last executing test programs:

6m8.123356683s ago: executing program 32 (id=210):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0xef4, &(0x7f0000000300)={0x0, 0x1c2c, 0x10100, 0x0, 0x3b1, 0x0, r2}, &(0x7f0000000140)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r6, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
ioprio_get$uid(0x3, 0x0)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0128200702ffffffffffff1089a2ebc30b2850b4ae8c1ede6c3095c50167de2a395e7a8683366a2f68d49841c935bea4c8"], 0xb)
r7 = syz_open_dev$vim2m(&(0x7f0000000580), 0x4, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000100)=0x1)
syz_open_dev$tty1(0xc, 0x4, 0x2)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)

6m0.472555496s ago: executing program 33 (id=290):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

5m11.830132561s ago: executing program 5 (id=522):
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0x400, 0x5, 0xff, 0x5, 0x402, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl(r1, 0x2, &(0x7f0000000400)="61c9c573d1dc40444c050fdbc04cd1d58c065bd0051e650057ae6e1de37dd7b7771e6d2447082e3f09d8c7b3600de1c227997c1a43bc252a8a566125c155b55dcbf204b3083332ad5f9d3b8b")
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000000)={'syztnl1\x00', <r2=>0x0, 0x2f, 0x0, 0x0, 0x9, 0x29, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, 0x2000, 0xba08, 0x3, 0xfffffffe}})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB="44a6e500", @ANYRES16=r4, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100000004000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x25c, r4, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x94, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}]}, 0x25c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040000)

5m11.721152656s ago: executing program 5 (id=523):
r0 = io_uring_setup(0x5c20, &(0x7f00000003c0)={0x0, 0x8951, 0x80, 0x3, 0xffffffff})
syz_usb_connect(0x0, 0x36, 0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5m11.139428429s ago: executing program 5 (id=528):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async, rerun: 32)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) (rerun: 32)
ioctl$TCSBRKP(r2, 0x5425, 0x80000000) (async)
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async, rerun: 32)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) (async, rerun: 64)
socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) (async)
r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0xa, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r3, 0xc02c564a, &(0x7f0000000140)={0x0, 0x34324142, 0x2, @discrete={0x1, 0x401}}) (async, rerun: 64)
r4 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) (rerun: 64)
ftruncate(r4, 0x80079a0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) (async)
prlimit64(0x0, 0x7, &(0x7f00000002c0)={0x5, 0xe9}, &(0x7f0000000300)) (async)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r4, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) (async)
lseek(r4, 0x0, 0x4) (async)
ftruncate(r0, 0xfffffd83) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0xba}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x90) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000340)) (async)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/bus/input/devices\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000004100)={0x2020}, 0x2020) (async)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d000000000001090224000100"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$hid(r6, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) (rerun: 32)
r7 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x880)
ioctl$HIDIOCGPHYS(r7, 0x80404812, &(0x7f0000000080)) (async)
chdir(&(0x7f0000000480)='./cgroup\x00')

5m11.139242572s ago: executing program 5 (id=529):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0)
connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x7, @none}, 0xe)
socket(0x3c, 0x5, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs2/custom1\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000380)={0xb, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x200800, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x8c941, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000b42bc2e79a8ae147bd98aead5a301f9a2508b9"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000400)='C', 0x1}], 0x1)
ioctl$SNAPSHOT_FREE(r4, 0x3305)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='pstate_sample\x00', r3}, 0x18)
ioctl$BLKPG(r2, 0x1269, &(0x7f00000001c0)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))

5m10.910835088s ago: executing program 5 (id=532):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
r0 = syz_clone(0xc8a02200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0x15, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x5, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x0, @local}}}, 0x104)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0x94, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
setpgid(0x0, r0)
r2 = syz_open_dev$dri(0x0, 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0xfffe, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, "b14f16b81525ccf0f8b91f7214ea27025100"}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c0000006800010002000000fcffff7f0000040000000000140002000200000000000000000000000300000007299c8685a7999dfcdaead3cff69c2c874d42bfd9464d12df967b270dd1a76d9226b04988fad0c29837c70dffa4a9e96867eaca2b9c14865f5075aef0e2101b62f838b60fe5a3d8f1561098b7006db8e32e0b29edd1064545a09011947194e2f57751"], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file2\x00', 0x1000, 0xdfcd)
landlock_create_ruleset(0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

5m10.760890943s ago: executing program 5 (id=533):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fsopen(0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xd, 0x0, &(0x7f0000000340)={0x77359400}, &(0x7f00000001c0)=0x20000004, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x0, 0x800)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast2, @in6=@ipv4={""/10, ""/2, @loopback}}}, {{@in=@local}, 0x0, @in=@local}}, &(0x7f00000002c0)=0xe8)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300), 0x40000000009001, 0x0)
dup2(r0, r0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x30)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='jfs\x00', 0x0, &(0x7f0000000140)='grpquota')
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000040)=0xdfe5)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfae0, {0x100000000000000, 0x0}}, 0xfc36)

4m55.745641134s ago: executing program 34 (id=533):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fsopen(0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xd, 0x0, &(0x7f0000000340)={0x77359400}, &(0x7f00000001c0)=0x20000004, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x0, 0x800)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast2, @in6=@ipv4={""/10, ""/2, @loopback}}}, {{@in=@local}, 0x0, @in=@local}}, &(0x7f00000002c0)=0xe8)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300), 0x40000000009001, 0x0)
dup2(r0, r0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x30)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)='jfs\x00', 0x0, &(0x7f0000000140)='grpquota')
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000040)=0xdfe5)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfae0, {0x100000000000000, 0x0}}, 0xfc36)

4m47.088724588s ago: executing program 1 (id=628):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x24, r1, 0xb97534d5fe9704cf, 0x0, 0xfffffffc, {{0x12}, {@val={0x8}, @void}}, [@NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}]}, 0x24}}, 0x20000000)

4m47.08821939s ago: executing program 1 (id=629):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x227313e7, 0x0, 0x54, 0x6, 0xfe}, 0x9c)

4m46.979245658s ago: executing program 1 (id=630):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000007f000014001a80100005800c000680080001"], 0x34}}, 0x0) (fail_nth: 5)

4m46.900970618s ago: executing program 1 (id=631):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m46.900789005s ago: executing program 1 (id=632):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
r0 = syz_clone(0xc8a02200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0x15, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x5, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x0, @local}}}, 0x104)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0x94, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
setpgid(0x0, r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0xfffe, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, "b14f16b81525ccf0f8b91f7214ea27025100"}})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c0000006800010002000000fcffff7f0000040000000000140002000200000000000000000000000300000007299c8685a7999dfcdaead3cff69c2c874d42bfd9464d12df967b270dd1a76d9226b04988fad0c29837c70dffa4a9e96867eaca2b9c14865f5075aef0e2101b62f838b60fe5a3d8f1561098b7006db8e32e0b29edd1064545a09011947194e2f57751"], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file2\x00', 0x1000, 0xdfcd)
landlock_create_ruleset(0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

4m46.750623913s ago: executing program 1 (id=633):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

4m45.998804056s ago: executing program 3 (id=645):
r0 = socket(0x2b, 0x80801, 0x1)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, 0x0)

4m45.931152794s ago: executing program 3 (id=646):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendto(0xffffffffffffffff, &(0x7f0000000140)="4c9e7c7e4eafe783643aea030babd56d90a00d126a73", 0x16, 0x40010, &(0x7f0000000180)=@l2tp={0x2, 0x0, @broadcast, 0x2}, 0x80)
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
epoll_create(0xfffff273)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\x00\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x440800, 0x8c)
mkdirat(r1, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=virtio,access=', @ANYBLOB='3'])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x20000000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000100)=0xd)
r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)

4m45.0301999s ago: executing program 3 (id=656):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
ptrace$ARCH_SHSTK_STATUS(0x1e, r0, &(0x7f0000000300), 0x5005)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r4, 0x0, 0x1}, 0x18)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r6, 0x289e0cb5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

4m43.630945764s ago: executing program 3 (id=658):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x18, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x227313e7, 0x0, 0x54, 0x6, 0xfe}, 0x9c)

4m43.531288269s ago: executing program 3 (id=659):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
r0 = syz_clone(0xc8a02200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0x15, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x5, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x0, @local}}}, 0x104)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0x94, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
setpgid(0x0, r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0xfffe, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, "b14f16b81525ccf0f8b91f7214ea27025100"}})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c0000006800010002000000fcffff7f0000040000000000140002000200000000000000000000000300000007299c8685a7999dfcdaead3cff69c2c874d42bfd9464d12df967b270dd1a76d9226b04988fad0c29837c70dffa4a9e96867eaca2b9c14865f5075aef0e2101b62f838b60fe5a3d8f1561098b7006db8e32e0b29edd1064545a09011947194e2f57751"], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file2\x00', 0x1000, 0xdfcd)
landlock_create_ruleset(0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

4m43.400580548s ago: executing program 3 (id=660):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xc0, 0x9, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}]}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x4}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x5}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x9}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x80000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x8}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0xffff}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x4}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x24044800)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x68, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x8002}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x840, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
eventfd(0x162)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x9, 0xc8}}}, 0x6)

4m31.783128881s ago: executing program 35 (id=633):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

4m28.048505012s ago: executing program 36 (id=660):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xc0, 0x9, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e20}]}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x4}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x5}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x9}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x80000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x8}, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0xffff}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x4}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}]}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x24044800)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x68, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x8002}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x840, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
eventfd(0x162)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x9, 0xc8}}}, 0x6)

3m36.831591374s ago: executing program 0 (id=968):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x4)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x9000, @loopback}], 0x1c)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x73, &(0x7f00000000c0)=""/47, &(0x7f0000000040)=0x2f)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
getrlimit(0xa, &(0x7f00000000c0))
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x2}}, './file0\x00'})
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x2e)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000700)=ANY=[@ANYRESHEX, @ANYBLOB="fa108210664bc6d46c6e8b2e0167100703fd69fb", @ANYRES32=r3, @ANYRES32=0x0, @ANYRESHEX=r3, @ANYBLOB="d115ab48a40c7ea89eab7a70f280b74aee3584d33ef8cde9d7dab3df2982f121a5111387fd311622dc9d4b35319084ae03f8576fb28104eb34d0c4fa5f05724a2e293d27a28585ca09b21cfe7b3d634507a07227c6f680acff31658a15691d38aad12a22262a4a488b66122205297d7798e1326ad5e29aa7c3b999e2f343e51f4891ebbeb1f3d79e8ca64a3fc40aa7680b4bda3abbdd736583a2bfddd25f0c581dc9093f1ea09a8365ade87a82e156b9bf900a07acdab59bd05ce13038273c6b69baadddaee2"], &(0x7f0000000000)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r5, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)

3m35.14008864s ago: executing program 0 (id=977):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300))
openat$autofs(0xffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
r0 = fsopen(&(0x7f0000000140)='qnx4\x00', 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, 0x0, 0x0, 0xffffffffffffff9c)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000008c0)=ANY=[@ANYBLOB="1c00000015000100000000ec001fb6330d70000008000100", @ANYBLOB="5e7c569e0de17a03b1acdffd1a79f06bd119c432f5d913fc9c12a8445da973396d3a8dd30daa5bd4b61ade5bd3f47d198ebf564079881c2bab2c135ba0535ee19abc9800c9137a1b6c56e3b322bfa28341901f8556166285996eca9550ed5b160e04367d21cd3502ee6062aa70040534bcf8910cdf2ab96f1d53baa4e51755922e3c17e9ea1435bdfc85f0f638f47b2972f7662be90862f6876f54991f0ac2dc375cf1dfd57d184a5d6f6257d370fbb15f229485c2fc30c314d7ad343a26017b05857e5f9e7e4da7ca050db7ae1abdae98a62424cee594859dfff4812ca255e8be552bd2ee764ebe83375aba1ba701e9af235f79f4bd2585da23c5e4667a18bc8203c57afe6b10053a65d1d43ca611dc79d94472f8d3d9db49d12abcf49b3bf2738b2afe33fee905d137888f82511deb9a52ff5ca295913aa1801ae429bd58d2f461260d36a3fcd0b87a763cb2f3d376e89aef0f9b8f329a9dee910e770d31f485fcf3f66d3552370e66c79a163898f9867fb8b7084d4a9901a54a0c2b7b777d57de81cca7c0c15bef999cde4a7cbe8a5214c64dd63ef58788186eb1e160ebcd63bcfcb120670c856bbccbbb4253303a4aa8ac564b62169b20ce15c971ccbe7bc34b0a15260fcfe60919c941baba5b68e98f3ed01a523def3d0183f3b0455c17efd7726f7cfc2a0386583bf1cc4070a3a614dae8ba56d8ca71ece056a81ee9cfbaec75de63f54597162c0a88927f269066f0632c1ebe77d06719efb3d07a11ae532e98490a606b8d85d5206565de834e98c15935edb743d8ff76e4042a351c9f520e5c03fe372b13cad8dea81fb272dbf2c90670fc0f892363c5f99c96e8f032f23f39fcf11593e4477cecab886778030d4a2fe8cf8132ee49b6aa24438a7205331352c661632101b4e0001d00a894053cae1ffb54c3eb6c8702f53c31a85e5846ea159061505a62de6ccc907183e42c5d834152c882eda5f335521ba99d6a3f3e8025cd24806505fc827886cd77017a735557ea3fdf7eed39c3bdaf59104d8aa5017829e4500f39742ef7bbe82b6ecf0f55025c78def3b273daf25afb8f1ca70097f3b066d2a0353ad443b3c6a4d049f14e7138db94b95a6ec46045af93fa2b15e54f02ab6b6642d674d09ecd8e29a9557753672f9fe6088c7a574c07bbc742a4c39347ac3c75c6105a3100ab2b1ecbc2b18850c023bc053690bd4523376ef5deb74405db0d14c389359a3642a7c5690c37b132d0caf1dcb57138e147c359ec8e384862e6b9860326d2462d7661750c58326ff55bf29ec382cec42adb597b886763bc559e5193a4e7fe3fa82f051f47f335f9b02093eaf7516f7b439da3786a29507aaf881abafb0bbacf69544196f0bef7372e1a6e1a67aa468ea30145f55959f421ffaa003b6d86d5a2072b179a9f9e6c4f4e68dad79852e3dfd81cd3f9d28b0b0722c484635e6f3e9634ae2bc9674facee3f137c6dc1044f9db580841f9395fc649847aa7ac27438061b000bfbe4ba54b56a54e95aa343596881e329a51880c8e7cf6359a36c61c86b238d785f6d567eac4d9d8407e7b2f1b0d91e94fbd8b83790eb4606bad33241194fc44ac7d5e542e462c452de7cdd79e86ab154561898a481bc923b5777b1d5d79ec0ca12f2ade76e361a299286790bd671629300c71bb4356d2c8606699b6077e3dc4e346d526ed3b8642775f76ae09bd5911f3712862d32ebc6b37831743e1b03ab16a686b458394930ba0904b2b6df13f3c747c90311bd99923c6fce47ab648f4c964b320878f075c2966cc2707c12d4b08a70e08ab3fdb09fc23db5041f74515c00005655cd5dd0a5b12a5793c15a3fd2186b08e7757912bf79826a437cd66a2d81ff92e9ece7a377c597b48631e75f2b4d95a1e5337d9aba6323cfd23b1451ad52f9b46e832460ad560c1647542366b3aa1f5f054a2e12203eba41bbf6a4777deedeed272a6f6b80006129979287c8e3be75ddba35448fce2a94b4f1ae18b5f9dafeab90eb0bb05c7844e4f10922df5a870cb6b5402f1b738ff0a3e1aa0b819c805fc279a305f690e98c3cfa59a59a1b4a4313259773afc679ebfe2d0417de7d56894449385f03b5b88f2da3ac1f62c6050235befdbb2003b6bd30d6f9e3557469d39ffc7307188c31fff19d0cd53fe8c71fb295c4cd8ec7563a53c0af2441d9cfd1641684641d448ab98e257f6311f5d46b2aa7cf7ce5eb5fad3611632aaf81680829ff1fa49481dae02cb0d220d7af22da59870beb91a4b2321e8a28391377c6ed330d3582e57592fb76b2b2143025a62585c076a5e9e511b57b55de88d1927c116f0bf389418e8d00be9158ab24fc9d8273ea8bc2b616fac2d5619ead87d3dfa2303170a0987929ced80e5930fcdf9ef37f7478ba6f0affe5a5ac5c2cb057b9f46234628ecca07a77a29491842916985917fa0a8f4cfd4bbcbe7d13a96ae4e31f295509fa3801a4f5c978156fc832d36f22e8caf4f23f0d2f41037b4bdf2dd9f7af1d2d33d54a953d373bac6a45e87531ef5432e1339f929b9b5214efb18d1c357120687c32b53c4ea4345b85b56111e15791496f2bd0bcbc2ecc41830e289b5a1f83e119ac9ff46360edf1771e76c8320c3bbcb936d1f0a928d714616c6dfa54e2d17781ae271175a39b9cfdea9de8a777e70ae622a7b248ff952603703125fd7b521d464b9a1068483db01e5be9fd84f9e5850649ba10f7443b67c3d9a6fc2f6c60d12f3a7cadae490748fdd9d569808864af0a5bfb9cf8a01422abde4ed953620298d968c616152cf9cfc3df5a7618faac6374ae0b5bbc329838090118f486804169760f4c5e74545004dc8c285ac0d95e9a99c8629659e67890cb68a3317f000ef47a506a83f1204a265aa566398fadef4c48a7653a391ee1472e07c64737aa925928711d2bce95f5f8ae0bfcd1305a09941843aba13b7ba94c39020cea552b8ff14c24e360ea5fdbeba44a132ad1191d3e011d635d253959d046ec874a682f7f42d54568d1e24634ad544a348dadeaa69f05480562643652bfddd6b96f4dbdfb4b272bac61416e7ff838f8459c50a54bce0331aa48477aac685f9fc4f1278319891a87239b3da8165b3f73fb8055b7774c63d3ecaecc3972405c759fc39c8dbde79480edf712aa522853d085745e13d8a882be7a7b916b0b82a0555c6ce524ee36a5033c0b1a4d8b445d059f9b68700c04208c0a0f33d5f2fe8cb06bca8bf249fe3213f1316f6740a88cab0796b0f378c964845050289d7d77d6b15e5b9bc40f7e19e922dcddcdb0667145a0205f31b522a626bdd9ea4ca99e6293ee1bfa866403cc19e7a16ab39019156cd67c0c3ef684e38b3113a1eddb26cad1230ad9ee4651144bb3a19461e6c4162f61b839bc61607575d8036c355a245fe26769fece5223d1bb8453079991d7753ee89bc6df076a77f8e7688f0eaf02066094a0bcd387657ba3260ea8346b2386d668f6fd6240d2c0eb78cdc415bd78c8ad6e5063272ef8fa8be4625267d56f2af95e473a8498a4093c3336f7a8d1569984f682efb0311ff41ccfe3c4cf1b29dd8a53e065cbaaf47f6013344f55b54f1d0302cf07c8423c3e9c3ab9593a1ef0d86119ec53f0a1545a2eafead28389ec86db845af9b38c51312a9b657d216d4057302877554827832c2444de0f7606b9688a3a26a1a19b2b32f384312d3b51852b8beeaff55920fdcc2fb04088e2435c81b89d567c1a3271d54e0f2233ec1435cc310ab2b8c93a8ff87a86ecbf76a814ccdd779863cc168ad293a1a798622d09305bb397c308626b667c5cbfceb0e5cbda82293dc756d0548e5a59d2c86bfa534d1a8a65b9d9118882df004c480204b2100e20d0267da4161828bc5b13f9c311c2fd3a1c3a09c6344000ed4998a427b245e468ab0536cfc0cfb69e75a476a0094fdf2146283b7f34519e65165e71377ac8a17b7b647e54c47ba3fc51dc66b1f4c2198358867e14a50f2b4b06f2cb7a7b657825b67a11d736d54825c29424acdcbc0b4fe26ed15c0e10aca62dd188a40e96b39c0e9c437fcc8668305f2c9aba63bf0725a297ada5bcb73d03b707203add3696567aa23f585310bd601fa7c98bcf07884f4e4af4e396f5259e37c0b163eae62b8ca676c74753791a5663ba6fdc1a596cfdd7ca18efbcb08f6c8bf34200909d1e77ae1d270b2f844e1ec7735fc9fa38b1fe367cbddbb3e0c06efbc0a391c52470256453002a26d4368095ad2ec71be271c65a8c87dd1a8bf02c29906e1e22f3296738ea8d2d97f0c553f5e32a7c9df12e7f2f8a0ca047b8b71e2e835379a76ae37fdd19afa0fbd777ad0e4aca95bd50309879dea55114aff470c06799de7aa13169e77fb5760f30f48d9d6ec73aa575c3bf5f3a12b5e173087e1c6a667b4561b28e3f939ff0502bdf8f6bfcecb18198ea9402d94638fe2c9a9d80b5e1ead867c2d62c6ad9e9e459f2f65cf12510123f4f83a96a4494b281c0a732a331b512aa8ce34801d64615c1918b1b592ef1bb1b0ea2e2ef9e4b7478bef966d9c02944a493929e78664421b034c19ac744c82b1b8bce6d083e25d75e358ea6a9b6bc4bb3d6077a51af2eb001efe3a2e7d4d95df62f22dd2e8e9023a05a22400c564293f85a0a2a26a212b0ad2d97c58bbe774e7ea7c12a404cf894144d8522a5c9f6571f1a6c47865a602fa11189e7997da7c6c2f54939b72b3823dad8c4f5114f7ca5cc7100bef782bb693d6c4f83ba2aaba178db4da4f045eab70f1e3e2642967a8089de6fc4950ad28597117d22930b70ca2482f9b77a13d442ee91f5eddc336679231465f9812d0ab4a129ec79e666d6acf2eb1a5cab7f7ef90fa5f9e9276ca1768a6405fdba417a69faa7823c574f0e711dfa6f521a5de556c168be5ca3fd3c886eb81c3f266e6ad2dda91d25019424e94cc935294b1e23fb5fb3ecc8ba0122fec2710570ad61913695bf55366f3486c3d40224516e354624d6a027a3534bbfc08883d599a576e1093df7bddcb0e9709bfff531d543165fc3401ab88b078c4f156df656df524c7c7de23214f8826fc32e081d50e804610e40f0100c4a8b2a42cb36e7599c39e1510c595b6e7123d86a5f1693cb8d46d49d475a6995dff1d84c9fcbdf1437311eddda7c63132150bf336bae090df9d036518b3cb63f00760cb3daaea46012661b0eacba9c9f40b772f1b7aabc8e449ed242baa811e95313c5e178de5bd29912218eafee9d4267b16212163a49c440107023ed7279c3eda3d3956f24ac3902f10bad113551d3ba49547fd47203bbf6855e6c976c7a29d207eb6c8bab22f6a00235037ced5510ddeecb13614e461b70b4411312f63df2f86824473150b84b2628b54a07b562bb80d14506dacf2b66c437f0ea5ac7365e969dd92e152f9293aa3b873710f701b480d0cfb86aa03b635f1d7824dab271d9beaf3eba77040f98a19732121030d3b2f41e648839fa59c5872bca04f2667b9b7ac8656c62b921bdf12f59854b74f22e219e6926cb468c0a55842ab2f1270186b9ea461652851b5194543166f39dc69dd87e1dd376d0f7dd173d9e3ee9857e91b08f3417bd28ab7a85c65a3c7f27f795a37dbf6759542b00c2dffcd89ecd2cc385fd2be29cf4a90e5a4ae2f5baffef9b56f8139dbaf21d63b416c64d9ca22b3eb0eeafcea2e9d8fc3c2390120ec058f41039dd985f76c57fa11f812f1221e63f374a8f419ec65443d5b12fab0eb9797a49487696642bbf0a65830d"], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x0)
sendmsg$DEVLINK_CMD_RATE_DEL(0xffffffffffffffff, 0x0, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x38ff, &(0x7f0000000480)={0x0, 0x200003, 0x10100}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
io_uring_enter(r3, 0x2dec, 0x4000, 0x0, 0x0, 0x0)
r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
preadv(r6, &(0x7f0000000040)=[{0x0}], 0x1, 0xfffffffe, 0x10a2)
ioctl$FAT_IOCTL_GET_VOLUME_ID(0xffffffffffffffff, 0x80047213, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
setrlimit(0xd, &(0x7f0000000080)={0x3, 0xf})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000880)="90"})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x48880, &(0x7f0000000000)={0x2, 0x4e27, @local}, 0x10)
openat$drirender128(0xffffff9c, 0x0, 0x444103, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xe, 0x208, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES64=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000080)='syzkaller\x00', 0x0, 0xaa, &(0x7f00000000c0)=""/170, 0x41100, 0x3a, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x8, 0x5}, 0x8, 0x10, &(0x7f00000001c0)={0x2, 0x100006, 0xfffffffa, 0x40e}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f0000000200)=[r2, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000280)=[{0x4, 0x4, 0x9, 0x7}], 0x10, 0x7}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000100001002abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="802100000000000014000300000000000000001800168014000180100006007ffffffe0800000008000100"], 0x4c}}, 0x0)

