last executing test programs:

8.158864428s ago: executing program 2 (id=2615):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8000, &(0x7f0000006680))
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="b3", 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5)
pwritev2(r5, 0x0, 0x0, 0x2, 0x1, 0x10)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, 0x0)
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000080)=0x4, 0x4)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040)=<r6=>0xffffffffffffffff, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58)
pidfd_getfd(r6, r6, 0x0)
membarrier(0x2, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r8, r9, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0xd7e, &(0x7f0000000380)=ANY=[@ANYBLOB="bbc5f3bdc430000000000000080045000d700002000000119078000000000000000000004e200d5c90780400000007740000fdffffffffffffff9c67524ed6ed152d4f775bbc411126513b67aa2818e6f3aeb55bee6ae1049f195705bc8bd9b1085cd41af77353267df8a1d4cecdb01908186ea04e641c89a2ee0432e9c0894a8d7aff0c865e96548d507f048f907320b0f8b1e83b5f1425b63ad9c6adfd09578bbda92c9bd8f57d6efd752a6f20487ebea241d612212e3ccb077a5150c08f56aed6ee45acd4439043886b78cc5562b00bc57cf509d90b02a7bc86919f1b882f556e6aac5e9b93ee545b2b68bd014e2a49c332432ef4adeb61ac418aa4e20ee299f1a8b7a72e985223996b11a8913f3b1c23b10f88c3de28660457a37126fd3b6394536da0cd962f532ff22c496e1df4ffe049b193514c02571399d3618383a287068f4f15d51d1781cc0bc2af66ddc68135bfd33634e1a75be80630ce76ef79c86c9abb2fdc6d84367ea10fd8a6ee3c99eaec83c66bf5ffce6eb5ccc2546b6df905ff1aea223029ba2f7eb2469c5b8637b79347361f8cf0fa9d58a039e7811f343961b22c23d68b2c04eb8b5aeee7c6f71ce95cab886bf2694e0643d18761043e2d1dcb8ce0bdd15817a75f591b05146424797f729689e2a7bd53cb6c02fd15c339057c714794b407b342d12e69ec383b6ea6c99f845d04fd5128203c78a388fb0a1caf1f725f7636eb41e415951f8284a9c475760eb9312f7d6307037d472fbda509d56a0cf8e36d44f3f0b67fabdd2842ab4241cbfc7d309188d3a634129a13bfcac3b39b75d46bed585550ff7b41746dfd7e0f0c8a25e9f39deb7e2a4f0e068b86c6593b3b37838d2809eef3eb2f3120fde2fe3e9fef4e4bea1ddf3d17c40f753b37baaa110a8b4ad805d500e0235e9371b828993da25c5697d1001c8971b3862eef047730b242350403c851cd74cdea94501c0e2875a5830aa71733a0f022cb37e1cfffaee8eb0a23d51181a0691dadcd6b30a86a5fbf5c499120e265938f6430ffde09eb173327c2e25bdf22ae0d742141db856c4beee07af0ce37c078f6e59b41a29502cc01737c984185f6622a3ce02ed04daf2a7eb03c92a5a5ecce5973ef704aba9efcb99bf52f5c662d52f4399a13af760f9f9ff3d5930c3fae014b92ee0aded4ba51d95cf946d5f55f5b5d4603f8b76087d681ad77fc385fe114331c24a4ada85eaebf5405467dbe656b31b79a0f893864a13bda309a2fec2f4fc4858d9daf946df31f4077