30085b6b240d5aea065005e497372e42eae85f9730378b708a630bf2b78823df8fe5c7315fc1eb3020602d507bbcc2ab0a977e2d64a9c3d7bd4043fe94ebf68104fb158b3027d4ec633e1ad04aa3dc8e09f2903aefac60192", 0xbb}, {&(0x7f00000009c0)="dcd329ba4ee9c0041ce5e5f6670cc75614af78d2d1686e27ab2ff5e7c7543027c90053ff2c610dfd2ad2a1d036590c5116f21575004fbcb0d717a08554c0f0968b390478ea7d7563fa13adcaf1391c9ba68415dd153a79b4c7c11a34ba5a14d9ff09d97b32f5644a2c204d55406ecbfff9f08c15ff04def740344d8d75c67ea426b10caa84456b9c43a76b0b304769cf03b8e5096ba7a7106b011f67db275fbff945e021ba2b3690143a23d31a8fd43237aad9c1ffe029a99d4559df9c0960a7e8f5368a33407d49c552d04de2ed2859d41ab319b79227d61162f5e0f11bfe0a79bb8a876c7fdf677d52199f1408e8e742615d112d1c584c28694e1272d2825c951ab234bdb1b5538a9492f3dd13e4131666bb319f587466f46f920137f947ecff5b7d7c4a1e78a3a50e61f635c9f86c16b928e765c9dc45ec9145c50c2e7c9b7a60fdced850c744cd6014d414670b24bd4efa70f41c7ce0adeb1db4a27ff80751e8124c5d74640a47b81ac19c8a321f82ff7558c221e03357d5936c9150d876705c042dbe501396d79b75def40527ef106fa097922b36bf9d7cdc9bf6f2e6918b6612548de429c8415e4cc6e5775dbcce22e38c4e9e0470e52eec3c663a8cb4944b87b1e626bb94924b4467b41007dbb7603ca88e31d82f71d09ad619bc237db9ef1c55de6ea3b26a4b974e6c259c08dcf93258a4670aeb40df1d05355792354f7e221011b3d30b8dfe18ee777231cccf07ffe0e343aa2956024b9b990dd20f8b99a3b330fbcb8962132294083acf4fa7cb862d26c1014eee424cddcb3908e2bad621383717218f4869df0bf9eedb8145b828dd6e0154763e9361a6fbf030e8f7e7084859b42199c592e285c16ad60cb6c9bae3b4cc9c0f393ca0e216ccb1fb1fd5ffa1bacf1f0a06f9a6cac69ea2ef6886d2057d7a01ebad7820c99ee49bb22915e78b15078f31d34b47cdd5128e8d15a043288f0798f1895c920621f9505dc5a79d1682b2e9319133832cab323986a4216086b5c51efbc8dfd9ba2e33b42e8cc40ac1eef9ce1bd6dddccb1d838b27359ff988fd867f0fb389b37375cbe5954ebc1bec83daf81f2563b337940a8ac9e0283f21f13a5c7150e6ddb4f8d71a19c105913221608c6f7b26502e89c167a72a3fb25b4657d2ddec58f313b00645490a3152f2ac06297ea108e260e5b3204b4417e74f55906349f9967b51de7b4a709bf8ece68e2455df0ad1863fb9df03464eb319a7a1ce1b160857931a7f0956d568334604022c6f421e9a32d5ab0f39c8b448bc656a96150c9c4bbfb2f842391c4f6655aa5544bece4bc14d3530a90859002486dba792e83c1df100e94dcd19df7527eca19df311dfa9a31e2f915319d35c3bff5f3762e64007259f157d83a8a9e2a94e1fd7c95bf6973dbecdbf5522c59d2d5c9dec24b96c98b378d2be0414168e48f4876c274ec06d005098ebd388b3b832486a8b884add4d119f1a7121be1f1567da2548accfeebc954e92c4ffb3d27afeae1f64f98ffe4016fd6aeaad3f2197469591caea0a3c2984a660384d0f21433c8af65ab6f1695ebe0d18b877e86fc96628f902289bf1471184f3c40f471a779ad9cf29384dace1566d204c8cef8fdff26749a36d587e292aec9c544e58fea0ee616dc6037b5e846a78fd0eb4f2f49ed681f47c8c265d767b56b8a1d3c37fd47843c4aca9bafd61ac68482560920040096ce090c92badcfff76c15423d9d0a9300ba16d39034b1c4a8534fc424f39a85cddb92e576cec3aadef66b31f731130b4aecb99d8b5086fb8075cb25b074cda84b871a57c568cb7df804de44c912ab7d270838e0518d71d000772923b304e5a5548ca1d74badc10d13e4a4caba7634076ee8feb66a898ce95507cc5782d3f9684bf9c19321466dc1ce11aee76d474c090cf921749f9bec6dcf71c2b1ee35ede5e290ed153d616cd12f6a2224341c898088819345e99ebd725c67ccadf29091f08cdfa30b6a8c9d33285f6e2b43319ce924dada0764b45d61d3d9da399976330f3e10d73f0821c6667cb5db02fff360c8625d684dfd51ff3f1cd3434eb435f78c15ed2e80189c5cee8ec222829a7e0b359b10eafabdf33056319f5cbabf84203ef350dcedd7c22e64e203044360a048165c1485044630837fa60e7a8ed3cc377855e041058a701cabced3706bbb40870616060038db9737db8c8cd1afe2b0752a4730d77a0e5c17b3b3098c5ab0e8d8a5ab4802d03b5c101b0e7bccef5558a0d8f95c659465d3fd68c6310d2e83eca6cf222acc1d29ead1954eea01f038c63bcb5173bb9660a67be1775e2efb4d19b9027c9b5971c3023286d2c68c4e0625730722ed0c6034d568126b88a7c7db1a307ce2831f4c0b4e9dfd09c70a321d5ca6063241897abb374c97d7d76ebb2bbdaa0baea3bc46459e1db747f84d5999ec99c348028ff1fd11d3178e592447b05bafa5191880b36ad6a1c3c0838ae17b886d21ba3547c072a095df2ff6d4423a99830645dfb11493b018d5e4c2fe5362aa9da02593ed476a2d9848eb201ba6c6d103bbb490baecb5508ae3305139898bbf511dd41f0292e3b8872f4791df1f4ced4385d45e0477beb010c00702dda15e5b7e96713e3d899f0f06ef0169adb4206853ebc5b2f9e0e4fccf7dde8156bd935184f2564c728175f568c9aa2d3edb12d44352c38a641d13d2867c589071e20022bf0d9f2e62a51f841f467b879136c44a3cd1e0119376e9c1becd1a27e03aabd4828c66b416309269105c1eb8ae67895965b2ff63b6291697a51c19aa994ce119939c9c9bb8e9a7b27f3d117a1c7176136d2244eb487990aa842f7f5af716d8525c3c74cc13eb400809da132eaede131871920c844cbc74c00269a90a207db86d98c1172d0eb9366a26858bbfd5ee46c363000d9de1eaa9696cb52c3e6ecfecbe5d29a8d320c379024f09a552d3c3f796f4fc2ecf19c086240eb8cea44c8e936d2c46d6b14bec39dd1502c31b463e519671dabb063283ca228eaced7bf8817057d0a9dc06b87450f1a88e515efd020e2a67aaf856855e18bdd0e5568bdd119b97fe8a83ab0462693b963975e4fb32dad8c85a55a1feae013faf2db23866e68f6513263e45b6095ad72a84fe1746741742a3b4b722d1402b640e6f4620a8d73db524b726bafa26df82791c6a4895e6669a1c0027f60d7bfbda3941f39db82296e91a900f514b8d4ef8ccefa82712d23118cf4ebf84081f39de0503a11d60bc2ac91ea3d3960ef7e3b167da4117b55c2b62694764d373545754116e7dc9196fdad096ab028d8fdefc7c80eb0e40762f2b8c63663229869b9a2ac60f8d30345f5c64c8af21768f8c611bf33ebf92e687182673721697d5df9c42a2f9c5b16ea8d8ff36a77e984daca1626b69dcf922cf528403854a86e36dd4ebd4d8ef8ae888c15f484bca0ae97906afdd1887259b2a0eef1dd2e89812b3228a0bad3c5386498e597f4998932b8dad081ea0976ffc875ee350d8e938369af61a54f91654c4e9d5ac44f9f129b45745942db88c74fbbbbb7107f8419ac81e0955fed1bcdc3aa60925a7bb2e9a9b2d001b20b4c994d48c6cc3cb0ab1a2d8254f0dc5d7179861beb6c3a53602d5c49a884a2a13bc4f84ea15807c1e0799bf158f88dd8174da649665cf0f05d31dbd1b06d68132e88a3a8f8347f2eb965af7108970ac003605675e7187c8d8325614c693a3f4e93e3c0e5767ce06c5237e32f45c7385ac38d0109ef4b0e78a9f25511c39c2d82eb99b9fb57c3bff44355072f7060e1787a83bc90f8dafadac686b5a5c7013f57a2bb35ee01fb65b671ad3db7f9d15689bbcd3a42e972b25e49424745c80378cceb88281e7eff0342a4fdb16f5b02bb50c2c9ff16cef2f8d3cdfa1bc879c9ea8a6480366c3143d574d508687dd051689743469968743b9fb9b9345fd31599f8f74b6b81f157ed1800d5d2d389c5caf48e2ed307b63f18ffa094067ac230c7992c3ee6e0c89016a785c68d425f00e86a960446526b29f3a37a2c901b08e9808a537ca1ab0cb3081cf270be099b8f5401884d0a0acd178add8024cd1d846194660542758e7987740c6885c3a654ea498b796069ee829208671da6b326616b5b45dc6b3ee3c4c015e084c6e0279b8605b3145f7d30b6a8602e6f1c1c52f7f6396f925d82e6af49be115efd5ef06f487462372aa6012bb54d8558ced9a504c9b8044183e935acc550a9d4c8c69f410af33315270273b5ad72697a2c29d77c8581b9581f54f5f43f0e2b4c7c3c31f817371678821308c28225c89114839ff8e7cd23f00a9cf839566618ce423b5f91fcb553ccbc84d019d6efe2b189088bad5a46b5fd042d9c7ca474258d3317702924d5162a918b357d225566479861d2b6b842c4f35e53020e223a732893d912fb9d496ea6213f4c0c9e0e83cfdc1970d99d415f4e219a52d09a543a889a515072753df1d87ec9917ae5c2c76c96e20d4fd98cebc73e58b78fda9ac9489741a57f5af9345d2a11884920b0063eb5a2b2d808ee18e19c032628ea288fe7d4cc8e5b8f00f973f3b3f8cdc7c54b95835eab59a987c2f51bea8c78a795bad88fb109ebcb0113c7cf85f324f8d3c953c61dd763dd37761eafe1fdca786c66add0345848dc66fa33dcdce5edcf39e9f2d331e2f8fa568eb934b80109bde7db393f523b98c93d57debe45dfe2ac09c562108981289575813e54e4a34e19d93286af3b77e6af169677c603446a6f9d48f3874ee0e9f30e5f7babc8f866c1f7c93b4f00dea20721da073af7bc7649c2f32c5cf3ad27959641b911a230a4fab60f59a2afa335a391cf8e21295191e999f4ce8e151480390e6a30bf5f9122908d478dfad8410d384423ef0d91c3e1837e15f6d8b24a8effe54cb0ffd51e3c523da376fcbf3d412c0a7665eba7d03db2c8a8b3b5f251f0eff5053ce8822d7f41d32dd05929b395a33401235f096d1e810eb3608bb513754711dd7f05b249b43ad9588f33eeb85e69904cd59cdf98a62ba7dc83c9232b4f814bf957b5c28b2eabe198e750c3a02a6c5c8eb96035e3b657433faa13e5560451cd7fdbc8f4f2a53255dd8d28b0ca8c1bc88aa941c89a50c183545eb087b7fc68686eb6ccbcf883799be9c430b947f7200a87e28eb38b7b8b8a89debfeef9c6702b12e4a4333113dd62903668bc85a9dce863fe3ee2bb0793dc6898622d5dfe7b588ed4bcbea6f5060e2728e6fe3f38565039fbbcf4dcb377f6d5e0eecc8ffa50fc3882430f9fe61cf6a7a9cfebaee8d86e8b6df04be2bc4ad60d7f906c98da838c5998003e786a92ed5043040565c72ee0ce84057afc13410940c3b266798c228ffb3f7b169948b84a574aa130356d6e7b6e07908efc696441170e31e5c6c14c8172e9d8c20883ceba8eb150587eba507bbfed0bad9052f3f6761b45fc1d4ab22f52a9a4ecae8b4b111bcf5c1cd0220564954e60bc18ea79fca8a4aa0014a8c391e73a8b3e9213bd2730249308d09463629c4a93b1a9c7bd638dbdf512b1414eafc4bb9b8fbd496367c4c830fa87c203c809d0298315dd1ca2c4a0bfeae51a1e5e27b7e3e131d5e1c56317d4da130d1412d055d8002816934e02af77c6e83247b6cbe4c4b45a9eab413124e1cd6f971b2a03727aff86e9a81023049c7d12437e19279d0f21efdc735a30af2f34a23c6b531a7bc151d0610486bbdf5819869ed598118de3969d8da089963a9cf474b1d0467f09d03ff81dc7cd4130fdebbf3452ba2b6dddaeca4ea708b813cd6f27f3ccc3e65e90a900bb4b766d", 0x1000}, {&(0x7f0000000640)="486db056b7a86f382dd22620c7cf45f891c17fb352b1b3110a2f9afe71a6846f911733e3e39a01a97053c3d18cdc92635e7d381067831a23e4beba9aaafa48bf5852e05dba510d1edf55a9564ade80963d1e9edc6924f17e45158ca212d7ad87fed89083a3d2c41b294833fa2fed518a7601e2a90868807d32f2583524149f8bd77b7682c99c11d084a2b17c123268bebe093cce995a984f30e628351ff013da93e0", 0xa2}, {&(0x7f00000001c0)="a7a5ab13634b39468cc02126ef2b", 0xe}, {&(0x7f0000002340)="7fcb2982b9dbf292dc8d321d95fa28d7396847d6702bafa2dd9752ddef0f94cd82c0491483756985072beec4ad09c8c319702515146e76111babd397a3de281cb8bf6b1524b4874880664aab80255ce69c091492a89cb972490869764e7fdabc226c4b6fdb66ffc2ad4e4c0af0d7f00cfb2ea5666694ccbe0e9a70024aaf3642d088ede57060f9f61751fe8050275d03782d56d099b993b87df70c28afe5b12ab6f57c15b5cbf7612985d5593f81c86f95bdfaf84d2ef17a64d09e01fb2a9fe94fdda49b613528cf6f848d", 0xcb}], 0x5, &(0x7f0000000780)=ANY=[@ANYBLOB="200000000100458001000000", @ANYRESDEC=r0, @ANYRES32, @ANYRES32=r0, @ANYRES32=r1, @ANYRES8=r1, @ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x38, 0x4000040}}, {{&(0x7f0000001a00)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000001f40)=[{&(0x7f0000001a80)="532f3f02a333aca3eede7befea7ba71c891f4722aef4ad8340eab5dd22c4a6b96803da4a26b20c9f6e3eb2391375e6a071deca39956df4e7a38971d1ea433f2b4b4c707129b960de2dc3a2093033d227d5f5d2655b36f3f819435bb7eb38eb21baea9a6eae2a8fe84d320c41b0b54e96ba5c16a8718a0fb51ce3a6c327b02cf4913531c79ac913344828b1d8d5626b1837164aeb8d0f7480a6982c93fe6dbf0a4bf725e71b86bfd64b1f162bb1100d0dcd2a4edac8580a8f128020daa097f78ad52e4c06d9", 0xc5}, {&(0x7f0000001b80)="3d07191dedaefea097eb33f7bf756e24b5504437280f8220da6c20b011069087f8442b802d3268b21c12c66d80bf86fd808209c946023a052674334468e8a591cabb0a44c47dfea370d6cd02a7a8effe3a1fdfd5b8fecb242c6a713d332309440443d75405c899d7fa10b50ab23af4c2eccb0f0013bebe014e1665a093ac0f48412f512f68f3b6833d2b45668e424fa24c5da7ae49f7d5edbc63bcf40ae95f419f2fc271fa049fc219561e2b55c36acbf9338211dfd3e0a99ceb59405175d130978f093957", 0xc5}, {&(0x7f0000000900)="ae6a2e1e1744c2d968aa19e9a2c9b8e3ee4611b3f9bc9d138582eb0da184ebf40c7371a1db95b47ba8abb955a0d43e0fcb945c3c3da30cbfbaeabd94bd9452e4cd84166473de7bda30dd", 0x4a}, {&(0x7f0000001d00)="b5371e3461f0267ca754f7442a7a903783e64305113d3e0cc6fa5c1e559de2f26b91557f54f2b37e7f9b2d8444b27a2940d1e40beafc5e70d8b9b3a4957ce11d082f326478f86f363612a7817c9eccd0007ae870279441db3369228f65f1ce8627694c2754465bfbc39ea40175655f5b9e59e47531b4e032b97d113a8096490379b90ab37d2ee8993be63e80c84d9229f0135f0d04856be8b86ca02c540de536a1bd08c5f4a145de6263d809ac6d96", 0xaf}, {&(0x7f0000001dc0)="51886724eead465d75ba0861f47c979dc9961edb57d77823ef9c0bb3491d75f08ed9c0ac6de9edb5b757e139d6458ca6a5dfa6e11fcb6a7e01adb5ed6a0bef6bf96ce23dcec64d5828a261aee544ea88e319fe4cb02e8612c403e2b566661bce6e347f4d7d36f128fa8f70bd79fdf78e323a2a", 0x73}, {&(0x7f0000001e40)="cb9d457c35804ef3ff785f7fce2fbb0b890eadaea51e531221cba61357f1d6f7089ef7bbbdb26a8f1ca8c71e9770b8e4a55bc8f7c6b3c7db5221555491d8a6486cbb6166bbe51e00efda865fedc2c61a81c11f260b3fab6296a38058a8761dc8d84b48cc44c45bc6011c29e0817fd5918839205d5f9d0590f51540ca7e42b98ff1fc71e303a912aecf79b8197bfe547fd2244fa419ac805445c7c168ee07b79abd8e9fa40b38c9e7331adaf5db84699a271a6f4d43bafd40f362adf195b4b656482e54e7", 0xc4}], 0x6, &(0x7f0000001f80)=[@rights={{0x10, 0x1, 0x1, [r0]}}], 0x10, 0x4000000}}, {{&(0x7f0000000700)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002200)=[{&(0x7f0000002040)="ccd4ef784645f1368b2023310f44f4dc0a6c5e1748c9986b39dce76405982a29bb64b473e3cfd44cc16220c63add290ebeec5f389d9ff27256ea4ac296266692cfe46c42c8d9b7039dd78a92445adb51a04145b6ae4663d98568ec337aae6b5507e7f5828cefdd4926e263f53481a2d9f0b60ca32fbb9cfc2c6d060bde86675ec01eecf8138bd6d5d1303a171ba00c5fd7fa181e7626c50a78081fae2a3cf31dcf3a7117cec81f3b543b42a0", 0xac}, {&(0x7f0000002100)="23c41ea480659b389ad5e4ee54536f6276c7da9b9ef4d9e60887b19b8a5ab177019c6ec3e85ba9f4ff88d599ed14b49d42b099450e3f24a2c54d92b13d216f09b3d0d5a10d37f919a0179cf38bca5529a0f4dd18e0fb86", 0x57}, {&(0x7f0000002180)="c3eaa38eca4186cb973e6d7af4fadea0960f8e2b7b2732aad1bab740eb2a46517ec66f481e9777dae9ebc737e6b18ab2287dee346f5c768bf4dd88332c10b0eb54e1d8f4d1515feb93b00987450f375290", 0x51}], 0x3, &(0x7f0000000700)=ANY=[], 0x6c, 0x4854}}], 0x3, 0x4040011)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r2 = syz_io_uring_setup(0x5bc1, &(0x7f0000000400)={0x0, 0x59d8, 0x10, 0x3, 0x1a}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, 0x0, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f3f000000170a001700000000040037000d00030001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYRES32=r2], &(0x7f00000005c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x1c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x900}, 0x94)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r6, 0x0, 0x0, 0x0, 0x2083, 0x1, {0x1}})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), r5)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2020, 0x0)
ioctl$USBDEVFS_IOCTL(r7, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x3, 0x5)
syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r8=>0x0, &(0x7f0000000000))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)