3m34.719999667s ago: executing program 0 (id=981):
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x211a1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
ioctl$sock_bt_hci(r3, 0x400448c9, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x5, 0x7b, 0x4, 0x5, 0xcc7, 0x8, 0x8, 0x80000a, 0x100, 0x2, 0x3, 0x1, 0x1, 0x6, 0x101, 0x8faa, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x7, 0x8, 0x6, 0x0, 0xfffffff8]})
ioctl$COMEDI_SETRSUBD(r5, 0x6410)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000100)="660fae3bc744240268000000c7442406000000000f221424d9cac0f9c9f3446e66baf80cb8f44d7d86ef66bafc0cedc4021947c966baf80c66460f3a41cc0eef66bafc0ccc460f2146bbd682bbd6821c70400f06", 0x54}], 0x1, 0x31, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, 0x0, 0x0)

3m32.729782759s ago: executing program 8 (id=1002):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r1 = fanotify_init(0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="180200000000000000000000000000001801000078d96c2500000000070000007b1af8ff00000000bfa100040000000007010000f8ffffffb70000edb0ea7c17217f9b0146e90000000000b7030000000000fd850000007200000018110000", @ANYRES64=r2, @ANYRES64=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, 0x0, 0xffffffffffffff90, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r3}, 0x10)
r4 = epoll_create1(0x0)
epoll_wait(r4, &(0x7f0000000180)=[{}], 0x1, 0x86)
r5 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x103000)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, &(0x7f00000007c0)=0x10)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r6, 0x8982, &(0x7f00000006c0)={0x0, 'bridge0\x00', {0x101}, 0x2})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68010}, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYRES64=r9, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0xfff3}, {0xfff1}, {0xe, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000740))
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000780)={'ip6tnl0\x00', &(0x7f0000000800)={'syztnl0\x00', 0x0, 0x2f, 0x4, 0x6, 0x6, 0x1e, @loopback, @ipv4={'\x00', '\xff\xff', @remote}, 0x7800, 0x20, 0x6, 0xffff}})
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r7, &(0x7f0000000940)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x14, 0x0, 0x400, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x89)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r7)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r7, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x2c, r10, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x40}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000}, 0x4000020)
r11 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc0b02)
ioctl$CEC_TRANSMIT(r11, 0xc0386105, 0x0)
ioctl$CEC_TRANSMIT(r11, 0xc0386105, &(0x7f0000000140)={0x100000000, 0x800, 0xf, 0x80000001, 0xfe1c, 0x6, "72aba977db089b65fdfdc5bd97abc350", 0x74, 0x3, 0xa7, 0x7, 0x8, 0x7, 0x29})
r12 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r12, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x5, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f56ca74227234da829edb7"]})
close_range(r1, 0xffffffffffffffff, 0x0)

3m32.523017477s ago: executing program 8 (id=1003):
set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x20, 0x33, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0)
set_mempolicy(0x3, &(0x7f0000000000)=0x7, 0x7) (async)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x20, 0x33, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) (async)
syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0) (async)

3m32.522927133s ago: executing program 8 (id=1004):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x14, 0xa, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x2000c015}, 0x8000) (fail_nth: 5)

3m32.390004592s ago: executing program 8 (id=1005):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
r0 = syz_clone(0xc8a02200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0x15, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x5, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x0, @local}}}, 0x104)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0x94, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
setpgid(0x0, r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0xfffe, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, "b14f16b81525ccf0f8b91f7214ea27025100"}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0xdfcd)
landlock_create_ruleset(0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

3m32.27912998s ago: executing program 8 (id=1006):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@flushpolicy={0x10, 0x1d, 0x1, 0x0, 0x1}, 0x10}}, 0x4040)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r3=>0x0})
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x10, &(0x7f0000000100)=0x840f39, 0x4)
sendto$packet(r2, &(0x7f00000000c0)='?', 0x1, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x1, 0x6, @local}, 0x14)
ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000300040100"})
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)

3m31.929318743s ago: executing program 8 (id=1010):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
write$char_usb(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x40002000})
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000040)=0x1e)
write$char_usb(r0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})

3m31.857424578s ago: executing program 37 (id=1010):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
write$char_usb(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x40002000})
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000040)=0x1e)
write$char_usb(r0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})

3m31.280295355s ago: executing program 0 (id=1013):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
sendmmsg(0xffffffffffffffff, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) (fail_nth: 5)

3m31.180527448s ago: executing program 0 (id=1014):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
r0 = syz_clone(0xc8a02200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0x15, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x5, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x0, @local}}}, 0x104)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0x94, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
setpgid(0x0, r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0xfffe, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, "b14f16b81525ccf0f8b91f7214ea27025100"}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0xdfcd)
landlock_create_ruleset(0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, 0x0, 0x2)

3m30.970267429s ago: executing program 0 (id=1015):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x4000, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e8007feff8763", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2020, 0x1f, 0x12, r0, 0x2000)

3m30.770285515s ago: executing program 6 (id=1016):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x4, @local, 0xb}, 0x17)

3m30.761009872s ago: executing program 6 (id=1017):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="bf16000000000000b70700000001000048700000000000003500fffff000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4318123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) (fail_nth: 5)

3m30.273814919s ago: executing program 6 (id=1019):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x8f)
sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000040)={&(0x7f0000000440)={0x130, r1, 0x8, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000001}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'virt_wifi0\x00'}]}, @IPVS_CMD_ATTR_DEST={0x4c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7f}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x839}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffff9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DEST={0x64, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@empty}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x20002}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x4004}, 0x4000000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x28c81, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x3000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
r9 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r9, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)={0x1c, 0x5e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x3ffd, 0x0, 0x0, @uid}, @typed={0x4, 0x0, 0x0, 0x0, @binary}]}, 0x1c}], 0x1, 0x0, 0x0, 0x488c5}, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

3m29.599960897s ago: executing program 6 (id=1021):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0xb)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0xc008aec1, &(0x7f0000000140)=@arm64={0x8, 0x80, 0x0, '\x00', 0x5c8d})

3m29.599735334s ago: executing program 6 (id=1022):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000000)='./file1\x00')
r0 = syz_clone(0xc8a02200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r1 = socket(0x15, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x5, {{0xa, 0x0, 0xfffffffe, @mcast1={0xff, 0x7}, 0x10}}, {{0xa, 0x0, 0x0, @local}}}, 0x104)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000001c0)={0x0, 0x0, 0x94, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
setpgid(0x0, r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, {0x0, 0xfffe, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, "b14f16b81525ccf0f8b91f7214ea27025100"}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0xdfcd)
landlock_create_ruleset(0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, 0x0, 0x2)

3m29.21242285s ago: executing program 6 (id=1024):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc30}, 0x90)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xfb998b673fdec582)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'rose0\x00'})
llistxattr(&(0x7f00000004c0)='./bus\x00', &(0x7f0000000500)=""/133, 0x85)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x58}, 0x1, 0x0, 0x0, 0xc5dff1b4c279acea}, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={0x1, <r3=>0xffffffffffffffff}, 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000280)={&(0x7f0000000040)='\x00*', &(0x7f0000000300)=""/172, &(0x7f0000000080)="504ef54c8e728e3ce0ba130a7e243bb05416597ddae64cc14964156f6e6f69c3694529ef9fc46e46001c03348dc1032a3c62734f", &(0x7f00000003c0)="1aa02ef0e0311e2759d796d99384ae5ca79535156e8fd1177a0afc1ec60fcd9579927e6fa082700393cdca0acc67eca2cb9df36aaf80364bce6f5aa8dcd2d3491be310c1f5d21c3b917e08fadbfe58f55e1de9ccc21a9c25f3bd71d00577ccdcecbeaffcf198bbf626eab3482c67d2ccd80f02c6d2c158fba7a1d8c07de97b488ef3bf2933488241ebb7383038544e23422a00194193bec9db981a8464f8f26e4ae9337d23c2e27974c3af5eee2549611c6ba82cb7e1d039e43d1296bb1859e632190d484555d142160abc16e175d97236e79b8104b221bacc84d437c2a456c6d2224bba", 0x2, r3, 0x4}, 0x38)
futex_waitv(&(0x7f0000001b00)=[{0xffb, 0x0, 0xa}], 0x1, 0x0, 0x0, 0x1)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x80)

3m15.802333502s ago: executing program 38 (id=1015):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x4000, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e8007feff8763", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2020, 0x1f, 0x12, r0, 0x2000)

3m13.978057331s ago: executing program 39 (id=1024):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc30}, 0x90)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xfb998b673fdec582)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'rose0\x00'})
llistxattr(&(0x7f00000004c0)='./bus\x00', &(0x7f0000000500)=""/133, 0x85)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x58}, 0x1, 0x0, 0x0, 0xc5dff1b4c279acea}, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={0x1, <r3=>0xffffffffffffffff}, 0x4)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000280)={&(0x7f0000000040)='\x00*', &(0x7f0000000300)=""/172, &(0x7f0000000080)="504ef54c8e728e3ce0ba130a7e243bb05416597ddae64cc14964156f6e6f69c3694529ef9fc46e46001c03348dc1032a3c62734f", &(0x7f00000003c0)="1aa02ef0e0311e2759d796d99384ae5ca79535156e8fd1177a0afc1ec60fcd9579927e6fa082700393cdca0acc67eca2cb9df36aaf80364bce6f5aa8dcd2d3491be310c1f5d21c3b917e08fadbfe58f55e1de9ccc21a9c25f3bd71d00577ccdcecbeaffcf198bbf626eab3482c67d2ccd80f02c6d2c158fba7a1d8c07de97b488ef3bf2933488241ebb7383038544e23422a00194193bec9db981a8464f8f26e4ae9337d23c2e27974c3af5eee2549611c6ba82cb7e1d039e43d1296bb1859e632190d484555d142160abc16e175d97236e79b8104b221bacc84d437c2a456c6d2224bba", 0x2, r3, 0x4}, 0x38)
futex_waitv(&(0x7f0000001b00)=[{0xffb, 0x0, 0xa}], 0x1, 0x0, 0x0, 0x1)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x80)

6.493557616s ago: executing program 7 (id=2142):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
r1 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00')
pread64(r1, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000040)={0xfffc, [0x8, 0x3], 0xfffe}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$describe(0x6, r3, &(0x7f0000000680)=""/232, 0xe8)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
syz_open_dev$vcsa(&(0x7f0000000240), 0xf, 0x2400)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00'})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@gettaction={0xb8, 0x32, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x68, 0x1, [{0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfff}}, {0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x1}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xf, 0xb}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0xb, 0x3ff, 0x2d56, 0xd0cd, 0x101, 0x3, 0x2, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24008860}, 0x4008000)

5.252984977s ago: executing program 9 (id=2148):
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mount$tmpfs(0x0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000580), 0x2000000, &(0x7f0000000180)=ANY=[@ANYBLOB="6d00000000ff7da205000030e9e53d8c551f00000000c671531a5b8c9aa377d457768114"])
sendto$inet(0xffffffffffffffff, &(0x7f0000000280)="b2051a5b24fd7c3b08f0f8293d13e2fa135aa1c50af30d33285b557debc142a9678e97357bc0522d6a2d995fd5c5c3b49fc49766d8b469abb389df4345f03183bcb61cf4bea06219d9ac19bd541118abd00f736e10e8d3916130a4ab790c560ad8a0a0fa15f9f621639a2789db0c0ab8f903bee35c0384dbbba9179bd58baffe5585896858b5b97fe4b915326bc97607315fee5b2321f0e04133adbfceac91ea0cb7a53e6239f8f0ca51f3361ba3c5c3f0e786851d59afaee5fbaa151ee2001590bfe679ca5e0451df39cffcbfd89c632c053d5a82925293d4ca23935a382522cef36f5e00a0be9b82bfab770c", 0xed, 0x10, &(0x7f0000000380)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg/2:0:0:0\x00', 0x200, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, 0x0)
userfaultfd(0x81000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1b, &(0x7f0000000600)=0xdfa, 0x4)
creat(&(0x7f0000000440)='./file0\x00', 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
read$FUSE(r2, &(0x7f0000004180)={0x2020}, 0x2020)

4.341795549s ago: executing program 7 (id=2153):
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mount$tmpfs(0x0, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000580), 0x2000000, &(0x7f0000000180)=ANY=[@ANYBLOB="6d00000000ff7da205000030e9e53d8c551f00000000c671531a5b8c9aa377d457768114"])
sendto$inet(0xffffffffffffffff, &(0x7f0000000280)="b2051a5b24fd7c3b08f0f8293d13e2fa135aa1c50af30d33285b557debc142a9678e97357bc0522d6a2d995fd5c5c3b49fc49766d8b469abb389df4345f03183bcb61cf4bea06219d9ac19bd541118abd00f736e10e8d3916130a4ab790c560ad8a0a0fa15f9f621639a2789db0c0ab8f903bee35c0384dbbba9179bd58baffe5585896858b5b97fe4b915326bc97607315fee5b2321f0e04133adbfceac91ea0cb7a53e6239f8f0ca51f3361ba3c5c3f0e786851d59afaee5fbaa151ee2001590bfe679ca5e0451df39cffcbfd89c632c053d5a82925293d4ca23935a382522cef36f5e00a0be9b82bfab770c", 0xed, 0x10, &(0x7f0000000380)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg/2:0:0:0\x00', 0x200, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, 0x0)
userfaultfd(0x81000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1b, &(0x7f0000000600)=0xdfa, 0x4)
creat(&(0x7f0000000440)='./file0\x00', 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00')
read$FUSE(r2, &(0x7f0000004180)={0x2020}, 0x2020)

4.208710574s ago: executing program 9 (id=2154):
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x211a1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
ioctl$sock_bt_hci(r3, 0x400448c9, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x5, 0x7b, 0x4, 0x5, 0xcc7, 0x8, 0x8, 0x80000a, 0x100, 0x2, 0x3, 0x1, 0x1, 0x6, 0x101, 0x8faa, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x7, 0x8, 0x6, 0x0, 0xfffffff8]})
ioctl$COMEDI_SETRSUBD(r5, 0x6410)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000100)="660fae3bc744240268000000c7442406000000000f221424d9cac0f9c9f3446e66baf80cb8f44d7d86ef66bafc0cedc4021947c966baf80c66460f3a41cc0eef66bafc0ccc460f2146bbd682bbd6821c70400f06", 0x54}], 0x1, 0x31, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, 0x0, 0x0)

3.948494678s ago: executing program 2 (id=2156):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r1, &(0x7f00000008c0)=[{&(0x7f0000000580)='`', 0x1}], 0x1)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x2f5, 0x4)
recvmmsg(r0, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0)

3.878098916s ago: executing program 4 (id=2157):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r4, 0x0, 0x1}, 0x18)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r6, 0x289e0cb5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

3.877591715s ago: executing program 2 (id=2158):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x3})
write$binfmt_format(r0, &(0x7f0000000200)='0\x00', 0x2)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

3.808569363s ago: executing program 2 (id=2159):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r2}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
r4 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c046", 0x38, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r5 = add_key$user(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000580)="6bc27c9648fc552b75f4092286283b4918b8d18893aa40ecb0bd80d5d1911d336cedbdbb112899f577bc5335a48375021a6fb5fa629bf3fb781b28d824ac3a3e04f6d4bb42fc77c932542e", 0x4b, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000600)={r4, 0x0, r5}, &(0x7f0000000640)=""/238, 0xee, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r3, 0x3, 0x5001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r8=>0x0, &(0x7f0000000340)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000140)=@IORING_OP_LINKAT={0x27, 0x44, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x1400})
io_uring_enter(r7, 0x47fa, 0x0, 0x0, 0x0, 0x0)

2.960623039s ago: executing program 7 (id=2160):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, &(0x7f0000000740))
ioctl$TCSETS(r0, 0x5402, 0x0)
write$UHID_INPUT(r0, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153bdf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f00000000c0)=0x6)
r4 = openat$dsp(0xffffff9c, &(0x7f0000000040), 0x82040, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r4, 0xc0044dff, &(0x7f0000000100)=0x9)
creat(0x0, 0x0)
timerfd_create(0x8, 0x80800)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
io_uring_enter(r5, 0x47f6, 0x0, 0x4, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x0, 0x0)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x48881}, 0x10)
syz_emit_ethernet(0x11, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080502080f3bcd2db6da6c8d5dacd7b3c6b8f140d184bbab7901cdc51b96b22f4697ed546ca9e49e8767eb4903b77e5ae0189ac97eed03c9108d6e5cc277d60353a9a9999972ca1f8f6a13658bd927d8ac8f4c181670bd549cd205f3145ead908b1570d2bd160689c68bbcb4a58577a2"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_emit_ethernet(0x7e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c20000001704b45adbde0800450000700000000000019078ac1e0001ac1414aa05009078e00000e0450000000000000000110000ac1414aa00000000830300443c00030a0106000000000000f0ffffff000000ffffffff00000000ac141400000000000000000000000000ac141400"/125], 0x0)
utimes(&(0x7f0000000200)='./file0\x00', 0x0)

2.841965943s ago: executing program 2 (id=2161):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
r1 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00')
pread64(r1, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000040)={0xfffc, [0x8, 0x3], 0xfffe}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$describe(0x6, r3, &(0x7f0000000680)=""/232, 0xe8)
ioctl$TCFLSH(r2, 0x400455c8, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
syz_open_dev$vcsa(&(0x7f0000000240), 0xf, 0x2400)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vxcan1\x00'})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@gettaction={0xb8, 0x32, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x68, 0x1, [{0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfff}}, {0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x1}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xf, 0xb}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0xb, 0x3ff, 0x2d56, 0xd0cd, 0x101, 0x3, 0x2, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24008860}, 0x4008000)

2.375446103s ago: executing program 4 (id=2162):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c046", 0x38, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r4 = add_key$user(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000580)="6bc27c9648fc552b75f4092286283b4918b8d18893aa40ecb0bd80d5d1911d336cedbdbb112899f577bc5335a48375021a6fb5fa629bf3fb781b28d824ac3a3e04f6d4bb42fc77c932542e", 0x4b, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000600)={r3, 0x0, r4}, &(0x7f0000000640)=""/238, 0xee, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x3, 0x5001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_LINKAT={0x27, 0x44, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x1400})
io_uring_enter(r6, 0x47fa, 0x0, 0x0, 0x0, 0x0)

2.021500852s ago: executing program 4 (id=2163):
prctl$PR_SET_THP_DISABLE(0x44, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@empty}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r5=>0x0, &(0x7f0000000480)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0x3498, 0x969, 0x0, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000300)=0x7fe7f, 0x4)
dup3(r4, r2, 0x80000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$inet_udp(0x2, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)

2.010675934s ago: executing program 7 (id=2164):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendto(0xffffffffffffffff, &(0x7f0000000140)="4c9e7c7e4eafe783643aea030babd56d90a00d126a73", 0x16, 0x40010, &(0x7f0000000180)=@l2tp={0x2, 0x0, @broadcast, 0x2}, 0x80)
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
epoll_create(0xfffff273)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\x00\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x440800, 0x8c)
mkdirat(r1, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=virtio,access=', @ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000100)=0xd)
r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f70c9b3e6ee7ff7fc6e5539b9b3b0e8b9b411b5d30091b080d29428f0e1ac6e7049b3468959b4c9a242a9b67f3988f7ef319520200ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x100d}}, 0xfffffdef)

1.128044264s ago: executing program 4 (id=2165):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000010000000080001004d00", @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0x8050}, 0x240048c0)