338bfc3116a45827ce8907ad691d241d3a8859a3672aeee3878e45b0be6f68194638dee30ba6735a6424e51f8b9a4965d37ab7ca96e167a5c32c8a935ff34693e24d067039db0f4ffe4dc5fe7c56a0d6e52a7cef9a6f1cc8b88d61d2258e3e0e8f2d7b699d4a22ab661f6afae5b48cc8fbc9ddfe57e76f274e65b210994fd96cd4deb6fdb795df4147ca0d876b1b08b64d20a28a358f48086c0f8d1f0741260f95adabba51f2d3f36107d49d46ba0c666232597bf08bfab60b5a432a1652e2c503fcf977ea6ff15c8e8f3bd9b7a3017c36be787d5a6579f5236b17d7bdc2c3918d9257e266bdf7929bb366d98d2b225c08c3c5ed22113b8c051c811bd1e52ecbe619dbc9579270c7cf69ac129e84a7141e689d9745d56e1cda6affdc1856757a6e39039b17d5286cf393186b99b20c54987087ece9972c39b4a05f1ca218c35254c666e7fcb7df4aa401cc79e1aade63732064ca80af164709a85fcf8ac72fa5ace60aa04d2ee0d5f051cb032f7c25100facb7ec1c247812b0de4f1c3c1ab98f904d9752cc427bc0445d8e27b51d5a8084087ea61f82ccc1114679f673753eddc7cfc00ba7e25db3391579ecdf638ab73078133e49b522d3d16bf2ebd06e7cefc24154088965ad3c9291c68f19f7cdd2943abc716ecf0b33fe249108da2b1f9abdbcb4dba89746a8c5711a41556efe5537327e253bd9ac68dc56516392292152b86ef118e25cac4e3c7c2b20bbc5bbc2d825c8dc14e9807aa6a423fdebfa7deee913c8f9f58bd967d43af1d65dc5ce72b2cd1a17ce34facd199bf2c62beeb752d156d6f31ea0323bc3ec0500587c485d8141f5b5ac81457df9396fbf98222212ef70527b6ed8d6e4d11156c8ecaee4692e068a72cb3b12686436028a7297956c48ee8fc393907edd3695fddbb786808c0a48182e3334e73fedcef0ee1bfbb13dce8a79b8822fd1ca0ed645f64d134c240844be5a7ac3aa15419ae79e7b1d721ae5abe1b0896c6189f23b65d79f5c3677b89f40aceff98dfca244a160dff264a2b14a3774064e1152fe0cabfc23e3e16dba5f46ea6af09fb3b8529022837c7e9303e3ecd0170fcc0e6fb0f3981d9f8f838412eae1a3dd13b7a980a642739e8abebed29db34c06460f09e27ddba1ed76b4ac6290235f6f81fcd3eb12af9821575b050aaf80d5c6c695807f7480f24e4bc0159744f9045a2d37574508d7e687482f775d0a4c471c4914e6a64b0d444037407b8d079751ddf4b14ed0ee6f1e622952a331a1a147f3a805fb7ca29c3c7feb2dddd0db795ac0ca327d95b19ff37bd8d553703014e5137f8c41b947d199f95f245d3354f9679876db736da5cfbd7cb9f80a12e50c895b999b670c9e161aa12e82c79d98fed5017e11674158a2f258ecc7c550f10dee6bb9d159316c567e3973e8aa30f157f6d30f239877021e7161c0a93c7b6bedccc7a3d8c9313f6f860d33ae0c162236853ae29d7a619bc306998e51c5d91a73475119a648700fbf3a41701ef87b440b83573a44339aea5806c0883470613e38baa518466dee2c671d96768f8d842feb5a812ea3ecd1e307a913a1032f06af2656b0a969b38366c39ca149205540391f36c897efb80aa43707c12e21544386fc232a45c9eb40a64c35edd4db20bd4970d642c0c2a0ee43ce8bf4d1bd84b3c3fa198cfc8d1f83960a1c3cd85a164926dc962a9078c5b079e0f4bb0b4e94b0aec3d13e7c47edc936927da2e6e7fe9485b0489bc4fdd1699611aeb00d767057602b8e53dfb4a6651c0f2873e5f60fdd7e2542d6aba79f491f87522f77427323e87386c89e1df9dd6e4