2.819760116s ago: executing program 5 (id=4681):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005a80)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000001040)="1afa930cacb9483ba427fdebe35364652f11c890067ca57a50fcdad0b85702e5cc0b945016028a3cc74937f47b829ffb57197295d7a2d38761146d9d4c35dbef7bf484deb62ddaa8dcf89ed8b8ad859bbcbb4593668e5953f537a33f9a56eabd738803eb8c0b864dc8fcdae1d0f715c660d6d3f06789efb0d8b12fe29792fde455e9b5438ece90f64f47cb446e9bfb07c2e67799b96d7d4fb2f171a6e31a178fac90050470d75d8cf04b7c144928d9eff3058b39af2fe86bbeec1d595fa1d6a4767179d8f3ffd772c6b2c81a2e2b2ff16eee04798a5da71a36d642135c012a1889c8f54c6fa79fd700850aa0a242da0de1db416effebacf50b70745155816f6c1c4cea841ad36f624202e0c04da611f1d60ee3f3c8b92e9abb5433232844aa1baaba03981599e43f2ded4df3168a4dde0dc57bde58aff3e2984c686c311e47874a28b0ef899f990a98abc002b90719ea82620c66b8db5c964c996523e7bd798477dd4f25cb30f5a52c8ea87ac7829c72cf5c48f422fd402945e26cc4aa6faa11b43de6c9307dc67c9af69db6977f6d20c0c97e8e4df718cf554b0bfd516f445514316824e974ef5166910bbd3b080b764e12f5542ff11ff67250a3c078306dfed88764473ece74350e5113ea49a7a19add306b9ff3709eec943b0e8680c8eea9741dd23e3f377ef0e9d59efee73803e7293e1a870a2e46e2765c304350aa7ba907d4ad344f542919aea5fc25f9b3446b66436b4600e7b1a58d3ba1d06d0c9576e40c54caaa7a35a9f16dd6a2b49097ef76dcc41de089c4ab2763aefcdf5ed8aab0675f0bc68d908538b129632ca82871f8e165e442bef0e306e391bb53507434e4166fb91f001601be498448774c23a996406d55a170aa45a2065e61d2c967687e64ac5ff6ad3907727cd6e7474a6a022b26d2bd6b040528910794eaeb726ee91545a734bc289ff5c7f323c3abd70b001159c5ceb242c7e4880ad0a61426c67ffe52fd8160b53fe8f34c3174b88ef7ced5ab77cbd12e7f4de73d33aa7c478bf7839373f96d8367ee34607f7c227bd0b18fecb68bacbd8631e25b7b8119fec8af772f428b5f67bb362df271796b2a996faf920d5c6338c0e805ccff5cc7d057badcdf1b5f46d75a77585556cffb9cfd0364e885de2752956b80338132a3dea920b76b2834c47f61c5313203503eb96cb985f1d55ef673829cf5ad027fe49c1545bde3657fb8b12132e6e6a3df6165424b43c80938724e9ad255f16cac8c2168cd6399d883ee86afd833f0f974eb1fa8742efa42050fea8fd254dbe908058ed2b52bdb155c5c050e9dd451094df2055df14c21ab600f19beeb8e2c160b81245b83de617f91fea8e8f37231849728b19996db4746207fa0de84ca5f11dce363a0ab0bbc74a84998ab194384f4ca29ea684cc00122c1f08653bc393f5ed0ec66d1e4e2f7109fff9b0eedc2ed18b78a257516c26d83717d7e5e2d86d1b3eaaad92872f713d94c2ad76ece3a18b64803686a35eb487f0ed0e4c3efb267dcd698ea4672203627c415a5427e411e32686ba6c5d35ed2f333630a62d721627554fbba63738d322625b2208c3042f2d2fc3229077b88292965676957ae6d88b711ebf6db27579792b4b2a7f88b402c93203d2410dfaa28b6b90db232d73be2edd8d3c4c958dc8d050992a070c8847e3e15b12effcb9690c0571b4de91581660c5d9e663a4207bbdacb60261a7c3513758d58a4cef1c34bb62002a8ed8bfad19257618f1917fa88a73dcdb9a85101a14758274e65cbd1dd79e0ad4ec03c21d86ee03d98d37d916836dee9907b1bb05d0209a8f867e33da8c5c3e1c78097f792942cdd51a47469bfefe327bc66527ab8456c78a1a7fe1d6edfab7aa924550c6dc332908f5feec95f42ec9237d2f75032e4ff52689bd65ed7c2d3829cd624d9bda04c6633563d02a15e529b1e4190ca93dce17e952a12059b8e8a5e730892fc414f99cd8ae3e45ba488703dc1e1af04c358b3aee9fa3f0fdc76b906471378bfc15f37ffe644c84bd25c7b396e7764093e322c923f7d4e4ab1ecfb7c153c667587fd23b2c774bcaefb1079093c80d0fc24456ec2e1b17d0a11f44d19fbf8706ea1c002afc172318b9ccfa5a7b181217cf3467e76090448123d8eb6285d8cfc2deaaa4ce7fa0391a7e63ad6e6bbec958e2b2660e59a89209f3cc945f7a87c0a48c669842e037b4544bc39c36bcabaf3c87c29bcdd76e880bbb0e06f84054131b18b9529cf184cb2ba9217284326c368da0038ed1df8db20f0eb203273e6f40c37ae03d066234c7ecd6f76c26f90899812f2742a71db4a18ab8513dbd0f94cc7617d7d86baa6072126dfe7b962cc4143abb28a530237c0ce2ddbb3585401b19316e19af09df45c1b7636a18b5e48c65596f229caddc5b9a39b3e06c0869b4599c67e922ee6f5b20b8170d79e1b09457e594884304cb943fde6d86177e360ebed58b33631649d0809159cc5a6f41287399d01c2fd26c0a01c594255dc57d988bc0369cc19423f62e0d6174620569825117a6b005c7be6c59922683e5523cfd06dfb9b88c5c720dc91dc7a07296b1225b11ebd54c229fcf53f91fbdd3b6c5956b4c55bd38b4cf78ee20863edae292c5642d3f8e4bd7735e41d903473c4770463e44148e07586f1756d8926c90ac3ef01a4693ab7abc9cd078a2793325889ef27812aa61f517c1650b3d89b693a98374cc780a7e9f62762a52590058a626287224eb06ee51ae36126892e6fc7459026f801c6fae0ec5839cabbf2380a2328356da012363e90fd3403bc45fa90a1dfc72b0f2ca25f10c31108b7a60ffb3511249c42bfa8e151bb309e9fa16e489e39c40ff0b1b066e41b5edd18e68b56cbee088a47fafc38c2e46b89ebefb6be8e4bcf3e92fa36955f59c08eac92c213c33692ff9b98788fb223f0a3739532e14792a3a0cc9240094ba6799ee6a2d0c7212564829353debf03839b2d81dc60a084eded7bd2a80cd949945140a1209619150bb528832d7d45cbb77bc68c04cb0a5a806399f10f67a9c60f0f1114a9526bc1b23ff9496bd3bee6af45134b4761579e2343e3f0fd5463fcc865960c63b80aed40d969fd5315d1b90f731460b7a82dcd8825f0fc4ee95b0212be8216754ea13b2b853330afc9cb4610a5b7982a68fb79b4b2cd80928661b06c474caf4259d5619b2b8f8d8daa291ab7ca332e978ec95d02536747f54afce4897bffcb7a54c79c9fea5826d14ca004d8777a544f8716b414b45d213923c716889e0e242af576442a906904108d647c540bcc101d69612fcc7b1158e31da8dc6c66ed894bf6a9c4a87e91f880c8726de9ae82b3836776bc33ac9d1f9415dce5c324b787c3323df85e76aa7e3b75261c89f63216b966b770ae30c6a3ef2ddac1b27c14e9f443202e2951d0948c982c71e6eca1ed8fb17bd7d3d7f01806bf95e7e2a485a446249dc4f879f8a94bd1dfb0f457489e6f5067331a971c3cf637d349eef391a5942b6da5d1ec0a31452f5ee2f4882c0b3c3f59652a2d2a9d6a67759514172fdf2b5dc18469dc34f826b1d8dec6bcfb244aab936d99e7f30f3577a0507c5defc43321f02be525a118b5da64df45af052d3a419a58c398eb1e21b238f93da2326c8c59ab3fea82546f5878b3c54b8b5a541ebb97550c56a096a76f9e288d5cc3731f189f735368bed001c56e630c0a068ef89495e389b86e43a8e6ac8eccc7c7683ed93264c4bef3981ccdd8c0504c10a73d81c188c89c08a5b4d1d47fdc18a3c5d8cc29ed03adcc5f1b7fe0feb156f0a91bd68bb3d2c91d62d596e3d2ea84d243bd56d2a13c556a43f6c6c219830f256105e7a98ab1734ba0b5251b740134f86834896672e9421b4aba3c038ac4b58095709f85ed086add1998eff56ef2059dd65da8000ba424769570284d24da2763774083fbe4c74ccd324d8aaea1435cc85edd5499d44702e546250630afc490bda76c61ef7951d521f00111dd779ec7c57a7cdc7dc6ddf7c89ae8edf9489ff53b5dd587d260f1b702e7f6b9281f0d973a9cadf41c32819be32e40d08956f2c18a5a01e976a1c6bbb0b31bfda9f8df0cd680e3bf3134cde1df408f49eb8505471b16f0558e471921df2dbbe3e4605f5f713a9cb3c6eb1931a11932194d298aa828c02e3afbf6681406af7cc45b4c659ee03ca0c59b333264c29d2a4803cd816c3756aa3412064eda75ff59d2ab863d3b96e99342df08015cf18716db41a56b344bb1ceecf915a3b0e50a7894feb607d89e74d891ceaf3ed8ff6ab2c460dc5b93f32c87d97fd4e3953c7d5406102fc85fccaa9bdd47f35dc0f619032c3aa3f88bfb37af4488b36b643edc7ef8501fa3553651d3da06c1655c06671f60f3d100cad302bad541a7f3079433025d820e60ced466ba960c3b3c25b02898cf98efdb08bc85484162b51a74ab19a5e02106b3e285be7bf1145bc668d3658e7fddeea8e53910c17d17f5cdb8ff00f3c843292838b3a86f9c9478c96d9137a56fa82fecbab390f53409d241b9c74889d141db864e1b48d9cdad4f5f27e50774eb2768576b2dd8d035a824eba1a76b84d7d6d09448d5762fdd99d6c4427291cd3193fbd24ee2d46a54cba7a50a01a659ea5b1ebd0ef9237ef8d9fdc36f0f018a5892af0cf782ba4b6445a0795c3bd50095974a612ed6b1825a7abc2a4dd83343171f933feec0d2914568f966a960ab3e1ea03bd8f1f330c016b671f686aef918818214d523eba7f058c70f2c43759f5615cfe5d79da030aabbe0e6cb6a9c045b4f815d36c34615e9b67ad4880a57fdb34770db4ba46699d9e215aab800bbd020d68fe597708af11f6b6b6631e859d5776bf77bb66e60b5ed3f44f5ec9653e8eeed11e21e6396892f42fc8630cb5587f1cd8fb5c72756618512668a6e25e707191327349c11a81d314f6f740a0fda00051de407752deb1098016a7505cae237b4705cdc17af5fc5cbbe25b2f8a36f2e75b191f25b44887f883140e4d9462434c0a614e6c7e6ce285e7aef4211c91f8cc5e6a5f74eec33227fe69777043bfa661d046319b7998481e59560c8969f4d3205ef9d5dced6d75415714d69555831778780c40b7023a3c21cba2b5a21dc91278d17378aed7397c438be0706e82bae2764b7f22a78cac928092a8fc47b08e8f10b6c7f49bc026de1f231aad8947e235b29edea696747db15dd6295810ef7dc39c870f6323bcdc15dcb262cd1c2374f79356b3df74689701a8b2ee637fc80c9554571fb71b1f3ca50203c7d39ace0f4ed5689bc6bbe83ac9fa2e7c881ff193e8de73a19da1722cf240e46ab35ddde756880e20c8cecae3ead8eb0f6372e05cbd5fff8998415cb57ce625f36ee2089db149e1ee17eac0ed57eb39104819ea08fad0502829a34e22ea7f50bc94e69f6d19377ed4efc637cc50458280a8318aca67f3df3d5f7628d0fb35f7f6c240a09311a6399eb70abb0aa42a9e018f27456fe8a61e29f811a694721baf5b7efc931dd1b7f20c644816f2ee2287d5f81632300afbdfc0153584f7b4c8284e6b911543b2b082a00be377dd5ff275a2a1181f52a617aca29c25b5a779c2b94d38c07bdf0f5ba4b84cb552774b2b59335581438d7a68f04501594e6ba1bd56b15b2a2998525a4c6ce3235f708b4079b10064304dda735c765080f241c8681b8918081bae95e647720b04aa113", 0xfbf}], 0x1, 0x0, 0x0, 0x40001}}], 0x1, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r0 = socket(0x1e, 0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRES8, @ANYRES64, @ANYRESOCT], &(0x7f0000000000)='GPL\x00', 0x2, 0xbb, &(0x7f0000002000)=""/187, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
syz_init_net_socket$ax25(0x3, 0x5, 0xc4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f00001bd000/0x3000)=nil, 0x3000, 0xb635773f04ebbee5, 0x4010, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f000000acc0)=[{{&(0x7f00000020c0)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000003140)=""/4096, 0x1000}, {&(0x7f0000000040)=""/55, 0x37}], 0x2}, 0x4}, {{&(0x7f0000002140)=@xdp, 0x80, &(0x7f0000002300), 0x0, &(0x7f0000002340)=""/12, 0xc}, 0xf0}, {{0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000006ac0)=""/4096, 0x1000}, {&(0x7f0000002380)=""/163, 0xa3}, {&(0x7f0000002440)=""/122, 0x7a}, {&(0x7f00000024c0)=""/156, 0x9c}, {&(0x7f0000002580)=""/88, 0x58}, {&(0x7f0000002600)=""/153, 0x99}, {&(0x7f00000026c0)=""/254, 0xfe}, {&(0x7f00000027c0)=""/239, 0xef}, {&(0x7f00000028c0)=""/40, 0x28}], 0x9, &(0x7f0000002980)=""/165, 0xa5}, 0xe251}, {{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f00000021c0)=""/136, 0x88}], 0x1, &(0x7f0000002b40)=""/108, 0x6c}, 0x7ff}, {{&(0x7f0000002bc0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000002e40)=[{&(0x7f0000002c40)=""/10, 0xa}, {&(0x7f0000002c80)=""/210, 0xd2}, {&(0x7f0000002d80)=""/60, 0x3c}, {&(0x7f0000007ac0)=""/4096, 0x1000}, {&(0x7f0000002dc0)=""/128, 0x80}], 0x5}, 0x3}, {{0x0, 0x0, &(0x7f0000005340)=[{&(0x7f0000002e80)=""/118, 0x76}, {&(0x7f0000002f00)=""/38, 0x26}, {&(0x7f0000002f40)=""/71, 0x47}, {&(0x7f0000002fc0)=""/143, 0x8f}, {&(0x7f0000003080)=""/27, 0x1b}, {&(0x7f0000005140)=""/242, 0xf2}, {&(0x7f0000005240)=""/199, 0xc7}], 0x7, &(0x7f0000005380)=""/210, 0xd2}, 0x2}, {{0x0, 0x0, &(0x7f0000005880)=[{&(0x7f0000005480)=""/153, 0x99}, {&(0x7f0000005540)=""/4, 0x4}, {&(0x7f0000005580)=""/110, 0x6e}, {&(0x7f0000005600)=""/226, 0xe2}, {&(0x7f0000005700)=""/72, 0x48}, {&(0x7f0000005780)=""/172, 0xac}, {&(0x7f0000008ac0)=""/4096, 0x1000}, {&(0x7f0000005840)}], 0x8, &(0x7f0000009ac0)=""/4096, 0x1000}, 0x7}, {{&(0x7f00000058c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10}, 0x80, &(0x7f00000059c0)=[{&(0x7f0000005940)=""/117, 0x75}, {&(0x7f000000aac0)=""/233, 0xe9}, {&(0x7f000000abc0)=""/194, 0xc2}], 0x3}, 0x100}], 0x8, 0x40000002, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setregid(0xffffffffffffffff, 0x0)
setuid(0xee01)
syz_init_net_socket$ax25(0x3, 0x2, 0xcb)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f00000000c0)='./file0\x00')
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x17, 0xbffd, {0x7, './file0'}}, 0x10)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0xc8200, 0x0)

2.687774696s ago: executing program 5 (id=4682):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x8a4, 0x30, 0x12f, 0x0, 0x0, {}, [{0x890, 0x1, [@m_police={0x88c, 0x1, 0x0, 0x0, {{0xb}, {0x87c, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}], [@TCA_POLICE_RATE={0x404}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}], [@TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x8a4}}, 0x0)
socket(0x10, 0x3, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000009c40)=ANY=[@ANYBLOB="04140003c9"], 0x17)
creat(&(0x7f0000000440)='./file0\x00', 0x0)
r2 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x800, 0x0)
ioctl$BINDER_CTL_ADD(r2, 0xc1086201, 0x0)
r3 = socket$pptp(0x18, 0x1, 0x2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000002180)=ANY=[@ANYBLOB="9feb0100180000000000000010000000100000000500000004000000000d000e04000000000001000000000000"], 0x0, 0x2d}, 0x28)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x4000, 0x4a080}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0)
close(r3)
openat$sequencer(0xffffff9c, 0x0, 0x8b8802, 0x0)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000000)='adfs\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x14)

2.336047305s ago: executing program 0 (id=4683):
openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {0xffffffff}, {0x0, 0xfffffffe}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0)
read$msr(r0, &(0x7f0000019540)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x20, 0x0, &(0x7f0000000540)="e0b9547ed387dbe9abc89b6f5becf61b68d90ac9143f14fd7c1596a59e13e72441e520c1af68fa5b3b01c6aa3998c45ba0f93fb476cb99de223544152c81084a55bb09c092366ca6a04aeaa325408a2c5bac081eeb1e83e9d40f16656bd4f6f8bcc7d20bb6d8d5f504bb43afe59d312d0014e8f2e76da4be1d9f40f8987a4a6e05f2551c29d5cd2e9d394e25f37d9b241150670e22cae915c64f488a942fb720bccb726054f5a78d5303c2ce3a16de1e4305dcceabe923e82572357904a38180f574958302aba6755fa9964ad25f", 0x0, 0xe160, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
writev(r1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setresuid(0x0, 0xee00, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000280)={'bridge0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
connect$inet6(r6, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r7, 0x540a, 0x2)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100))
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)

1.789184177s ago: executing program 3 (id=4684):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={0x0, @in={0x2, 0x4e23, @loopback}, @vsock={0x28, 0x0, 0x2711, @local}, @phonet={0x23, 0x37, 0x0, 0x3}, 0x7ff, 0x0, 0x0, 0x0, 0x24f2, 0x0, 0x2, 0xf93, 0x5})
r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0)
recvmmsg(r2, &(0x7f00000034c0), 0x0, 0x10720, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000700)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'wg2\x00', <r5=>0x0})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000840)={'syztnl0\x00', &(0x7f0000000780)={'syztnl1\x00', <r6=>0x0, 0x1, 0x8000, 0x1, 0x0, {{0x19, 0x4, 0x1, 0x31, 0x64, 0x65, 0x0, 0x7, 0x29, 0x0, @empty, @loopback, {[@rr={0x7, 0xf, 0x2c, [@dev={0xac, 0x14, 0x14, 0xc}, @rand_addr=0x64010102, @remote]}, @noop, @lsrr={0x83, 0x13, 0x37, [@private=0xa010100, @dev={0xac, 0x14, 0x14, 0x10}, @multicast1, @dev={0xac, 0x14, 0x14, 0x1d}]}, @timestamp={0x44, 0x10, 0x44, 0x0, 0x2, [0x3, 0x3, 0xffffffff]}, @cipso={0x86, 0x13, 0xffffffffffffffff, [{0x1, 0xd, "795234c1dd7ab658d22000"}]}, @lsrr={0x83, 0x7, 0x4b, [@broadcast]}]}}}}})
sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x11804032}, 0xc, &(0x7f0000000f80)={&(0x7f0000000880)={0x6ec, 0x0, 0x1, 0x70bd27, 0x25dfdbfc, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8}, {0xec, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xc}}}]}}, {{0x8}, {0x130, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8c}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfb9}}, {0x8}}}]}}, {{0x8}, {0x128, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7ff}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}]}}, {{0x8, 0x1, r4}, {0x1f0, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xc}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x6ec}, 0x1, 0x0, 0x0, 0x20040001}, 0x200448c0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x7)
pipe2(&(0x7f0000000040)={0x0, 0x0}, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000180)='veth0_macvtap\x00', 0x10)
fcntl$dupfd(r7, 0x0, r7)

820.625198ms ago: executing program 5 (id=4685):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
sendfile(r3, r3, 0x0, 0x40008)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0xfffffff4)

0s ago: executing program 5 (id=4686):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
r2 = epoll_create1(0x0)
epoll_wait(r2, &(0x7f00000003c0), 0x0, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'c6xdigio\x00', [0xcff, 0x5, 0x3, 0x4, 0x5, 0xcc7, 0xf, 0xb, 0xa, 0x100, 0x2, 0x1, 0xfffffffd, 0x40, 0x6, 0x101, 0x0, 0x1a449, 0x2, 0x40000003, 0x99, 0xcaa7, 0x0, 0x20001e58, 0xa, 0xe69, 0x3f, 0x8, 0x2, 0x0, 0xfffffff8]})

kernel console output (not intermixed with test programs):

 sig=0 arch=40000003 syscall=295 compat=1 ip=0xf708e579 code=0x7ffc0000
[  779.807232][   T40] audit: type=1326 audit(1755857760.255:12842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19148 comm="syz.5.3683" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  779.816278][   T40] audit: type=1326 audit(1755857760.255:12843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19148 comm="syz.5.3683" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf708e579 code=0x7ffc0000
[  779.824593][   T40] audit: type=1326 audit(1755857760.255:12844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19148 comm="syz.5.3683" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf708e579 code=0x7ffc0000
[  779.836621][   T40] audit: type=1326 audit(1755857760.255:12845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19148 comm="syz.5.3683" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708e579 code=0x7ffc0000
[  780.875254][T19173] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3687'.