1.038416594s ago: executing program 4 (id=2166):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)}], 0x1, 0x2040801)
sendmsg$key(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0}}, 0x80)
r3 = openat$cdrom(0xffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
readv(r3, &(0x7f0000000380)=[{&(0x7f0000000200)=""/195, 0xc3}], 0x1)
ioctl$CDROMRESET(r3, 0x5312)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}}}, 0x84)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000400)=ANY=[@ANYBLOB="0300000002004e23e00000020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a23f10e9708681fefed56f1cd1abaed5923d2e96788565c4638505b69dcc5272c7450e63dc4b963e655abf7ecc3a942ac2b1f489ed94713486cb5ea3da675541da92a077a9ee6836bdd9ce496a8d05b2a0049115e5b0cc64d89d9b51dd22cb6cbdae405d7ece0487b50f9d5ce4b296831941cb20"], 0x90)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES32], 0x44}}, 0x50)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x2c, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xffff}}, [{0x8, 0xb, 0x200}]}, 0x2c}}, 0x0)
ioctl$BSG_GET_RESERVED_SIZE(r5, 0x2272, &(0x7f00000003c0))
sendmsg$key(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
gettid()
unshare(0x46000000)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='ufs\x00', 0x2a08840, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)

1.037963808s ago: executing program 9 (id=2167):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x3})
write$binfmt_format(r0, &(0x7f0000000200)='0\x00', 0x2)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)

955.619657ms ago: executing program 9 (id=2168):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
eventfd2(0x0, 0x0)
r0 = syz_clone(0x1940380, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setsig(0x4203, r0, 0x81, &(0x7f0000000000)={0xc, 0x7, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x20002)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
rseq(&(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x2, 0x1, 0x901, 0x1}}, 0x20, 0x1, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(r3, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4005}, 0x801)
ioctl$NBD_CLEAR_SOCK(r2, 0xab04)
io_uring_register$IORING_REGISTER_FILES2(0xffffffffffffffff, 0xf, &(0x7f0000000380)={0x60, 0x1, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(0xffffffffffffffff, 0x10, &(0x7f0000001f80)={0x4, 0x0, &(0x7f0000000e00), 0x0}, 0x20)
r4 = getpgid(r0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'dh\x00', 0x4, 0x1000, 0x40048}, 0x2c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0)
rt_tgsigqueueinfo(r0, r4, 0x40, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)

955.18927ms ago: executing program 7 (id=2169):
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000700)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=mmap'])
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r3, &(0x7f00000002c0)=[{&(0x7f0000000180)="8c", 0x1e}], 0x1, 0x8, 0x5, 0x12)

945.487839ms ago: executing program 7 (id=2170):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x1002, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r1, &(0x7f0000000280), 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000d62b00006110600000000000c6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@map=r3, r2, 0x5}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x7, 0x26, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xdd3, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ff}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @call={0x85, 0x0, 0x0, 0x14}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r4, 0xe0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000001380)}}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
r5 = socket(0x10, 0x803, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10)
r7 = memfd_create(&(0x7f0000000440)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xb5\x12\t\xe0\xf2\'f\xf4+\xb3\xdeA6\x10O\xdd\x9c\xf7B', 0x7)
ioctl$FS_IOC_RESVSP(r7, 0x40305829, &(0x7f0000000000)={0x0, 0x2, 0xfffffffffffffffe, 0x4, 0x4000})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bond={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BOND_PEER_NOTIF_DELAY={0x8, 0x1c, 0x200}, @IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x2}, @IFLA_BOND_MIIMON={0x8, 0x3, 0x5}]}}}]}, 0x4c}}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
ioctl$COMEDI_BUFCONFIG(0xffffffffffffffff, 0x8020640d, &(0x7f00000008c0)={0x5, 0x7, 0xf8000000, 0x1000000})
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r9, r9, 0x2f, 0x0, @void}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e06bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23870140cde10e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b27663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3800000000000000009c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fba6f421145c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488a0200000000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e4a59414329a7c7f2fad6bc871f5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561fe589e0d12969bc982ff3f0000006c0c6c747d9a1cc500bb89283a16ff10feea20bdac0000000000000000ca06f256a55591019465f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ee40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a3dc4e97f7fda840bcdd3afaa0d7c3c229de4f0f4ac4d04f1a4e52e38325ca2e5f1f9caaa7234053eca09ec3c8c16940bc3edfb2e016f355391c0e7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
sendto$inet6(r5, &(0x7f0000000840)="9c9c3ebac36088d81a9a2a8d44", 0xd, 0x1, &(0x7f0000000880)={0xa, 0x4e23, 0x8, @remote, 0x1}, 0x1c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r10, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638877fbac141416ac14141644089f034d2f87e5070f0cab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

708.290871ms ago: executing program 2 (id=2171):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
r3 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c046", 0x38, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r4 = add_key$user(&(0x7f0000000500), &(0x7f0000000540)={'syz', 0x2}, &(0x7f0000000580)="6bc27c9648fc552b75f4092286283b4918b8d18893aa40ecb0bd80d5d1911d336cedbdbb112899f577bc5335a48375021a6fb5fa629bf3fb781b28d824ac3a3e04f6d4bb42fc77c932542e", 0x4b, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000600)={r3, 0x0, r4}, &(0x7f0000000640)=""/238, 0xee, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x3, 0x5001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_LINKAT={0x27, 0x44, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x1400})
io_uring_enter(r6, 0x47fa, 0x0, 0x0, 0x0, 0x0)

560.788599ms ago: executing program 9 (id=2172):
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xfffffffffffffeef, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

138.23949ms ago: executing program 4 (id=2173):
prctl$PR_SET_THP_DISABLE(0x44, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x104, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@empty}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=<r5=>0x0, &(0x7f0000000480)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0})
io_uring_enter(r4, 0x3498, 0x969, 0x0, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000300)=0x7fe7f, 0x4)
dup3(r4, r2, 0x80000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$inet_udp(0x2, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)

1.308599ms ago: executing program 9 (id=2174):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x1, 0x0, 0x4, 0x3})
write$binfmt_format(r0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

0s ago: executing program 2 (id=2175):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000680)={'wlan0\x00'})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)={0x3c, r7, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)

kernel console output (not intermixed with test programs):