f32be85c9eefbd6e6b177dda7dd63d2bb8df828185aedc7aba2e6c3d4d9df393b203c1147f005860a6dd44dbcebead0eeb29fe3216930ef4a5994a93851df960d3be82d4294b64ba8295a59d099fd10afe39c2a79727a5447fa27909d53df6a00a63897261619e853036a6852e95ac6da62276007f2f3f386267cd8a0d136e645247e76db84e466e56ba42618b4fdef3e6d8c48dae5d03e1e369cd74042146e361cd6b4e654c8adc75446c454d3275a7d91646c4fb721966df9df3f761f10bebd212bfc87db9c48ffa0c6efcb17db3955f4a6f58919a036cda4f0a0c07a7306d2909adeeb474bd0bbec58865c4a5804108a014838673ff26438c162ec61e71bb880b154d475c71d500bfda3128b9fac2bccecb790dbd3075f424b1244f111c7eb5cbb7af0b6f3ec9cac20f82b1631822b940c03d697e213747627a5a7ed57414f2826888e515b88e61e69b742b053fe086ffc916abe00a41870cd332201d96c96bd174b369094b0da81ddc50affefa3709a358a5c00308d30a41d10b1c3f91a011bd246588336ff76dd60c10c3bbc8eec06adb3e73cc21d218b83eb9306e0650dd4e41bd65e15bb99a0653fc312251c174abed9e3ed04ef0378feaf78d839ebf61fda85c290f140cd3690cff881c348c57f504c50ca61986b29e58fdb0cbe276e42c982154762110c0f65b240aebe4291c66157629f0a45ea48e8e6a5dfe062214d635c5f828d1c888ec83a279ddac80f748c00e984248bef8e884590dcc1322aceb2d3b525618450fa0649e4ae8722769c6a32eb47161f7bf08bd59f903240ab9f790313b41607554b21ce45f10cde937f9f68fbb23ace0eaebd86b1201ea230c7f4c57f6594e655904db2a6d3d294f98fe630a524573f52c145b19eea382bc3adac7c7b62863bfa04f2d9fb9b93e7cda0fff4af897281580b879912ebd2c9c9d433ef479e886a477ce4538590179049aaff5e8e51b25db6c0300393a37c25c350e1e4effdd657f26de15199d39e134d1e7fe278b68377674a0e31a12e67096d44f62bd0353147041050fe44d9fbfc95fa8aa368e5868148a9e7a6f5551cf55f677b48ac2b4cd29a300d3cb9cd3a5ef486b9b3138018fb1568ce3f59385b98e93b7113dc85cd242bb57e545d6c151727d1c33ced565b2e29419bc6c458b45ab2107a55793618d20bd476e81ff79543cbace7b26a53a67a3f17ad0e2f2c0cc55f45d374ddc3cf8ada0c52cf1251cc4a6e1c7e84a1536cf328a0a392a3b79bbef1b40ad6e69811f3ec73b971c7cf6d64bfd0b183135d76fbb121aa99c753dce310f3288d460a1158a0c1c2ca4a66eadb38c6669dae4742a1da14b007555ffdae4e60f535ee23018dde93863b028346edc0f8da3ee5208b06fb107e921492ed9f2f2064d865afb5f955c80b1a6c5dbc540f1af7dd68925353d288fce304243f09d1791661027ea11f21ade9abb81a71343f1d405f35b01a504a99e08514f3b8307dce0b7c4305c0e531a538c6c11d8021183a87c2de3e1e384d114559601b948359f153d9845067683d8ef3dc75829a46211368ddf4837c021bf3ba1cc8005ab6902e094635f86f2f090851d5ac0af51c3aec46bdf9024ebe196351e2acd483f71821f033aa02d7bdee2fe987412bda115a5ce7f51dfdb78ce378485801fa10180339d3c5372a65cc46d2f0ef8ad3317062af5c243f81d920075e4874ea69081ba22d8be502422e973128c657da28f4f63d34919b5a4663544e244524263bae0a9a6c7455a16b5b86"], 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000000c0), 0x4)