[  780.901081][T19173] 8021q: adding VLAN 0 to HW filter on device bond3
[  780.966113][T19173] 8021q: adding VLAN 0 to HW filter on device bond3
[  780.969038][T19173] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  780.978487][T19173] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  781.326318][ T5974] Bluetooth: hci2: command 0x0c1a tx timeout
[  781.524239][T19185] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3689'.
[  781.534695][T19185] netlink: 'syz.5.3689': attribute type 13 has an invalid length.
[  782.840791][T12996] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  783.007863][T12996] usb 8-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  783.012432][T12996] usb 8-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  783.016586][T12996] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  783.020448][T12996] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.172423][ T5974] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  783.184914][T19204] netlink: 'syz.2.3696': attribute type 14 has an invalid length.
[  783.275533][T19209] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  783.279455][ T6060] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  783.294282][    T9] usb 8-1: USB disconnect, device number 28
[  783.298081][ T5974] Bluetooth: hci2: command 0x0c1a tx timeout
[  783.480234][ T6060] usb 5-1: config 0 has no interfaces?
[  783.604302][T19214] syz.5.3693: attempt to access beyond end of device
[  783.604302][T19214] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  783.608881][T19214] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  783.638161][ T6060] usb 5-1: New USB device found, idVendor=8516, idProduct=3071, bcdDevice=22.2e
[  783.641473][ T6060] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.643885][ T6060] usb 5-1: Product: syz
[  783.645119][ T6060] usb 5-1: Manufacturer: syz
[  783.646555][ T6060] usb 5-1: SerialNumber: syz
[  783.648581][ T6060] usb 5-1: config 0 descriptor??
[  783.900592][T19200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3694'.
[  783.903394][T19200] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3694'.
[  783.911132][ T5347] usb 5-1: USB disconnect, device number 25
[  784.182653][T19220] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  784.184642][T19220] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  784.187167][T19220] vhci_hcd vhci_hcd.0: Device attached
[  784.266035][T19222] vhci_hcd: connection closed
[  784.267053][ T9647] vhci_hcd: stop threads
[  784.288813][ T9647] vhci_hcd: release socket
[  784.290270][ T9647] vhci_hcd: disconnect device
[  784.673241][T19233] sctp: [Deprecated]: syz.2.3704 (pid 19233) Use of int in maxseg socket option.
[  784.673241][T19233] Use struct sctp_assoc_value instead
[  786.003635][T19248] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  786.006114][T19248] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  786.013573][T19248] vhci_hcd vhci_hcd.0: Device attached
[  786.162404][T19256] vhci_hcd: connection closed
[  786.162544][ T9618] vhci_hcd: stop threads
[  786.166650][ T9618] vhci_hcd: release socket
[  786.168791][ T9618] vhci_hcd: disconnect device
[  786.193853][ T5347] vhci_hcd: vhci_device speed not set
[  786.305055][ T5974] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  786.698410][T19268] syz.5.3712: attempt to access beyond end of device
[  786.698410][T19268] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  786.704546][T19268] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  786.956473][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  786.958802][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  787.154752][ T5974] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  787.539467][T19274] syz.5.3714: attempt to access beyond end of device
[  787.539467][T19274] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  787.545586][T19274] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  787.587940][T19275] debugfs: 'ptm0' already exists in 'caif_serial'
[  787.684640][   T40] kauditd_printk_skb: 1190 callbacks suppressed
[  787.684653][   T40] audit: type=1326 audit(1755857768.580:14036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x7ffc0000
[  787.695434][   T40] audit: type=1326 audit(1755857768.580:14037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.703876][   T40] audit: type=1326 audit(1755857768.580:14038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.710977][   T40] audit: type=1326 audit(1755857768.580:14039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.717965][   T40] audit: type=1326 audit(1755857768.580:14040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.727128][   T40] audit: type=1326 audit(1755857768.580:14041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.736267][   T40] audit: type=1326 audit(1755857768.580:14042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.745970][   T40] audit: type=1326 audit(1755857768.580:14043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.755272][   T40] audit: type=1326 audit(1755857768.580:14044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  787.764691][   T40] audit: type=1326 audit(1755857768.580:14045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19276 comm="syz.3.3716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  788.056727][T19294] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  788.058872][T19294] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  788.065376][T19294] vhci_hcd vhci_hcd.0: Device attached
[  788.121416][T19297] vhci_hcd: connection closed
[  788.157007][ T9618] vhci_hcd: stop threads
[  788.164258][ T9618] vhci_hcd: release socket
[  788.165918][ T9618] vhci_hcd: disconnect device
[  789.140092][T19305] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3722'.
[  789.177400][ T9647] Bluetooth: hci3: Frame reassembly failed (-84)
[  789.589248][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  789.825048][T19271] netfs: Couldn't get user pages (rc=-14)
[  790.222224][T19326] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  790.226347][T19326] overlayfs: failed to set xattr on upper
[  790.228845][T19326] overlayfs: ...falling back to redirect_dir=nofollow.
[  790.231764][T19326] overlayfs: ...falling back to index=off.
[  790.242587][T19326] overlayfs: ...falling back to uuid=null.
[  790.289131][T19328] input: syz0 as /devices/virtual/input/input34
[  790.357231][T19329] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  790.360015][T19329] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  790.362613][T19329] vhci_hcd vhci_hcd.0: Device attached
[  790.604233][   T55] usb 43-1: new high-speed USB device number 4 using vhci_hcd
[  790.653645][T19334] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3730'.
[  791.147016][ T5974] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  791.226669][T19330] vhci_hcd: connection reset by peer
[  791.297277][  T166] vhci_hcd: stop threads
[  791.299442][  T166] vhci_hcd: release socket
[  791.301083][  T166] vhci_hcd: disconnect device
[  791.749901][T19355] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3737'.
[  792.280758][T19369] syz.3.3739: attempt to access beyond end of device
[  792.280758][T19369] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  792.284856][T19369] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  793.128162][T19377] block nbd0: server does not support multiple connections per device.
[  793.131887][T19377] block nbd0: shutting down sockets
[  793.238781][   T40] kauditd_printk_skb: 747 callbacks suppressed
[  793.238795][   T40] audit: type=1400 audit(1755857774.406:14793): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=19389 comm="syz.2.3746"
[  793.524465][T19398] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3747'.
[  793.527828][T19398] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3747'.
[  793.873137][   T40] audit: type=1400 audit(1755857775.078:14794): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=19401 comm="syz.5.3748"
[  794.343839][T19414] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3751'.
[  794.971460][   T40] audit: type=1326 audit(1755857776.223:14795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19416 comm="syz.5.3752" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  795.045502][T19421] FAULT_INJECTION: forcing a failure.
[  795.045502][T19421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  795.050545][T19421] CPU: 3 UID: 0 PID: 19421 Comm: syz.0.3753 Not tainted syzkaller #0 PREEMPT(full) 
[  795.050567][T19421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  795.050577][T19421] Call Trace:
[  795.050584][T19421]  <TASK>
[  795.050591][T19421]  dump_stack_lvl+0x16c/0x1f0
[  795.050706][T19421]  should_fail_ex+0x512/0x640
[  795.050755][T19421]  _copy_to_user+0x32/0xd0
[  795.050769][T19421]  simple_read_from_buffer+0xcb/0x170
[  795.050787][T19421]  proc_fail_nth_read+0x197/0x240
[  795.050804][T19421]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  795.050820][T19421]  ? security_file_permission+0x71/0x210
[  795.050842][T19421]  ? rw_verify_area+0xcf/0x6c0
[  795.050857][T19421]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  795.050880][T19421]  vfs_read+0x1e1/0xcf0
[  795.050898][T19421]  ? __pfx_vfs_read+0x10/0x10
[  795.050915][T19421]  ? rcu_is_watching+0x12/0xc0
[  795.050933][T19421]  ? __fget_files+0x20e/0x3c0
[  795.050952][T19421]  ksys_read+0x12a/0x250
[  795.050969][T19421]  ? __pfx_ksys_read+0x10/0x10
[  795.050987][T19421]  ? rcu_is_watching+0x12/0xc0
[  795.051003][T19421]  __do_fast_syscall_32+0x7c/0x3a0
[  795.051025][T19421]  do_fast_syscall_32+0x32/0x80
[  795.051045][T19421]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  795.051066][T19421] RIP: 0023:0xf7f17579
[  795.051077][T19421] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  795.051093][T19421] RSP: 002b:00000000f5436590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  795.051132][T19421] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5436620
[  795.051142][T19421] RDX: 000000000000000f RSI: 00000000f73a4ff4 RDI: 0000000000000000
[  795.051152][T19421] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  795.051161][T19421] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  795.051170][T19421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  795.051184][T19421]  </TASK>
[  795.576449][   T55] vhci_hcd: vhci_device speed not set
[  795.614252][   T40] audit: type=1326 audit(1755857776.894:14796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19422 comm="syz.3.3754" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf711e579 code=0x0
[  795.840317][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  796.191382][T19435] syz.5.3756: attempt to access beyond end of device
[  796.191382][T19435] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  796.198309][T19435] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  796.986674][T19439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3757'.
[  797.659787][T19463] FAULT_INJECTION: forcing a failure.
[  797.659787][T19463] name failslab, interval 1, probability 0, space 0, times 0
[  797.676456][T19463] CPU: 1 UID: 0 PID: 19463 Comm: syz.5.3765 Not tainted syzkaller #0 PREEMPT(full) 
[  797.676506][T19463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  797.676521][T19463] Call Trace:
[  797.676529][T19463]  <TASK>
[  797.676537][T19463]  dump_stack_lvl+0x16c/0x1f0
[  797.676570][T19463]  should_fail_ex+0x512/0x640
[  797.676602][T19463]  ? copy_splice_read+0x1a8/0xc20
[  797.676623][T19463]  should_failslab+0xc2/0x120
[  797.676650][T19463]  __kmalloc_noprof+0xd2/0x510
[  797.676678][T19463]  copy_splice_read+0x1a8/0xc20
[  797.676701][T19463]  ? __pfx_copy_splice_read+0x10/0x10
[  797.676743][T19463]  ? lockdep_unlock+0x64/0xe0
[  797.676763][T19463]  ? register_lock_class+0x39f/0x4c0
[  797.676788][T19463]  ? rcu_is_watching+0x12/0xc0
[  797.676815][T19463]  v9fs_file_splice_read+0xc8/0xe0
[  797.676844][T19463]  ? __pfx_v9fs_file_splice_read+0x10/0x10
[  797.676871][T19463]  do_splice_read+0x282/0x370
[  797.676890][T19463]  splice_direct_to_actor+0x2a1/0xa30
[  797.676909][T19463]  ? __pfx_direct_splice_actor+0x10/0x10
[  797.676927][T19463]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  797.676944][T19463]  do_splice_direct+0x174/0x240
[  797.676960][T19463]  ? __pfx_do_splice_direct+0x10/0x10
[  797.676975][T19463]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  797.676990][T19463]  ? bpf_lsm_file_permission+0x9/0x10
[  797.677013][T19463]  ? security_file_permission+0x71/0x210
[  797.677036][T19463]  ? rw_verify_area+0xcf/0x6c0
[  797.677054][T19463]  do_sendfile+0xb06/0xe50
[  797.677072][T19463]  ? __pfx_do_sendfile+0x10/0x10
[  797.677089][T19463]  ? __might_fault+0xe3/0x190
[  797.677107][T19463]  ? rcu_is_watching+0x12/0xc0
[  797.677200][T19463]  ? __might_fault+0xe3/0x190
[  797.677240][T19463]  __ia32_compat_sys_sendfile+0x162/0x220
[  797.677265][T19463]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  797.677293][T19463]  ? rcu_is_watching+0x12/0xc0
[  797.677311][T19463]  __do_fast_syscall_32+0x7c/0x3a0
[  797.677335][T19463]  do_fast_syscall_32+0x32/0x80
[  797.677356][T19463]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  797.677383][T19463] RIP: 0023:0xf708e579
[  797.677397][T19463] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  797.677414][T19463] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  797.677432][T19463] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000006
[  797.677443][T19463] RDX: 0000000080000080 RSI: 0000000000007f04 RDI: 0000000000000000
[  797.677453][T19463] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  797.677463][T19463] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  797.677473][T19463] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  797.677489][T19463]  </TASK>
[  798.235425][T19462] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3765'.
[  798.238978][T19462] lo: Caught tx_queue_len zero misconfig
[  800.371970][T19501] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  800.374134][T19501] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  800.377970][T19501] vhci_hcd vhci_hcd.0: Device attached
[  800.389117][T19503] vhci_hcd: connection closed
[  800.389237][ T9621] vhci_hcd: stop threads
[  800.392136][ T9621] vhci_hcd: release socket
[  800.393540][ T9621] vhci_hcd: disconnect device
[  800.463796][   T40] audit: type=1326 audit(1755857781.996:14797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19487 comm="syz.2.3774" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000
[  800.696381][T19508] syzkaller1: entered promiscuous mode
[  800.698333][T19508] syzkaller1: entered allmulticast mode
[  801.189340][T19520] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  801.192608][T19520] syzkaller0: entered promiscuous mode
[  801.194680][T19520] syzkaller0: entered allmulticast mode
[  801.413538][T19518] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3779'.
[  801.501100][ T6143] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  801.654134][ T6143] usb 5-1: Using ep0 maxpacket: 8
[  801.663126][ T6143] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  801.666392][ T6143] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  801.670461][ T6143] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  801.684609][ T6143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.690484][ T6143] usbtmc 5-1:16.0: bulk endpoints not found
[  801.880022][T19533] tipc: Started in network mode
[  801.881968][T19533] tipc: Node identity 0e1a2255e6ff, cluster identity 4711
[  801.884460][T19533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  801.887108][T19533] syzkaller0: entered promiscuous mode
[  801.888877][T19533] syzkaller0: entered allmulticast mode
[  801.996912][T19520] tipc: Resetting bearer <eth:syzkaller0>
[  802.002752][T19531] netlink: 'syz.2.3783': attribute type 10 has an invalid length.
[  802.169051][T19520] tipc: Disabling bearer <eth:syzkaller0>
[  802.263228][   T55] tipc: Node number set to 1059794147
[  802.370665][T19531] : (slave netdevsim0): Enslaving as an active interface with an up link
[  802.373457][T19536] syzkaller0: mtu greater than device maximum
[  802.406973][T19532] tipc: Resetting bearer <eth:syzkaller0>
[  802.432135][ T1019] usb 5-1: USB disconnect, device number 26
[  802.607270][T19532] tipc: Disabling bearer <eth:syzkaller0>
[  802.835167][T19543] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3787'.
[  802.994309][T19552] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  803.015877][T19555] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  803.017981][T19555] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  803.022476][T19555] vhci_hcd vhci_hcd.0: Device attached
[  803.041176][T19557] vhci_hcd: connection closed
[  803.041327][  T166] vhci_hcd: stop threads
[  803.044781][  T166] vhci_hcd: release socket
[  803.046184][  T166] vhci_hcd: disconnect device
[  803.292345][T19037] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  804.387183][ T6143] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  804.549220][ T6143] usb 8-1: Using ep0 maxpacket: 32
[  804.556970][ T6143] usb 8-1: config 1 has an invalid descriptor of length 157, skipping remainder of the config
[  804.564310][ T6143] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  804.572390][ T6143] usb 8-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  804.575505][ T6143] usb 8-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  804.578468][ T6143] usb 8-1: Product: syz
[  804.579936][ T6143] usb 8-1: Manufacturer: syz
[  804.581655][ T6143] usb 8-1: SerialNumber: syz
[  804.594110][ T6143] appletouch 8-1:1.0: Could not find int-in endpoint
[  804.596455][ T6143] appletouch 8-1:1.0: probe with driver appletouch failed with error -5
[  804.601017][ T6143] usbhid 8-1:1.0: couldn't find an input interrupt endpoint
[  804.791862][   T55] usb 8-1: USB disconnect, device number 29
[  805.202592][T19592] FAULT_INJECTION: forcing a failure.
[  805.202592][T19592] name failslab, interval 1, probability 0, space 0, times 0
[  805.207501][T19592] CPU: 0 UID: 0 PID: 19592 Comm: syz.5.3800 Not tainted syzkaller #0 PREEMPT(full) 
[  805.207516][T19592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  805.207522][T19592] Call Trace:
[  805.207526][T19592]  <TASK>
[  805.207530][T19592]  dump_stack_lvl+0x16c/0x1f0
[  805.207558][T19592]  should_fail_ex+0x512/0x640
[  805.207574][T19592]  should_failslab+0xc2/0x120
[  805.207588][T19592]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  805.207601][T19592]  ? __alloc_skb+0x2b2/0x380
[  805.207615][T19592]  __alloc_skb+0x2b2/0x380
[  805.207626][T19592]  ? __pfx___alloc_skb+0x10/0x10
[  805.207638][T19592]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  805.207654][T19592]  netlink_alloc_large_skb+0x69/0x130
[  805.207667][T19592]  netlink_sendmsg+0x6a1/0xdd0
[  805.207681][T19592]  ? __pfx_netlink_sendmsg+0x10/0x10
[  805.207695][T19592]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  805.207708][T19592]  ____sys_sendmsg+0xa98/0xc70
[  805.207724][T19592]  ? __pfx_____sys_sendmsg+0x10/0x10
[  805.207739][T19592]  ? get_compat_msghdr+0x11a/0x170
[  805.207753][T19592]  ? kstrtouint_from_user+0x13c/0x1d0
[  805.207767][T19592]  ___sys_sendmsg+0x134/0x1d0
[  805.207779][T19592]  ? get_pid_task+0xfc/0x250
[  805.207794][T19592]  ? __pfx____sys_sendmsg+0x10/0x10
[  805.207809][T19592]  ? rcu_is_watching+0x12/0xc0
[  805.207824][T19592]  __sys_sendmsg+0x16d/0x220
[  805.207836][T19592]  ? __pfx___sys_sendmsg+0x10/0x10
[  805.207850][T19592]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[  805.207863][T19592]  ? rcu_is_watching+0x12/0xc0
[  805.207873][T19592]  ? rcu_is_watching+0x12/0xc0
[  805.207883][T19592]  __do_fast_syscall_32+0x7c/0x3a0
[  805.207898][T19592]  do_fast_syscall_32+0x32/0x80
[  805.207911][T19592]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  805.207925][T19592] RIP: 0023:0xf708e579
[  805.207933][T19592] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  805.207944][T19592] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  805.207954][T19592] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[  805.207961][T19592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  805.207967][T19592] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  805.207973][T19592] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  805.207979][T19592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  805.207988][T19592]  </TASK>
[  806.974536][T19626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3809'.