  395.808617][    C0] vkms_vblank_simulate: vblank timer overrun
[  395.814641][T12243] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.880384][ T6161] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  395.882993][ T6161] em28xx 14-1:0.0: board has no eeprom
[  395.938163][ T6161] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  395.938202][T12268] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  395.940791][ T6161] em28xx 14-1:0.0: dvb set to bulk mode.
[  395.943253][T12268] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  395.948430][T12268] vhci_hcd vhci_hcd.0: Device attached
[  395.948465][ T6161] usb 14-1: USB disconnect, device number 9
[  395.953215][ T6161] em28xx 14-1:0.0: Disconnecting em28xx
[  395.955138][ T6581] em28xx 14-1:0.0: Binding DVB extension
[  395.979513][ T6581] em28xx 14-1:0.0: Registering input extension
[  395.981959][ T6161] em28xx 14-1:0.0: Closing input extension
[  395.986774][ T6161] em28xx 14-1:0.0: Freeing device
[  395.990534][T12270] vhci_hcd: connection closed
[  395.990843][   T13] vhci_hcd: stop threads
[  395.993765][   T13] vhci_hcd: release socket
[  395.995191][   T13] vhci_hcd: disconnect device
[  396.291518][   T61] em28xx 12-1:0.0: unknown em28xx chip ID (0)
[  396.496162][T12256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.499323][T12256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.560444][   T61] em28xx 12-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  396.561765][T12278] netlink: 'syz.9.1700': attribute type 1 has an invalid length.
[  396.563329][   T61] em28xx 12-1:0.0: board has no eeprom
[  396.566659][T12278] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1700'.
[  396.592010][   T40] audit: type=1804 audit(1758943544.727:645): pid=12280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1701" name="/newroot/160/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  396.628059][   T61] em28xx 12-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  396.631229][   T61] em28xx 12-1:0.0: dvb set to bulk mode.
[  396.634505][ T6038] em28xx 12-1:0.0: Binding DVB extension
[  396.636519][   T61] usb 12-1: USB disconnect, device number 19
[  396.639499][   T61] em28xx 12-1:0.0: Disconnecting em28xx
[  396.721428][ T6038] em28xx 12-1:0.0: Registering input extension
[  396.727876][   T61] em28xx 12-1:0.0: Closing input extension
[  396.749711][   T61] em28xx 12-1:0.0: Freeing device
[  396.774017][T12287] FAULT_INJECTION: forcing a failure.
[  396.774017][T12287] name failslab, interval 1, probability 0, space 0, times 0
[  396.782762][T12287] CPU: 3 UID: 0 PID: 12287 Comm: syz.2.1703 Not tainted syzkaller #0 PREEMPT(full) 
[  396.782785][T12287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  396.782795][T12287] Call Trace:
[  396.782801][T12287]  <TASK>
[  396.782808][T12287]  dump_stack_lvl+0x16c/0x1f0
[  396.782839][T12287]  should_fail_ex+0x512/0x640
[  396.782863][T12287]  ? __kmalloc_noprof+0xbf/0x510
[  396.782884][T12287]  ? kernfs_fop_write_iter+0x237/0x570
[  396.782908][T12287]  should_failslab+0xc2/0x120
[  396.782930][T12287]  __kmalloc_noprof+0xd2/0x510
[  396.782949][T12287]  ? rcu_is_watching+0x12/0xc0
[  396.782970][T12287]  kernfs_fop_write_iter+0x237/0x570
[  396.782998][T12287]  iter_file_splice_write+0xa21/0x12e0
[  396.783031][T12287]  ? __pfx_iter_file_splice_write+0x10/0x10
[  396.783053][T12287]  ? __pfx_copy_splice_read+0x10/0x10
[  396.783083][T12287]  ? __pfx_iter_file_splice_write+0x10/0x10
[  396.783103][T12287]  direct_splice_actor+0x192/0x6c0
[  396.783123][T12287]  splice_direct_to_actor+0x342/0xa30
[  396.783142][T12287]  ? __pfx_direct_splice_actor+0x10/0x10
[  396.783164][T12287]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  396.783180][T12287]  ? get_pid_task+0xfc/0x250
[  396.783209][T12287]  do_splice_direct+0x174/0x240
[  396.783227][T12287]  ? __pfx_do_splice_direct+0x10/0x10
[  396.783249][T12287]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  396.783270][T12287]  ? rw_verify_area+0xcf/0x6c0
[  396.783289][T12287]  do_sendfile+0xb06/0xe50
[  396.783320][T12287]  ? __pfx_do_sendfile+0x10/0x10
[  396.783339][T12287]  ? __fget_files+0x20e/0x3c0
[  396.783365][T12287]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  396.783386][T12287]  ? ksys_write+0x1ac/0x250
[  396.783406][T12287]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  396.783431][T12287]  ? rcu_is_watching+0x12/0xc0
[  396.783452][T12287]  __do_fast_syscall_32+0x7c/0x300
[  396.783471][T12287]  do_fast_syscall_32+0x32/0x80
[  396.783486][T12287]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  396.783506][T12287] RIP: 0023:0xf7f12579
[  396.783519][T12287] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  396.783535][T12287] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[  396.783551][T12287] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000004
[  396.783565][T12287] RDX: 0000000000000000 RSI: 0000000008000002 RDI: 0000000000000000
[  396.783576][T12287] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  396.783586][T12287] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  396.783596][T12287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  396.783621][T12287]  </TASK>
[  397.053344][T12292] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.076464][T12294] tmpfs: Unknown parameter 'usrquota(½p'
[  397.148754][T12289] lo speed is unknown, defaulting to 1000
[  397.358099][ T7484] usb 56-1: device descriptor read/8, error -110
[  397.400301][T12292] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.508063][    C1] net_ratelimit: 10 callbacks suppressed
[  397.508080][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  397.588094][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  397.635504][T12308] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  397.635520][T12308] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  397.635575][T12308] vhci_hcd vhci_hcd.0: Device attached
[  397.683821][T12310] vhci_hcd: connection closed
[  397.684576][ T1144] vhci_hcd: stop threads
[  397.684587][ T1144] vhci_hcd: release socket
[  397.684613][ T1144] vhci_hcd: disconnect device
[  397.738112][T12292] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.759837][T12292] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.828016][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  397.998032][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  398.120027][T12321] netlink: 'syz.4.1714': attribute type 1 has an invalid length.
[  398.120041][T12321] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1714'.
[  398.452005][T12335] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1719'.
[  398.459507][ T6581] libceph: connect (1)[c::]:6789 error -101
[  398.461687][ T6581] libceph: mon0 (1)[c::]:6789 connect error
[  398.498774][T12334] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1716'.
[  398.548216][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  398.628109][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  398.732778][ T6581] libceph: connect (1)[c::]:6789 error -101
[  398.740010][ T6581] libceph: mon0 (1)[c::]:6789 connect error
[  398.878018][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  398.956974][T12346] netlink: 'syz.2.1723': attribute type 1 has an invalid length.
[  398.967480][T12346] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1723'.
[  398.992298][T12342] lo speed is unknown, defaulting to 1000
[  399.038030][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  399.069950][T12326] ceph: No mds server is up or the cluster is laggy
[  399.288958][T12357] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1725'.
[  399.294329][T12357] openvswitch: netlink: Flow key attr not present in new flow.
[  399.448128][T12360] mac80211_hwsim hwsim16 syzkaller0: entered promiscuous mode
[  399.448688][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  399.451293][T12360] mac80211_hwsim hwsim16 syzkaller0: entered allmulticast mode
[  399.588054][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  400.036214][T12370] netlink: 'syz.2.1729': attribute type 1 has an invalid length.
[  400.040163][T12370] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1729'.
[  401.185813][T12381] tmpfs: Unknown parameter 'm'
[  401.508167][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  401.508182][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  401.688114][    T9] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  401.767391][T12387] lo speed is unknown, defaulting to 1000
[  401.859992][    T9] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  401.881373][    T9] usb 9-1: config 0 interface 0 has no altsetting 0
[  401.899940][    T9] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  401.907909][    T9] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  401.910022][T12393] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1736'.
[  401.916333][    T9] usb 9-1: Product: syz
[  401.920545][    T9] usb 9-1: Manufacturer: syz
[  401.925108][    T9] usb 9-1: SerialNumber: syz
[  401.931521][    T9] usb 9-1: config 0 descriptor??
[  401.941661][    T9] usb 9-1: selecting invalid altsetting 0
[  401.952355][T12395] overlayfs: missing 'lowerdir'
[  401.993208][T12397] fuse: Bad value for 'fd'
[  402.034023][T12399] netlink: 'syz.2.1739': attribute type 1 has an invalid length.
[  402.037044][T12399] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1739'.
[  402.159401][   T29] usb 9-1: USB disconnect, device number 10
[  402.189518][   T40] audit: type=1326 audit(1758943550.287:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12401 comm="syz.9.1740" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0
[  402.220361][T12405] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  402.459760][T12407] /dev/sr0: Can't open blockdev
[  402.673679][T12415] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1743'.
[  402.708149][    C1] net_ratelimit: 11 callbacks suppressed
[  402.708171][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  402.735858][T12419] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1745'.
[  402.777523][T12421] [U] 
[  402.778607][T12421] [U] K{‘
[  402.780202][T12421] [U] ät Ž1ÊàŠªFìÇÄfËŠî`GÊJç˜Ügö毹¬¡—þÈoÕñ/ümCç
[  402.782474][T12421] [U] tžØ–/,�~ˆÄœ­‹jõÿÊ}8îÊþ'o1�Ü"™7-î‚JQœK—¤Wºïqé5c%"¬H12–¦Y“„‰ž€ÊXÍ`ˆ‚íè¼`+³û(·â¿!(éûéz'àtXln»I®gÅj– °üÝ­·på~÷7í!‘Õò"ø¨Î¾ª(È5ˆObü¤‡ÍƒJÖ
[  402.787329][T12421] [U] ±k\&—}6£6œXîHX�¥ôµ„Ìþ.`¸a“$Û40|϶¿�9°øÞ¨„¯ÀÏU‚ò4�ôä®VbzÃð}ÌwÔM”TºŽíQŸýΦr’4”ÿ
[  402.788062][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  402.791148][T12421] [U] ".h6øÞ"Ökã‡[›‰¤ŒJá4çØI�n¨™[Z(•„C|Të]z{�â3Ÿc=»¨xîôžë…î4ßw‰)\T‘XJø�SH{q;ì¹¢…ötÔÇ+‹¦÷gíèÿ®d„.Ë‚³>yž�÷éwUh„fN—Ž�Çhl]SÔ2ŠÇÙ\g%ŠO¼&z)µðš'¨pul‚_<ã	¢Ø°‰ò®Ôå`Ò±TÔÁþœÐËþ;_ô"(‘u{7jœ¿2X ‘/€'ÝÙcÑÌõIº©ÀÏH¿c�Õ³žV¦=�‘AiÇ%w¼Esž RšŸjŠîœƒÚ”gÂ÷rÁ¹í¡hI
˜¢œaïì6-úD�úV¨á i"øånæ¨ þÚAsc~4Áª¹8cø*­OO5/ÿœJš~º§¡w—vK+¬®‰Œ3èÇY)Ž¹M°¸æv¶Ìyqæ½€DTr¯
Otpem%f×ÊejÍA5æÔT_-X~ ^aaÛ‚ò˜½qÖå
[  402.806987][T12421] [U] 	+�w‰G?]£Ó'a:	»Ú)Õ
ïó™“' B>t¢ ¡f/™÷<'èUÓ'–¼h§ié.+]eŸ.½-É¿ÿ¿Ò%÷è>2`¶^Uÿ8F.Š6¤Å3ÓØ+ËA¾Â««„°g3ÓpÂó6:�^0À�téèv÷'Eõt¼€ûâYC‰n¾þrÏ©ÞnèPj×;æZ†êôñû‘8!¯È\ù…¸AØÊ–2Á£$ðµ™Â­wi.Íç#ŠÈ/Bai¼�Ä`ðá4j’ôdîy@Óz„ügW÷5Ë¿Bĵٜ Nóy"vI2ûÌ
[  402.814392][T12421] [U] ôT¦_K5¸t¬YJÐþÎ9ðÕcÊ$brŸLúNul¶ü9wÈýÍ|žGå"ʃÆ%Çú¶êCªØ�°¶ºqîÙ
 ŸÇ3‹Æq¯ôN^HP*½Ü$	µ.Î7yÓ±œ2³
[  402.818033][T12421] [U] ½?�©ÿhüä*ÙÁ”Î3í�7Üé�¾^#Q�"0~‡‚ð(éoïXLŒb£,'vîÓ=‹ÝëCÌS«…’G‚S¶Þ0•Ö‚‹Ù`˜›žÙ‡Ÿ†=1(÷î¾™÷p#ò2DO*Ƀ
[  402.821708][T12421] [U] ©s¹“gžµ²¶“˜GuÐÔd-{¸™â|&“�®ŸŸñ�2µ›LÞc_©œ!`¨ÍozÖ¥¢B¶³%>êrñ¶öwï‡ýŽSsÂH"£yA4£O.šYÙÛä�„RTÔ¶ŒBÚ[+/<<R�B�Êäõ|ФeŽžÑÛ –V96#ûúÑͤê¦jºUº%
s851ƒ�þÒ©s�P±¨\£ƒ?qª|L�´QXµ0ÂKÔ1orÉ´2¡½|ÖüdÖFÌ¿»ù�ÚË2Þ”–¨×0ÌåH•}C[/¤»“Ÿpx^¼èo
[  402.836822][T12420] [U] ÖØ›·Ü—(JÅЛ•§mÛüxz˜;œ½±ÓÿØ�_¹»µÔ*3÷3…ß5¸\ƒxm³ÚU�‰AK!aQ`ß
[  403.028095][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  403.198011][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  403.387173][T12436] netlink: 'syz.2.1750': attribute type 1 has an invalid length.
[  403.392304][T12436] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1750'.
[  403.462871][T12434] lo speed is unknown, defaulting to 1000
[  403.748028][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  403.828045][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  404.038948][T12446] FAULT_INJECTION: forcing a failure.
[  404.038948][T12446] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  404.048997][T12446] CPU: 3 UID: 0 PID: 12446 Comm: syz.9.1752 Not tainted syzkaller #0 PREEMPT(full) 
[  404.049024][T12446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  404.049036][T12446] Call Trace:
[  404.049043][T12446]  <TASK>
[  404.049051][T12446]  dump_stack_lvl+0x16c/0x1f0
[  404.049082][T12446]  should_fail_ex+0x512/0x640
[  404.049112][T12446]  should_fail_alloc_page+0xe7/0x130
[  404.049138][T12446]  prepare_alloc_pages+0x3c2/0x610
[  404.049184][T12446]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  404.049207][T12446]  ? __lock_acquire+0x62e/0x1ce0
[  404.049232][T12446]  ? __lock_acquire+0x62e/0x1ce0
[  404.049254][T12446]  ? vmx_vcpu_pi_load+0xfc/0x900
[  404.049277][T12446]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  404.049299][T12446]  ? __pfx_vmx_vcpu_pi_load+0x10/0x10
[  404.049324][T12446]  ? vmx_vcpu_load_vmcs+0x222/0x770
[  404.049352][T12446]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  404.049379][T12446]  ? policy_nodemask+0xea/0x4e0
[  404.049404][T12446]  alloc_pages_mpol+0x1fb/0x550
[  404.049428][T12446]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  404.049448][T12446]  ? lock_acquire+0x179/0x350
[  404.049471][T12446]  ? __lock_acquire+0x62e/0x1ce0
[  404.049495][T12446]  folio_alloc_mpol_noprof+0x36/0x2f0
[  404.049522][T12446]  vma_alloc_folio_noprof+0xed/0x1e0
[  404.049547][T12446]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  404.049580][T12446]  do_pte_missing+0x2230/0x3ba0
[  404.049600][T12446]  ? find_held_lock+0x2b/0x80
[  404.049624][T12446]  __handle_mm_fault+0x152a/0x2a50
[  404.049650][T12446]  ? __pfx___handle_mm_fault+0x10/0x10
[  404.049669][T12446]  ? __pte_offset_map_lock+0x174/0x310
[  404.049693][T12446]  ? find_held_lock+0x2b/0x80
[  404.049717][T12446]  ? follow_page_pte.constprop.0+0x5cf/0x1390
[  404.049748][T12446]  handle_mm_fault+0x589/0xd10
[  404.049772][T12446]  __get_user_pages+0x551/0x34a0
[  404.049805][T12446]  ? down_read_killable+0x220/0x4b0
[  404.049825][T12446]  ? __pfx___get_user_pages+0x10/0x10
[  404.049849][T12446]  ? __pfx_gup_fast_fallback+0x10/0x10
[  404.049880][T12446]  get_user_pages_unlocked+0x1ca/0x780
[  404.049916][T12446]  ? __pfx_get_user_pages_unlocked+0x10/0x10
[  404.049942][T12446]  ? get_user_pages_fast_only+0xae/0xf0
[  404.049969][T12446]  ? __pfx_get_user_pages_fast_only+0x10/0x10
[  404.049995][T12446]  ? __pfx___might_resched+0x10/0x10
[  404.050019][T12446]  hva_to_pfn+0x886/0xe60
[  404.050050][T12446]  ? __lock_acquire+0x62e/0x1ce0
[  404.050073][T12446]  ? __pfx_hva_to_pfn+0x10/0x10
[  404.050102][T12446]  ? __lock_acquire+0x62e/0x1ce0
[  404.050140][T12446]  kvm_follow_pfn+0x2d4/0x430
[  404.050170][T12446]  __kvm_faultin_pfn+0x11c/0x1a0
[  404.050187][T12446]  ? __pfx___kvm_faultin_pfn+0x10/0x10
[  404.050204][T12446]  ? __pfx_xa_load+0x10/0x10
[  404.050233][T12446]  kvm_mmu_faultin_pfn+0x581/0x2170
[  404.050262][T12446]  ? __pfx_fast_page_fault+0x10/0x10
[  404.050283][T12446]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[  404.050306][T12446]  ? __kvm_mmu_topup_memory_cache+0x332/0x600
[  404.050332][T12446]  ? __lock_acquire+0xb97/0x1ce0
[  404.050362][T12446]  kvm_tdp_page_fault+0x186/0x3f0
[  404.050392][T12446]  kvm_mmu_do_page_fault+0x588/0x6c0
[  404.050422][T12446]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  404.050456][T12446]  ? rcu_is_watching+0x12/0xc0
[  404.050475][T12446]  ? trace_sched_exit_tp+0xd1/0x120
[  404.050506][T12446]  kvm_mmu_page_fault+0x225/0x1cb0
[  404.050526][T12446]  ? kernel_text_address+0x8d/0x100
[  404.050549][T12446]  ? __pfx_kvm_mmu_page_fault+0x10/0x10
[  404.050567][T12446]  ? __lock_acquire+0xb97/0x1ce0
[  404.050594][T12446]  ? mark_held_locks+0x49/0x80
[  404.050621][T12446]  handle_ept_violation+0x2b4/0x6e0
[  404.050643][T12446]  ? __pfx_handle_ept_violation+0x10/0x10
[  404.050662][T12446]  vmx_handle_exit+0x124f/0x1bd0
[  404.050689][T12446]  vcpu_run+0x320b/0x55a0
[  404.050724][T12446]  ? __pfx_vcpu_run+0x10/0x10
[  404.050752][T12446]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  404.050773][T12446]  ? __local_bh_enable_ip+0xa4/0x120
[  404.050799][T12446]  ? kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  404.050821][T12446]  kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  404.050853][T12446]  kvm_vcpu_ioctl+0x5eb/0x1690
[  404.050878][T12446]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  404.050907][T12446]  ? tomoyo_path_number_perm+0x18d/0x580
[  404.050932][T12446]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  404.050964][T12446]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  404.050991][T12446]  ? do_vfs_ioctl+0x128/0x14f0
[  404.051018][T12446]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  404.051057][T12446]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  404.051083][T12446]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  404.051108][T12446]  ? __fget_files+0x20e/0x3c0
[  404.051132][T12446]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  404.051152][T12446]  __ia32_compat_sys_ioctl+0x23f/0x370
[  404.051182][T12446]  __do_fast_syscall_32+0x7c/0x300
[  404.051201][T12446]  do_fast_syscall_32+0x32/0x80
[  404.051215][T12446]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  404.051235][T12446] RIP: 0023:0xf703e579
[  404.051249][T12446] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  404.051264][T12446] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  404.051281][T12446] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  404.051291][T12446] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  404.051301][T12446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  404.051311][T12446] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  404.051321][T12446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  404.051344][T12446]  </TASK>
[  404.078073][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  404.256318][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  404.311044][   T40] audit: type=1326 audit(1758943552.447:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12457 comm="syz.2.1755" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f12579 code=0x0
[  404.488274][T12462] block nbd2: shutting down sockets
[  404.495038][T12462] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  404.511538][ T1169] Bluetooth: (null): Invalid header checksum
[  404.514457][ T1169] Bluetooth: (null): Invalid header checksum
[  404.611746][T12465] tmpfs: Unknown parameter 'm'
[  404.697396][ T6038] usb 12-1: new high-speed USB device number 20 using dummy_hcd
[  404.697431][ T1169] Bluetooth: (null): Invalid header checksum
[  404.731074][   T13] Bluetooth: (null): Invalid header checksum
[  404.788069][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  404.838348][   T13] Bluetooth: (null): Invalid header checksum
[  404.868120][ T6038] usb 12-1: Using ep0 maxpacket: 16
[  404.878040][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  404.961347][ T1169] Bluetooth: (null): Too short H5 packet
[  404.964002][ T1169] Bluetooth: (null): Invalid header checksum
[  404.980536][ T6038] usb 12-1: unable to get BOS descriptor or descriptor too short
[  404.984119][ T6038] usb 12-1: unable to read config index 0 descriptor/start: -71
[  404.986722][ T6038] usb 12-1: can't read configurations, error -71
[  405.927622][T12488] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1764'.
[  405.934551][T12489] netlink: 'syz.7.1765': attribute type 1 has an invalid length.
[  405.937232][T12489] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1765'.
[  405.965638][T12493] netlink: 'syz.9.1767': attribute type 1 has an invalid length.
[  405.968224][T12493] netlink: 216 bytes leftover after parsing attributes in process `syz.9.1767'.
[  405.973036][ T5975] Bluetooth: hci0: unexpected event for opcode 0x2027
[  406.261883][T12510] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  406.308081][ T6161] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  406.321865][T12511] tipc: Resetting bearer <eth:syzkaller0>
[  406.369846][T12517] netlink: 'syz.2.1773': attribute type 1 has an invalid length.
[  406.373538][T12517] netlink: 'syz.2.1773': attribute type 2 has an invalid length.
[  406.468048][ T6161] usb 9-1: Using ep0 maxpacket: 16
[  406.564029][ T6161] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  406.701189][ T6161] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  406.704125][ T6161] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.820058][ T6161] usb 9-1: Product: syz
[  406.830097][ T6161] usb 9-1: Manufacturer: syz
[  406.875811][ T6161] usb 9-1: SerialNumber: syz
[  406.878952][ T6161] usb 9-1: config 0 descriptor??
[  406.885841][ T6161] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  406.888929][ T6161] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  407.228356][T12522] netlink: 'syz.9.1776': attribute type 1 has an invalid length.
[  407.230902][T12522] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1776'.
[  407.908067][    C1] net_ratelimit: 11 callbacks suppressed
[  407.908081][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  407.978591][ T6161] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  407.998055][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  408.037362][T12536] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode
[  408.038077][   T13] Bluetooth: hci2: Frame reassembly failed (-84)
[  408.040523][T12536] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[  408.178293][T12542] mac80211_hwsim hwsim16 syzkaller0: left promiscuous mode
[  408.180664][T12542] mac80211_hwsim hwsim16 syzkaller0: left allmulticast mode
[  408.185490][T12542] netlink: zone id is out of range
[  408.187439][T12542] netlink: zone id is out of range
[  408.189214][T12542] netlink: zone id is out of range
[  408.210430][T12542] netlink: zone id is out of range
[  408.212240][T12542] netlink: zone id is out of range
[  408.214237][T12542] netlink: zone id is out of range
[  408.215868][T12542] netlink: zone id is out of range
[  408.217513][T12542] netlink: zone id is out of range
[  408.220561][T12542] 9pnet_fd: Insufficient options for proto=fd
[  408.270916][T12495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  408.274659][T12495] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  408.341732][ T6161] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  408.344235][ T6161] em28xx 9-1:0.0: board has no eeprom
[  408.398036][ T6161] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  408.400915][ T6161] em28xx 9-1:0.0: dvb set to bulk mode.
[  408.403577][   T24] em28xx 9-1:0.0: Binding DVB extension
[  408.411202][ T6161] usb 9-1: USB disconnect, device number 11
[  408.413628][ T6161] em28xx 9-1:0.0: Disconnecting em28xx
[  408.458283][   T24] em28xx 9-1:0.0: Registering input extension
[  408.462232][ T6161] em28xx 9-1:0.0: Closing input extension
[  408.463392][T12550] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  408.467096][T12550] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  408.470387][T12550] vhci_hcd vhci_hcd.0: Device attached
[  408.480947][ T6161] em28xx 9-1:0.0: Freeing device
[  408.738497][ T7484] usb 56-1: SetAddress Request (28) to port 0
[  408.740573][ T7484] usb 56-1: new SuperSpeed USB device number 28 using vhci_hcd
[  409.163717][T12551] vhci_hcd: connection reset by peer
[  409.165630][ T1169] vhci_hcd: stop threads
[  409.167083][ T1169] vhci_hcd: release socket
[  409.168772][ T1169] vhci_hcd: disconnect device
[  409.271298][T12568] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  409.274051][T12568] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  409.277784][T12568] vhci_hcd vhci_hcd.0: Device attached
[  409.507287][T12569] vhci_hcd: connection closed
[  409.508428][   T13] vhci_hcd: stop threads
[  409.511804][   T13] vhci_hcd: release socket
[  409.513563][   T13] vhci_hcd: disconnect device
[  409.558088][   T29] usb 46-1: enqueue for inactive port 0
[  409.940720][T12580] netlink: 'syz.9.1794': attribute type 1 has an invalid length.
[  409.943137][T12580] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1794'.
[  410.070457][   T29] usb usb46-port1: attempt power cycle
[  410.075049][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  410.079305][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  410.203004][T12587] tmpfs: Unknown parameter 'm'
[  410.207679][T12586] 9pnet_fd: Insufficient options for proto=fd
[  410.639147][   T29] usb usb46-port1: unable to enumerate USB device
[  410.706435][   T85] Bluetooth: hci2: Frame reassembly failed (-84)
[  410.708423][ T6031] usb 14-1: new high-speed USB device number 10 using dummy_hcd
[  410.712012][   T85] Bluetooth: hci2: Frame reassembly failed (-84)
[  410.858144][ T6031] usb 14-1: Using ep0 maxpacket: 16
[  410.862968][ T6031] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  410.875048][ T6031] usb 14-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  410.877888][ T6031] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.885050][ T6031] usb 14-1: Product: syz
[  410.887743][ T6031] usb 14-1: Manufacturer: syz
[  410.890841][ T6031] usb 14-1: SerialNumber: syz
[  410.895714][ T6031] usb 14-1: config 0 descriptor??
[  410.902664][ T6031] em28xx 14-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  410.909815][ T6031] em28xx 14-1:0.0: DVB interface 0 found: bulk
[  411.179584][T12608] netlink: 'syz.4.1805': attribute type 1 has an invalid length.
[  411.182124][T12608] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1805'.
[  411.431108][T12613] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[  411.433102][T12613] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  411.439082][T12613] vhci_hcd vhci_hcd.0: Device attached
[  411.632279][ T6031] em28xx 14-1:0.0: unknown em28xx chip ID (0)
[  411.715547][T12620] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  411.717640][T12620] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  411.720357][T12620] vhci_hcd vhci_hcd.0: Device attached
[  411.798735][   T29] usb 52-1: SetAddress Request (46) to port 0
[  411.807331][   T29] usb 52-1: new SuperSpeed USB device number 46 using vhci_hcd