7.204314037s ago: executing program 0 (id=2619):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000020c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x400, 0x0)
read$FUSE(r2, &(0x7f0000000080)={0x2020}, 0x2020)

7.054147429s ago: executing program 0 (id=2620):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000000)=0x2c, 0x4)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c)
r5 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x24b9)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_mr_vif\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x15ca, 0x0, 0x0, 0x40e00, 0x1}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="1802000001000000ff000000030000001800000003000049c3daad27d187eb75cbe8ae9b6ebd910000001a000400000095d2fb000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0xe, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2c62b2b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50)
ioctl$KVM_GET_XSAVE2(0xffffffffffffffff, 0x9000aecf, &(0x7f000026c000/0x4000)=nil)
pread64(r6, &(0x7f0000000140)=""/100, 0x64, 0x200)
pread64(r0, &(0x7f00000001c0)=""/200, 0xc8, 0x0)

6.842115828s ago: executing program 2 (id=2623):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd25, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x98, 0x80000001, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x19, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x1}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a300000000008000540"], 0xe0}}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x400000000001, 0x0)
getsockopt$sock_buf(r4, 0x1, 0x1a, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x6, 0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000400000000000000000000009400000000000000"], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x14eeaa19, &(0x7f00000000c0))
r8 = fsmount(r6, 0x0, 0x0)
openat$cgroup_subtree(r8, &(0x7f0000000100), 0x2, 0x0)

6.50013687s ago: executing program 2 (id=2625):
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x5, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc044560f, &(0x7f0000000380)=@mmap={0x0, 0x1, 0x4, 0x2, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2002)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0xbe, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045668, &(0x7f0000000100)=0x1)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x1414, 0x1, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_MSG_RING={0x28, 0x4, 0x0, r4, 0x1, &(0x7f0000000800)="d5ac20c200efab2a4ef4ec194b0103affdc410006634dde1fd23e2792496b4dfccaad3d6e38223b62077da85132d7d2a4fda7c24f56f0257079e6a2f81b9afb9c8c0aaea5eed4f545f7a869b1b59e8cd8b3f7fa85c909f9d9b49e4b6e5ed1c5735750692e7434145be2aeb570a54455036b9eae99cc162d2ed2c91a80a717760a1b4ad1217efcefd52bbc9d168860b904d32155948027373745f64d546843d13ecc89cd6be0d2983b21c33f96cfe36038d92ce331de5cf95799654803127066c8f73ebabccf84019bc4946c767c4609794f02d0ac8d669962121253b7288f15253", 0xe1, 0x0, 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'tunl0\x00'})
syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))

3.943806892s ago: executing program 3 (id=2633):
mmap(&(0x7f0000009000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x404, &(0x7f0000000100)={0x0, 0x7b51, 0x0, 0x1, 0x376}, &(0x7f0000000000), &(0x7f0000000300))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000000)={0x0, 0x5, 0x0, 0x3, 0x6}, &(0x7f0000000040)=0x18)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000003440)=""/4097, 0xfc9e}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x6)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006840)={0x2020, 0x0, <r4=>0x0}, 0x2020)
syz_fuse_handle_req(r3, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, r4}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x0, 0x0, 0xfffffffffffffffd}}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x81, 0x0, 0x0, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x10b}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x2, 0x0)
lseek(r5, 0x0, 0x3)
r6 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="0800d518a869e243a787ae4e7d26b57f020001000000bbfaa6c8a4b3d07f6c1f33800c00000052c35509d0df00908c072d0413ebc259a2e9e43c4c2de32def0443490ccc368a7ae03f01a4b37249f3a2df3a0bd6ca3ec905511058e2d5cd84d2e65a78"], 0x24}}, 0x8000)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001200), 0x101101, 0x0)
ioctl$TCSBRKP(r7, 0x5425, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSBRKP(r7, 0x5425, 0x80000000)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = syz_open_dev$media(&(0x7f0000000440), 0x585, 0x80cc0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r9, 0xc0487c04, &(0x7f0000000700)={0x0, 0x3, 0x0, &(0x7f0000000480)=[{}, {}, {}], 0x1, 0x0, &(0x7f0000000640)=[{}], 0x6, 0x0, &(0x7f0000000780)=[{}, {}, {}, {}, {}, {}], 0x1, 0x0, &(0x7f00000006c0)=[{}]})
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="1c000000520001002abd7000000000000a000000080001001600000037d3d4c2ed26eb1bf7e400f02a525c61be631314a0c52566e9657e4855571db88307b55ca74c17cbb636a6849fa969fbebd65ac766347bc62c0a1245077bae3a8e86385db37fc9b6e5f153909a3f1116547f9702"], 0x1c}, 0x1, 0x0, 0x0, 0x24000075}, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r8, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x900}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x40, 0x140f, 0x400, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'cm\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'cma\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'mad\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4094}, 0x20000490)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.796044321s ago: executing program 0 (id=2635):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044}, 0x40d0) (fail_nth: 3)

3.698775943s ago: executing program 0 (id=2636):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
getitimer(0x0, &(0x7f0000000040))
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r6, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
fsopen(&(0x7f0000000540)='jfs\x00', 0x1)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c00028008000500010000001400070000000000000000050000000000000001"], 0x74}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