[  807.640725][T19638] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3813'.
[  807.826496][T19640] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  807.829237][T19640] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  807.878986][T19640] vhci_hcd vhci_hcd.0: Device attached
[  808.064333][ T6062] vhci_hcd: vhci_device speed not set
[  808.078128][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  808.134359][ T6062] usb 37-1: new full-speed USB device number 4 using vhci_hcd
[  808.296624][T19642] vhci_hcd: connection reset by peer
[  808.301607][ T9621] vhci_hcd: stop threads
[  808.303522][ T9621] vhci_hcd: release socket
[  808.305071][ T9621] vhci_hcd: disconnect device
[  808.502800][T19658] syzkaller1: entered promiscuous mode
[  808.505323][T19658] syzkaller1: entered allmulticast mode
[  809.153861][T19668] netlink: 604 bytes leftover after parsing attributes in process `syz.0.3821'.
[  809.251862][T19675] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3822'.
[  809.256127][T19675] loop1: detected capacity change from 0 to 7
[  809.265445][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.268618][    C0] buffer_io_error: 6 callbacks suppressed
[  809.268628][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.275380][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.278295][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.280938][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.283894][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.286759][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.290063][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.293107][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.296125][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.298891][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.301893][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.305043][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.308178][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.310732][T19675] ldm_validate_partition_table(): Disk read failed.
[  809.313234][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.316259][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.319217][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.322116][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.324651][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  809.327458][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  809.330133][T19675] Dev loop1: unable to read RDB block 0
[  809.352947][T19675]  loop1: unable to read partition table
[  809.355385][T19675] loop1: partition table beyond EOD, truncated
[  809.358050][T19675] loop_reread_partitions: partition scan of loop1 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  809.758522][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  810.637483][T19701] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3831'.
[  810.953721][T19706] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3833'.
[  811.253604][T19715] syzkaller1: entered promiscuous mode
[  811.256817][T19715] syzkaller1: entered allmulticast mode
[  811.347090][T19712] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  811.348942][T19712] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  811.352716][T19712] vhci_hcd vhci_hcd.0: Device attached
[  811.374698][T19717] vhci_hcd: connection closed
[  811.375763][T17807] vhci_hcd: stop threads
[  811.379235][T17807] vhci_hcd: release socket
[  811.381055][T17807] vhci_hcd: disconnect device
[  811.402121][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  811.446748][T19723] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3838'.
[  812.808783][T19752] syz.2.3845: attempt to access beyond end of device
[  812.808783][T19752] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  812.813792][T19752] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  812.828171][T19753] syz.3.3843: attempt to access beyond end of device
[  812.828171][T19753] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  812.831882][T19753] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  813.017528][ T6062] vhci_hcd: vhci_device speed not set
[  813.552095][T19770] syz.2.3848: attempt to access beyond end of device
[  813.552095][T19770] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  813.556402][T19770] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  814.300086][T19791] syzkaller1: entered promiscuous mode
[  814.301846][T19791] syzkaller1: entered allmulticast mode
[  814.620533][T19797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3857'.
[  815.128344][T19801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3858'.
[  815.903194][T19817] syz.2.3862: attempt to access beyond end of device
[  815.903194][T19817] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  815.907561][T19817] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  816.704604][T19836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3868'.
[  816.774028][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  817.128123][T19847] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3872'.
[  817.166648][T19848] syzkaller1: entered promiscuous mode
[  817.188604][T19848] syzkaller1: entered allmulticast mode
[  817.469657][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  817.765539][T19872] syz.5.3877: attempt to access beyond end of device
[  817.765539][T19872] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  817.771874][T19872] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  817.782085][T19866] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  817.784101][T19866] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  817.793311][T19866] vhci_hcd vhci_hcd.0: Device attached
[  817.801130][T19873] vhci_hcd: connection closed
[  817.804581][ T9618] vhci_hcd: stop threads
[  817.808358][ T9618] vhci_hcd: release socket
[  817.810398][ T9618] vhci_hcd: disconnect device
[  818.629258][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  819.268021][T19899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3885'.
[  819.713817][T19909] syzkaller1: entered promiscuous mode
[  819.715907][T19909] syzkaller1: entered allmulticast mode
[  819.879448][T19902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3886'.
[  820.219924][T19925] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  820.221925][T19925] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  820.228482][T19925] vhci_hcd vhci_hcd.0: Device attached
[  820.238930][T19929] syz.3.3889: attempt to access beyond end of device
[  820.238930][T19929] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  820.242835][T19929] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  820.253833][T19927] vhci_hcd: connection closed
[  820.253983][ T9618] vhci_hcd: stop threads
[  820.256707][ T9618] vhci_hcd: release socket
[  820.258217][ T9618] vhci_hcd: disconnect device
[  821.417311][T19947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3898'.
[  821.935473][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  822.009844][T19953] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3900'.
[  822.329524][T19964] syz.0.3902: attempt to access beyond end of device
[  822.329524][T19964] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  822.333495][T19964] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  822.490186][T19967] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  822.492413][T19967] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  822.495811][T19967] vhci_hcd vhci_hcd.0: Device attached
[  822.499524][T19969] vhci_hcd: connection closed
[  822.505895][ T9621] vhci_hcd: stop threads
[  822.508775][ T9621] vhci_hcd: release socket
[  822.510177][ T9621] vhci_hcd: disconnect device
[  822.929428][T19977] syzkaller1: entered promiscuous mode
[  822.931158][T19977] syzkaller1: entered allmulticast mode
[  824.115378][T20000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3912'.
[  824.369492][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  824.668305][T20013] syz.5.3914: attempt to access beyond end of device
[  824.668305][T20013] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  824.674653][T20013] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  825.046535][T20011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3915'.
[  825.081552][T20022] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  825.084599][T20022] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  825.090222][T20022] vhci_hcd vhci_hcd.0: Device attached
[  825.145545][T20024] vhci_hcd: connection closed
[  825.145992][T17807] vhci_hcd: stop threads
[  825.149441][T17807] vhci_hcd: release socket
[  825.151151][T17807] vhci_hcd: disconnect device
[  825.530878][T20037] syzkaller1: entered promiscuous mode
[  825.533090][T20037] syzkaller1: entered allmulticast mode
[  826.440363][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  826.791996][T20050] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3925'.
[  826.860023][T20058] syz.3.3928: attempt to access beyond end of device
[  826.860023][T20058] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  826.864071][T20058] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  827.239906][T20070] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  827.241977][T20070] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  827.244609][T20070] vhci_hcd vhci_hcd.0: Device attached
[  827.251951][T20072] vhci_hcd: connection closed
[  827.252108][ T9658] vhci_hcd: stop threads
[  827.255346][ T9658] vhci_hcd: release socket
[  827.256814][ T9658] vhci_hcd: disconnect device
[  827.674850][T20076] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3931'.
[  828.235914][T20095] syzkaller1: entered promiscuous mode
[  828.237782][T20095] syzkaller1: entered allmulticast mode
[  828.462207][T20100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3940'.
[  829.158661][T20115] syz.2.3943: attempt to access beyond end of device
[  829.158661][T20115] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  829.163427][T20115] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  829.633285][T20119] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  829.635329][T20119] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  829.640497][T20119] vhci_hcd vhci_hcd.0: Device attached
[  829.657967][T20121] vhci_hcd: connection closed
[  829.658127][ T9621] vhci_hcd: stop threads
[  829.661250][ T9621] vhci_hcd: release socket
[  829.662648][ T9621] vhci_hcd: disconnect device
[  829.777812][T20126] debugfs: 'ptm0' already exists in 'caif_serial'
[  830.150303][T20129] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3947'.
[  830.364954][T20140] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3950'.
[  831.216254][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  831.447535][T20160] syz.0.3955: attempt to access beyond end of device
[  831.447535][T20160] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  831.455633][T20160] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  831.508537][T20161] syzkaller1: entered promiscuous mode
[  831.510264][T20161] syzkaller1: entered allmulticast mode
[  831.599160][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  831.688356][T20172] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  831.692605][T20172] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  831.696068][T20172] vhci_hcd vhci_hcd.0: Device attached
[  831.706808][T20174] vhci_hcd: connection closed
[  831.706998][ T9654] vhci_hcd: stop threads
[  831.710292][ T9654] vhci_hcd: release socket
[  831.711690][ T9654] vhci_hcd: disconnect device
[  832.116227][T20178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3961'.
[  832.489564][T20182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3962'.
[  833.494205][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  833.753924][T20213] syz.5.3971: attempt to access beyond end of device
[  833.753924][T20213] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  833.760239][T20213] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  833.854233][T20215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3972'.
[  833.883858][T20219] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  833.886002][T20219] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  833.898206][T20219] vhci_hcd vhci_hcd.0: Device attached
[  833.920872][T20221] vhci_hcd: connection closed
[  833.921068][ T9654] vhci_hcd: stop threads
[  833.924113][ T9654] vhci_hcd: release socket
[  833.925666][ T9654] vhci_hcd: disconnect device
[  834.004284][T20225] syzkaller1: entered promiscuous mode
[  834.006076][T20225] syzkaller1: entered allmulticast mode
[  834.721062][T20237] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3976'.
[  835.647437][T20259] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3983'.
[  835.824659][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  836.045418][T20268] syz.0.3984: attempt to access beyond end of device
[  836.045418][T20268] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  836.052220][T20268] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  836.145739][T20272] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  836.147819][T20272] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  836.151819][T20272] vhci_hcd vhci_hcd.0: Device attached
[  836.163926][T20274] vhci_hcd: connection closed
[  836.164080][ T9654] vhci_hcd: stop threads
[  836.167036][ T9654] vhci_hcd: release socket
[  836.168437][ T9654] vhci_hcd: disconnect device
[  837.083272][T20291] syzkaller1: entered promiscuous mode
[  837.085167][T20291] syzkaller1: entered allmulticast mode
[  837.093336][T20290] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3991'.
[  837.093412][T20300] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3993'.
[  838.595388][T20323] syz.3.3999: attempt to access beyond end of device
[  838.595388][T20323] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  838.599336][T20323] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  838.759970][T20332] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  838.762541][T20332] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  838.767168][T20332] vhci_hcd vhci_hcd.0: Device attached
[  838.786991][T20334] vhci_hcd: connection closed
[  838.787214][ T9621] vhci_hcd: stop threads
[  838.790291][ T9621] vhci_hcd: release socket
[  838.791764][ T9621] vhci_hcd: disconnect device
[  838.848130][T20337] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4003'.
[  839.420530][T20343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4005'.
[  839.815959][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  839.865438][T20348] syzkaller1: entered promiscuous mode
[  839.870560][T20348] syzkaller1: entered allmulticast mode
[  840.653782][T20374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4013'.
[  840.854378][T20382] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  840.856514][T20382] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  840.858959][T20382] vhci_hcd vhci_hcd.0: Device attached
[  840.873191][T20387] vhci_hcd: connection closed
[  840.873418][ T9647] vhci_hcd: stop threads
[  840.876321][ T9647] vhci_hcd: release socket
[  840.877757][ T9647] vhci_hcd: disconnect device
[  841.027701][T20390] syz.2.4014: attempt to access beyond end of device
[  841.027701][T20390] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  841.031827][T20390] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  841.572326][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  841.674570][T20396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4018'.
[  841.774861][T20405] syzkaller1: entered promiscuous mode
[  841.785806][T20405] syzkaller1: entered allmulticast mode
[  842.932514][T20422] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4025'.
[  843.046459][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  843.148436][T20434] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  843.152843][T20434] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  843.177056][T20434] vhci_hcd vhci_hcd.0: Device attached
[  843.237940][T20436] vhci_hcd: connection closed
[  843.238099][ T9658] vhci_hcd: stop threads
[  843.240995][ T9658] vhci_hcd: release socket
[  843.242712][ T9658] vhci_hcd: disconnect device
[  843.276483][T20440] syz.0.4029: attempt to access beyond end of device
[  843.276483][T20440] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  843.280539][T20440] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  844.004967][T20456] syzkaller1: entered promiscuous mode
[  844.006768][T20456] syzkaller1: entered allmulticast mode
[  844.364331][T20454] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4034'.
[  844.612435][T20469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4036'.
[  845.203486][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  845.274606][T20480] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  845.278455][T20480] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  845.281135][T20480] vhci_hcd vhci_hcd.0: Device attached
[  845.356265][T20482] vhci_hcd: connection closed
[  845.356507][ T9618] vhci_hcd: stop threads
[  845.359529][ T9618] vhci_hcd: release socket
[  845.361020][ T9618] vhci_hcd: disconnect device
[  845.481848][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  845.483833][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  845.912946][T20494] syz.2.4043: attempt to access beyond end of device
[  845.912946][T20494] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  845.917168][T20494] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  846.375145][T20502] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4046'.
[  846.846307][T20517] syzkaller1: entered promiscuous mode
[  846.848064][T20517] syzkaller1: entered allmulticast mode
[  846.929007][T20522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4048'.
[  847.491358][T20536] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  847.493465][T20536] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  847.504056][T20536] vhci_hcd vhci_hcd.0: Device attached
[  847.525378][T20538] vhci_hcd: connection closed
[  847.525570][T17807] vhci_hcd: stop threads
[  847.528465][T17807] vhci_hcd: release socket
[  847.530014][T17807] vhci_hcd: disconnect device
[  848.373902][T20548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4056'.
[  848.396314][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  848.591432][T20559] syz.0.4058: attempt to access beyond end of device
[  848.591432][T20559] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  848.599582][T20559] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  849.423315][T20575] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4062'.
[  849.482332][T20577] syzkaller1: entered promiscuous mode
[  849.484097][T20577] syzkaller1: entered allmulticast mode
[  850.224615][T20596] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  850.226728][T20596] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  850.231052][T20596] vhci_hcd vhci_hcd.0: Device attached
[  850.241919][T20590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4066'.
[  850.252213][T20598] vhci_hcd: connection closed
[  850.252373][ T9647] vhci_hcd: stop threads
[  850.255702][ T9647] vhci_hcd: release socket
[  850.257107][ T9647] vhci_hcd: disconnect device
[  850.853375][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  851.110948][T20617] syz.5.4072: attempt to access beyond end of device
[  851.110948][T20617] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  851.117057][T20617] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  851.968740][T20632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4075'.
[  852.344780][T20633] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4077'.
[  852.360554][T20643] syzkaller1: entered promiscuous mode
[  852.362361][T20643] syzkaller1: entered allmulticast mode
[  852.663430][T20650] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  852.665548][T20650] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  852.672836][T20650] vhci_hcd vhci_hcd.0: Device attached
[  852.758204][T20652] vhci_hcd: connection closed
[  852.758604][ T9618] vhci_hcd: stop threads
[  852.761476][ T9618] vhci_hcd: release socket
[  852.762871][ T9618] vhci_hcd: disconnect device
[  853.537668][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  853.795837][T20671] syz.5.4085: attempt to access beyond end of device
[  853.795837][T20671] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  853.802203][T20671] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  854.078419][T20677] Device name cannot be null; rc = [-22]
[  854.511737][T20682] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4089'.
[  854.833430][T20692] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  854.835555][T20692] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  854.844006][T20692] vhci_hcd vhci_hcd.0: Device attached
[  855.006636][T19037] vhci_hcd: vhci_device speed not set
[  855.057982][T20694] vhci_hcd: connection closed
[  855.058138][T17807] vhci_hcd: stop threads
[  855.064641][T17807] vhci_hcd: release socket
[  855.070296][T17807] vhci_hcd: disconnect device
[  855.074817][T19037] usb 47-1: new full-speed USB device number 2 using vhci_hcd
[  855.077294][T19037] usb 47-1: enqueue for inactive port 0
[  855.096658][T20688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4090'.
[  855.149485][T19037] vhci_hcd: vhci_device speed not set
[  855.196162][T20703] syzkaller1: entered promiscuous mode
[  855.198157][T20703] syzkaller1: entered allmulticast mode
[  856.221343][T20722] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  856.223494][T20722] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  856.226132][T20722] vhci_hcd vhci_hcd.0: Device attached
[  856.482851][T19037] usb 43-1: new high-speed USB device number 5 using vhci_hcd
[  856.686708][T20731] syz.2.4100: attempt to access beyond end of device
[  856.686708][T20731] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  856.691847][T20731] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  857.023348][T20736] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4102'.
[  857.145775][T20723] vhci_hcd: connection reset by peer
[  857.164596][ T9658] vhci_hcd: stop threads
[  857.172285][ T9658] vhci_hcd: release socket
[  857.179311][ T9658] vhci_hcd: disconnect device
[  857.879779][T20747] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  857.881862][T20747] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  857.893283][T20747] vhci_hcd vhci_hcd.0: Device attached
[  857.927681][T20749] vhci_hcd: connection closed
[  857.927813][ T9647] vhci_hcd: stop threads
[  857.931113][ T9647] vhci_hcd: release socket
[  857.932996][ T9647] vhci_hcd: disconnect device
[  858.106766][T20742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4104'.
[  858.379847][T20758] syzkaller1: entered promiscuous mode
[  858.381639][T20758] syzkaller1: entered allmulticast mode
[  859.737965][T20782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4114'.
[  859.751778][T20787] syz.3.4113: attempt to access beyond end of device
[  859.751778][T20787] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  859.756039][T20787] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  860.256369][T20798] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  860.258478][T20798] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  860.261215][T20798] vhci_hcd vhci_hcd.0: Device attached
[  860.321274][T20800] vhci_hcd: connection closed
[  860.321381][ T9654] vhci_hcd: stop threads
[  860.325386][ T9654] vhci_hcd: release socket
[  860.327208][ T9654] vhci_hcd: disconnect device
[  860.786117][T20796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4118'.
[  861.022567][T20819] syzkaller1: entered promiscuous mode
[  861.024345][T20819] syzkaller1: entered allmulticast mode
[  861.331374][T19037] vhci_hcd: vhci_device speed not set
[  861.980579][T20832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4125'.
[  862.430559][T20841] syz.2.4129: attempt to access beyond end of device
[  862.430559][T20841] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  862.434589][T20841] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  863.505977][T20859] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  863.508335][T20859] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  863.511517][T20859] vhci_hcd vhci_hcd.0: Device attached
[  863.530974][T20861] vhci_hcd: connection closed
[  863.531125][ T9621] vhci_hcd: stop threads
[  863.534567][ T9621] vhci_hcd: release socket
[  863.536245][ T9621] vhci_hcd: disconnect device
[  863.581004][T20847] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4131'.
[  863.871457][T20872] syzkaller1: entered promiscuous mode
[  863.873280][T20872] syzkaller1: entered allmulticast mode
[  864.249622][T20881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4139'.
[  865.080380][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  865.316808][T20895] syz.5.4142: attempt to access beyond end of device
[  865.316808][T20895] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  865.323204][T20895] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  865.676650][T20897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4144'.
[  865.922487][T20909] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  865.924881][T20909] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  865.941602][T20909] vhci_hcd vhci_hcd.0: Device attached
[  865.982166][T20911] vhci_hcd: connection closed
[  865.982353][ T9647] vhci_hcd: stop threads
[  865.985346][ T9647] vhci_hcd: release socket
[  865.986808][ T9647] vhci_hcd: disconnect device
[  866.071637][   T40] audit: type=1326 audit(1755857850.863:14798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.078873][   T40] audit: type=1326 audit(1755857850.863:14799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  866.086336][   T40] audit: type=1326 audit(1755857850.863:14800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  866.093327][   T40] audit: type=1326 audit(1755857850.874:14801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.100827][   T40] audit: type=1326 audit(1755857850.874:14802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.108182][   T40] audit: type=1326 audit(1755857850.874:14803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.119076][   T40] audit: type=1326 audit(1755857850.874:14804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.127845][   T40] audit: type=1326 audit(1755857850.874:14805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.136814][   T40] audit: type=1326 audit(1755857850.874:14806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.146754][   T40] audit: type=1326 audit(1755857850.874:14807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20916 comm="syz.5.4148" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  866.658568][T20926] syzkaller1: entered promiscuous mode
[  866.660654][T20926] syzkaller1: entered allmulticast mode
[  866.827274][T20932] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4151'.