[  411.869244][T12599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  411.872524][T12599] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  411.949532][ T6031] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  411.956046][ T6031] em28xx 14-1:0.0: board has no eeprom
[  411.990293][ T6057] usb 46-1: SetAddress Request (35) to port 0
[  411.992748][ T6057] usb 46-1: new SuperSpeed USB device number 35 using vhci_hcd
[  412.028355][ T6031] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  412.039545][T12614] vhci_hcd: connection reset by peer
[  412.041034][ T6031] em28xx 14-1:0.0: dvb set to bulk mode.
[  412.041865][   T46] vhci_hcd: stop threads
[  412.045406][   T46] vhci_hcd: release socket
[  412.047267][   T46] vhci_hcd: disconnect device
[  412.048874][ T6025] em28xx 14-1:0.0: Binding DVB extension
[  412.052927][ T6031] usb 14-1: USB disconnect, device number 10
[  412.057352][ T6031] em28xx 14-1:0.0: Disconnecting em28xx
[  412.097399][ T6025] em28xx 14-1:0.0: Registering input extension
[  412.099768][ T6031] em28xx 14-1:0.0: Closing input extension
[  412.105744][ T6031] em28xx 14-1:0.0: Freeing device
[  412.312923][T12621] vhci_hcd: connection reset by peer
[  412.314949][   T46] vhci_hcd: stop threads
[  412.316284][   T46] vhci_hcd: release socket
[  412.317786][   T46] vhci_hcd: disconnect device
[  412.615859][T12625] netlink: 'syz.9.1808': attribute type 1 has an invalid length.
[  412.619688][T12625] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1808'.
[  412.718123][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  412.720324][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  412.905422][T12642] netlink: 'syz.7.1815': attribute type 3 has an invalid length.
[  413.066964][T12644] lo speed is unknown, defaulting to 1000
[  413.108014][    C1] net_ratelimit: 360 callbacks suppressed
[  413.108025][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  413.198087][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  413.428065][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  413.481683][   T40] audit: type=1804 audit(1758943561.607:648): pid=12656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.1821" name="/newroot/292/file1" dev="fuse" ino=1 res=1 errno=0
[  413.498374][   T40] audit: type=1800 audit(1758943561.607:649): pid=12656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1821" name="/" dev="fuse" ino=1 res=0 errno=0
[  413.574863][   T85] Bluetooth: hci2: Frame reassembly failed (-84)
[  413.588010][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  413.656142][T12669] FAULT_INJECTION: forcing a failure.
[  413.656142][T12669] name failslab, interval 1, probability 0, space 0, times 0
[  413.666958][T12669] CPU: 2 UID: 0 PID: 12669 Comm: syz.7.1824 Not tainted syzkaller #0 PREEMPT(full) 
[  413.666975][T12669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  413.666982][T12669] Call Trace:
[  413.666986][T12669]  <TASK>
[  413.666991][T12669]  dump_stack_lvl+0x16c/0x1f0
[  413.667013][T12669]  should_fail_ex+0x512/0x640
[  413.667031][T12669]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  413.667048][T12669]  should_failslab+0xc2/0x120
[  413.667064][T12669]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  413.667078][T12669]  ? __alloc_skb+0x2b2/0x380
[  413.667096][T12669]  __alloc_skb+0x2b2/0x380
[  413.667112][T12669]  ? __pfx___alloc_skb+0x10/0x10
[  413.667127][T12669]  ? genl_rcv_msg+0x470/0x800
[  413.667138][T12669]  ? genl_rcv_msg+0x4bb/0x800
[  413.667153][T12669]  netlink_ack+0x15d/0xb80
[  413.667175][T12669]  netlink_rcv_skb+0x332/0x420
[  413.667192][T12669]  ? __pfx_genl_rcv_msg+0x10/0x10
[  413.667205][T12669]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  413.667228][T12669]  ? netlink_deliver_tap+0x1ae/0xd30
[  413.667246][T12669]  genl_rcv+0x28/0x40
[  413.667256][T12669]  netlink_unicast+0x5aa/0x870
[  413.667276][T12669]  ? __pfx_netlink_unicast+0x10/0x10
[  413.667293][T12669]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  413.667315][T12669]  netlink_sendmsg+0x8d1/0xdd0
[  413.667335][T12669]  ? __pfx_netlink_sendmsg+0x10/0x10
[  413.667354][T12669]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  413.667369][T12669]  ____sys_sendmsg+0xa95/0xc70
[  413.667384][T12669]  ? __pfx_____sys_sendmsg+0x10/0x10
[  413.667396][T12669]  ? get_compat_msghdr+0x11a/0x170
[  413.667418][T12669]  ___sys_sendmsg+0x134/0x1d0
[  413.667436][T12669]  ? __pfx____sys_sendmsg+0x10/0x10
[  413.667460][T12669]  ? find_held_lock+0x2b/0x80
[  413.667481][T12669]  __sys_sendmsg+0x16d/0x220
[  413.667498][T12669]  ? __pfx___sys_sendmsg+0x10/0x10
[  413.667521][T12669]  ? rcu_is_watching+0x12/0xc0
[  413.667549][T12669]  __do_fast_syscall_32+0x7c/0x300
[  413.667562][T12669]  do_fast_syscall_32+0x32/0x80
[  413.667572][T12669]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  413.667587][T12669] RIP: 0023:0xf7f33579
[  413.667596][T12669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  413.667607][T12669] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  413.667619][T12669] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800006c0
[  413.667626][T12669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  413.667633][T12669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  413.667639][T12669] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  413.667646][T12669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  413.667659][T12669]  </TASK>
[  413.740846][T12670] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  413.741653][    C2] vkms_vblank_simulate: vblank timer overrun
[  413.744234][T12670] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  413.761881][T12670] vhci_hcd vhci_hcd.0: Device attached
[  413.773466][T12674] tmpfs: Unknown parameter 'm'
[  413.837334][ T7484] usb 56-1: device descriptor read/8, error -110
[  413.908511][ T6038] usb 14-1: new high-speed USB device number 11 using dummy_hcd
[  414.058280][ T6038] usb 14-1: Using ep0 maxpacket: 32
[  414.065785][ T6038] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  414.070790][ T6038] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  414.075512][ T6038] usb 14-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  414.086580][ T6038] usb 14-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  414.090511][ T6038] usb 14-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  414.093821][ T6038] usb 14-1: Product: syz
[  414.095416][ T6038] usb 14-1: Manufacturer: syz
[  414.097678][ T6038] usb 14-1: SerialNumber: syz
[  414.104258][ T6038] input: appletouch as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:1.0/input/input27
[  414.158038][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  414.228047][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  414.229543][ T7484] usb usb56-port1: attempt power cycle
[  414.301401][T12671] vhci_hcd: connection closed
[  414.301631][   T85] vhci_hcd: stop threads
[  414.304441][   T85] vhci_hcd: release socket
[  414.305893][   T85] vhci_hcd: disconnect device
[  414.309067][ T6004] usb 14-1: USB disconnect, device number 11
[  414.316430][ T6004] appletouch 14-1:1.0: input: appletouch disconnected
[  414.468053][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  414.628187][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  414.798897][ T7484] usb usb56-port1: unable to enumerate USB device
[  414.894493][ T5983] Bluetooth: hci1: unexpected event for opcode 0x2027
[  414.949665][T12694] netlink: 'syz.7.1831': attribute type 1 has an invalid length.
[  414.954704][T12694] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1831'.
[  414.997452][T12695] hsr0: entered promiscuous mode
[  415.000566][T12695] hsr0: entered allmulticast mode
[  415.002166][T12695] hsr_slave_0: entered allmulticast mode
[  415.003878][T12695] hsr_slave_1: entered allmulticast mode
[  415.188019][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  415.278121][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  415.598233][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  415.598284][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  415.793997][T12704] tmpfs: Unknown parameter 'm'
[  415.832112][T12706] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1835'.
[  415.913187][T12707] loop9: detected capacity change from 0 to 7
[  415.915522][T12707]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[  415.917250][T12707] loop9: partition table partially beyond EOD, truncated
[  415.919585][T12707] loop9: p1 size 2437361653 extends beyond EOD, truncated
[  416.311190][T12713] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  416.313218][T12713] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  416.315819][T12713] vhci_hcd vhci_hcd.0: Device attached
[  416.583287][T12714] vhci_hcd: connection closed
[  416.584071][   T85] vhci_hcd: stop threads
[  416.587450][   T85] vhci_hcd: release socket
[  416.589133][ T6004] usb 56-1: SetAddress Request (32) to port 0
[  416.591299][ T6004] usb 56-1: new SuperSpeed USB device number 32 using vhci_hcd
[  416.591332][   T85] vhci_hcd: disconnect device
[  416.618145][ T6004] usb 56-1: enqueue for inactive port 0
[  416.698060][ T5975] Bluetooth: hci1: unexpected event for opcode 0x2027
[  416.878909][   T29] usb 52-1: device descriptor read/8, error -110
[  417.036646][ T6004] usb usb56-port1: attempt power cycle
[  417.179385][ T6057] usb 46-1: device descriptor read/8, error -110
[  417.628805][ T6004] usb usb56-port1: unable to enumerate USB device
[  417.798654][   T29] usb usb52-port1: attempt power cycle
[  417.898551][ T6057] usb usb46-port1: attempt power cycle
[  417.904300][T12742] tmpfs: Unknown parameter 'm'
[  418.132624][ T5983] Bluetooth: hci1: unexpected event for opcode 0x2027
[  418.186905][T12753] netlink: 'syz.7.1849': attribute type 1 has an invalid length.
[  418.192087][T12753] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1849'.
[  418.308017][    C1] net_ratelimit: 10 callbacks suppressed
[  418.308029][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  418.324973][   T40] audit: type=1804 audit(1758943566.457:650): pid=12755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.1850" name="/newroot/308/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  418.380850][   T29] usb usb52-port1: unable to enumerate USB device
[  418.388148][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  418.478641][ T6057] usb usb46-port1: unable to enumerate USB device
[  418.638042][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  418.798577][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  418.890611][ T5983] Bluetooth: hci3: unexpected event for opcode 0x2027
[  418.949103][T12783] netlink: 'syz.9.1858': attribute type 1 has an invalid length.
[  418.951548][T12783] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1858'.
[  419.348016][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  419.429290][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  419.678074][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  419.749448][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  419.774159][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  419.828186][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  420.063620][T12796] trusted_key: syz.7.1860 sent an empty control message without MSG_MORE.
[  420.388059][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  420.468074][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  420.709390][   T53] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[  423.508096][    C1] net_ratelimit: 10 callbacks suppressed
[  423.508114][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  423.588338][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  423.828057][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  423.998137][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  424.548097][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  424.628308][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  424.868057][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  425.028177][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  425.588112][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  425.678046][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  427.240004][T12817] netlink: 'syz.7.1862': attribute type 1 has an invalid length.
[  427.242936][T12817] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1862'.
[  427.259540][T12819] tmpfs: Unknown parameter 'm'
[  427.358617][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  427.390324][T12815] lo speed is unknown, defaulting to 1000
[  427.618103][T12832] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  427.620200][T12832] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  427.622919][T12832] vhci_hcd vhci_hcd.0: Device attached
[  427.709297][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  427.888327][ T1465] usb 56-1: SetAddress Request (36) to port 0
[  427.890281][ T1465] usb 56-1: new SuperSpeed USB device number 36 using vhci_hcd
[  428.048615][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  428.108443][T12826] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  428.178173][ T5975] Bluetooth: hci4: unexpected event for opcode 0x2027
[  428.225151][T12833] vhci_hcd: connection reset by peer
[  428.228356][ T1144] vhci_hcd: stop threads
[  428.230336][ T1144] vhci_hcd: release socket
[  428.232281][ T1144] vhci_hcd: disconnect device
[  428.338916][T12843] netlink: 'syz.2.1869': attribute type 1 has an invalid length.
[  428.342166][T12843] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1869'.
[  428.594165][T12849] netlink: 'syz.7.1871': attribute type 1 has an invalid length.
[  428.597054][T12849] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1871'.
[  428.607269][T12850] mac80211_hwsim hwsim25 syzkaller0: entered promiscuous mode
[  428.609333][   T85] Bluetooth: hci2: Frame reassembly failed (-84)
[  428.612889][   T85] Bluetooth: hci2: Frame reassembly failed (-84)
[  428.616341][T12850] mac80211_hwsim hwsim25 syzkaller0: entered allmulticast mode
[  428.708063][    C1] net_ratelimit: 10 callbacks suppressed
[  428.708077][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  428.788206][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  429.028275][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  429.198082][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  429.748037][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  429.828055][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  430.068083][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  430.102563][T12870] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  430.104607][T12870] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  430.112113][T12870] vhci_hcd vhci_hcd.0: Device attached
[  430.238037][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  430.628176][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  430.630369][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  430.634104][T12868] /dev/nullb0: Can't open blockdev
[  430.788094][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  430.868062][ T6133] usb 14-1: new high-speed USB device number 12 using dummy_hcd
[  430.868104][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  430.888095][ T7484] usb 42-1: SetAddress Request (26) to port 0
[  430.890184][ T7484] usb 42-1: new SuperSpeed USB device number 26 using vhci_hcd
[  431.018035][ T6133] usb 14-1: Using ep0 maxpacket: 8
[  431.050216][ T6133] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  431.598043][ T6133] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  431.608071][ T6133] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  431.613625][ T6133] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  431.628167][ T6133] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  431.631815][ T6133] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.657773][T12871] vhci_hcd: connection reset by peer
[  431.661162][   T46] vhci_hcd: stop threads
[  431.662935][   T46] vhci_hcd: release socket
[  431.664802][   T46] vhci_hcd: disconnect device
[  431.690652][T12885] netlink: 'syz.4.1882': attribute type 1 has an invalid length.
[  431.693258][T12885] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1882'.
[  431.895115][ T6133] usb 14-1: GET_CAPABILITIES returned 0
[  431.897240][ T6133] usbtmc 14-1:16.0: can't read capabilities
[  432.064412][T12890] lo speed is unknown, defaulting to 1000
[  432.092144][T12892] v: renamed from ip6_vti0 (while UP)
[  432.142358][T12891] lo speed is unknown, defaulting to 1000
[  432.331491][T12897] tmpfs: Unknown parameter 'm'
[  432.780473][   T46] Bluetooth: hci2: Frame reassembly failed (-84)
[  432.803308][T12904] mac80211_hwsim hwsim16 syzkaller0: entered promiscuous mode
[  432.806076][T12904] mac80211_hwsim hwsim16 syzkaller0: entered allmulticast mode
[  432.948153][ T1465] usb 56-1: device descriptor read/8, error -110
[  433.201074][   T61] usb 14-1: USB disconnect, device number 12
[  433.235917][T12908] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1888'.
[  433.242007][T12908] vlan2: entered promiscuous mode
[  433.243874][T12908] team0: entered promiscuous mode
[  433.245758][T12908] team_slave_0: entered promiscuous mode
[  433.248101][T12908] team_slave_1: entered promiscuous mode
[  433.339186][ T1465] usb usb56-port1: attempt power cycle
[  433.481524][   T40] audit: type=1804 audit(1758943581.617:651): pid=12919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1892" name="/newroot/197/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  433.863484][T12927] /dev/nullb0: Can't open blockdev
[  433.908170][    C1] net_ratelimit: 10 callbacks suppressed
[  433.908191][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  433.950092][ T1465] usb usb56-port1: unable to enumerate USB device
[  433.988078][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  434.118805][T12929] netlink: 'syz.2.1896': attribute type 1 has an invalid length.
[  434.121249][T12929] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1896'.
[  434.228087][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  434.388476][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  434.788903][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  434.790613][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  434.849419][T12938] netlink: 'syz.7.1899': attribute type 1 has an invalid length.
[  434.851934][T12938] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1899'.
[  434.948088][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  435.030904][ T1144] failed while handling packet from 1:16385
[  435.031142][ T1144] failed while handling packet from 1:16385
[  435.038559][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  435.040930][ T1144] failed while handling packet from 1:16385
[  435.063361][ T1144] failed while handling packet from 1:16385
[  435.069867][ T1144] failed while handling packet from 1:16385
[  435.072583][ T1144] failed while handling packet from 1:16385
[  435.075531][ T1144] failed while handling packet from 1:16385
[  435.101211][ T1144] failed while handling packet from 1:16385
[  435.106747][ T1144] failed while handling packet from 1:16385
[  435.115438][ T1144] failed while handling packet from 1:16385
[  435.124674][ T1144] failed while handling packet from 1:16385
[  435.135832][ T1144] failed while handling packet from 1:16385
[  435.148062][ T1144] failed while handling packet from 1:16385
[  435.151509][ T1144] failed while handling packet from 1:16385
[  435.154603][ T1144] failed while handling packet from 1:16385
[  435.157147][ T1144] failed while handling packet from 1:16385
[  435.166571][ T1144] failed while handling packet from 1:16385
[  435.175276][ T1144] failed while handling packet from 1:16385
[  435.178283][ T1144] failed while handling packet from 1:16385
[  435.184025][ T1144] failed while handling packet from 1:16385
[  435.186770][ T1144] failed while handling packet from 1:16385
[  435.208128][ T1144] failed while handling packet from 1:16385
[  435.219534][ T1144] failed while handling packet from 1:16385
[  435.234382][ T1144] failed while handling packet from 1:16385
[  435.246641][ T1144] failed while handling packet from 1:16385
[  435.257558][ T1144] failed while handling packet from 1:16385
[  435.268041][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  435.274193][ T1144] failed while handling packet from 1:16385
[  435.275803][ T1144] failed while handling packet from 1:16385
[  435.288588][ T1144] failed while handling packet from 1:16385
[  435.300674][ T1144] failed while handling packet from 1:16385
[  435.310963][ T1144] failed while handling packet from 1:16385
[  435.321868][ T1144] failed while handling packet from 1:16385
[  435.331535][ T1144] failed while handling packet from 1:16385
[  435.337285][ T1144] failed while handling packet from 1:16385
[  435.344535][ T1144] failed while handling packet from 1:16385
[  435.355569][ T1144] failed while handling packet from 1:16385
[  435.366577][ T1144] failed while handling packet from 1:16385
[  435.379471][ T1144] failed while handling packet from 1:16385
[  435.392746][ T1144] failed while handling packet from 1:16385
[  435.404545][ T1144] failed while handling packet from 1:16385
[  435.414061][ T1144] failed while handling packet from 1:16385
[  435.428037][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  435.446446][ T1144] failed while handling packet from 1:16385
[  435.446664][ T1144] failed while handling packet from 1:16385
[  435.454285][ T1144] failed while handling packet from 1:16385
[  435.457215][ T1144] failed while handling packet from 1:16385
[  435.469258][ T1144] failed while handling packet from 1:16385
[  435.472938][ T1144] failed while handling packet from 1:16385
[  435.475406][ T1144] failed while handling packet from 1:16385
[  435.477457][ T1144] failed while handling packet from 1:16385
[  435.483688][ T1144] failed while handling packet from 1:16385
[  435.486253][ T1144] failed while handling packet from 1:16385
[  435.493254][ T1144] failed while handling packet from 1:16385
[  435.495310][ T1144] failed while handling packet from 1:16385
[  435.504437][T12942] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1900'.
[  435.535607][ T1144] failed while handling packet from 1:16385
[  435.536502][ T1144] failed while handling packet from 1:16385
[  435.547159][ T1144] failed while handling packet from 1:16385
[  435.550239][ T1144] failed while handling packet from 1:16385
[  435.552280][ T1144] failed while handling packet from 1:16385
[  435.554168][ T1144] failed while handling packet from 1:16385
[  435.556041][ T1144] failed while handling packet from 1:16385
[  435.557931][ T1144] failed while handling packet from 1:16385
[  435.563829][ T1144] failed while handling packet from 1:16385
[  435.565798][ T1144] failed while handling packet from 1:16385
[  435.567938][ T1144] failed while handling packet from 1:16385
[  435.572378][ T1144] failed while handling packet from 1:16385
[  435.574447][ T1144] failed while handling packet from 1:16385
[  435.578130][ T1144] failed while handling packet from 1:16385
[  435.580300][ T1144] failed while handling packet from 1:16385
[  435.582685][ T1144] failed while handling packet from 1:16385
[  435.584670][ T1144] failed while handling packet from 1:16385
[  435.586540][ T1144] failed while handling packet from 1:16385
[  435.588878][ T1144] failed while handling packet from 1:16385
[  435.590951][ T1144] failed while handling packet from 1:16385
[  435.593406][ T1144] failed while handling packet from 1:16385
[  435.595523][ T1144] failed while handling packet from 1:16385
[  435.597406][ T1144] failed while handling packet from 1:16385
[  435.599342][ T1144] failed while handling packet from 1:16385
[  435.601681][ T1144] failed while handling packet from 1:16385
[  435.603548][ T1144] failed while handling packet from 1:16385
[  435.605417][ T1144] failed while handling packet from 1:16385
[  435.607294][ T1144] failed while handling packet from 1:16385
[  435.609282][ T1144] failed while handling packet from 1:16385
[  435.611393][ T1144] failed while handling packet from 1:16385
[  435.613915][ T1144] failed while handling packet from 1:16385
[  435.616369][ T1144] failed while handling packet from 1:16385
[  435.619070][ T1144] failed while handling packet from 1:16385
[  435.621642][ T1144] failed while handling packet from 1:16385
[  435.624240][ T1144] failed while handling packet from 1:16385
[  435.626665][ T1144] failed while handling packet from 1:16385
[  435.629337][ T1144] failed while handling packet from 1:16385
[  435.631883][ T1144] failed while handling packet from 1:16385
[  435.634692][ T1144] failed while handling packet from 1:16385
[  435.637195][ T1144] failed while handling packet from 1:16385
[  435.639663][ T1144] failed while handling packet from 1:16385
[  435.642130][ T1144] failed while handling packet from 1:16385
[  435.644584][ T1144] failed while handling packet from 1:16385
[  435.647159][ T1144] failed while handling packet from 1:16385
[  435.650032][ T1144] failed while handling packet from 1:16385
[  435.652520][ T1144] failed while handling packet from 1:16385
[  435.655021][ T1144] failed while handling packet from 1:16385
[  435.657557][ T1144] failed while handling packet from 1:16385
[  435.729903][   T40] audit: type=1804 audit(1758943583.867:652): pid=12948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.1901" name="/newroot/221/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  435.818208][T12950] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  435.820275][T12950] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  435.825498][T12954] FAULT_INJECTION: forcing a failure.
[  435.825498][T12954] name failslab, interval 1, probability 0, space 0, times 0
[  435.828337][T12950] vhci_hcd vhci_hcd.0: Device attached
[  435.830376][T12954] CPU: 2 UID: 0 PID: 12954 Comm: syz.9.1904 Not tainted syzkaller #0 PREEMPT(full) 
[  435.830400][T12954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  435.830412][T12954] Call Trace:
[  435.830419][T12954]  <TASK>
[  435.830427][T12954]  dump_stack_lvl+0x16c/0x1f0
[  435.830459][T12954]  should_fail_ex+0x512/0x640
[  435.830487][T12954]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  435.830527][T12954]  should_failslab+0xc2/0x120
[  435.830551][T12954]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  435.830574][T12954]  ? __alloc_skb+0x2b2/0x380