3.580218489s ago: executing program 1 (id=2637):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f00000004c0)=""/139, &(0x7f0000000100)=0x8b)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000200)='geneve1\x00', 0x10)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r1 = memfd_secret(0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r2, r1, 0x2e, 0x4608, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r3, 0x4)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', r5, 0x0, 0x5}, 0x18)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
close_range(r4, 0xffffffffffffffff, 0x0)

3.360957171s ago: executing program 2 (id=2638):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
syz_emit_ethernet(0x85, &(0x7f0000000500)={@remote, @local, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0xbc, 0x0, "d3", "789c2222584e025ac76cc58949d62fdb20693d84327f438ad03e4853d2aad5879c3d465076e6692dc3462f0c6fb55b543566db8db2d09d3fd4a176436b04edadcc2251d87dc01143f4b980c088d2cf26591b8f51aa3c11336cd0b5bcf18843d2932bc1fe1002e09867cd43c03c9774b4"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x567, 0x865, 0x254]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000001340)=<r2=>0x0)
move_pages(r2, 0x0, &(0x7f0000001380), &(0x7f00000013c0)=[0x6], &(0x7f0000001400)=[0x0, 0x0], 0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000600)='\'', 0x1}], 0x1}, 0x81)
sendmmsg$inet(r4, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000700)={0x4, 0x0, [{0xd8, 0x4, 0x0, 0x0, @adapter={0x9, 0x4, 0x6cf, 0x1ff, 0x9}}, {0x8, 0x5, 0x1, 0x0, @irqchip={0x3, 0x200}}, {0x7fffffff, 0x4, 0x1, 0x0, @adapter={0x4, 0x7, 0x7ff, 0x3f9a, 0x6}}, {0x7, 0x3, 0x0, 0x0, @adapter={0xfffffffffffffffd, 0x9, 0x7, 0x7fffffff, 0x2}}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x509, 0x0, 0x0, {}, [@IFA_LOCAL={0x8}]}, 0x20}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f00000005c0)={{0xa, 0x1, 0x8a9c, 0x3, 'syz0\x00', 0x3}, 0x3, 0x2, 0x3, r2, 0x1, 0x8, 'syz0\x00', &(0x7f0000000240)=['/dev/sequencer\x00'], 0xf})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
creat(&(0x7f0000000040)='./file0\x00', 0x0)

3.179746748s ago: executing program 3 (id=2639):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000180)={0xfffc, [0xb04, 0xfffffffb], 0x3}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x97)

3.048019758s ago: executing program 3 (id=2640):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd, 0x0, 0xfffff05b}) (async)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000080)=0x1ff, 0x4) (async)
socket$netlink(0x10, 0x3, 0x8000000004)
r1 = socket$packet(0x11, 0x3, 0x300) (async)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'ip6gretap0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000180)="0b036800e0ff64000200", 0xa, 0x0, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (async)
unshare(0x6a040000) (async)
connect$inet6(0xffffffffffffffff, 0x0, 0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000000)=0x200000000) (async)
write$vhost_msg_v2(r5, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/177, 0xb1, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r5, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48) (async)
write$vhost_msg_v2(r5, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000000500)=""/141, 0x77, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r5, &(0x7f00000009c0)={0x2, 0x0, {&(0x7f00000007c0)=""/225, 0xe1, 0x0, 0x0, 0x2}}, 0x48) (async)
write$vhost_msg_v2(r5, &(0x7f00000006c0)={0x2, 0x0, {&(0x7f0000000600)=""/17, 0x11, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r5, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000440)=""/184, 0xfe53, 0x0, 0x3, 0x3}}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0) (async)
r7 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="540000001200010300000000fdffffff000400004e224e2300000000058000000000000000000004010000000000000000000000000000008f34c673aa742149b48030250fe6f74d0caab52124aab3fb65cd35fe84cc41314671533f0e4cbd9cb195c28212734239ba65a002f558f38e2b0aeae8fce299c040cfe1e2d00e447f99a7c8ea4ba796dc2a0e9e10c266657bd5b5392afff5", @ANYRES32=r4, @ANYBLOB="070000000000000005000000000000000800030011000000"], 0x54}, 0x1, 0x0, 0x0, 0x20040849}, 0x8010) (async)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffa)
r8 = dup(r6) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)