[  867.878468][T20942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4155'.
[  868.193899][T20954] syz.3.4157: attempt to access beyond end of device
[  868.193899][T20954] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  868.198958][T20954] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  868.394432][T20960] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  868.396933][T20960] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  868.401539][T20960] vhci_hcd vhci_hcd.0: Device attached
[  868.415042][T20964] vhci_hcd: connection closed
[  868.415526][ T9658] vhci_hcd: stop threads
[  868.422500][ T9658] vhci_hcd: release socket
[  868.424026][ T9658] vhci_hcd: disconnect device
[  869.385762][T20982] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4164'.
[  869.533460][T20983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4166'.
[  869.770217][T20989] syzkaller1: entered promiscuous mode
[  869.773942][T20989] syzkaller1: entered allmulticast mode
[  870.363430][T21006] syz.2.4171: attempt to access beyond end of device
[  870.363430][T21006] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  870.367670][T21006] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  871.024575][T21017] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  871.026746][T21017] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  871.031505][T21017] vhci_hcd vhci_hcd.0: Device attached
[  871.050178][T21019] vhci_hcd: connection closed
[  871.050466][T17807] vhci_hcd: stop threads
[  871.053339][T17807] vhci_hcd: release socket
[  871.054748][T17807] vhci_hcd: disconnect device
[  871.856518][T21034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4177'.
[  872.672736][T21042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  872.686635][T21042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  872.905111][T19037] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  872.947749][T21055] syz.3.4183: attempt to access beyond end of device
[  872.947749][T21055] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  872.952614][T21055] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  873.190816][T19037] usb 10-1: Using ep0 maxpacket: 16
[  873.194477][T19037] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  873.198452][T19037] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  873.201743][T19037] usb 10-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  873.205498][T19037] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  873.209779][T19037] usb 10-1: config 0 descriptor??
[  875.087983][   T40] kauditd_printk_skb: 304 callbacks suppressed
[  875.088066][   T40] audit: type=1326 audit(1755857860.322:15112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21077 comm="syz.3.4189" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0
[  875.300377][   T40] audit: type=1326 audit(1755857860.553:15113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.308342][   T40] audit: type=1326 audit(1755857860.563:15114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.315835][   T40] audit: type=1326 audit(1755857860.563:15115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.323040][   T40] audit: type=1326 audit(1755857860.574:15116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.331206][   T40] audit: type=1326 audit(1755857860.574:15117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.339106][   T40] audit: type=1326 audit(1755857860.574:15118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.345815][   T40] audit: type=1326 audit(1755857860.574:15119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.352446][   T40] audit: type=1326 audit(1755857860.574:15120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.359568][   T40] audit: type=1326 audit(1755857860.574:15121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21084 comm="syz.2.4192" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702e598 code=0x7ffc0000
[  875.411522][T19037] usbhid 10-1:0.0: can't add hid device: -71
[  875.414059][T19037] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  875.423174][T19037] usb 10-1: USB disconnect, device number 2
[  875.526403][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  875.648324][T21095] hsr0: entered allmulticast mode
[  875.652529][T21095] hsr_slave_0: entered allmulticast mode
[  875.654243][T21095] hsr_slave_1: entered allmulticast mode
[  875.668125][T21095] hsr_slave_0: left promiscuous mode
[  875.725020][T21095] hsr_slave_1: left promiscuous mode
[  875.782649][T21100] syz.5.4194: attempt to access beyond end of device
[  875.782649][T21100] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  875.786732][T21100] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  875.801174][T21095] hsr0 (unregistering): left allmulticast mode
[  876.153702][ T6143] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  876.287056][ T6143] usb 5-1: device descriptor read/64, error -71
[  876.450239][T21112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4197'.
[  876.527819][ T6143] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  876.667994][ T6143] usb 5-1: device descriptor read/64, error -71
[  876.792560][ T6143] usb usb5-port1: attempt power cycle
[  877.172728][ T6143] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  877.275614][ T6143] usb 5-1: device descriptor read/8, error -71
[  877.294490][ T5983] Bluetooth: hci2: unexpected event for opcode 0x0c0d
[  877.430125][T21130] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4204'.
[  877.494143][T21130] netlink: 'syz.5.4204': attribute type 13 has an invalid length.
[  877.515550][ T6143] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  877.544738][ T6143] usb 5-1: device descriptor read/8, error -71
[  877.658685][ T6143] usb usb5-port1: unable to enumerate USB device
[  878.545057][T21152] syz.3.4208: attempt to access beyond end of device
[  878.545057][T21152] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  878.549398][T21152] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  879.256641][T21159] netlink: 120 bytes leftover after parsing attributes in process `syz.3.4212'.
[  880.027474][T21175] kAFS: unparsable volume name
[  880.676541][T21191] netlink: 'syz.3.4220': attribute type 9 has an invalid length.
[  880.691038][T21191] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  880.693846][T21191] syzkaller0: entered promiscuous mode
[  880.695642][T21191] syzkaller0: entered allmulticast mode
[  880.736702][T21179] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  880.740495][T21193] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  880.742569][T21193] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  880.749521][T21193] vhci_hcd vhci_hcd.0: Device attached
[  880.764357][T21196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4220'.
[  880.769220][T21191] tipc: Resetting bearer <eth:syzkaller0>
[  880.802373][T21190] tipc: Resetting bearer <eth:syzkaller0>
[  880.936475][T21190] tipc: Disabling bearer <eth:syzkaller0>
[  881.039933][    T9] usb 47-1: new high-speed USB device number 3 using vhci_hcd
[  881.159670][   T46] Bluetooth: hci3: Frame reassembly failed (-84)
[  882.098623][T21194] vhci_hcd: connection reset by peer
[  882.101833][ T9658] vhci_hcd: stop threads
[  882.105485][ T9658] vhci_hcd: release socket
[  882.111924][ T9658] vhci_hcd: disconnect device
[  882.156892][   T40] kauditd_printk_skb: 1070 callbacks suppressed
[  882.156904][   T40] audit: type=1326 audit(1755857867.757:16192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21214 comm="syz.5.4226" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf708e579 code=0x0
[  883.126085][ T5974] Bluetooth: hci3: command 0x1003 tx timeout
[  883.129705][ T5983] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  883.885844][   T40] audit: type=1326 audit(1755857869.562:16193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  883.902959][   T40] audit: type=1326 audit(1755857869.562:16194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  883.911236][   T40] audit: type=1326 audit(1755857869.562:16195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  883.919082][   T40] audit: type=1326 audit(1755857869.562:16196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  883.926918][   T40] audit: type=1326 audit(1755857869.573:16197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  883.934547][   T40] audit: type=1326 audit(1755857869.573:16198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  883.943300][   T40] audit: type=1326 audit(1755857869.573:16199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  883.952186][   T40] audit: type=1326 audit(1755857869.573:16200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf708e598 code=0x7ffc0000
[  883.960441][   T40] audit: type=1326 audit(1755857869.573:16201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21242 comm="syz.5.4234" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  884.950108][T21258] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4239'.
[  885.155027][T21267] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  885.157293][T21267] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  885.167526][T21267] vhci_hcd vhci_hcd.0: Device attached
[  885.340112][T21269] vhci_hcd: connection closed
[  885.340314][   T46] vhci_hcd: stop threads
[  885.344315][   T46] vhci_hcd: release socket
[  885.346436][   T46] vhci_hcd: disconnect device
[  885.984346][    T9] vhci_hcd: vhci_device speed not set
[  887.422563][T21315] syz.3.4254: attempt to access beyond end of device
[  887.422563][T21315] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  887.426832][T21315] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  887.557431][T21313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4253'.
[  888.188330][   T40] kauditd_printk_skb: 87 callbacks suppressed
[  888.188341][   T40] audit: type=1326 audit(1755857874.087:16289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.196367][   T40] audit: type=1326 audit(1755857874.087:16290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.202412][   T40] audit: type=1326 audit(1755857874.087:16291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.209523][   T40] audit: type=1326 audit(1755857874.087:16292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.216482][   T40] audit: type=1326 audit(1755857874.087:16293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.224020][   T40] audit: type=1326 audit(1755857874.087:16294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.231160][   T40] audit: type=1326 audit(1755857874.087:16295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.240368][   T40] audit: type=1326 audit(1755857874.087:16296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.275010][   T40] audit: type=1326 audit(1755857874.087:16297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.283357][   T40] audit: type=1326 audit(1755857874.087:16298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21319 comm="syz.3.4255" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf711e598 code=0x7ffc0000
[  888.291675][T21331] syz_tun: entered allmulticast mode
[  889.463209][T21347] input: syz1 as /devices/virtual/input/input35
[  889.622421][T21353] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4266'.
[  889.683835][T21345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4262'.
[  890.275827][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  890.586039][T21369] syz.5.4268: attempt to access beyond end of device
[  890.586039][T21369] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  890.593629][T21369] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  890.902194][T21371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4265'.
[  891.695623][T21383] syzkaller1: entered promiscuous mode
[  891.703567][T21383] syzkaller1: entered allmulticast mode
[  891.867678][T21390] binder: 21388:21390 ioctl c0306201 800003c0 returned -14
[  892.765810][ T5983] Bluetooth: hci4: Malformed Event: 0x13
[  893.019012][T21411] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4279'.
[  893.023594][T21411] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4279'.
[  893.664963][T21418] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4281'.
[  894.549300][T21428] netlink: 'syz.2.4285': attribute type 1 has an invalid length.
[  895.283528][T21443] syzkaller1: entered promiscuous mode
[  895.285460][T21443] syzkaller1: entered allmulticast mode
[  895.543634][T21449] netlink: 'syz.5.4291': attribute type 21 has an invalid length.
[  895.816355][T21458] syz.0.4292: attempt to access beyond end of device
[  895.816355][T21458] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  895.820396][T21458] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  896.763834][T21470] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4293'.
[  897.027828][T21471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4295'.
[  897.600086][T21485] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  897.602529][T21485] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  897.608363][T21485] vhci_hcd vhci_hcd.0: Device attached
[  897.634255][T21487] vhci_hcd: connection closed
[  897.634438][ T9621] vhci_hcd: stop threads
[  897.637496][ T9621] vhci_hcd: release socket
[  897.639055][ T9621] vhci_hcd: disconnect device
[  899.046069][T21549] FAULT_INJECTION: forcing a failure.
[  899.046069][T21549] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  899.051134][T21549] CPU: 3 UID: 0 PID: 21549 Comm: syz.5.4305 Not tainted syzkaller #0 PREEMPT(full) 
[  899.051159][T21549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  899.051173][T21549] Call Trace:
[  899.051183][T21549]  <TASK>
[  899.051190][T21549]  dump_stack_lvl+0x16c/0x1f0
[  899.051313][T21549]  should_fail_ex+0x512/0x640
[  899.051365][T21549]  should_fail_alloc_page+0xe7/0x130
[  899.051388][T21549]  prepare_alloc_pages+0x3c2/0x610
[  899.051413][T21549]  ? rcu_is_watching+0x12/0xc0
[  899.051431][T21549]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  899.051454][T21549]  ? stack_depot_save_flags+0x29/0x9c0
[  899.051478][T21549]  ? mon_bin_ioctl+0x470/0xcd0
[  899.051500][T21549]  ? kasan_save_stack+0x42/0x60
[  899.051518][T21549]  ? kasan_save_stack+0x33/0x60
[  899.051536][T21549]  ? kasan_save_track+0x14/0x30
[  899.051554][T21549]  ? __kasan_kmalloc+0xaa/0xb0
[  899.051570][T21549]  ? __kmalloc_noprof+0x223/0x510
[  899.051596][T21549]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  899.051616][T21549]  ? __do_fast_syscall_32+0x7c/0x3a0
[  899.051638][T21549]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  899.051666][T21549]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  899.051693][T21549]  ? policy_nodemask+0xea/0x4e0
[  899.051715][T21549]  alloc_pages_mpol+0x1fb/0x550
[  899.051737][T21549]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  899.051761][T21549]  alloc_pages_noprof+0x131/0x390
[  899.051783][T21549]  get_zeroed_page_noprof+0x18/0xb0
[  899.051807][T21549]  mon_alloc_buff+0xce/0x1b0
[  899.051826][T21549]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  899.051854][T21549]  mon_bin_ioctl+0x48e/0xcd0
[  899.051886][T21549]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  899.051912][T21549]  ? __pfx_mon_bin_ioctl+0x10/0x10
[  899.051931][T21549]  ? rcu_is_watching+0x12/0xc0
[  899.051946][T21549]  ? __fget_files+0x204/0x3c0
[  899.051962][T21549]  ? hook_file_ioctl_common+0x145/0x410
[  899.051984][T21549]  mon_bin_compat_ioctl+0x25a/0x3b0
[  899.052005][T21549]  ? __pfx_mon_bin_compat_ioctl+0x10/0x10
[  899.052028][T21549]  ? __pfx_mon_bin_compat_ioctl+0x10/0x10
[  899.052049][T21549]  __ia32_compat_sys_ioctl+0x23f/0x370
[  899.052077][T21549]  __do_fast_syscall_32+0x7c/0x3a0
[  899.052100][T21549]  do_fast_syscall_32+0x32/0x80
[  899.052127][T21549]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  899.052145][T21549] RIP: 0023:0xf708e579
[  899.052159][T21549] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  899.052174][T21549] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  899.052225][T21549] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000009204
[  899.052233][T21549] RDX: 00000000000c397e RSI: 0000000000000000 RDI: 0000000000000000
[  899.052239][T21549] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  899.052245][T21549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  899.052252][T21549] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  899.052262][T21549]  </TASK>
[  900.707231][T21574] netlink: 3 bytes leftover after parsing attributes in process `syz.5.4311'.
[  900.733144][T21574] batadv1: entered allmulticast mode
[  900.785607][T21576] input: syz1 as /devices/virtual/input/input36
[  900.847292][T21567] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4310'.
[  901.796844][T21595] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  901.799460][T21595] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  901.803194][T21595] vhci_hcd vhci_hcd.0: Device attached
[  901.812431][T21597] vhci_hcd: connection closed
[  901.812829][ T9647] vhci_hcd: stop threads
[  901.817006][ T9647] vhci_hcd: release socket
[  901.819014][ T9647] vhci_hcd: disconnect device
[  902.393884][T21609] tmpfs: Unknown parameter 'nosw�p'
[  902.396213][T21609] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  902.540162][T21609] /dev/sr0: Can't open blockdev
[  903.835070][T21641] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  903.837251][T21641] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  903.839598][T21641] vhci_hcd vhci_hcd.0: Device attached
[  904.008795][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  904.025349][ T6143] vhci_hcd: vhci_device speed not set
[  904.068761][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  904.091809][ T6143] usb 37-1: new full-speed USB device number 5 using vhci_hcd
[  904.232729][T21648] vhci_hcd: connection reset by peer
[  904.234872][T21525] vhci_hcd: stop threads
[  904.236463][T21525] vhci_hcd: release socket
[  904.238431][T21525] vhci_hcd: disconnect device
[  904.617663][T21659] FAULT_INJECTION: forcing a failure.
[  904.617663][T21659] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  904.621904][T21659] CPU: 3 UID: 0 PID: 21659 Comm: syz.3.4339 Not tainted syzkaller #0 PREEMPT(full) 
[  904.621920][T21659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  904.621927][T21659] Call Trace:
[  904.621931][T21659]  <TASK>
[  904.621935][T21659]  dump_stack_lvl+0x16c/0x1f0
[  904.621952][T21659]  should_fail_ex+0x512/0x640
[  904.621968][T21659]  _copy_to_user+0x32/0xd0
[  904.621978][T21659]  simple_read_from_buffer+0xcb/0x170
[  904.621990][T21659]  proc_fail_nth_read+0x197/0x240
[  904.622001][T21659]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  904.622011][T21659]  ? security_file_permission+0x71/0x210
[  904.622026][T21659]  ? rw_verify_area+0xcf/0x6c0
[  904.622036][T21659]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  904.622046][T21659]  vfs_read+0x1e1/0xcf0
[  904.622058][T21659]  ? __pfx_vfs_read+0x10/0x10
[  904.622069][T21659]  ? rcu_is_watching+0x12/0xc0
[  904.622081][T21659]  ? __fget_files+0x20e/0x3c0
[  904.622095][T21659]  ksys_read+0x12a/0x250
[  904.622112][T21659]  ? __pfx_ksys_read+0x10/0x10
[  904.622124][T21659]  ? rcu_is_watching+0x12/0xc0
[  904.622137][T21659]  __do_fast_syscall_32+0x7c/0x3a0
[  904.622152][T21659]  do_fast_syscall_32+0x32/0x80
[  904.622165][T21659]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  904.622179][T21659] RIP: 0023:0xf711e579
[  904.622187][T21659] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  904.622198][T21659] RSP: 002b:00000000f550e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  904.622208][T21659] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f550e620
[  904.622215][T21659] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[  904.622222][T21659] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  904.622228][T21659] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  904.622234][T21659] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  904.622243][T21659]  </TASK>
[  904.771565][T21665] vlan0: entered promiscuous mode
[  904.774180][T21665] gretap0: entered promiscuous mode
[  904.872931][T21661] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  904.875768][T21661] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  905.666659][T21679] netlink: 'syz.5.4347': attribute type 1 has an invalid length.
[  906.486581][T21691] FAULT_INJECTION: forcing a failure.
[  906.486581][T21691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  906.501503][T21691] CPU: 0 UID: 0 PID: 21691 Comm: syz.2.4350 Not tainted syzkaller #0 PREEMPT(full) 
[  906.501528][T21691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  906.501538][T21691] Call Trace:
[  906.501545][T21691]  <TASK>
[  906.501551][T21691]  dump_stack_lvl+0x16c/0x1f0
[  906.501580][T21691]  should_fail_ex+0x512/0x640
[  906.501607][T21691]  _copy_to_user+0x32/0xd0
[  906.501623][T21691]  simple_read_from_buffer+0xcb/0x170
[  906.501639][T21691]  proc_fail_nth_read+0x197/0x240
[  906.501656][T21691]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  906.501674][T21691]  ? security_file_permission+0x71/0x210
[  906.501698][T21691]  ? rw_verify_area+0xcf/0x6c0
[  906.501714][T21691]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  906.501730][T21691]  vfs_read+0x1e1/0xcf0
[  906.501749][T21691]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  906.501777][T21691]  ? __pfx_vfs_read+0x10/0x10
[  906.501796][T21691]  ? rcu_is_watching+0x12/0xc0
[  906.501815][T21691]  ? __fget_files+0x20e/0x3c0
[  906.501849][T21691]  ksys_read+0x12a/0x250
[  906.501869][T21691]  ? __pfx_ksys_read+0x10/0x10
[  906.501936][T21691]  ? rcu_is_watching+0x12/0xc0
[  906.501975][T21691]  __do_fast_syscall_32+0x7c/0x3a0
[  906.502001][T21691]  do_fast_syscall_32+0x32/0x80
[  906.502022][T21691]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  906.502042][T21691] RIP: 0023:0xf702e579
[  906.502056][T21691] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  906.502073][T21691] RSP: 002b:00000000f541e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  906.502090][T21691] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f541e620
[  906.502102][T21691] RDX: 000000000000000f RSI: 00000000f7394ff4 RDI: 0000000000000000
[  906.502113][T21691] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  906.502122][T21691] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  906.502131][T21691] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  906.502148][T21691]  </TASK>
[  906.759238][ T5983] Bluetooth: hci4: command 0x0406 tx timeout
[  906.839207][ T5983] Bluetooth: hci2: command 0x0c1a tx timeout
[  907.064177][ T1019] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  907.270527][T21715] syz.0.4353: attempt to access beyond end of device
[  907.270527][T21715] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  907.274637][T21715] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  907.383589][ T1019] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  907.389911][ T1019] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  907.393838][ T1019] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.397495][ T1019] usb 8-1: Product: syz
[  907.399285][ T1019] usb 8-1: Manufacturer: syz
[  907.401345][ T1019] usb 8-1: SerialNumber: syz
[  907.404209][ T1019] usb 8-1: config 0 descriptor??