[  435.830603][T12954]  __alloc_skb+0x2b2/0x380
[  435.830627][T12954]  ? __pfx___alloc_skb+0x10/0x10
[  435.830652][T12954]  ? genl_rcv_msg+0x470/0x800
[  435.830670][T12954]  ? genl_rcv_msg+0x4bb/0x800
[  435.830697][T12954]  netlink_ack+0x15d/0xb80
[  435.830734][T12954]  netlink_rcv_skb+0x332/0x420
[  435.830761][T12954]  ? __pfx_genl_rcv_msg+0x10/0x10
[  435.830782][T12954]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  435.830823][T12954]  ? netlink_deliver_tap+0x1ae/0xd30
[  435.830855][T12954]  genl_rcv+0x28/0x40
[  435.830872][T12954]  netlink_unicast+0x5aa/0x870
[  435.830902][T12954]  ? __pfx_netlink_unicast+0x10/0x10
[  435.830930][T12954]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  435.830961][T12954]  netlink_sendmsg+0x8d1/0xdd0
[  435.830994][T12954]  ? __pfx_netlink_sendmsg+0x10/0x10
[  435.831024][T12954]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  435.831049][T12954]  ____sys_sendmsg+0xa95/0xc70
[  435.831072][T12954]  ? __pfx_____sys_sendmsg+0x10/0x10
[  435.831092][T12954]  ? get_compat_msghdr+0x11a/0x170
[  435.831129][T12954]  ___sys_sendmsg+0x134/0x1d0
[  435.831157][T12954]  ? __pfx____sys_sendmsg+0x10/0x10
[  435.831197][T12954]  ? find_held_lock+0x2b/0x80
[  435.831233][T12954]  __sys_sendmsg+0x16d/0x220
[  435.831260][T12954]  ? __pfx___sys_sendmsg+0x10/0x10
[  435.831298][T12954]  ? rcu_is_watching+0x12/0xc0
[  435.831321][T12954]  __do_fast_syscall_32+0x7c/0x300
[  435.831341][T12954]  do_fast_syscall_32+0x32/0x80
[  435.831365][T12954]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  435.831388][T12954] RIP: 0023:0xf703e579
[  435.831403][T12954] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  435.831421][T12954] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  435.831439][T12954] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800010c0
[  435.831452][T12954] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  435.831463][T12954] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  435.831474][T12954] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  435.831486][T12954] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  435.831511][T12954]  </TASK>
[  435.940608][T12960] tmpfs: Unknown parameter 'm'
[  435.998085][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  436.068072][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  436.402970][T12951] vhci_hcd: connection reset by peer
[  436.405072][   T12] vhci_hcd: stop threads
[  436.406620][   T12] vhci_hcd: release socket
[  436.408372][ T7484] usb 42-1: device descriptor read/8, error -110
[  436.408421][   T12] vhci_hcd: disconnect device
[  436.817058][T12971] tmpfs: Unknown parameter 'm'
[  436.818820][ T7484] usb usb42-port1: attempt power cycle
[  437.154385][T12985] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  437.157038][T12985] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  437.160758][T12985] vhci_hcd vhci_hcd.0: Device attached
[  437.303762][T12989] /dev/nullb0: Can't open blockdev
[  437.455642][T12986] vhci_hcd: connection closed
[  437.456041][   T13] vhci_hcd: stop threads
[  437.459912][   T13] vhci_hcd: release socket
[  437.461945][   T13] vhci_hcd: disconnect device
[  437.569274][ T7484] usb usb42-port1: unable to enumerate USB device
[  437.752100][T12992] netlink: 'syz.9.1917': attribute type 1 has an invalid length.
[  437.754616][T12992] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1917'.
[  438.526719][   T40] audit: type=1804 audit(1758943586.657:653): pid=12998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1919" name="/newroot/203/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  438.777785][T13002] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1922'.
[  438.882155][T13008] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.885467][T13008] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.889615][T13010] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1924'.
[  438.901681][T13008] netlink: 'syz.9.1920': attribute type 16 has an invalid length.
[  438.904247][T13008] netlink: 'syz.9.1920': attribute type 17 has an invalid length.
[  438.915964][T13008] FAULT_INJECTION: forcing a failure.
[  438.915964][T13008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  438.920794][T13008] CPU: 0 UID: 0 PID: 13008 Comm: syz.9.1920 Not tainted syzkaller #0 PREEMPT(full) 
[  438.920810][T13008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  438.920817][T13008] Call Trace:
[  438.920821][T13008]  <TASK>
[  438.920826][T13008]  dump_stack_lvl+0x16c/0x1f0
[  438.920847][T13008]  should_fail_ex+0x512/0x640
[  438.920867][T13008]  _copy_to_user+0x32/0xd0
[  438.920881][T13008]  cec_ioctl+0x663/0x2970
[  438.920899][T13008]  ? __pfx_cec_ioctl+0x10/0x10
[  438.920917][T13008]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  438.920937][T13008]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  438.920955][T13008]  ? do_vfs_ioctl+0x128/0x14f0
[  438.920973][T13008]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  438.920995][T13008]  ? find_held_lock+0x2b/0x80
[  438.921006][T13008]  ? hook_file_ioctl_common+0x145/0x410
[  438.921027][T13008]  ? __pfx_cec_ioctl+0x10/0x10
[  438.921044][T13008]  __ia32_compat_sys_ioctl+0x23f/0x370
[  438.921064][T13008]  __do_fast_syscall_32+0x7c/0x300
[  438.921076][T13008]  do_fast_syscall_32+0x32/0x80
[  438.921087][T13008]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  438.921101][T13008] RIP: 0023:0xf703e579
[  438.921109][T13008] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  438.921121][T13008] RSP: 002b:00000000f540d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  438.921131][T13008] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00000000c05c6104
[  438.921138][T13008] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[  438.921145][T13008] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  438.921151][T13008] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  438.921158][T13008] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  438.921170][T13008]  </TASK>
[  439.108066][    C1] net_ratelimit: 11 callbacks suppressed
[  439.108078][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  439.198059][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  439.238793][T13021] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[  439.240851][T13021] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  439.243786][T13021] vhci_hcd vhci_hcd.0: Device attached
[  439.428157][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  439.510074][ T1417] ieee802154 phy1 wpan1: encryption failed: -22
[  439.558087][ T1465] usb 52-1: SetAddress Request (50) to port 0
[  439.560399][ T1465] usb 52-1: new SuperSpeed USB device number 50 using vhci_hcd
[  439.588027][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  439.913246][T13022] vhci_hcd: connection reset by peer
[  439.915606][   T13] vhci_hcd: stop threads
[  439.916941][   T13] vhci_hcd: release socket
[  439.920269][   T13] vhci_hcd: disconnect device
[  440.159486][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  440.238071][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  440.260323][   T40] audit: type=1804 audit(1758943588.397:654): pid=13032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1930" name="/newroot/219/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  440.264933][T13030] netlink: 'syz.9.1929': attribute type 16 has an invalid length.
[  440.271519][T13030] netlink: 'syz.9.1929': attribute type 17 has an invalid length.
[  440.278127][T13030] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  440.468276][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  440.628051][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  440.858130][   T53] usb 14-1: new high-speed USB device number 13 using dummy_hcd
[  441.018224][   T53] usb 14-1: Using ep0 maxpacket: 16
[  441.021336][   T53] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  441.026646][   T53] usb 14-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  441.029890][   T53] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.032522][   T53] usb 14-1: Product: syz
[  441.033963][   T53] usb 14-1: Manufacturer: syz
[  441.035463][   T53] usb 14-1: SerialNumber: syz
[  441.038592][   T53] usb 14-1: config 0 descriptor??
[  441.042137][   T53] em28xx 14-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  441.045025][   T53] em28xx 14-1:0.0: DVB interface 0 found: bulk
[  441.188204][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  441.368174][T13050] /dev/nullb0: Can't open blockdev
[  441.675859][T13065] netlink: 'syz.2.1942': attribute type 16 has an invalid length.
[  441.679035][T13065] netlink: 'syz.2.1942': attribute type 17 has an invalid length.
[  441.772987][   T53] em28xx 14-1:0.0: unknown em28xx chip ID (0)
[  442.320630][T13081] FAULT_INJECTION: forcing a failure.
[  442.320630][T13081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  442.324459][T13081] CPU: 0 UID: 0 PID: 13081 Comm: syz.4.1948 Not tainted syzkaller #0 PREEMPT(full) 
[  442.324474][T13081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  442.324482][T13081] Call Trace:
[  442.324486][T13081]  <TASK>
[  442.324491][T13081]  dump_stack_lvl+0x16c/0x1f0
[  442.324513][T13081]  should_fail_ex+0x512/0x640
[  442.324535][T13081]  _copy_to_user+0x32/0xd0
[  442.324549][T13081]  simple_read_from_buffer+0xcb/0x170
[  442.324562][T13081]  proc_fail_nth_read+0x197/0x240
[  442.324575][T13081]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  442.324589][T13081]  ? rw_verify_area+0xcf/0x6c0
[  442.324600][T13081]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  442.324612][T13081]  vfs_read+0x1e1/0xcf0
[  442.324628][T13081]  ? __pfx_vfs_read+0x10/0x10
[  442.324640][T13081]  ? find_held_lock+0x2b/0x80
[  442.324656][T13081]  ? __fget_files+0x20e/0x3c0
[  442.324673][T13081]  ksys_read+0x12a/0x250
[  442.324685][T13081]  ? __pfx_ksys_read+0x10/0x10
[  442.324697][T13081]  ? syscall_trace_enter+0x1cb/0x240
[  442.324717][T13081]  ? rcu_is_watching+0x12/0xc0
[  442.324731][T13081]  __do_fast_syscall_32+0x7c/0x300
[  442.324743][T13081]  do_fast_syscall_32+0x32/0x80
[  442.324753][T13081]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  442.324768][T13081] RIP: 0023:0xf70fe579
[  442.324777][T13081] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  442.324788][T13081] RSP: 002b:00000000f54ee590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  442.324799][T13081] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54ee620
[  442.324807][T13081] RDX: 000000000000000f RSI: 00000000f7495ff4 RDI: 0000000000000000
[  442.324813][T13081] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  442.324820][T13081] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  442.324827][T13081] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  442.324840][T13081]  </TASK>
[  442.596992][   T53] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  442.608045][   T53] em28xx 14-1:0.0: board has no eeprom
[  442.738188][   T53] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  442.741234][   T53] em28xx 14-1:0.0: dvb set to bulk mode.
[  442.743341][ T6161] em28xx 14-1:0.0: Binding DVB extension
[  442.764977][   T53] usb 14-1: USB disconnect, device number 13
[  442.768077][   T53] em28xx 14-1:0.0: Disconnecting em28xx
[  442.785426][T13097] FAULT_INJECTION: forcing a failure.
[  442.785426][T13097] name failslab, interval 1, probability 0, space 0, times 0
[  442.792882][ T6161] em28xx 14-1:0.0: Registering input extension
[  442.793032][T13100] tmpfs: Unknown parameter 'm'
[  442.794375][T13097] CPU: 3 UID: 0 PID: 13097 Comm: syz.7.1954 Not tainted syzkaller #0 PREEMPT(full) 
[  442.794391][T13097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  442.794399][T13097] Call Trace:
[  442.794403][T13097]  <TASK>
[  442.794407][T13097]  dump_stack_lvl+0x16c/0x1f0
[  442.794430][T13097]  should_fail_ex+0x512/0x640
[  442.794448][T13097]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  442.794465][T13097]  should_failslab+0xc2/0x120
[  442.794481][T13097]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  442.794495][T13097]  ? __alloc_skb+0x2b2/0x380
[  442.794514][T13097]  __alloc_skb+0x2b2/0x380
[  442.794529][T13097]  ? __pfx___alloc_skb+0x10/0x10
[  442.794545][T13097]  ? __pfx___mutex_trylock_common+0x10/0x10
[  442.794562][T13097]  ? __pfx___might_resched+0x10/0x10
[  442.794577][T13097]  netlink_dump+0x19b/0xd30
[  442.794596][T13097]  ? __pfx_netlink_dump+0x10/0x10
[  442.794618][T13097]  ? lockdep_hardirqs_on+0x7c/0x110
[  442.794639][T13097]  __netlink_dump_start+0x6d6/0x990
[  442.794658][T13097]  xsk_diag_handler_dump+0x1aa/0x240
[  442.794677][T13097]  ? __pfx_xsk_diag_handler_dump+0x10/0x10
[  442.794695][T13097]  ? __pfx_xsk_diag_dump+0x10/0x10
[  442.794714][T13097]  ? sock_diag_lock_handler+0x10f/0x2e0
[  442.794733][T13097]  sock_diag_rcv_msg+0x435/0x790
[  442.794749][T13097]  netlink_rcv_skb+0x155/0x420
[  442.794767][T13097]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  442.794784][T13097]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  442.794806][T13097]  ? netlink_deliver_tap+0x1ae/0xd30
[  442.794826][T13097]  netlink_unicast+0x5aa/0x870
[  442.794846][T13097]  ? __pfx_netlink_unicast+0x10/0x10
[  442.794867][T13097]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  442.794899][T13097]  netlink_sendmsg+0x8d1/0xdd0
[  442.794930][T13097]  ? __pfx_netlink_sendmsg+0x10/0x10
[  442.794959][T13097]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  442.794982][T13097]  sock_write_iter+0x4ff/0x5b0
[  442.795004][T13097]  ? __pfx_sock_write_iter+0x10/0x10
[  442.795025][T13097]  ? __lock_acquire+0x62e/0x1ce0
[  442.795043][T13097]  do_iter_readv_writev+0x662/0x9e0
[  442.795057][T13097]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  442.795072][T13097]  ? bpf_lsm_file_permission+0x9/0x10
[  442.795089][T13097]  ? security_file_permission+0x71/0x210
[  442.795106][T13097]  ? rw_verify_area+0xcf/0x6c0
[  442.795118][T13097]  vfs_writev+0x35f/0xde0
[  442.795134][T13097]  ? __pfx_vfs_writev+0x10/0x10
[  442.795147][T13097]  ? find_held_lock+0x2b/0x80
[  442.795167][T13097]  ? __fget_files+0x20e/0x3c0
[  442.795183][T13097]  ? __fget_files+0x1d0/0x3c0
[  442.795208][T13097]  ? do_writev+0x28c/0x340
[  442.795225][T13097]  do_writev+0x28c/0x340
[  442.795243][T13097]  ? __pfx_do_writev+0x10/0x10
[  442.795261][T13097]  ? rcu_is_watching+0x12/0xc0
[  442.795283][T13097]  __do_fast_syscall_32+0x7c/0x300
[  442.795302][T13097]  do_fast_syscall_32+0x32/0x80
[  442.795320][T13097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  442.795341][T13097] RIP: 0023:0xf7f33579
[  442.795351][T13097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  442.795361][   T53] em28xx 14-1:0.0: Closing input extension
[  442.795363][T13097] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  442.795379][T13097] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  442.795386][T13097] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  442.795393][T13097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  442.795400][T13097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  442.795406][T13097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  442.795420][T13097]  </TASK>
[  442.915521][   T53] em28xx 14-1:0.0: Freeing device
[  442.974582][T13106] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1957'.
[  443.278103][   T34] usb 12-1: new high-speed USB device number 22 using dummy_hcd
[  443.438172][   T34] usb 12-1: Using ep0 maxpacket: 8
[  443.442209][   T34] usb 12-1: config index 0 descriptor too short (expected 301, got 45)
[  443.445399][   T34] usb 12-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  443.448595][   T34] usb 12-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  443.453184][   T34] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  443.456098][   T34] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.461054][   T34] usbtmc 12-1:16.0: bulk endpoints not found
[  444.308040][    C1] net_ratelimit: 12 callbacks suppressed
[  444.308053][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  444.388087][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  444.575065][T13125] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1961'.
[  444.628228][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  444.648331][ T1465] usb 52-1: device descriptor read/8, error -110
[  444.681756][ T5975] Bluetooth: hci3: unexpected event for opcode 0x2027
[  444.740829][T13140] tmpfs: Unknown parameter 'm'
[  444.788195][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  445.031721][T13148] efs: device does not support 512 byte blocks
[  445.033939][T13148] device does not support 512 byte blocks
[  445.033939][T13148] 
[  445.228190][   T53] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  445.358034][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  445.388065][   T53] usb 7-1: Using ep0 maxpacket: 8
[  445.391584][   T53] usb 7-1: config 0 has an invalid interface number: 246 but max is 0
[  445.394580][   T53] usb 7-1: config 0 has no interface number 0
[  445.396514][   T53] usb 7-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  445.403281][   T53] usb 7-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  445.407025][   T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.409878][   T53] usb 7-1: Product: syz
[  445.411320][   T53] usb 7-1: Manufacturer: syz
[  445.413254][   T53] usb 7-1: SerialNumber: syz
[  445.417232][   T53] usb 7-1: config 0 descriptor??
[  445.438018][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  445.461989][   T53] msi2500 7-1:0.246: Registered as swradio24
[  445.464546][   T53] msi2500 7-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  445.668103][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  445.828184][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  445.889794][   T34] usb 12-1: USB disconnect, device number 22
[  446.309980][ T1465] usb usb52-port1: attempt power cycle
[  446.388330][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  446.468038][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  446.562635][T13156] netlink: 'syz.9.1971': attribute type 1 has an invalid length.
[  446.565912][T13156] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1971'.
[  446.997173][ T5975] Bluetooth: hci1: unexpected event for opcode 0x2027
[  447.074621][T13175] FAULT_INJECTION: forcing a failure.
[  447.074621][T13175] name failslab, interval 1, probability 0, space 0, times 0
[  447.078740][T13175] CPU: 2 UID: 0 PID: 13175 Comm: syz.7.1979 Not tainted syzkaller #0 PREEMPT(full) 
[  447.078756][T13175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  447.078763][T13175] Call Trace:
[  447.078767][T13175]  <TASK>
[  447.078772][T13175]  dump_stack_lvl+0x16c/0x1f0
[  447.078793][T13175]  should_fail_ex+0x512/0x640
[  447.078811][T13175]  ? fs_reclaim_acquire+0xae/0x150
[  447.078830][T13175]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  447.078847][T13175]  should_failslab+0xc2/0x120
[  447.078862][T13175]  __kmalloc_noprof+0xd2/0x510
[  447.078879][T13175]  tomoyo_realpath_from_path+0xc2/0x6e0
[  447.078897][T13175]  ? tomoyo_profile+0x47/0x60
[  447.078909][T13175]  tomoyo_path_number_perm+0x245/0x580
[  447.078922][T13175]  ? tomoyo_path_number_perm+0x237/0x580
[  447.078938][T13175]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  447.078966][T13175]  ? find_held_lock+0x2b/0x80
[  447.078977][T13175]  ? hook_file_ioctl_common+0x145/0x410
[  447.078996][T13175]  ? __fget_files+0x20e/0x3c0
[  447.079011][T13175]  security_file_ioctl_compat+0x9b/0x240
[  447.079027][T13175]  __ia32_compat_sys_ioctl+0xc3/0x370
[  447.079048][T13175]  __do_fast_syscall_32+0x7c/0x300
[  447.079060][T13175]  do_fast_syscall_32+0x32/0x80
[  447.079071][T13175]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  447.079085][T13175] RIP: 0023:0xf7f33579
[  447.079094][T13175] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  447.079106][T13175] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  447.079116][T13175] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  447.079124][T13175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  447.079143][T13175] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  447.079150][T13175] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  447.079156][T13175] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  447.079171][T13175]  </TASK>
[  447.079203][T13175] ERROR: Out of memory at tomoyo_realpath_from_path.
[  447.130142][ T1465] usb usb52-port1: unable to enumerate USB device
[  447.323380][T13183] tmpfs: Unknown parameter 'm'
[  447.793404][   T34] usb 7-1: USB disconnect, device number 23
[  447.852885][T13188] 9pnet: Unknown protocol version 9p2000.
[  447.878829][T13190] 9pnet: Unknown protocol version 9
[  447.910010][ T5975] Bluetooth: hci4: unexpected event for opcode 0x2027
[  448.256990][T13205] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  448.259726][T13205] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  448.268351][T13205] vhci_hcd vhci_hcd.0: Device attached
[  448.303746][T13209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1990'.
[  448.306581][T13209] FAULT_INJECTION: forcing a failure.
[  448.306581][T13209] name failslab, interval 1, probability 0, space 0, times 0
[  448.310648][T13209] CPU: 3 UID: 0 PID: 13209 Comm: syz.4.1990 Not tainted syzkaller #0 PREEMPT(full) 
[  448.310664][T13209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  448.310671][T13209] Call Trace:
[  448.310676][T13209]  <TASK>
[  448.310680][T13209]  dump_stack_lvl+0x16c/0x1f0
[  448.310702][T13209]  should_fail_ex+0x512/0x640
[  448.310720][T13209]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  448.310737][T13209]  should_failslab+0xc2/0x120
[  448.310752][T13209]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  448.310766][T13209]  ? __alloc_skb+0x2b2/0x380
[  448.310784][T13209]  __alloc_skb+0x2b2/0x380
[  448.310800][T13209]  ? __pfx___alloc_skb+0x10/0x10
[  448.310816][T13209]  ? genl_rcv_msg+0x470/0x800
[  448.310827][T13209]  ? genl_rcv_msg+0x4bb/0x800
[  448.310842][T13209]  netlink_ack+0x15d/0xb80
[  448.310863][T13209]  netlink_rcv_skb+0x332/0x420
[  448.310881][T13209]  ? __pfx_genl_rcv_msg+0x10/0x10
[  448.310893][T13209]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  448.310916][T13209]  ? netlink_deliver_tap+0x1ae/0xd30
[  448.310936][T13209]  genl_rcv+0x28/0x40
[  448.310946][T13209]  netlink_unicast+0x5aa/0x870
[  448.310965][T13209]  ? __pfx_netlink_unicast+0x10/0x10
[  448.310983][T13209]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  448.311004][T13209]  netlink_sendmsg+0x8d1/0xdd0
[  448.311024][T13209]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.311043][T13209]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  448.311059][T13209]  ____sys_sendmsg+0xa95/0xc70
[  448.311073][T13209]  ? __pfx_____sys_sendmsg+0x10/0x10
[  448.311085][T13209]  ? get_compat_msghdr+0x11a/0x170
[  448.311114][T13209]  ___sys_sendmsg+0x134/0x1d0
[  448.311137][T13209]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.311170][T13209]  ? find_held_lock+0x2b/0x80
[  448.311191][T13209]  __sys_sendmsg+0x16d/0x220
[  448.311209][T13209]  ? __pfx___sys_sendmsg+0x10/0x10
[  448.311232][T13209]  ? rcu_is_watching+0x12/0xc0
[  448.311246][T13209]  __do_fast_syscall_32+0x7c/0x300
[  448.311259][T13209]  do_fast_syscall_32+0x32/0x80
[  448.311270][T13209]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  448.311285][T13209] RIP: 0023:0xf70fe579
[  448.311294][T13209] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  448.311306][T13209] RSP: 002b:00000000f54ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  448.311318][T13209] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0
[  448.311325][T13209] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[  448.311332][T13209] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  448.311338][T13209] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  448.311345][T13209] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  448.311359][T13209]  </TASK>
[  448.338397][T13213] 9pnet: Unknown protocol version 9p2000.
[  448.339575][    C3] vkms_vblank_simulate: vblank timer overrun
[  448.427049][    C3] vkms_vblank_simulate: vblank timer overrun
[  448.429546][    C3] hrtimer: interrupt took 111572658 ns
[  448.529615][    C3] vkms_vblank_simulate: vblank timer overrun
[  448.818290][ T1465] usb 56-1: SetAddress Request (40) to port 0
[  448.835019][ T1465] usb 56-1: new SuperSpeed USB device number 40 using vhci_hcd
[  448.892877][ T5975] Bluetooth: hci4: unexpected event for opcode 0x2027
[  448.917815][T13225] 9pnet: Unknown protocol version 9
[  449.508046][    C1] net_ratelimit: 10 callbacks suppressed
[  449.508065][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  449.546491][T13206] vhci_hcd: connection reset by peer
[  449.548534][ T6474] vhci_hcd: stop threads
[  449.549939][ T6474] vhci_hcd: release socket
[  449.551588][ T6474] vhci_hcd: disconnect device
[  449.598091][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  449.828045][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  449.924309][T13235] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1999'.
[  449.988024][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  450.353373][ T5975] Bluetooth: hci3: unexpected event for opcode 0x2027
[  450.399163][T13253] fuse: Bad value for 'fd'
[  450.548178][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  450.590793][T13257] 9pnet: Unknown protocol version 9p200
[  450.628219][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  450.868054][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  450.900813][T13262] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  450.903590][T13262] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  450.907629][T13262] vhci_hcd vhci_hcd.0: Device attached
[  451.038054][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  451.391998][ T5975] Bluetooth: hci3: unexpected event for opcode 0x2027
[  451.463891][T13263] vhci_hcd: connection closed
[  451.464163][ T6474] vhci_hcd: stop threads
[  451.467187][ T6474] vhci_hcd: release socket
[  451.469081][ T6474] vhci_hcd: disconnect device
[  451.496004][T13282] tmpfs: Unknown parameter 'm'
[  451.588056][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  451.668332][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  452.196636][T13291] netlink: 'syz.9.2021': attribute type 1 has an invalid length.