[  907.796684][T19278] usb 8-1: USB disconnect, device number 30
[  907.941032][T21719] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4356'.
[  908.604027][T21738] NILFS (nbd2): device size too small
[  908.966821][ T6143] vhci_hcd: vhci_device speed not set
[  909.048716][T21755] netlink: 'syz.2.4361': attribute type 10 has an invalid length.
[  909.051364][T21755] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4361'.
[  909.085323][T21755] team0: entered promiscuous mode
[  909.087396][T21755] team_slave_0: entered promiscuous mode
[  909.089772][T21755] team_slave_1: entered promiscuous mode
[  909.092442][T21753] netlink: 'syz.5.4365': attribute type 3 has an invalid length.
[  909.457432][T21759] syz.5.4366: attempt to access beyond end of device
[  909.457432][T21759] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  909.461542][T21759] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  909.703768][T21763] syz.0.4367: attempt to access beyond end of device
[  909.703768][T21763] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  909.707787][T21763] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  909.781108][T21767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4369'.
[  910.123294][T21768] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4368'.
[  910.607199][T21779] bond0: (slave wlan1): Releasing backup interface
[  910.920544][T21799] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  910.922850][T21799] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  910.926021][T21799] vhci_hcd vhci_hcd.0: Device attached
[  910.938999][T21801] vhci_hcd: connection closed
[  910.939223][T21525] vhci_hcd: stop threads
[  910.943115][T21525] vhci_hcd: release socket
[  910.944699][T21525] vhci_hcd: disconnect device
[  911.150620][   T40] kauditd_printk_skb: 200 callbacks suppressed
[  911.150631][   T40] audit: type=1326 audit(2000000009.648:16499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21807 comm="syz.5.4380" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf708e579 code=0x0
[  911.518984][T21810] netlink: 8 bytes leftover after parsing attributes in process `wg1'.
[  911.624825][T21817] netlink: 'syz.0.4383': attribute type 1 has an invalid length.
[  911.757138][T21824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4382'.
[  913.188651][T21842] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  913.190834][T21842] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  913.194015][T21842] vhci_hcd vhci_hcd.0: Device attached
[  913.212834][T21844] vhci_hcd: connection closed
[  913.213271][T21535] vhci_hcd: stop threads
[  913.216501][T21535] vhci_hcd: release socket
[  913.218521][T21535] vhci_hcd: disconnect device
[  914.551484][   T40] audit: type=1326 audit(2000000013.217:16500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21859 comm="syz.0.4393" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f17579 code=0x0
[  914.866124][T21868] syz.2.4394: attempt to access beyond end of device
[  914.866124][T21868] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  914.870945][T21868] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  915.021167][T21875] syz.5.4396: attempt to access beyond end of device
[  915.021167][T21875] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[  915.025506][T21875] hpfs: hpfs_map_sector(): read error
[  915.124613][T21876] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4397'.
[  915.433470][T21885] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4399'.
[  915.975424][T21890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4399'.
[  916.566712][   T40] audit: type=1326 audit(2000000015.327:16501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21888 comm="syz.3.4400" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0
[  916.948406][T21909] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4404'.
[  918.014582][T21928] syz.2.4408: attempt to access beyond end of device
[  918.014582][T21928] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  918.019056][T21928] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  918.417283][T21930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4416'.
[  919.184807][   T40] audit: type=1326 audit(2000000018.078:16502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21948 comm="syz.2.4414" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf702e579 code=0x0
[  919.847554][T21970] fuse: Bad value for 'fd'
[  920.113193][T21967] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4417'.
[  920.984952][T22003] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4424'.
[  922.487462][T22047] syz.2.4431: attempt to access beyond end of device
[  922.487462][T22047] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  922.492816][T22047] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  922.728029][T22053] netlink: 4860 bytes leftover after parsing attributes in process `syz.3.4430'.
[  923.184191][T22064] FAULT_INJECTION: forcing a failure.
[  923.184191][T22064] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  923.188210][T22064] CPU: 2 UID: 0 PID: 22064 Comm: syz.5.4437 Not tainted syzkaller #0 PREEMPT(full) 
[  923.188225][T22064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  923.188232][T22064] Call Trace:
[  923.188237][T22064]  <TASK>
[  923.188253][T22064]  dump_stack_lvl+0x16c/0x1f0
[  923.188271][T22064]  should_fail_ex+0x512/0x640
[  923.188287][T22064]  should_fail_alloc_page+0xe7/0x130
[  923.188303][T22064]  prepare_alloc_pages+0x3c2/0x610
[  923.188319][T22064]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  923.188333][T22064]  ? copy_splice_read+0x1a8/0xc20
[  923.188343][T22064]  ? stack_trace_save+0x8e/0xc0
[  923.188355][T22064]  ? __pfx_stack_trace_save+0x10/0x10
[  923.188366][T22064]  ? __do_fast_syscall_32+0x7c/0x3a0
[  923.188380][T22064]  ? stack_depot_save_flags+0x29/0x9c0
[  923.188395][T22064]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  923.188407][T22064]  ? kasan_save_stack+0x42/0x60
[  923.188419][T22064]  ? kasan_save_track+0x14/0x30
[  923.188430][T22064]  ? __kmalloc_noprof+0x223/0x510
[  923.188441][T22064]  ? copy_splice_read+0x1a8/0xc20
[  923.188450][T22064]  ? do_splice_read+0x282/0x370
[  923.188459][T22064]  ? splice_direct_to_actor+0x2a1/0xa30
[  923.188496][T22064]  ? do_splice_direct+0x174/0x240
[  923.188507][T22064]  ? do_sendfile+0xb06/0xe50
[  923.188517][T22064]  ? __ia32_compat_sys_sendfile+0x1e5/0x220
[  923.188535][T22064]  alloc_pages_bulk_noprof+0x71c/0x1410
[  923.188549][T22064]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  923.188563][T22064]  ? trace_kmalloc+0x2b/0xd0
[  923.188577][T22064]  ? __kmalloc_noprof+0x242/0x510
[  923.188589][T22064]  copy_splice_read+0x1e1/0xc20
[  923.188600][T22064]  ? __pfx_copy_splice_read+0x10/0x10
[  923.188613][T22064]  ? __pfx_copy_splice_read+0x10/0x10
[  923.188623][T22064]  do_splice_read+0x282/0x370
[  923.188633][T22064]  splice_direct_to_actor+0x2a1/0xa30
[  923.188644][T22064]  ? __pfx_direct_splice_actor+0x10/0x10
[  923.188655][T22064]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  923.188672][T22064]  do_splice_direct+0x174/0x240
[  923.188682][T22064]  ? __pfx_do_splice_direct+0x10/0x10
[  923.188692][T22064]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  923.188707][T22064]  ? bpf_lsm_file_permission+0x9/0x10
[  923.188722][T22064]  ? security_file_permission+0x71/0x210
[  923.188737][T22064]  ? rw_verify_area+0xcf/0x6c0
[  923.188748][T22064]  do_sendfile+0xb06/0xe50
[  923.188759][T22064]  ? __pfx_do_sendfile+0x10/0x10
[  923.188771][T22064]  ? __pfx___schedule+0x10/0x10
[  923.188783][T22064]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  923.188798][T22064]  ? ksys_write+0x1ac/0x250
[  923.188808][T22064]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  923.188823][T22064]  ? rcu_is_watching+0x12/0xc0
[  923.188835][T22064]  __do_fast_syscall_32+0x7c/0x3a0
[  923.188852][T22064]  do_fast_syscall_32+0x32/0x80
[  923.188868][T22064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  923.188881][T22064] RIP: 0023:0xf708e579
[  923.188890][T22064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  923.188901][T22064] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  923.188911][T22064] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000005
[  923.188918][T22064] RDX: 0000000000000000 RSI: 0000000000800007 RDI: 0000000000000000
[  923.188924][T22064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  923.188930][T22064] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  923.188941][T22064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  923.188951][T22064]  </TASK>
[  924.361914][T22084] netlink: 4860 bytes leftover after parsing attributes in process `syz.3.4440'.
[  924.677847][ T5983] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  924.751950][T22096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4443'.
[  924.901040][T22105] syz.0.4445: attempt to access beyond end of device
[  924.901040][T22105] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  924.905660][T22105] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  925.295408][T22114] syz.3.4446: attempt to access beyond end of device
[  925.295408][T22114] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  925.299600][T22114] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  926.250609][T22133] binder: 22132:22133 ioctl c0306201 800003c0 returned -14
[  927.514461][   T40] audit: type=1800 audit(2000000026.813:16503): pid=22125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4450" name="bus" dev="ramfs" ino=92380 res=0 errno=0
[  928.001290][T22168] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4463'.
[  928.220886][   T40] audit: type=1326 audit(2000000027.569:16504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22169 comm="syz.5.4466" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x0
[  929.117192][T22195] FAULT_INJECTION: forcing a failure.
[  929.117192][T22195] name failslab, interval 1, probability 0, space 0, times 0
[  929.141688][T22195] CPU: 0 UID: 0 PID: 22195 Comm: syz.2.4473 Not tainted syzkaller #0 PREEMPT(full) 
[  929.141707][T22195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  929.141722][T22195] Call Trace:
[  929.141728][T22195]  <TASK>
[  929.141748][T22195]  dump_stack_lvl+0x16c/0x1f0
[  929.141774][T22195]  should_fail_ex+0x512/0x640
[  929.141800][T22195]  should_failslab+0xc2/0x120
[  929.141821][T22195]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  929.141834][T22195]  ? dst_alloc+0x99/0x1a0
[  929.141847][T22195]  dst_alloc+0x99/0x1a0
[  929.141858][T22195]  rt_dst_alloc+0x35/0x3a0
[  929.141873][T22195]  ip_route_output_key_hash_rcu+0x880/0x28c0
[  929.141886][T22195]  ip_route_output_key_hash+0x137/0x2e0
[  929.141897][T22195]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  929.141908][T22195]  ? __asan_memcpy+0x3c/0x60
[  929.141920][T22195]  ip_route_output_flow+0x27/0x150
[  929.141931][T22195]  sctp_v4_get_dst+0x3cf/0x1220
[  929.141945][T22195]  ? _get_random_bytes+0xa9/0x1e0
[  929.141967][T22195]  ? __pfx_sctp_v4_get_dst+0x10/0x10
[  929.141980][T22195]  ? __pfx_sctp_generate_proto_unreach_event+0x10/0x10
[  929.141997][T22195]  ? lockdep_init_map_type+0x5c/0x280
[  929.142012][T22195]  sctp_transport_route+0x12f/0x350
[  929.142028][T22195]  sctp_assoc_add_peer+0x741/0x1550
[  929.142043][T22195]  sctp_connect_new_asoc+0x1f8/0x770
[  929.142058][T22195]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  929.142072][T22195]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  929.142084][T22195]  ? rcu_is_watching+0x12/0xc0
[  929.142095][T22195]  ? lock_release+0x201/0x2f0
[  929.142108][T22195]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  929.142125][T22195]  sctp_sendmsg+0x1560/0x1e10
[  929.142140][T22195]  ? __pfx_sctp_sendmsg+0x10/0x10
[  929.142154][T22195]  ? __pfx___might_resched+0x10/0x10
[  929.142166][T22195]  ? aa_sk_perm+0x2f4/0xb10
[  929.142179][T22195]  ? __pfx_aa_sk_perm+0x10/0x10
[  929.142193][T22195]  ? __pfx_sctp_sendmsg+0x10/0x10
[  929.142207][T22195]  inet_sendmsg+0x11c/0x140
[  929.142218][T22195]  ____sys_sendmsg+0x973/0xc70
[  929.142234][T22195]  ? tree_mod_dont_log+0xc1/0x2f0
[  929.142246][T22195]  ? __pfx_____sys_sendmsg+0x10/0x10
[  929.142261][T22195]  ? get_compat_msghdr+0x11a/0x170
[  929.142274][T22195]  ? __pfx_css_rstat_updated+0x10/0x10
[  929.142286][T22195]  ___sys_sendmsg+0x134/0x1d0
[  929.142299][T22195]  ? __pfx____sys_sendmsg+0x10/0x10
[  929.142314][T22195]  ? rcu_is_watching+0x12/0xc0
[  929.142327][T22195]  __sys_sendmsg+0x16d/0x220
[  929.142340][T22195]  ? __pfx___sys_sendmsg+0x10/0x10
[  929.142355][T22195]  ? rcu_is_watching+0x12/0xc0
[  929.142365][T22195]  __do_fast_syscall_32+0x7c/0x3a0
[  929.142380][T22195]  do_fast_syscall_32+0x32/0x80
[  929.142393][T22195]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  929.142406][T22195] RIP: 0023:0xf702e579
[  929.142414][T22195] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  929.142424][T22195] RSP: 002b:00000000f541e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  929.142435][T22195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  929.142442][T22195] RDX: 0000000004000891 RSI: 0000000000000000 RDI: 0000000000000000
[  929.142449][T22195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  929.142455][T22195] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  929.142461][T22195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  929.142470][T22195]  </TASK>
[  929.338536][   T40] audit: type=1326 audit(2000000028.734:16505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22201 comm="syz.0.4475" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7f17579 code=0x0
[  929.462876][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  929.804076][T22209] syz.5.4476: attempt to access beyond end of device
[  929.804076][T22209] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  929.811732][T22209] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  930.109911][T22214] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4479'.
[  930.382239][T22222] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  930.384351][T22222] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  930.391186][T22222] vhci_hcd vhci_hcd.0: Device attached
[  930.411263][T22224] vhci_hcd: connection closed
[  930.411451][T21527] vhci_hcd: stop threads
[  930.415317][T21527] vhci_hcd: release socket
[  930.417215][T21527] vhci_hcd: disconnect device
[  931.816567][T22249] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4494'.
[  932.325252][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  933.046420][T21836] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  933.363545][T22273] syz.0.4493: attempt to access beyond end of device
[  933.363545][T22273] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  933.369934][T22273] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  934.492527][T22298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4501'.
[  934.558393][T22290] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4500'.
[  934.867866][T21836] Bluetooth: hci2: command 0x0c1a tx timeout
[  935.431951][T22311] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4504'.
[  936.141233][T22325] syz.2.4507: attempt to access beyond end of device
[  936.141233][T22325] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  936.145566][T22325] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  936.187826][T21836] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  936.432454][T22333] syz.0.4508: attempt to access beyond end of device
[  936.432454][T22333] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  936.438768][T22333] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  936.659818][T22332] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  936.661880][T22332] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  936.709585][T22332] vhci_hcd vhci_hcd.0: Device attached
[  936.896938][ T5347] vhci_hcd: vhci_device speed not set
[  936.963074][ T5347] usb 47-1: new full-speed USB device number 4 using vhci_hcd
[  936.965702][T22335] vhci_hcd: connection closed
[  936.965868][T21527] vhci_hcd: stop threads
[  936.968748][T21527] vhci_hcd: release socket
[  936.971719][T21527] vhci_hcd: disconnect device
[  937.369729][T22340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4510'.
[  937.374211][T22345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4512'.
[  937.600483][T22357] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  937.603451][T22357] syzkaller0: entered promiscuous mode
[  937.605479][T22357] syzkaller0: entered allmulticast mode
[  937.828104][T22364] syzkaller0: mtu greater than device maximum
[  937.858841][T22356] tipc: Resetting bearer <eth:syzkaller0>
[  937.982883][T22356] tipc: Disabling bearer <eth:syzkaller0>
[  938.056788][T22347] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4511'.
[  939.247898][T21836] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  939.966566][T22390] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4520'.
[  940.885663][T22415] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  940.887744][T22415] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  940.895429][T22415] vhci_hcd vhci_hcd.0: Device attached
[  940.902733][T22417] vhci_hcd: connection reset by peer
[  940.904763][T21535] vhci_hcd: stop threads
[  940.906161][T21535] vhci_hcd: release socket
[  940.907811][T21535] vhci_hcd: disconnect device
[  941.406250][T22423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4528'.
[  941.880008][ T5347] vhci_hcd: vhci_device speed not set
[  941.948215][T22443] netdevsim netdevsim2: Direct firmware load for ��0���Pq���D"�2�N�ktT�Wj��%�N�� failed with error -2
[  941.952756][T22443] netdevsim netdevsim2: Falling back to sysfs fallback for: ��0���Pq���D"�2�N�ktT�Wj��%�N��
[  942.705452][T22457] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4536'.
[  943.146224][   T40] audit: type=1326 audit(2000000043.233:16506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22454 comm="syz.3.4535" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf711e579 code=0x0
[  943.427542][T22470] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4540'.
[  944.035380][T21836] Bluetooth: hci4: unexpected event 0x14 length: 20 > 6
[  944.244922][T22484] syz.0.4543: attempt to access beyond end of device
[  944.244922][T22484] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0
[  944.253033][T22484] ADFS-fs (nbd0): error: unable to read block 3, try 0
[  944.749325][T22491] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  944.752013][T22491] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  944.764127][T22491] vhci_hcd vhci_hcd.0: Device attached
[  944.839673][T22493] vhci_hcd: connection closed
[  944.839839][ T9647] vhci_hcd: stop threads
[  944.843184][ T9647] vhci_hcd: release socket
[  944.844789][ T9647] vhci_hcd: disconnect device
[  945.165089][T22497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4546'.
[  945.392569][T22505] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  945.395893][T22505] syzkaller0: entered promiscuous mode
[  945.397672][T22505] syzkaller0: entered allmulticast mode
[  945.558258][T22505] tipc: Resetting bearer <eth:syzkaller0>
[  945.566306][T22505] fuse: Bad value for 'user_id'
[  945.567809][T22505] fuse: Bad value for 'user_id'
[  945.641719][T22504] tipc: Resetting bearer <eth:syzkaller0>
[  945.652525][T22512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4550'.
[  945.812906][T22504] tipc: Disabling bearer <eth:syzkaller0>
[  946.168072][T22520] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4551'.
[  947.388874][   T40] audit: type=1326 audit(2000000047.684:16507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22536 comm="syz.0.4558" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7f17579 code=0x0
[  947.489131][T22540] syz.3.4557: attempt to access beyond end of device
[  947.489131][T22540] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  947.493659][T22540] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  947.655415][T22543] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  947.746208][T22541] tipc: Disabling bearer <eth:syzkaller0>
[  948.681138][T22570] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4565'.
[  948.738462][T22569] ubi: mtd0 is already attached to ubi31
[  948.778033][T22573] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4566'.
[  949.479802][T22591] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$���UL�vy��آ
�D��UD�w�}�zR'
[  949.484816][T22591] CPU: 2 UID: 0 PID: 22591 Comm: syz.0.4572 Not tainted syzkaller #0 PREEMPT(full) 
[  949.484835][T22591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  949.484842][T22591] Call Trace:
[  949.484847][T22591]  <TASK>
[  949.484853][T22591]  dump_stack_lvl+0x16c/0x1f0
[  949.484872][T22591]  sysfs_warn_dup+0x7f/0xa0
[  949.484886][T22591]  sysfs_do_create_link_sd+0x124/0x140
[  949.484916][T22591]  sysfs_create_link+0x61/0xc0
[  949.484930][T22591]  device_add+0x62c/0x1aa0
[  949.484941][T22591]  ? __pfx_device_add+0x10/0x10
[  949.484950][T22591]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  949.484970][T22591]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  949.484986][T22591]  wiphy_register+0x1df4/0x29f0
[  949.485000][T22591]  ? netdev_run_todo+0x864/0x1320
[  949.485016][T22591]  ? __dev_printk+0x250/0x270
[  949.485029][T22591]  ? __pfx_wiphy_register+0x10/0x10
[  949.485044][T22591]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  949.485058][T22591]  ieee80211_register_hw+0x24a9/0x4060
[  949.485074][T22591]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  949.485089][T22591]  ? net_generic+0xea/0x2a0
[  949.485103][T22591]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  949.485118][T22591]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  949.485132][T22591]  ? __hrtimer_setup+0x176/0x280
[  949.485148][T22591]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  949.485162][T22591]  ? trace_kmalloc+0x2b/0xd0
[  949.485176][T22591]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  949.485189][T22591]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  949.485199][T22591]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  949.485209][T22591]  ? __asan_memcpy+0x3c/0x60
[  949.485220][T22591]  hwsim_new_radio_nl+0xb51/0x12c0
[  949.485231][T22591]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  949.485243][T22591]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  949.485260][T22591]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  949.485277][T22591]  genl_family_rcv_msg_doit+0x209/0x2f0
[  949.485293][T22591]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  949.485310][T22591]  ? bpf_lsm_capable+0x9/0x10
[  949.485322][T22591]  ? security_capable+0x7e/0x260
[  949.485335][T22591]  ? ns_capable+0xd7/0x110
[  949.485348][T22591]  genl_rcv_msg+0x55c/0x800
[  949.485366][T22591]  ? __pfx_genl_rcv_msg+0x10/0x10
[  949.485383][T22591]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  949.485397][T22591]  netlink_rcv_skb+0x158/0x420
[  949.485412][T22591]  ? __pfx_genl_rcv_msg+0x10/0x10
[  949.485429][T22591]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  949.485447][T22591]  ? netlink_deliver_tap+0x1ae/0xd30
[  949.485462][T22591]  ? is_vmalloc_addr+0x86/0xa0
[  949.485478][T22591]  genl_rcv+0x28/0x40
[  949.485496][T22591]  netlink_unicast+0x5a7/0x870
[  949.485512][T22591]  ? __pfx_netlink_unicast+0x10/0x10
[  949.485527][T22591]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  949.485545][T22591]  netlink_sendmsg+0x8d1/0xdd0
[  949.485561][T22591]  ? __pfx_netlink_sendmsg+0x10/0x10
[  949.485581][T22591]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  949.485596][T22591]  ____sys_sendmsg+0xa98/0xc70
[  949.485615][T22591]  ? __pfx_____sys_sendmsg+0x10/0x10
[  949.485633][T22591]  ? get_compat_msghdr+0x11a/0x170
[  949.485649][T22591]  ? __pfx_futex_wake_mark+0x10/0x10
[  949.485669][T22591]  ___sys_sendmsg+0x134/0x1d0
[  949.485685][T22591]  ? lock_release+0x201/0x2f0
[  949.485705][T22591]  ? __pfx____sys_sendmsg+0x10/0x10
[  949.485727][T22591]  ? futex_private_hash_put+0x11c/0x300
[  949.485744][T22591]  ? rcu_is_watching+0x12/0xc0
[  949.485763][T22591]  __sys_sendmsg+0x16d/0x220
[  949.485780][T22591]  ? __pfx___sys_sendmsg+0x10/0x10
[  949.485797][T22591]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  949.485824][T22591]  ? rcu_is_watching+0x12/0xc0
[  949.485842][T22591]  __do_fast_syscall_32+0x7c/0x3a0
[  949.485868][T22591]  do_fast_syscall_32+0x32/0x80
[  949.485892][T22591]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  949.485916][T22591] RIP: 0023:0xf7f17579
[  949.485929][T22591] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  949.485941][T22591] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  949.485954][T22591] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  949.485962][T22591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  949.485969][T22591] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  949.485976][T22591] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  949.485983][T22591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  949.485994][T22591]  </TASK>
[  949.852527][T22598] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4575'.
[  950.298892][T22617] tmpfs: Unknown parameter 'quot�'
[  950.339885][T22618] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  950.342503][T22618] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  950.350584][T22618] vhci_hcd vhci_hcd.0: Device attached
[  950.363603][T22620] vhci_hcd: connection closed
[  950.363782][T17807] vhci_hcd: stop threads
[  950.367622][T17807] vhci_hcd: release socket
[  950.370563][T17807] vhci_hcd: disconnect device
[  951.269800][T22651] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4597'.
[  951.349459][T22656] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  951.351762][T22656] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  951.359220][T22648] ubi: mtd0 is already attached to ubi31
[  951.384598][T22656] vhci_hcd vhci_hcd.0: Device attached
[  951.564990][ T6062] vhci_hcd: vhci_device speed not set
[  951.601223][T22658] vhci_hcd: connection closed
[  951.601548][T21511] vhci_hcd: stop threads
[  951.606594][T21511] vhci_hcd: release socket
[  951.608923][T21511] vhci_hcd: disconnect device
[  951.631918][ T6062] usb 37-1: new full-speed USB device number 6 using vhci_hcd
[  951.635542][ T6062] usb 37-1: enqueue for inactive port 0
[  951.707926][ T6062] vhci_hcd: vhci_device speed not set
[  951.946557][T22672] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  951.949850][T22672] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  951.958889][T22672] vhci_hcd vhci_hcd.0: Device attached
[  951.986360][T22674] vhci_hcd: connection closed
[  951.986574][T21511] vhci_hcd: stop threads
[  951.989463][T21511] vhci_hcd: release socket
[  951.990905][T21511] vhci_hcd: disconnect device
[  952.173246][T22679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4596'.
[  953.208636][T22701] netlink: 'syz.0.4605': attribute type 5 has an invalid length.
[  953.489674][T22693] bond0: Caught tx_queue_len zero misconfig
[  953.722563][T22719] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  953.725222][T22719] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  953.737418][T22719] vhci_hcd vhci_hcd.0: Device attached
[  953.752822][T22721] vhci_hcd: connection closed
[  953.754191][T17807] vhci_hcd: stop threads
[  953.757487][T17807] vhci_hcd: release socket
[  953.759133][T17807] vhci_hcd: disconnect device
[  953.781829][T22713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4608'.
[  954.536358][   T40] audit: type=1326 audit(2000000055.190:16508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22737 comm="syz.0.4614" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7f17579 code=0x0
[  955.022615][T13803] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  955.168305][T13803] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  955.172740][T13803] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65327, setting to 1024
[  955.178004][T13803] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  955.182361][T13803] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  955.186803][T13803] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.202215][T22741] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  955.207765][T13803] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  955.637245][T21836] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  956.066994][T22750] syz.5.4617: attempt to access beyond end of device
[  956.066994][T22750] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  956.073354][T22750] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  956.251779][T22757] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  956.254957][T22757] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  956.312438][T22757] vhci_hcd vhci_hcd.0: Device attached
[  956.325026][T22759] vhci_hcd: connection closed
[  956.325445][ T9647] vhci_hcd: stop threads
[  956.329665][ T9647] vhci_hcd: release socket
[  956.331295][ T9647] vhci_hcd: disconnect device
[  957.124450][T22770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4621'.
[  957.414172][T22785] netlink: 'syz.5.4626': attribute type 27 has an invalid length.
[  957.499957][T14083] usb 8-1: USB disconnect, device number 31
[  957.736895][T22789] FAULT_INJECTION: forcing a failure.
[  957.736895][T22789] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  957.742645][T22789] CPU: 1 UID: 0 PID: 22789 Comm: syz.3.4627 Not tainted syzkaller #0 PREEMPT(full) 
[  957.742676][T22789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  957.742688][T22789] Call Trace:
[  957.742694][T22789]  <TASK>
[  957.742702][T22789]  dump_stack_lvl+0x16c/0x1f0
[  957.742728][T22789]  should_fail_ex+0x512/0x640
[  957.742754][T22789]  _copy_to_user+0x32/0xd0
[  957.742770][T22789]  rng_dev_read+0x1ea/0x810
[  957.742798][T22789]  ? __pfx_virtio_read+0x10/0x10
[  957.742812][T22789]  ? __pfx_rng_dev_read+0x10/0x10
[  957.742838][T22789]  ? bpf_lsm_file_permission+0x9/0x10
[  957.742864][T22789]  ? security_file_permission+0x71/0x210
[  957.742887][T22789]  ? rw_verify_area+0xcf/0x6c0
[  957.742904][T22789]  ? __pfx_rng_dev_read+0x10/0x10
[  957.742928][T22789]  vfs_readv+0x5be/0x8b0
[  957.742947][T22789]  ? __pfx_vfs_readv+0x10/0x10
[  957.742965][T22789]  ? ksys_write+0x190/0x250
[  957.742985][T22789]  ? rcu_is_watching+0x12/0xc0
[  957.743006][T22789]  ? __fget_files+0x20e/0x3c0
[  957.743028][T22789]  ? do_preadv+0x1a6/0x270
[  957.743044][T22789]  do_preadv+0x1a6/0x270
[  957.743062][T22789]  ? __pfx_do_preadv+0x10/0x10
[  957.743080][T22789]  ? rcu_is_watching+0x12/0xc0
[  957.743098][T22789]  __do_fast_syscall_32+0x7c/0x3a0
[  957.743121][T22789]  do_fast_syscall_32+0x32/0x80
[  957.743140][T22789]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  957.743157][T22789] RIP: 0023:0xf711e579
[  957.743169][T22789] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  957.743185][T22789] RSP: 002b:00000000f550e55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d
[  957.743201][T22789] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000240
[  957.743211][T22789] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  957.743221][T22789] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  957.743231][T22789] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  957.743241][T22789] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  957.743256][T22789]  </TASK>
[  957.743666][   T40] audit: type=1800 audit(2000000058.560:16509): pid=22789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4627" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  958.046613][T22785] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  958.055156][T22785] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  958.144675][T22798] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  958.147198][T22798] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  958.150060][T22798] vhci_hcd vhci_hcd.0: Device attached
[  958.274532][T22800] vhci_hcd: connection closed
[  958.274797][ T9647] vhci_hcd: stop threads
[  958.277787][ T9647] vhci_hcd: release socket
[  958.279323][ T9647] vhci_hcd: disconnect device
[  958.328430][T19037] vhci_hcd: vhci_device speed not set
[  958.377176][T22804] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  958.379833][T22804] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  958.383125][T22804] vhci_hcd vhci_hcd.0: Device attached
[  958.408180][T22806] vhci_hcd: connection closed
[  958.408540][T17807] vhci_hcd: stop threads
[  958.412068][T17807] vhci_hcd: release socket
[  958.413929][T17807] vhci_hcd: disconnect device
[  958.836724][T22786] 8021q: adding VLAN 0 to HW filter on device bond0
[  958.840847][T22786] 8021q: adding VLAN 0 to HW filter on device team0
[  958.878448][T22786] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  958.987010][T21511] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  958.991740][T21511] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  958.994756][T21511] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  959.014325][T21511] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  959.166433][T22819] FAULT_INJECTION: forcing a failure.
[  959.166433][T22819] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  959.331254][T22819] CPU: 3 UID: 0 PID: 22819 Comm: syz.2.4632 Not tainted syzkaller #0 PREEMPT(full) 
[  959.331272][T22819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  959.331282][T22819] Call Trace:
[  959.331289][T22819]  <TASK>
[  959.331293][T22819]  dump_stack_lvl+0x16c/0x1f0
[  959.331311][T22819]  should_fail_ex+0x512/0x640
[  959.331327][T22819]  _copy_to_user+0x32/0xd0
[  959.331339][T22819]  simple_read_from_buffer+0xcb/0x170
[  959.331352][T22819]  proc_fail_nth_read+0x197/0x240
[  959.331363][T22819]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  959.331374][T22819]  ? security_file_permission+0x71/0x210
[  959.331389][T22819]  ? rw_verify_area+0xcf/0x6c0
[  959.331401][T22819]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  959.331419][T22819]  vfs_read+0x1e1/0xcf0
[  959.331431][T22819]  ? __pfx_vfs_read+0x10/0x10
[  959.331443][T22819]  ? rcu_is_watching+0x12/0xc0
[  959.331455][T22819]  ? __fget_files+0x20e/0x3c0
[  959.331468][T22819]  ksys_read+0x12a/0x250
[  959.331479][T22819]  ? __pfx_ksys_read+0x10/0x10
[  959.331491][T22819]  ? rcu_is_watching+0x12/0xc0
[  959.331503][T22819]  __do_fast_syscall_32+0x7c/0x3a0
[  959.331518][T22819]  do_fast_syscall_32+0x32/0x80
[  959.331532][T22819]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  959.331546][T22819] RIP: 0023:0xf702e579
[  959.331554][T22819] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  959.331565][T22819] RSP: 002b:00000000f53dc590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  959.331576][T22819] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f53dc620
[  959.331584][T22819] RDX: 000000000000000f RSI: 00000000f7394ff4 RDI: 0000000000000000
[  959.331595][T22819] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  959.331601][T22819] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  959.331608][T22819] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  959.331617][T22819]  </TASK>
[  959.657700][T22817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4641'.
[  960.017008][T22839] syz.3.4635: attempt to access beyond end of device
[  960.017008][T22839] nbd3: rw=0, sector=6, nr_sectors = 2 limit=0
[  960.023691][T22839] ADFS-fs (nbd3): error: unable to read block 3, try 0
[  961.081011][T14083] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  961.103958][   T40] audit: type=1326 audit(2000000062.088:16510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22854 comm="syz.3.4642" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0
[  961.244702][T14083] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  961.257286][T14083] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  961.260288][T14083] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  961.263708][T14083] usb 5-1: Manufacturer: syz
[  961.265867][T14083] usb 5-1: config 0 descriptor??
[  961.328179][T14083] rc_core: IR keymap rc-hauppauge not found
[  961.330137][T14083] Registered IR keymap rc-empty
[  961.332282][T14083] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  961.390908][T14083] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input37
[  961.666373][T22865] syz.2.4644: attempt to access beyond end of device
[  961.666373][T22865] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  961.670502][T22865] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  962.533358][ T1417] ieee802154 phy0 wpan0: encryption failed: -22
[  962.537983][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  963.149793][T22890] netlink: 'syz.5.4651': attribute type 3 has an invalid length.
[  963.153075][T22890] netlink: 186932 bytes leftover after parsing attributes in process `syz.5.4651'.
[  963.530511][   T40] audit: type=1326 audit(2000000064.597:16511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22845 comm="syz.0.4638" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7fc00000
[  963.724808][ T3580] usb 5-1: USB disconnect, device number 31
[  963.840696][   T40] audit: type=1326 audit(2000000064.954:16512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22895 comm="syz.3.4653" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf711e579 code=0x0
[  964.006279][   T40] audit: type=1800 audit(2000000065.133:16513): pid=22907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4655" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  964.100372][ T3580] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  964.271927][ T3580] usb 5-1: Using ep0 maxpacket: 32
[  964.274526][T22910] netlink: 5 bytes leftover after parsing attributes in process `syz.5.4656'.
[  964.278010][T22910] 0�X��D: renamed from macvtap0
[  964.282303][ T3580] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  964.288759][ T3580] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  964.292484][ T3580] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  964.295186][ T3580] usb 5-1: Product: syz
[  964.296868][ T3580] usb 5-1: Manufacturer: syz
[  964.298442][ T3580] usb 5-1: SerialNumber: syz
[  964.302205][T22910] 0�X��D: entered allmulticast mode
[  964.304121][T22910] veth0_macvtap: entered allmulticast mode
[  964.306901][ T3580] usb 5-1: config 0 descriptor??
[  964.310518][T22910] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[  964.318756][T22900] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  964.351505][T22910] hub 1-0:1.0: USB hub found
[  964.353218][T22910] hub 1-0:1.0: 2 ports detected
[  964.533492][T13803] usb 5-1: USB disconnect, device number 32
[  965.826821][T22930] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  965.829565][T22930] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  965.851495][T22930] vhci_hcd vhci_hcd.0: Device attached
[  965.874626][T22932] vhci_hcd: connection closed
[  965.875068][T17807] vhci_hcd: stop threads
[  965.878524][T17807] vhci_hcd: release socket
[  965.880226][T17807] vhci_hcd: disconnect device
[  965.992418][T22940] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4661'.
[  966.458029][T22946] ip6gre1: entered promiscuous mode
[  966.460653][T22946] ip6gre1: entered allmulticast mode
[  967.447129][T22950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4668'.
[  967.575581][T22966] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4672'.
[  967.741168][ T5983] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  967.746740][T22977] syzkaller1: entered promiscuous mode
[  967.748461][T22977] syzkaller1: entered allmulticast mode
[  967.750166][ T5983] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  967.752341][ T5983] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  967.755269][ T5983] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  967.760697][ T5983] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  967.768961][T22974] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  968.188120][T22936] syz_tun (unregistering): left allmulticast mode
[  968.254245][T22982] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4676'.
[  968.272745][T22987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4677'.
[  968.299987][T22975] chnl_net:caif_netlink_parms(): no params data found
[  968.644939][T22990] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4678'.
[  968.786219][T23003] Cache volume key already in use (9p,syz,)
[  968.949835][T22975] bridge0: port 1(bridge_slave_0) entered blocking state
[  968.952191][T22975] bridge0: port 1(bridge_slave_0) entered disabled state
[  968.955135][T22975] bridge_slave_0: entered allmulticast mode
[  968.987528][T22975] bridge_slave_0: entered promiscuous mode
[  968.989859][T23007] netlink: 5 bytes leftover after parsing attributes in process `syz.3.4680'.
[  969.063348][T23007] 0�X��D: renamed from macvtap0
[  969.102890][T23007] 0�X��D: entered allmulticast mode
[  969.106022][T23007] veth0_macvtap: entered allmulticast mode
[  969.108469][T23007] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[  969.115914][T22975] bridge0: port 2(bridge_slave_1) entered blocking state
[  969.118987][T22975] bridge0: port 2(bridge_slave_1) entered disabled state
[  969.122198][T22975] bridge_slave_1: entered allmulticast mode
[  969.126188][T22975] bridge_slave_1: entered promiscuous mode
[  969.129192][ T5983] Bluetooth: hci2: unexpected event 0x14 length: 20 > 6
[  969.200245][T23007] hub 1-0:1.0: USB hub found
[  969.215645][T23007] hub 1-0:1.0: 2 ports detected
[  969.406000][T21511] : (slave netdevsim0): Releasing backup interface
[  969.505603][T23016] syz.5.4682: attempt to access beyond end of device
[  969.505603][T23016] nbd5: rw=0, sector=6, nr_sectors = 2 limit=0
[  969.529398][T23016] ADFS-fs (nbd5): error: unable to read block 3, try 0
[  969.569837][T22975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  969.574830][T22975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  969.686552][T23015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4683'.