[  452.200329][T13291] netlink: 224 bytes leftover after parsing attributes in process `syz.9.2021'.
[  452.210301][T13292] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  452.212949][T13292] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  452.217222][T13292] vhci_hcd vhci_hcd.0: Device attached
[  452.538195][ T6133] usb 42-1: SetAddress Request (30) to port 0
[  452.540878][ T6133] usb 42-1: new SuperSpeed USB device number 30 using vhci_hcd
[  452.808108][ T5975] Bluetooth: hci3: unexpected event for opcode 0x2027
[  452.835581][T13293] vhci_hcd: connection reset by peer
[  452.847396][   T12] vhci_hcd: stop threads
[  452.849413][   T12] vhci_hcd: release socket
[  452.851588][   T12] vhci_hcd: disconnect device
[  453.415020][T13314] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  453.417562][T13314] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  453.421318][T13314] vhci_hcd vhci_hcd.0: Device attached
[  453.780974][T13320] netlink: 'syz.4.2030': attribute type 1 has an invalid length.
[  453.784178][T13320] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2030'.
[  453.954882][T13315] vhci_hcd: connection reset by peer
[  453.961447][   T12] vhci_hcd: stop threads
[  453.964059][   T12] vhci_hcd: release socket
[  453.970066][ T1465] usb 56-1: device descriptor read/8, error -110
[  453.970101][   T12] vhci_hcd: disconnect device
[  454.138492][T13331] netlink: 'syz.2.2034': attribute type 1 has an invalid length.
[  454.141891][T13331] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2034'.
[  454.382087][ T1465] usb usb56-port1: attempt power cycle
[  454.708053][    C1] net_ratelimit: 10 callbacks suppressed
[  454.708096][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  454.798098][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  455.028041][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  455.078664][ T1465] usb usb56-port1: unable to enumerate USB device
[  455.127866][T13355] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  455.188204][   T34] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  455.198026][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  455.329942][T13359] FAULT_INJECTION: forcing a failure.
[  455.329942][T13359] name failslab, interval 1, probability 0, space 0, times 0
[  455.335352][T13359] CPU: 2 UID: 0 PID: 13359 Comm: syz.7.2041 Not tainted syzkaller #0 PREEMPT(full) 
[  455.335377][T13359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  455.335389][T13359] Call Trace:
[  455.335396][T13359]  <TASK>
[  455.335403][T13359]  dump_stack_lvl+0x16c/0x1f0
[  455.335442][T13359]  should_fail_ex+0x512/0x640
[  455.335469][T13359]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  455.335495][T13359]  should_failslab+0xc2/0x120
[  455.335520][T13359]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  455.335543][T13359]  ? __alloc_skb+0x2b2/0x380
[  455.335568][T13359]  ? _cfg80211_chandef_usable+0xa9d/0x18f0
[  455.335597][T13359]  __alloc_skb+0x2b2/0x380
[  455.335621][T13359]  ? __pfx___alloc_skb+0x10/0x10
[  455.335645][T13359]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  455.335674][T13359]  ? nl80211_parse_counter_offsets+0x252/0x2d0
[  455.335708][T13359]  nl80211_tx_mgmt+0x747/0xd60
[  455.335732][T13359]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  455.335769][T13359]  ? nl80211_pre_doit+0x1b0/0xb10
[  455.335821][T13359]  genl_family_rcv_msg_doit+0x206/0x2f0
[  455.335844][T13359]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  455.335872][T13359]  ? bpf_lsm_capable+0x9/0x10
[  455.335889][T13359]  ? security_capable+0x7e/0x260
[  455.335910][T13359]  ? ns_capable+0xd7/0x110
[  455.335933][T13359]  genl_rcv_msg+0x55c/0x800
[  455.335955][T13359]  ? __pfx_genl_rcv_msg+0x10/0x10
[  455.335975][T13359]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  455.335997][T13359]  ? __pfx_nl80211_tx_mgmt+0x10/0x10
[  455.336015][T13359]  ? __pfx_nl80211_post_doit+0x10/0x10
[  455.336042][T13359]  netlink_rcv_skb+0x155/0x420
[  455.336069][T13359]  ? __pfx_genl_rcv_msg+0x10/0x10
[  455.336091][T13359]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  455.336128][T13359]  ? netlink_deliver_tap+0x1ae/0xd30
[  455.336159][T13359]  genl_rcv+0x28/0x40
[  455.336284][T13359]  netlink_unicast+0x5aa/0x870
[  455.336314][T13359]  ? __pfx_netlink_unicast+0x10/0x10
[  455.336343][T13359]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  455.336377][T13359]  netlink_sendmsg+0x8d1/0xdd0
[  455.336409][T13359]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.336444][T13359]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  455.336470][T13359]  ____sys_sendmsg+0xa95/0xc70
[  455.336493][T13359]  ? __pfx_____sys_sendmsg+0x10/0x10
[  455.336512][T13359]  ? get_compat_msghdr+0x11a/0x170
[  455.336547][T13359]  ___sys_sendmsg+0x134/0x1d0
[  455.336576][T13359]  ? __pfx____sys_sendmsg+0x10/0x10
[  455.336617][T13359]  ? find_held_lock+0x2b/0x80
[  455.336653][T13359]  __sys_sendmsg+0x16d/0x220
[  455.336681][T13359]  ? __pfx___sys_sendmsg+0x10/0x10
[  455.336719][T13359]  ? rcu_is_watching+0x12/0xc0
[  455.336743][T13359]  __do_fast_syscall_32+0x7c/0x300
[  455.336762][T13359]  do_fast_syscall_32+0x32/0x80
[  455.336781][T13359]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  455.336804][T13359] RIP: 0023:0xf7f33579
[  455.336818][T13359] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  455.336836][T13359] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  455.336853][T13359] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0
[  455.336866][T13359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  455.336876][T13359] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  455.336884][T13359] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  455.336896][T13359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  455.336921][T13359]  </TASK>
[  455.418118][ T1465] usb 14-1: new high-speed USB device number 14 using dummy_hcd
[  455.420168][   T34] usb 9-1: Using ep0 maxpacket: 16
[  455.478332][T13355] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  455.492534][   T34] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  455.497437][   T34] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  455.500256][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.502727][   T34] usb 9-1: Product: syz
[  455.503997][   T34] usb 9-1: Manufacturer: syz
[  455.505399][   T34] usb 9-1: SerialNumber: syz
[  455.508018][   T34] usb 9-1: config 0 descriptor??
[  455.511269][   T34] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  455.514214][   T34] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  455.545396][T13365] netlink: 'syz.7.2044': attribute type 1 has an invalid length.
[  455.548716][T13365] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2044'.
[  455.568181][ T1465] usb 14-1: Using ep0 maxpacket: 16
[  455.571027][ T1465] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  455.576053][ T1465] usb 14-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  455.579945][ T1465] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.582419][ T1465] usb 14-1: Product: syz
[  455.583872][ T1465] usb 14-1: Manufacturer: syz
[  455.585640][ T1465] usb 14-1: SerialNumber: syz
[  455.588568][ T1465] usb 14-1: config 0 descriptor??
[  455.592032][ T1465] em28xx 14-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  455.594862][ T1465] em28xx 14-1:0.0: DVB interface 0 found: bulk
[  455.748029][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  455.828088][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  455.828189][T13355] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  455.880511][T13355] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  456.068075][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  456.211284][   T34] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  456.228033][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  456.279950][T13374] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  456.282661][T13374] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  456.285900][T13374] vhci_hcd vhci_hcd.0: Device attached
[  456.312797][ T1465] em28xx 14-1:0.0: unknown em28xx chip ID (0)
[  456.385339][ T1465] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  456.389313][ T1465] em28xx 14-1:0.0: board has no eeprom
[  456.421708][T13347] em28xx 14-1:0.0: writing to i2c device at 0x8 failed (error=-5)
[  456.455666][T13375] vhci_hcd: connection closed
[  456.455820][   T12] vhci_hcd: stop threads
[  456.459592][ T1465] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  456.462105][ T1465] em28xx 14-1:0.0: dvb set to bulk mode.
[  456.463943][   T12] vhci_hcd: release socket
[  456.465293][ T1465] usb 14-1: USB disconnect, device number 14
[  456.465903][ T1465] em28xx 14-1:0.0: Disconnecting em28xx
[  456.468534][   T12] vhci_hcd: disconnect device
[  456.469256][ T7484] em28xx 14-1:0.0: Binding DVB extension
[  456.471295][   T34] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  456.474892][   T34] em28xx 9-1:0.0: board has no eeprom
[  456.491143][ T7484] em28xx 14-1:0.0: Registering input extension
[  456.493210][ T1465] em28xx 14-1:0.0: Closing input extension
[  456.500339][ T1465] em28xx 14-1:0.0: Freeing device
[  456.548100][   T34] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  456.551384][   T34] em28xx 9-1:0.0: dvb set to bulk mode.
[  456.553287][ T6038] em28xx 9-1:0.0: Binding DVB extension
[  456.567013][   T34] usb 9-1: USB disconnect, device number 12
[  456.575304][ T6038] em28xx 9-1:0.0: Registering input extension
[  456.580384][   T34] em28xx 9-1:0.0: Disconnecting em28xx
[  456.582121][   T34] em28xx 9-1:0.0: Closing input extension
[  456.612733][   T34] em28xx 9-1:0.0: Freeing device
[  456.788022][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  456.878106][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  457.007658][T13393] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2051'.
[  457.015251][T13393] FAULT_INJECTION: forcing a failure.
[  457.015251][T13393] name failslab, interval 1, probability 0, space 0, times 0
[  457.038045][T13393] CPU: 0 UID: 0 PID: 13393 Comm: syz.4.2051 Not tainted syzkaller #0 PREEMPT(full) 
[  457.038065][T13393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  457.038072][T13393] Call Trace:
[  457.038076][T13393]  <TASK>
[  457.038082][T13393]  dump_stack_lvl+0x16c/0x1f0
[  457.038104][T13393]  should_fail_ex+0x512/0x640
[  457.038122][T13393]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  457.038141][T13393]  should_failslab+0xc2/0x120
[  457.038156][T13393]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  457.038170][T13393]  ? __alloc_skb+0x2b2/0x380
[  457.038188][T13393]  __alloc_skb+0x2b2/0x380
[  457.038204][T13393]  ? __pfx___alloc_skb+0x10/0x10
[  457.038220][T13393]  ? genl_rcv_msg+0x470/0x800
[  457.038231][T13393]  ? genl_rcv_msg+0x4bb/0x800
[  457.038246][T13393]  netlink_ack+0x15d/0xb80
[  457.038268][T13393]  netlink_rcv_skb+0x332/0x420
[  457.038285][T13393]  ? __pfx_genl_rcv_msg+0x10/0x10
[  457.038298][T13393]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  457.038321][T13393]  ? netlink_deliver_tap+0x1ae/0xd30
[  457.038340][T13393]  genl_rcv+0x28/0x40
[  457.038350][T13393]  netlink_unicast+0x5aa/0x870
[  457.038369][T13393]  ? __pfx_netlink_unicast+0x10/0x10
[  457.038393][T13393]  ? __pfx___might_resched+0x10/0x10
[  457.038409][T13393]  netlink_sendmsg+0x8d1/0xdd0
[  457.038429][T13393]  ? __pfx_netlink_sendmsg+0x10/0x10
[  457.038449][T13393]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  457.038465][T13393]  ____sys_sendmsg+0xa95/0xc70
[  457.038479][T13393]  ? __pfx_____sys_sendmsg+0x10/0x10
[  457.038491][T13393]  ? get_compat_msghdr+0x11a/0x170
[  457.038513][T13393]  ___sys_sendmsg+0x134/0x1d0
[  457.038531][T13393]  ? __pfx____sys_sendmsg+0x10/0x10
[  457.038555][T13393]  ? find_held_lock+0x2b/0x80
[  457.038576][T13393]  __sys_sendmsg+0x16d/0x220
[  457.038593][T13393]  ? __pfx___sys_sendmsg+0x10/0x10
[  457.038610][T13393]  ? __pfx_bpf_trace_run2+0x10/0x10
[  457.038630][T13393]  ? syscall_trace_enter+0x1cb/0x240
[  457.038650][T13393]  ? rcu_is_watching+0x12/0xc0
[  457.038663][T13393]  __do_fast_syscall_32+0x7c/0x300
[  457.038675][T13393]  do_fast_syscall_32+0x32/0x80
[  457.038686][T13393]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  457.038700][T13393] RIP: 0023:0xf70fe579
[  457.038710][T13393] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  457.038721][T13393] RSP: 002b:00000000f54ee55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  457.038732][T13393] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[  457.038752][T13393] RDX: 0000000000004880 RSI: 0000000000000000 RDI: 0000000000000000
[  457.038759][T13393] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  457.038766][T13393] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  457.038773][T13393] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  457.038787][T13393]  </TASK>
[  457.071127][T13398] 9pnet: Unknown protocol version 9p2000.
[  457.486158][T13404] lo speed is unknown, defaulting to 1000
[  457.588096][ T6133] usb 42-1: device descriptor read/8, error -110
[  457.632385][T13410] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[  457.634471][T13410] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  457.637096][T13410] vhci_hcd vhci_hcd.0: Device attached
[  457.908066][ T1465] usb 52-1: SetAddress Request (54) to port 0
[  457.914369][ T1465] usb 52-1: new SuperSpeed USB device number 54 using vhci_hcd
[  457.998670][ T6133] usb usb42-port1: attempt power cycle
[  458.074657][T13419] vhci_hcd: connection reset by peer
[  458.077112][   T13] vhci_hcd: stop threads
[  458.079036][   T13] vhci_hcd: release socket
[  458.081079][   T13] vhci_hcd: disconnect device
[  458.162909][T13429] FAULT_INJECTION: forcing a failure.
[  458.162909][T13429] name failslab, interval 1, probability 0, space 0, times 0
[  458.168456][T13429] CPU: 0 UID: 0 PID: 13429 Comm: syz.4.2062 Not tainted syzkaller #0 PREEMPT(full) 
[  458.168494][T13429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  458.168506][T13429] Call Trace:
[  458.168513][T13429]  <TASK>
[  458.168521][T13429]  dump_stack_lvl+0x16c/0x1f0
[  458.168554][T13429]  should_fail_ex+0x512/0x640
[  458.168587][T13429]  ? tomoyo_encode2+0x100/0x3e0
[  458.168611][T13429]  should_failslab+0xc2/0x120
[  458.168637][T13429]  __kmalloc_noprof+0xd2/0x510
[  458.168659][T13429]  ? tomoyo_encode2+0x6c/0x3e0
[  458.168689][T13429]  tomoyo_encode2+0x100/0x3e0
[  458.168718][T13429]  tomoyo_encode+0x29/0x50
[  458.168742][T13429]  tomoyo_realpath_from_path+0x18f/0x6e0
[  458.168777][T13429]  tomoyo_path_number_perm+0x245/0x580
[  458.168798][T13429]  ? tomoyo_path_number_perm+0x237/0x580
[  458.168824][T13429]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  458.168873][T13429]  ? find_held_lock+0x2b/0x80
[  458.168893][T13429]  ? hook_file_ioctl_common+0x145/0x410
[  458.168923][T13429]  ? __fget_files+0x20e/0x3c0
[  458.168948][T13429]  security_file_ioctl_compat+0x9b/0x240
[  458.168975][T13429]  __ia32_compat_sys_ioctl+0xc3/0x370
[  458.169008][T13429]  __do_fast_syscall_32+0x7c/0x300
[  458.169028][T13429]  do_fast_syscall_32+0x32/0x80
[  458.169046][T13429]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  458.169069][T13429] RIP: 0023:0xf70fe579
[  458.169083][T13429] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  458.169101][T13429] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  458.169119][T13429] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c2c45513
[  458.169132][T13429] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  458.169143][T13429] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  458.169153][T13429] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  458.169164][T13429] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  458.169189][T13429]  </TASK>
[  458.169285][T13429] ERROR: Out of memory at tomoyo_realpath_from_path.
[  458.282403][   T34] usb 14-1: new high-speed USB device number 15 using dummy_hcd
[  458.448024][   T34] usb 14-1: Using ep0 maxpacket: 16
[  458.451497][   T34] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  458.456774][   T34] usb 14-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  458.459776][   T34] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.462373][   T34] usb 14-1: Product: syz
[  458.463770][   T34] usb 14-1: Manufacturer: syz
[  458.465295][   T34] usb 14-1: SerialNumber: syz
[  458.468190][   T34] usb 14-1: config 0 descriptor??
[  458.471685][   T34] em28xx 14-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  458.474626][   T34] em28xx 14-1:0.0: DVB interface 0 found: bulk
[  458.603031][ T6133] usb usb42-port1: unable to enumerate USB device
[  458.837619][T13454] FAULT_INJECTION: forcing a failure.
[  458.837619][T13454] name failslab, interval 1, probability 0, space 0, times 0
[  458.841777][T13454] CPU: 2 UID: 0 PID: 13454 Comm: syz.2.2071 Not tainted syzkaller #0 PREEMPT(full) 
[  458.841793][T13454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  458.841801][T13454] Call Trace:
[  458.841805][T13454]  <TASK>
[  458.841809][T13454]  dump_stack_lvl+0x16c/0x1f0
[  458.841831][T13454]  should_fail_ex+0x512/0x640
[  458.841849][T13454]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  458.841866][T13454]  should_failslab+0xc2/0x120
[  458.841881][T13454]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  458.841895][T13454]  ? __alloc_skb+0x2b2/0x380
[  458.841913][T13454]  __alloc_skb+0x2b2/0x380
[  458.841928][T13454]  ? __pfx___alloc_skb+0x10/0x10
[  458.841944][T13454]  ? genl_rcv_msg+0x470/0x800
[  458.841955][T13454]  ? genl_rcv_msg+0x4bb/0x800
[  458.841970][T13454]  netlink_ack+0x15d/0xb80
[  458.841992][T13454]  netlink_rcv_skb+0x332/0x420
[  458.842009][T13454]  ? __pfx_genl_rcv_msg+0x10/0x10
[  458.842022][T13454]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  458.842045][T13454]  ? netlink_deliver_tap+0x1ae/0xd30
[  458.842064][T13454]  genl_rcv+0x28/0x40
[  458.842074][T13454]  netlink_unicast+0x5aa/0x870
[  458.842094][T13454]  ? __pfx_netlink_unicast+0x10/0x10
[  458.842111][T13454]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  458.842133][T13454]  netlink_sendmsg+0x8d1/0xdd0
[  458.842153][T13454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  458.842172][T13454]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  458.842188][T13454]  ____sys_sendmsg+0xa95/0xc70
[  458.842204][T13454]  ? __pfx_____sys_sendmsg+0x10/0x10
[  458.842217][T13454]  ? get_compat_msghdr+0x11a/0x170
[  458.842240][T13454]  ___sys_sendmsg+0x134/0x1d0
[  458.842258][T13454]  ? __pfx____sys_sendmsg+0x10/0x10
[  458.842282][T13454]  ? find_held_lock+0x2b/0x80
[  458.842303][T13454]  __sys_sendmsg+0x16d/0x220
[  458.842320][T13454]  ? __pfx___sys_sendmsg+0x10/0x10
[  458.842343][T13454]  ? rcu_is_watching+0x12/0xc0
[  458.842357][T13454]  __do_fast_syscall_32+0x7c/0x300
[  458.842370][T13454]  do_fast_syscall_32+0x32/0x80
[  458.842387][T13454]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  458.842402][T13454] RIP: 0023:0xf7f12579
[  458.842411][T13454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  458.842423][T13454] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  458.842434][T13454] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  458.842441][T13454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  458.842448][T13454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  458.842454][T13454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  458.842461][T13454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  458.842475][T13454]  </TASK>
[  458.952755][    C2] vkms_vblank_simulate: vblank timer overrun
[  459.229422][   T34] em28xx 14-1:0.0: unknown em28xx chip ID (0)
[  459.231608][    C3] raw-gadget.0 gadget.9: ignoring, device is not running
[  459.296447][   T34] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  459.300405][   T34] em28xx 14-1:0.0: board has no eeprom
[  459.368898][   T34] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  459.374908][   T34] em28xx 14-1:0.0: dvb set to bulk mode.
[  459.378434][   T34] usb 14-1: USB disconnect, device number 15
[  459.381345][   T34] em28xx 14-1:0.0: Disconnecting em28xx
[  459.383757][   T61] em28xx 14-1:0.0: Binding DVB extension
[  459.412822][   T61] em28xx 14-1:0.0: Registering input extension
[  459.415146][   T34] em28xx 14-1:0.0: Closing input extension
[  459.429091][   T34] em28xx 14-1:0.0: Freeing device
[  459.733086][T13472] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2075'.
[  459.735919][T13472] FAULT_INJECTION: forcing a failure.
[  459.735919][T13472] name failslab, interval 1, probability 0, space 0, times 0
[  459.739882][T13472] CPU: 3 UID: 0 PID: 13472 Comm: syz.7.2075 Not tainted syzkaller #0 PREEMPT(full) 
[  459.739897][T13472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  459.739904][T13472] Call Trace:
[  459.739908][T13472]  <TASK>
[  459.739913][T13472]  dump_stack_lvl+0x16c/0x1f0
[  459.739934][T13472]  should_fail_ex+0x512/0x640
[  459.739953][T13472]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  459.739970][T13472]  should_failslab+0xc2/0x120
[  459.739985][T13472]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  459.739999][T13472]  ? __alloc_skb+0x2b2/0x380
[  459.740017][T13472]  __alloc_skb+0x2b2/0x380
[  459.740033][T13472]  ? __pfx___alloc_skb+0x10/0x10
[  459.740048][T13472]  ? genl_rcv_msg+0x470/0x800
[  459.740060][T13472]  ? genl_rcv_msg+0x4bb/0x800
[  459.740075][T13472]  netlink_ack+0x15d/0xb80
[  459.740096][T13472]  netlink_rcv_skb+0x332/0x420
[  459.740113][T13472]  ? __pfx_genl_rcv_msg+0x10/0x10
[  459.740126][T13472]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  459.740149][T13472]  ? netlink_deliver_tap+0x1ae/0xd30
[  459.740168][T13472]  genl_rcv+0x28/0x40
[  459.740178][T13472]  netlink_unicast+0x5aa/0x870
[  459.740197][T13472]  ? __pfx_netlink_unicast+0x10/0x10
[  459.740216][T13472]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  459.740237][T13472]  netlink_sendmsg+0x8d1/0xdd0
[  459.740257][T13472]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.740277][T13472]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  459.740292][T13472]  ____sys_sendmsg+0xa95/0xc70
[  459.740306][T13472]  ? __pfx_____sys_sendmsg+0x10/0x10
[  459.740318][T13472]  ? get_compat_msghdr+0x11a/0x170
[  459.740340][T13472]  ___sys_sendmsg+0x134/0x1d0
[  459.740363][T13472]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.740387][T13472]  ? find_held_lock+0x2b/0x80
[  459.740407][T13472]  __sys_sendmsg+0x16d/0x220
[  459.740424][T13472]  ? __pfx___sys_sendmsg+0x10/0x10
[  459.740447][T13472]  ? rcu_is_watching+0x12/0xc0
[  459.740460][T13472]  __do_fast_syscall_32+0x7c/0x300
[  459.740473][T13472]  do_fast_syscall_32+0x32/0x80
[  459.740483][T13472]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  459.740498][T13472] RIP: 0023:0xf7f33579
[  459.740507][T13472] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  459.740518][T13472] RSP: 002b:00000000f542655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  459.740529][T13472] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  459.740536][T13472] RDX: 0000000020040080 RSI: 0000000000000000 RDI: 0000000000000000
[  459.740543][T13472] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  459.740549][T13472] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  459.740556][T13472] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  459.740569][T13472]  </TASK>
[  459.906000][   T40] audit: type=1804 audit(1758943608.037:655): pid=13476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2078" name="/newroot/364/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  459.912897][    C1] net_ratelimit: 10 callbacks suppressed
[  459.912909][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  459.988236][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  460.013233][T13483] netlink: 'syz.9.2081': attribute type 1 has an invalid length.
[  460.015785][T13483] netlink: 224 bytes leftover after parsing attributes in process `syz.9.2081'.
[  460.228025][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  460.398100][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  460.509950][T13498] input: syz1 as /devices/virtual/input/input33
[  460.636716][T13502] bridge0: port 3(syz_tun) entered blocking state
[  460.640250][T13502] bridge0: port 3(syz_tun) entered disabled state
[  460.642658][T13502] syz_tun: entered allmulticast mode
[  460.646719][T13502] syz_tun: entered promiscuous mode
[  460.649362][T13502] bridge0: port 3(syz_tun) entered blocking state
[  460.651460][T13502] bridge0: port 3(syz_tun) entered forwarding state
[  460.654949][T13502] netlink: 'syz.4.2084': attribute type 10 has an invalid length.
[  460.657811][T13502] bridge0: port 3(syz_tun) entered disabled state
[  460.659936][T13502] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.662283][T13502] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.673836][T13502] bridge0: port 3(syz_tun) entered blocking state
[  460.675930][T13502] bridge0: port 3(syz_tun) entered forwarding state
[  460.678123][T13502] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.680316][T13502] bridge0: port 2(bridge_slave_1) entered forwarding state
[  460.682637][T13502] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.684826][T13502] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.695993][T13502] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  460.701349][T13502] FAULT_INJECTION: forcing a failure.
[  460.701349][T13502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  460.705971][T13502] CPU: 3 UID: 0 PID: 13502 Comm: syz.4.2084 Not tainted syzkaller #0 PREEMPT(full) 
[  460.705994][T13502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  460.706002][T13502] Call Trace:
[  460.706006][T13502]  <TASK>
[  460.706010][T13502]  dump_stack_lvl+0x16c/0x1f0
[  460.706032][T13502]  should_fail_ex+0x512/0x640
[  460.706052][T13502]  _copy_from_iter+0x29f/0x1720
[  460.706066][T13502]  ? __alloc_skb+0x200/0x380
[  460.706083][T13502]  ? __pfx__copy_from_iter+0x10/0x10
[  460.706109][T13502]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  460.706133][T13502]  netlink_sendmsg+0x829/0xdd0
[  460.706155][T13502]  ? __pfx_netlink_sendmsg+0x10/0x10
[  460.706174][T13502]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  460.706190][T13502]  ____sys_sendmsg+0xa95/0xc70