[  969.691728][ T5983] Bluetooth: hci3: command tx timeout
[  969.741528][T22975] team0: Port device team_slave_0 added
[  969.745965][T22975] team0: Port device team_slave_1 added
[  969.913225][T22975] batman_adv: batadv0: Adding interface: batadv_slave_0
[  969.915700][T22975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  969.925749][T22975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  969.931212][T22975] batman_adv: batadv0: Adding interface: batadv_slave_1
[  969.933771][T22975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  969.942936][T22975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  970.835141][T21511] bond1 (unregistering): (slave gretap1): Releasing active interface
[  971.654376][T23033] comedi comedi3: c6xdigio: I/O port conflict (0xcff,3)
[  971.656715][T23033] ==================================================================
[  971.659360][T23033] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[  971.661911][T23033] Read of size 8 at addr ffff8880509f6430 by task syz.5.4686/23033
[  971.668068][T23033] 
[  971.668869][T23033] CPU: 1 UID: 0 PID: 23033 Comm: syz.5.4686 Not tainted syzkaller #0 PREEMPT(full) 
[  971.668885][T23033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  971.668893][T23033] Call Trace:
[  971.668898][T23033]  <TASK>
[  971.668903][T23033]  dump_stack_lvl+0x116/0x1f0
[  971.668921][T23033]  print_report+0xcd/0x630
[  971.668936][T23033]  ? __virt_addr_valid+0x81/0x610
[  971.668950][T23033]  ? __phys_addr+0xe8/0x180
[  971.668964][T23033]  ? sysfs_remove_file_ns+0x63/0x70
[  971.668975][T23033]  kasan_report+0xe0/0x110
SYZFAIL: failed to recv rpc
[  971.668988][T23033]  ? sysfs_remove_file_ns+0x63/0x70
[  971.669000][T23033]  sysfs_remove_file_ns+0x63/0x70
[  971.669013][T23033]  driver_remove_file+0x4a/0x60
[  971.669029][T23033]  bus_remove_driver+0x224/0x2c0
[  971.669042][T23033]  driver_unregister+0x76/0xb0
[  971.669056][T23033]  comedi_device_detach_locked+0x12c/0xa50
[  971.669072][T23033]  comedi_device_detach+0x67/0xb0
[  971.669085][T23033]  comedi_device_attach+0x43d/0x900
[  971.669100][T23033]  do_devconfig_ioctl+0x1b1/0x710
[  971.669109][T23033]  ? __mutex_lock+0x1c5/0x1060
[  971.669123][T23033]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  971.669136][T23033]  ? kasan_save_stack+0x42/0x60
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  971.669153][T23033]  ? kasan_save_stack+0x33/0x60
[  971.669170][T23033]  ? kasan_save_track+0x14/0x30
[  971.669188][T23033]  ? kasan_save_free_info+0x3b/0x60
[  971.669210][T23033]  ? __kasan_slab_free+0x60/0x70
[  971.669230][T23033]  ? kfree+0x2b4/0x4d0
[  971.669242][T23033]  ? tomoyo_path_number_perm+0x470/0x580
[  971.669256][T23033]  comedi_unlocked_ioctl+0x165d/0x2f00
[  971.669270][T23033]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  971.669284][T23033]  ? rcu_is_watching+0x12/0xc0
[  971.669295][T23033]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  971.669315][T23033]  ? tomoyo_path_number_perm+0x295/0x580
[  971.669326][T23033]  ? rcu_is_watching+0x12/0xc0
[  971.669336][T23033]  ? lock_release+0x201/0x2f0
[  971.669350][T23033]  ? tomoyo_path_number_perm+0x18d/0x580
[  971.669362][T23033]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  971.669375][T23033]  comedi_compat_ioctl+0x1d0/0x990
[  971.669386][T23033]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  971.669398][T23033]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  971.669413][T23033]  ? do_vfs_ioctl+0x128/0x14f0
[  971.669429][T23033]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  971.669445][T23033]  ? rcu_is_watching+0x12/0xc0
[  971.669455][T23033]  ? __fget_files+0x204/0x3c0
[  971.669466][T23033]  ? hook_file_ioctl_common+0x145/0x410
[  971.669481][T23033]  ? __fget_files+0x20e/0x3c0
[  971.669490][T23033]  ? __ia32_compat_sys_openat+0x140/0x210
[  971.669502][T23033]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  971.669513][T23033]  __ia32_compat_sys_ioctl+0x23f/0x370
[  971.669529][T23033]  __do_fast_syscall_32+0x7c/0x3a0
[  971.669544][T23033]  do_fast_syscall_32+0x32/0x80
[  971.669563][T23033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  971.669577][T23033] RIP: 0023:0xf708e579
[  971.669587][T23033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  971.669599][T23033] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  971.669610][T23033] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000040946400
[  971.669618][T23033] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  971.669625][T23033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  971.669632][T23033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  971.669639][T23033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  971.669649][T23033]  </TASK>
[  971.669654][T23033] 
[  971.791939][T23033] Allocated by task 19592:
[  971.793415][T23033]  kasan_save_stack+0x33/0x60
[  971.794952][T23033]  kasan_save_track+0x14/0x30
[  971.796442][T23033]  __kasan_kmalloc+0xaa/0xb0
[  971.797995][T23033]  bus_add_driver+0x92/0x690
[  971.799423][T23033]  driver_register+0x15c/0x4b0
[  971.800977][T23033]  c6xdigio_attach+0xa3/0x4b0
[  971.802501][T23033]  comedi_device_attach+0x3b3/0x900
[  971.804431][T23033]  do_devconfig_ioctl+0x1b1/0x710
[  971.806087][T23033]  comedi_unlocked_ioctl+0x165d/0x2f00
[  971.807800][T23033]  comedi_compat_ioctl+0x1d0/0x990
[  971.809454][T23033]  __ia32_compat_sys_ioctl+0x23f/0x370
[  971.811251][T23033]  __do_fast_syscall_32+0x7c/0x3a0
[  971.812876][T23033]  do_fast_syscall_32+0x32/0x80
[  971.814448][T23033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  971.816637][T23033] 
[  971.817406][T23033] Freed by task 23033:
[  971.818700][T23033]  kasan_save_stack+0x33/0x60
[  971.820194][T23033]  kasan_save_track+0x14/0x30
[  971.821755][T23033]  kasan_save_free_info+0x3b/0x60
[  971.823341][T23033]  __kasan_slab_free+0x60/0x70
[  971.824850][T23033]  kfree+0x2b4/0x4d0
[  971.826164][T23033]  kobject_put+0x1e7/0x5a0
[  971.827621][T23033]  bus_remove_driver+0x16e/0x2c0
[  971.829215][T23033]  driver_unregister+0x76/0xb0
[  971.830733][T23033]  comedi_device_detach_locked+0x12c/0xa50
[  971.832665][T23033]  do_devconfig_ioctl+0x555/0x710
[  971.834430][T23033]  comedi_unlocked_ioctl+0x165d/0x2f00
[  971.836869][T23033]  comedi_compat_ioctl+0x1d0/0x990
[  971.838800][T23033]  __ia32_compat_sys_ioctl+0x23f/0x370
[  971.840636][T23033]  __do_fast_syscall_32+0x7c/0x3a0
[  971.842336][T23033]  do_fast_syscall_32+0x32/0x80
[  971.843959][T23033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  971.845951][T23033] 
[  971.846792][T23033] The buggy address belongs to the object at ffff8880509f6400
[  971.846792][T23033]  which belongs to the cache kmalloc-256 of size 256
[  971.851135][T23033] The buggy address is located 48 bytes inside of
[  971.851135][T23033]  freed 256-byte region [ffff8880509f6400, ffff8880509f6500)
[  971.855510][T23033] 
[  971.856325][T23033] The buggy address belongs to the physical page:
[  971.858389][T23033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x509f6
[  971.861140][T23033] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  971.863887][T23033] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  971.866425][T23033] page_type: f5(slab)
[  971.867707][T23033] raw: 04fff00000000040 ffff88801b842b40 0000000000000000 dead000000000001
[  971.870593][T23033] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  971.873846][T23033] head: 04fff00000000040 ffff88801b842b40 0000000000000000 dead000000000001
[  971.876686][T23033] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  971.879447][T23033] head: 04fff00000000001 ffffea0001427d81 00000000ffffffff 00000000ffffffff
[  971.882149][T23033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  971.884968][T23033] page dumped because: kasan: bad access detected
[  971.887053][T23033] page_owner tracks the page as allocated
[  971.889214][T23033] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5973, tgid 5973 (syz-executor), ts 45493089629, free_ts 44430948990
[  971.896457][T23033]  post_alloc_hook+0x1c0/0x230
[  971.898086][T23033]  get_page_from_freelist+0x132b/0x38e0
[  971.899964][T23033]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  971.902131][T23033]  alloc_pages_mpol+0x1fb/0x550
[  971.903826][T23033]  new_slab+0x247/0x330
[  971.905459][T23033]  ___slab_alloc+0xcf2/0x1740
[  971.907386][T23033]  __slab_alloc.constprop.0+0x56/0xb0
[  971.909689][T23033]  __kmalloc_noprof+0x2f2/0x510
[  971.911429][T23033]  fib_create_info+0x53f/0x46b0
[  971.913008][T23033]  fib_table_insert+0x177/0x1c40
[  971.914659][T23033]  fib_magic+0x4d4/0x5c0
[  971.916048][T23033]  fib_add_ifaddr+0x16d/0x580
[  971.917776][T23033]  fib_inetaddr_event+0x147/0x270
[  971.919461][T23033]  notifier_call_chain+0xb9/0x410
[  971.921134][T23033]  blocking_notifier_call_chain+0x69/0xa0
[  971.922994][T23033]  __inet_insert_ifa+0x925/0xcd0
[  971.924955][T23033] page last free pid 5973 tgid 5973 stack trace:
[  971.927652][T23033]  __free_frozen_pages+0x7d5/0x10f0
[  971.929860][T23033]  qlist_free_all+0x4d/0x120
[  971.931769][T23033]  kasan_quarantine_reduce+0x195/0x1e0
[  971.934038][T23033]  __kasan_slab_alloc+0x69/0x90
[  971.936305][T23033]  __kmalloc_cache_noprof+0x1f1/0x3e0
[  971.938678][T23033]  netdevice_event+0x365/0x9d0
[  971.940789][T23033]  notifier_call_chain+0xb9/0x410
[  971.942968][T23033]  call_netdevice_notifiers_info+0xbe/0x140
[  971.945625][T23033]  __netdev_upper_dev_link+0x43b/0x840
[  971.947965][T23033]  netdev_master_upper_dev_link+0x9f/0xd0
[  971.950586][T23033]  bond_enslave+0x2e7b/0x60b0
[  971.952780][T23033]  do_set_master+0x40c/0x730
[  971.954827][T23033]  do_setlink.constprop.0+0xbd8/0x4380
[  971.956603][T23033]  rtnl_newlink+0x1446/0x2000
[  971.958459][T23033]  rtnetlink_rcv_msg+0x95b/0xe90
[  971.960717][T23033]  netlink_rcv_skb+0x158/0x420
[  971.962535][T23033] 
[  971.963306][T23033] Memory state around the buggy address:
[  971.965385][T23033]  ffff8880509f6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  971.968547][T23033]  ffff8880509f6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  971.971525][T23033] >ffff8880509f6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  971.974142][T23033]                                      ^
[  971.976147][T23033]  ffff8880509f6480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  971.978779][T23033]  ffff8880509f6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  971.981265][T23033] ==================================================================
[  971.983795][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.986051][ T5983] Bluetooth: hci3: command tx timeout
[  971.988953][T23033] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  971.991431][T23033] CPU: 1 UID: 0 PID: 23033 Comm: syz.5.4686 Not tainted syzkaller #0 PREEMPT(full) 
[  971.994308][T23033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  971.998090][T23033] Call Trace:
[  971.999170][T23033]  <TASK>
[  972.000163][T23033]  dump_stack_lvl+0x3d/0x1f0
[  972.001713][T23033]  vpanic+0x6e8/0x7a0
[  972.003143][T23033]  ? __pfx_vpanic+0x10/0x10
[  972.004670][T23033]  ? __pfx_vprintk_emit+0x10/0x10
[  972.006325][T23033]  ? sysfs_remove_file_ns+0x63/0x70
[  972.008213][T23033]  panic+0xca/0xd0
[  972.009486][T23033]  ? __pfx_panic+0x10/0x10
[  972.010916][T23033]  ? sysfs_remove_file_ns+0x63/0x70
[  972.012655][T23033]  ? preempt_schedule_common+0x44/0xc0
[  972.014704][T23033]  ? preempt_schedule_thunk+0x16/0x30
[  972.016530][T23033]  check_panic_on_warn+0xab/0xb0
[  972.018492][T23033]  end_report+0x107/0x170
[  972.020361][T23033]  kasan_report+0xee/0x110
[  972.022030][T23033]  ? sysfs_remove_file_ns+0x63/0x70
[  972.023996][T23033]  sysfs_remove_file_ns+0x63/0x70
[  972.025807][T23033]  driver_remove_file+0x4a/0x60
[  972.027558][T23033]  bus_remove_driver+0x224/0x2c0
[  972.029617][T23033]  driver_unregister+0x76/0xb0
[  972.031647][T23033]  comedi_device_detach_locked+0x12c/0xa50
[  972.033876][T23033]  comedi_device_detach+0x67/0xb0
[  972.035647][T23033]  comedi_device_attach+0x43d/0x900
[  972.037304][T23033]  do_devconfig_ioctl+0x1b1/0x710
[  972.039131][T23033]  ? __mutex_lock+0x1c5/0x1060
[  972.041063][T23033]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  972.042862][T23033]  ? kasan_save_stack+0x42/0x60
[  972.044516][T23033]  ? kasan_save_stack+0x33/0x60
[  972.046173][T23033]  ? kasan_save_track+0x14/0x30
[  972.047800][T23033]  ? kasan_save_free_info+0x3b/0x60
[  972.049577][T23033]  ? __kasan_slab_free+0x60/0x70
[  972.051202][T23033]  ? kfree+0x2b4/0x4d0
[  972.052551][T23033]  ? tomoyo_path_number_perm+0x470/0x580
[  972.054817][T23033]  comedi_unlocked_ioctl+0x165d/0x2f00
[  972.056807][T23033]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  972.058671][T23033]  ? rcu_is_watching+0x12/0xc0
[  972.060217][T23033]  ? trace_irq_enable.constprop.0+0xd4/0x120
[  972.062453][T23033]  ? tomoyo_path_number_perm+0x295/0x580
[  972.064317][T23033]  ? rcu_is_watching+0x12/0xc0
[  972.065888][T23033]  ? lock_release+0x201/0x2f0
[  972.067374][T23033]  ? tomoyo_path_number_perm+0x18d/0x580
[  972.069109][T23033]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  972.070947][T23033]  comedi_compat_ioctl+0x1d0/0x990
[  972.072673][T23033]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  972.074542][T23033]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  972.076667][T23033]  ? do_vfs_ioctl+0x128/0x14f0
[  972.078422][T23033]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  972.080165][T23033]  ? rcu_is_watching+0x12/0xc0
[  972.081864][T23033]  ? __fget_files+0x204/0x3c0
[  972.083942][T23033]  ? hook_file_ioctl_common+0x145/0x410
[  972.085829][T23033]  ? __fget_files+0x20e/0x3c0
[  972.087365][T23033]  ? __ia32_compat_sys_openat+0x140/0x210
[  972.089241][T23033]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  972.090963][T23033]  __ia32_compat_sys_ioctl+0x23f/0x370
[  972.092705][T23033]  __do_fast_syscall_32+0x7c/0x3a0
[  972.094651][T23033]  do_fast_syscall_32+0x32/0x80
[  972.096162][T23033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  972.098317][T23033] RIP: 0023:0xf708e579
[  972.099571][T23033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  972.106017][T23033] RSP: 002b:00000000f545d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  972.108714][T23033] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000040946400
[  972.111262][T23033] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  972.113779][T23033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  972.116819][T23033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  972.119974][T23033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  972.123259][T23033]  </TASK>
[  972.125324][T23033] Kernel Offset: disabled
[  972.127091][T23033] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:05:58  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=ffff8880201fb800 RCX=0000000000000100 RDX=0000000000000001
RSI=0000000000000002 RDI=ffff8880201fb802 RBP=dffffc0000000000 RSP=ffffc900031c6fc0
R8 =0000000000000001 R9 =ffff88802b23b3d4 R10=ffff8880201fb803 R11=0000000000000012
R12=000000000000567f R13=0000000000000000 R14=ffff88802b23b3c0 R15=ffffed100403f700
RIP=ffffffff8b935b38 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007feeb6dde300 ffffffff 00c00000
GS =0000 ffff8880974c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005613e4492f40 CR3=000000004ba30000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=048ac480faf88363 ec1c1c9067e86144 048ac480faf88363 ec1c1c9067e86144 048ac480faf88363 ec1c1c9067e86144 048ac480faf88363 ec1c1c9067e86144
ZMM18=1a2b2ea565ede737 b24ec5ad7a9983a0 1a2b2ea565ede737 b24ec5ad7a9983a0 1a2b2ea565ede737 b24ec5ad7a9983a0 1a2b2ea565ede737 b24ec5ad7a9983a0
ZMM19=9d28000000000000 0000000000000004 9d28000000000000 0000000000000003 9d28000000000000 0000000000000002 9d28000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 040075e00da0a080 8008000201779606 0000002e00000002 0000000100000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001255 0000001800000000 0000000000000000 0000000000000015
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000003000000012 0004000000080024 0000000000280034
ZMM24=77cdb0e377cdb0e3 77cdb0e377cdb0e3 77cdb0e377cdb0e3 77cdb0e377cdb0e3 77cdb0e377cdb0e3 77cdb0e377cdb0e3 77cdb0e377cdb0e3 77cdb0e377cdb0e3
ZMM25=d92bb5a9d92bb5a9 d92bb5a9d92bb5a9 d92bb5a9d92bb5a9 d92bb5a9d92bb5a9 d92bb5a9d92bb5a9 d92bb5a9d92bb5a9 d92bb5a9d92bb5a9 d92bb5a9d92bb5a9
ZMM26=a1deee5aa1deee5a a1deee5aa1deee5a a1deee5aa1deee5a a1deee5aa1deee5a a1deee5aa1deee5a a1deee5aa1deee5a a1deee5aa1deee5a a1deee5aa1deee5a
ZMM27=9a797e2b9a797e2b 9a797e2b9a797e2b 9a797e2b9a797e2b 9a797e2b9a797e2b 9a797e2b9a797e2b 9a797e2b9a797e2b 9a797e2b9a797e2b 9a797e2b9a797e2b
ZMM28=000001900000018f 0000018e0000018d 0000018c0000018b 0000018a00000189 0000018800000187 0000018600000185 0000018400000183 0000018200000181
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=be4a0000be4a0000 be4a0000be4a0000 be4a0000be4a0000 be4a0000be4a0000 be4a0000be4a0000 be4a0000be4a0000 be4a0000be4a0000 be4a0000be4a0000
info registers vcpu 1

CPU#1
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85616705 RDI=ffffffff9b0f9680 RBP=ffffffff9b0f9640 RSP=ffffc9002a03f178
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3530383838666666
R12=0000000000000000 R13=0000000000000036 R14=ffffffff9b0f9640 R15=ffffffff856166a0
RIP=ffffffff8561672f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000032e16ff8 CR3=000000004c0f2000 CR4=00352ef0
DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=ffffffff9b06bb90 RCX=0000000000000000 RDX=0000000000000000
RSI=ffffffff8c162c80 RDI=ffffffff9b06bba8 RBP=0000000000000286 RSP=ffffc900040a7c10
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff90ab7697 R11=0000000000000001
R12=dffffc0000000000 R13=ffff88805e406600 R14=ffffffff9b06bb88 R15=0000000000002435
RIP=ffffffff8b9340e3 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fc071c8f880 ffffffff 00c00000
GS =0000 ffff8880976c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f55bcd26 CR3=0000000049a2e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000000000c Opmask01=0000000000020000 Opmask02=00000000effffdff Opmask03=0000000001041000
Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056363da7da00 000056363da7da00
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056363da6b4a0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056363da7be00
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0715f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffff00000000ff
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000000000ff 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373730a07
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6961660064657373 65636f727020756c 6c2520716573006e 6f69746974726170
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c443230302c 433230302c423230 302c393200003232 3d5145534b534944
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d11440f0d0d11 430f0d0d11420f0d 0d11040f00000f0f 005145534b534944
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f30737562646e2f 30303a3231303049 5043412f30303a53 55425953584e4c2f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000061 0000000000007974 00736576616c7300 306d656d702f6b63
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffffc90000415110 RBX=0000000000000000 RCX=1ffff11004296006 RDX=0000000000000008
RSI=ffffc90000415100 RDI=ffff8880214b0030 RBP=ffff8880201fb800 RSP=ffffc900005e8708
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=dffffc0000000000 R13=0000000000000001 R14=ffffed100403f70a R15=ffff888041f18000
RIP=ffffffff866a703d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f94c9d45e9c CR3=0000000049a2e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000000000c Opmask01=0000000000020000 Opmask02=00000000effffdff Opmask03=0000000001041000
Opmask04=00000000ffffefff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056363da7da00 000056363da7da00
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056363da6b4a0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056363da7be00
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc0715f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffffff00000000ff
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff000000000000ff 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372f2 7373737373730a07
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6961660064657373 65636f727020756c 6c2520716573006e 6f69746974726170
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 30302c443230302c 433230302c423230 302c393200003232 3d5145534b534944
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0d0d11440f0d0d11 430f0d0d11420f0d 0d11040f00000f0f 005145534b534944
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f30737562646e2f 30303a3231303049 5043412f30303a53 55425953584e4c2f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000061 0000000000007974 00736576616c7300 306d656d702f6b63
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 322e392d3533712d 63707276703a2939 3030322c39484349 2b35335128435064
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7261646e6174536e 703a554d45516e76 733a302e3072623a 343130322f31302f
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343064623a312b32 316f70627e322d33 2e36312e312d6e61 696265642d332e36
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 323032302c313032 302c394631302c32 4331302c38423130 2c464131302c4541
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000