[  460.706204][T13502]  ? __pfx_____sys_sendmsg+0x10/0x10
[  460.706216][T13502]  ? get_compat_msghdr+0x11a/0x170
[  460.706239][T13502]  ___sys_sendmsg+0x134/0x1d0
[  460.706257][T13502]  ? __pfx____sys_sendmsg+0x10/0x10
[  460.706281][T13502]  ? find_held_lock+0x2b/0x80
[  460.706302][T13502]  __sys_sendmsg+0x16d/0x220
[  460.706320][T13502]  ? __pfx___sys_sendmsg+0x10/0x10
[  460.706343][T13502]  ? rcu_is_watching+0x12/0xc0
[  460.706358][T13502]  __do_fast_syscall_32+0x7c/0x300
[  460.706370][T13502]  do_fast_syscall_32+0x32/0x80
[  460.706380][T13502]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  460.706400][T13502] RIP: 0023:0xf70fe579
[  460.706409][T13502] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  460.706421][T13502] RSP: 002b:00000000f54ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  460.706432][T13502] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240
[  460.706439][T13502] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  460.706446][T13502] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  460.706453][T13502] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  460.706459][T13502] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  460.706473][T13502]  </TASK>
[  460.948064][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  461.028195][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  461.247325][ T6031] usb 14-1: new high-speed USB device number 16 using dummy_hcd
[  461.279863][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  461.408168][ T6031] usb 14-1: Using ep0 maxpacket: 16
[  461.413593][ T6031] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  461.423922][ T6031] usb 14-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  461.426852][ T6031] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.428081][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  461.429671][ T6031] usb 14-1: Product: syz
[  461.433816][ T6031] usb 14-1: Manufacturer: syz
[  461.435362][ T6031] usb 14-1: SerialNumber: syz
[  461.442206][ T6031] usb 14-1: config 0 descriptor??
[  461.454523][ T6031] em28xx 14-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  461.458824][ T6031] em28xx 14-1:0.0: DVB interface 0 found: bulk
[  461.684816][T13519] 9pnet_virtio: no channels available for device syz
[  461.970949][T13521] lo speed is unknown, defaulting to 1000
[  461.998024][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  462.068072][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  462.105266][   T46] Bluetooth: hci2: Frame reassembly failed (-84)
[  462.181280][ T6031] em28xx 14-1:0.0: unknown em28xx chip ID (0)
[  462.253668][ T6031] em28xx 14-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  462.256248][ T6031] em28xx 14-1:0.0: board has no eeprom
[  462.328261][ T6031] em28xx 14-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  462.382180][T13511] em28xx 14-1:0.0: writing to i2c device at 0x8 failed (error=-5)
[  462.435730][ T6031] em28xx 14-1:0.0: dvb set to bulk mode.
[  462.437589][ T6025] em28xx 14-1:0.0: Binding DVB extension
[  462.445076][ T6031] usb 14-1: USB disconnect, device number 16
[  462.447515][ T6031] em28xx 14-1:0.0: Disconnecting em28xx
[  462.466352][ T6025] em28xx 14-1:0.0: Registering input extension
[  462.469368][ T6031] em28xx 14-1:0.0: Closing input extension
[  462.477317][ T6031] em28xx 14-1:0.0: Freeing device
[  462.503504][T13542] /dev/nullb0: Can't open blockdev
[  462.772020][T13551] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2101'.
[  463.057032][ T1465] usb 52-1: device descriptor read/8, error -110
[  463.459208][ T1465] usb usb52-port1: attempt power cycle
[  463.608331][ T6031] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  463.758201][ T6031] usb 9-1: Using ep0 maxpacket: 16
[  463.762324][ T6031] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 64
[  463.769226][ T6031] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  463.772976][ T6031] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.776293][ T6031] usb 9-1: Product: syz
[  463.778103][ T6031] usb 9-1: Manufacturer: syz
[  463.780697][ T6031] usb 9-1: SerialNumber: syz
[  463.786900][ T6031] usb 9-1: config 0 descriptor??
[  463.797102][ T6031] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  463.801032][ T6031] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  464.018620][ T1465] usb usb52-port1: unable to enumerate USB device
[  464.148168][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  464.148190][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  464.514229][ T6031] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  464.572528][ T6031] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  464.575156][ T6031] em28xx 9-1:0.0: board has no eeprom
[  464.638094][ T6031] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  464.640883][ T6031] em28xx 9-1:0.0: dvb set to bulk mode.
[  464.644146][ T6025] em28xx 9-1:0.0: Binding DVB extension
[  464.647538][ T6031] usb 9-1: USB disconnect, device number 13
[  464.652624][ T6031] em28xx 9-1:0.0: Disconnecting em28xx
[  464.679482][ T6025] em28xx 9-1:0.0: Registering input extension
[  464.681912][ T6031] em28xx 9-1:0.0: Closing input extension
[  464.695002][ T6031] em28xx 9-1:0.0: Freeing device
[  465.108046][    C1] net_ratelimit: 10 callbacks suppressed
[  465.108058][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  465.121898][T13599] input: syz1 as /devices/virtual/input/input36
[  465.188095][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  465.188760][T13600] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(5)
[  465.192892][T13600] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  465.195998][T13600] vhci_hcd vhci_hcd.0: Device attached
[  465.292603][T13604] netlink: 'syz.7.2119': attribute type 10 has an invalid length.
[  465.297286][T13604] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.299616][T13604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  465.301925][T13604] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.304081][T13604] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.309770][T13604] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  465.428092][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  465.532425][T13602] vhci_hcd: connection closed
[  465.535517][   T12] vhci_hcd: stop threads
[  465.538518][   T12] vhci_hcd: release socket
[  465.540060][   T12] vhci_hcd: disconnect device
[  465.568287][ T1465] usb 56-1: enqueue for inactive port 0
[  465.570978][   T40] audit: type=1326 audit(1758943613.707:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13610 comm="syz.2.2122" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f12579 code=0x0
[  465.588108][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  465.730097][T13614] block nbd2: shutting down sockets
[  465.743210][T13613] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  466.059804][ T1465] usb usb56-port1: attempt power cycle
[  466.132461][   T46] Bluetooth: hci2: Frame reassembly failed (-84)
[  466.148121][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  466.238195][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  466.478030][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  466.480785][   T40] audit: type=1804 audit(1758943614.617:657): pid=13626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2127" name="/newroot/272/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  466.611841][T13628] netlink: 'syz.2.2128': attribute type 1 has an invalid length.
[  466.614259][T13628] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2128'.
[  466.628036][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  466.691296][ T1465] usb usb56-port1: unable to enumerate USB device
[  467.198037][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  467.268113][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  467.380405][T13632] /dev/nullb0: Can't open blockdev
[  467.542288][   T40] audit: type=1804 audit(1758943615.677:658): pid=13638 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2132" name="/newroot/275/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  468.158183][ T5983] Bluetooth: hci2: command 0x1003 tx timeout
[  468.158430][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  468.359509][T13644] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  468.400801][T13646] tmpfs: Unknown parameter 'm'
[  468.513962][   T40] audit: type=1804 audit(1758943616.647:659): pid=13648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2136" name="/newroot/375/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  468.833443][T13660] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  468.872988][T13654] lo speed is unknown, defaulting to 1000
[  469.125326][T13653] lo speed is unknown, defaulting to 1000
[  469.168368][T13660] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  469.440894][   T40] audit: type=1804 audit(1758943617.577:660): pid=13665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.2139" name="/newroot/272/file0/file0" dev="9p" ino=71827827 res=1 errno=0
[  469.485491][T13660] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  470.318038][    C1] net_ratelimit: 10 callbacks suppressed
[  470.318056][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  470.388130][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  470.565194][   T40] audit: type=1804 audit(1758943618.697:661): pid=13685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.2147" name="/newroot/274/file1" dev="fuse" ino=1 res=1 errno=0
[  470.572716][   T40] audit: type=1800 audit(1758943618.697:662): pid=13685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.2147" name="/" dev="fuse" ino=1 res=0 errno=0
[  470.628112][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  470.688635][T13688] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  470.691314][T13688] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  470.695871][T13688] vhci_hcd vhci_hcd.0: Device attached
[  470.795724][T13692] tmpfs: Unknown parameter 'm'
[  470.799054][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  471.028532][ T7484] usb 46-1: SetAddress Request (40) to port 0
[  471.031055][ T7484] usb 46-1: new SuperSpeed USB device number 40 using vhci_hcd
[  471.144175][T13702] netlink: 'syz.2.2152': attribute type 1 has an invalid length.
[  471.147078][T13702] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2152'.
[  471.234558][T13689] vhci_hcd: connection reset by peer
[  471.318445][   T46] vhci_hcd: stop threads
[  471.329190][   T46] vhci_hcd: release socket
[  471.342216][   T46] vhci_hcd: disconnect device
[  471.358106][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  471.438185][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  471.588080][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  471.620535][T13705] tmpfs: Unknown parameter 'm'
[  471.668117][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  471.828045][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  472.065825][T13712] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2155'.
[  472.114044][T13710] /dev/nullb0: Can't open blockdev
[  472.388104][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  472.426036][T13723] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  472.428471][T13723] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  472.431709][T13723] vhci_hcd vhci_hcd.0: Device attached
[  472.478366][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  473.092992][T13724] vhci_hcd: connection closed
[  473.093662][   T12] vhci_hcd: stop threads
[  473.099638][   T12] vhci_hcd: release socket
[  473.101743][   T12] vhci_hcd: disconnect device
[  473.255401][   T12] Bluetooth: hci2: Frame reassembly failed (-84)
[  474.027091][T13737] netlink: 'syz.4.2163': attribute type 1 has an invalid length.
[  474.030343][T13737] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2163'.
[  474.948563][T13744] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2165'.
[  475.151005][T13752] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2166'.
[  475.210632][T13758] /dev/nullb0: Can't open blockdev
[  475.268125][   T63] Bluetooth: hci2: command 0x1003 tx timeout
[  475.268169][ T5975] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  475.321869][T13761] block nbd9: shutting down sockets
[  475.330127][T13761] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  475.339799][T13752] lo speed is unknown, defaulting to 1000
[  475.378154][ T6004] usb 12-1: new high-speed USB device number 23 using dummy_hcd
[  475.508051][    C1] net_ratelimit: 10 callbacks suppressed
[  475.508094][    C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  475.550762][ T6004] usb 12-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  475.553524][ T6004] usb 12-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  475.556652][ T6004] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 66
[  475.569813][ T6004] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  475.577161][ T6004] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  475.587066][ T6004] usb 12-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  475.588117][    C3] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  475.596887][ T6004] usb 12-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  475.602690][ T6004] usb 12-1: Product: syz
[  475.605201][ T6004] usb 12-1: Manufacturer: syz
[  475.614292][ T6004] cdc_wdm 12-1:1.0: skipping garbage
[  475.616542][ T6004] cdc_wdm 12-1:1.0: skipping garbage
[  475.621003][ T6004] cdc_wdm 12-1:1.0: cdc-wdm0: USB WDM device
[  475.623075][ T6004] cdc_wdm 12-1:1.0: Unknown control protocol
[  475.838024][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  475.871949][T13755] (unnamed net_device) (uninitialized): peer notification delay (512) is not a multiple of miimon (5), value rounded to 510 ms
[  475.896124][T13769] netlink: 'syz.4.2173': attribute type 1 has an invalid length.
[  475.899613][T13769] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2173'.
[  475.954397][ T6031] usb 12-1: USB disconnect, device number 23
[  475.988296][    C2] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  476.053646][T13774] ------------[ cut here ]------------
[  476.056335][T13774] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 2 MHz (9)
[  476.062906][T13774] WARNING: CPU: 1 PID: 13774 at drivers/net/wireless/virtual/mac80211_hwsim.c:2651 mac80211_hwsim_sta_rc_update+0x60b/0x850
[  476.066965][T13774] Modules linked in:
[  476.068710][T13774] CPU: 1 UID: 0 PID: 13774 Comm: syz.2.2175 Not tainted syzkaller #0 PREEMPT(full) 
[  476.072924][T13774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  476.076262][T13774] RIP: 0010:mac80211_hwsim_sta_rc_update+0x60b/0x850
[  476.078504][T13774] Code: 8b 44 24 20 89 da 48 c7 c7 60 44 6c 8c 44 8b 89 b8 01 00 00 41 54 48 8d b0 72 04 00 00 41 55 44 8b 44 24 14 e8 26 4a 67 fa 90 <0f> 0b 90 90 58 5a e9 36 fc ff ff e8 b5 4f a8 fa e8 f0 18 7f 04 31
[  476.084495][T13774] RSP: 0018:ffffc9000393f178 EFLAGS: 00010282
[  476.086390][T13774] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9002ae98000
[  476.089017][T13774] RDX: 0000000000080000 RSI: ffffffff817a0305 RDI: 0000000000000001
[  476.091464][T13774] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
[  476.093910][T13774] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000009
[  476.096370][T13774] R13: 0000000000000002 R14: ffff88804ea79080 R15: ffff8880240230a0
[  476.099126][T13774] FS:  0000000000000000(0000) GS:ffff8880975b9000(0063) knlGS:00000000f5406b40
[  476.102405][T13774] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  476.104536][T13774] CR2: 0000000080001080 CR3: 0000000064bd0000 CR4: 0000000000352ef0
[  476.107032][T13774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  476.109578][T13774] DR3: 00000000e08e120c DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  476.112055][T13774] Call Trace:
[  476.113107][T13774]  <TASK>
[  476.114056][T13774]  mac80211_hwsim_sta_add+0xc9/0x2c0
[  476.115723][T13774]  ? __pfx_mac80211_hwsim_sta_add+0x10/0x10
[  476.117577][T13774]  drv_sta_state+0xa08/0x1940
[  476.119188][T13774]  sta_info_insert_rcu+0xc8d/0x1b70
[  476.120872][T13774]  sta_info_insert+0x16/0xd0
[  476.122333][T13774]  ieee80211_add_station+0x46d/0x6c0
[  476.124003][T13774]  nl80211_new_station+0x14ff/0x1c90
[  476.125645][T13774]  ? __pfx_nl80211_new_station+0x10/0x10
[  476.127419][T13774]  ? nl80211_pre_doit+0x1b0/0xb10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  476.129081][T13774]  genl_family_rcv_msg_doit+0x206/0x2f0
[  476.130905][T13774]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  476.132813][T13774]  ? bpf_lsm_capable+0x9/0x10
[  476.134288][T13774]  ? security_capable+0x7e/0x260
[  476.135853][T13774]  ? ns_capable+0xd7/0x110
[  476.137268][T13774]  genl_rcv_msg+0x55c/0x800
[  476.139239][T13774]  ? __pfx_genl_rcv_msg+0x10/0x10
[  476.141366][T13774]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  476.143574][T13774]  ? __pfx_nl80211_new_station+0x10/0x10
[  476.145406][T13774]  ? __pfx_nl80211_post_doit+0x10/0x10
[  476.147215][T13774]  netlink_rcv_skb+0x155/0x420
[  476.148907][T13774]  ? __pfx_genl_rcv_msg+0x10/0x10
[  476.150625][T13774]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  476.152176][T13774]  ? netlink_deliver_tap+0x1ae/0xd30
[  476.153793][T13774]  genl_rcv+0x28/0x40
[  476.155050][T13774]  netlink_unicast+0x5aa/0x870
[  476.156567][T13774]  ? __pfx_netlink_unicast+0x10/0x10
[  476.158439][T13774]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  476.160343][T13774]  netlink_sendmsg+0x8d1/0xdd0
[  476.161858][T13774]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.163628][T13774]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  476.165600][T13774]  ____sys_sendmsg+0xa95/0xc70
[  476.167226][T13774]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.169012][T13774]  ? get_compat_msghdr+0x11a/0x170
[  476.170691][T13774]  ? __pfx_futex_wake_mark+0x10/0x10
[  476.172615][T13774]  ___sys_sendmsg+0x134/0x1d0
[  476.174610][T13774]  ? __pfx____sys_sendmsg+0x10/0x10
[  476.176749][T13774]  ? find_held_lock+0x2b/0x80
[  476.178796][T13774]  __sys_sendmsg+0x16d/0x220
[  476.180844][T13774]  ? __pfx___sys_sendmsg+0x10/0x10
[  476.183052][T13774]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  476.185508][T13774]  ? rcu_is_watching+0x12/0xc0
[  476.187613][T13774]  __do_fast_syscall_32+0x7c/0x300
[  476.189834][T13774]  do_fast_syscall_32+0x32/0x80
[  476.191967][T13774]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  476.194276][T13774] RIP: 0023:0xf7f12579
[  476.195634][T13774] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  476.203218][T13774] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  476.206517][T13774] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080001080
[  476.209772][T13774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  476.213130][T13774] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  476.216291][T13774] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  476.219477][T13774] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  476.222619][T13774]  </TASK>
[  476.223880][T13774] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  476.226752][T13774] CPU: 1 UID: 0 PID: 13774 Comm: syz.2.2175 Not tainted syzkaller #0 PREEMPT(full) 
[  476.230469][T13774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  476.234702][T13774] Call Trace:
[  476.236063][T13774]  <TASK>
[  476.237251][T13774]  dump_stack_lvl+0x3d/0x1f0
[  476.239100][T13774]  vpanic+0x6e8/0x7a0
[  476.240718][T13774]  ? __pfx_vpanic+0x10/0x10
[  476.242554][T13774]  ? mac80211_hwsim_sta_rc_update+0x60b/0x850
[  476.244915][T13774]  panic+0xca/0xd0
[  476.246161][T13774]  ? __pfx_panic+0x10/0x10
[  476.247639][T13774]  check_panic_on_warn+0xab/0xb0
[  476.249237][T13774]  __warn+0xf6/0x3c0
[  476.250525][T13774]  ? mac80211_hwsim_sta_rc_update+0x60b/0x850
[  476.252437][T13774]  report_bug+0x3c3/0x580
[  476.253843][T13774]  ? mac80211_hwsim_sta_rc_update+0x60b/0x850
[  476.255773][T13774]  handle_bug+0x184/0x210
[  476.257161][T13774]  exc_invalid_op+0x17/0x50
[  476.258607][T13774]  asm_exc_invalid_op+0x1a/0x20
[  476.260165][T13774] RIP: 0010:mac80211_hwsim_sta_rc_update+0x60b/0x850
[  476.262262][T13774] Code: 8b 44 24 20 89 da 48 c7 c7 60 44 6c 8c 44 8b 89 b8 01 00 00 41 54 48 8d b0 72 04 00 00 41 55 44 8b 44 24 14 e8 26 4a 67 fa 90 <0f> 0b 90 90 58 5a e9 36 fc ff ff e8 b5 4f a8 fa e8 f0 18 7f 04 31
[  476.268522][T13774] RSP: 0018:ffffc9000393f178 EFLAGS: 00010282
[  476.270705][T13774] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9002ae98000
[  476.273790][T13774] RDX: 0000000000080000 RSI: ffffffff817a0305 RDI: 0000000000000001
[  476.276928][T13774] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000
[  476.280037][T13774] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000009
[  476.283191][T13774] R13: 0000000000000002 R14: ffff88804ea79080 R15: ffff8880240230a0
[  476.286339][T13774]  ? __warn_printk+0x1a5/0x350
[  476.288287][T13774]  ? mac80211_hwsim_sta_rc_update+0x60a/0x850
[  476.290706][T13774]  mac80211_hwsim_sta_add+0xc9/0x2c0
[  476.292823][T13774]  ? __pfx_mac80211_hwsim_sta_add+0x10/0x10
[  476.295175][T13774]  drv_sta_state+0xa08/0x1940
[  476.297066][T13774]  sta_info_insert_rcu+0xc8d/0x1b70
[  476.299138][T13774]  sta_info_insert+0x16/0xd0
[  476.301011][T13774]  ieee80211_add_station+0x46d/0x6c0
[  476.303133][T13774]  nl80211_new_station+0x14ff/0x1c90
[  476.305238][T13774]  ? __pfx_nl80211_new_station+0x10/0x10
[  476.307487][T13774]  ? nl80211_pre_doit+0x1b0/0xb10
[  476.309514][T13774]  genl_family_rcv_msg_doit+0x206/0x2f0
[  476.311373][T13774]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  476.313408][T13774]  ? bpf_lsm_capable+0x9/0x10
[  476.314937][T13774]  ? security_capable+0x7e/0x260
[  476.316708][T13774]  ? ns_capable+0xd7/0x110
[  476.318590][T13774]  genl_rcv_msg+0x55c/0x800
[  476.320477][T13774]  ? __pfx_genl_rcv_msg+0x10/0x10
[  476.322327][T13774]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  476.324548][T13774]  ? __pfx_nl80211_new_station+0x10/0x10
[  476.326916][T13774]  ? __pfx_nl80211_post_doit+0x10/0x10
[  476.329232][T13774]  netlink_rcv_skb+0x155/0x420
[  476.331095][T13774]  ? __pfx_genl_rcv_msg+0x10/0x10
[  476.332699][T13774]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  476.334369][T13774]  ? netlink_deliver_tap+0x1ae/0xd30
[  476.336198][T13774]  genl_rcv+0x28/0x40
[  476.337835][T13774]  netlink_unicast+0x5aa/0x870
[  476.339900][T13774]  ? __pfx_netlink_unicast+0x10/0x10
[  476.342208][T13774]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  476.344756][T13774]  netlink_sendmsg+0x8d1/0xdd0
[  476.346753][T13774]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.348958][T13774]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  476.351053][T13774]  ____sys_sendmsg+0xa95/0xc70
[  476.353014][T13774]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.355146][T13774]  ? get_compat_msghdr+0x11a/0x170
[  476.357259][T13774]  ? __pfx_futex_wake_mark+0x10/0x10
[  476.359424][T13774]  ___sys_sendmsg+0x134/0x1d0
[  476.361417][T13774]  ? __pfx____sys_sendmsg+0x10/0x10
[  476.363619][T13774]  ? find_held_lock+0x2b/0x80
[  476.365569][T13774]  __sys_sendmsg+0x16d/0x220
[  476.367542][T13774]  ? __pfx___sys_sendmsg+0x10/0x10
[  476.369639][T13774]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  476.371840][T13774]  ? rcu_is_watching+0x12/0xc0
[  476.373520][T13774]  __do_fast_syscall_32+0x7c/0x300
[  476.375168][T13774]  do_fast_syscall_32+0x32/0x80
[  476.376764][T13774]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  476.378862][T13774] RIP: 0023:0xf7f12579
[  476.380540][T13774] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  476.388374][T13774] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  476.391746][T13774] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080001080
[  476.394922][T13774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  476.398155][T13774] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  476.401405][T13774] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  476.404640][T13774] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  476.407902][T13774]  </TASK>
[  476.409928][T13774] Kernel Offset: disabled
[  476.411492][T13774] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:27:04  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffffff8e5c1360 RCX=0000000000000002 RDX=0000000000000000
RSI=0000000000000000 RDI=ffffffff8e5c1360 RBP=0000000000000002 RSP=ffffc9000106f8a8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8b91e3a0 RFL=00000283 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974b9000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c427870 CR3=000000004c273000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000e08e920c 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73d5ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561eca5 RDI=ffffffff9b103780 RBP=ffffffff9b103740 RSP=ffffc9000393eae0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000049 R14=ffffffff9b103740 R15=ffffffff8561ec40
RIP=ffffffff8561eccf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975b9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001080 CR3=0000000064bd0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000e08e120c 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000a1d RBX=ffff888023b2d370 RCX=00000000f7cab098 RDX=0000000000000000
RSI=ffff888023b2d398 RDI=ffff888023b2d370 RBP=0000000000000000 RSP=ffffc9000346f5f8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffff888023b2d398 R13=ffff888023b2c880 R14=0000000000000001 R15=0000000000000001
RIP=ffffffff8196ecc3 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976b9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000005658f99c CR3=000000005e748000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffffc900046bf4c8 RCX=0000000000000000 RDX=0000000000000060
RSI=0000000000000000 RDI=ffffc900046bf438 RBP=ffff888053602440 RSP=ffffc900046bf3e0
R8 =0000000000000001 R9 =0000000000000000 R10=ffffc900046bf438 R11=0000000000000001
R12=0000000000000000 R13=ffffc900046bf4f8 R14=ffffc900046bf438 R15=ffffc900046bf460
RIP=ffffffff8b91ee96 RFL=00000247 [---Z-PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977b9000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001000 CR3=000000005e748000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000