2.959987656s ago: executing program 3 (id=2641):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, 0x0, 0x20000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000640)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000440)={0x0, 0x1000000, 0x0, 0x1, 0xa00, &(0x7f00000005c0)="c6"})
r7 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x2df1, 0xad96, 0xc, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x8)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r11 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r11, 0x28, 0x0, 0x0, &(0x7f0000000080)=0xfffffffffffffe34)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, &(0x7f0000000040))
socket$inet6_tcp(0xa, 0x1, 0x0)

2.446650555s ago: executing program 2 (id=2642):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r1, 0x1}}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001a40)=@newtaction={0x1150, 0x30, 0x8, 0x70bd2b, 0x25dfdbff, {}, [{0x13c, 0x1, [@m_vlan={0x138, 0x9, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x5640, 0x1, 0x4, 0x7, 0x8}, 0x2}}]}, {0xed, 0x6, "0a13a916fa37eb545b2be35aab0246ef94149c451cff15bd0df2e6e7c46522391d3c776251569524b20c2c0bfa56d272dcb1c17ccc2537ebc977a2b954ed8ff9906947d35a7fbf9d20533e3c6c8369931ed051227308dc8f5f8ebf19e4a5fe1885233adf69e27eb8c8c412ceb6c67b30854de4d3265e08e8f05970d67c6431d29a8d6fd4ac7a4d1c124bfd58855e25a89ae5b6f3f155d3f394135c8b1d2c4a54559d7f2d4cfcdaaa31a30845aea4354a30aa1bd05ae52d05eed3010d167e5fbbca9afce2d56ef909bc439010825ae4f4113ae5440352a4568de20043e482a96c574eaf3de14be39f1c"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}, {0x1000, 0x1, [@m_pedit={0xffc, 0x19, 0x0, 0x0, {{0xa}, {0xfd0, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{0x2, 0x7, 0x20000000, 0xc, 0xfffffff8}, 0xc, 0x3, [{0xca7, 0x8, 0x401, 0xd8, 0x6, 0x2}, {0xa619, 0x9, 0x9, 0x10000, 0x9, 0xb}]}, [{0x6, 0x7, 0x9, 0x6, 0xb7e}, {0x6, 0x0, 0xfff, 0x6, 0x39, 0x200}, {0x5, 0x6, 0x7, 0x8, 0x8, 0x8001}, {0x1, 0xb96, 0x87f, 0x1, 0x49, 0x5}, {0x80000001, 0x28e, 0x2, 0x42, 0x80, 0x10}, {0xb, 0x7d, 0x7, 0x9, 0x7fff, 0xffffff80}, {0x9, 0x7, 0x37, 0x3, 0x7, 0x8}, {0x5, 0x7, 0xf1e, 0x1, 0x10000000, 0x9}, {0x5, 0xfffffff9, 0x1, 0x8, 0x3, 0x85}, {0x5, 0x200, 0x10000, 0x2, 0x0, 0x5}, {0x2, 0xfffffffb, 0x2, 0xf4, 0xf42, 0x7}, {0x9, 0xffff, 0x6, 0x7ff, 0x200, 0xe}, {0xf, 0x2, 0x6, 0xffff, 0x23145486, 0x4}, {0x9, 0xa95, 0x81, 0x2, 0x7, 0xffffc625}, {0x8, 0xdd8, 0xffffffff, 0x80000000, 0x6, 0x7}, {0x7, 0x9, 0xba11, 0xd, 0x3}, {0x10000, 0xc20, 0x10001, 0x1, 0x8000, 0xd}, {0x63, 0x5, 0xfffffff4, 0xfffffff8, 0x9, 0x80}, {0x7, 0xffff, 0x6, 0x717, 0x7, 0x10}, {0x21d8615, 0x8, 0x4b07, 0x1, 0xc, 0xc5}, {0xffff, 0x1, 0x0, 0x5, 0x140000, 0x1}, {0x3, 0x3bc00000, 0x2, 0xfffffffd, 0xfff, 0x2}, {0x6, 0x2, 0x8, 0x9, 0x1, 0x6}, {0x401, 0xb1b, 0x62, 0x4, 0xbe, 0xd}, {0x7, 0x2, 0x3ff, 0x1e, 0x1, 0x2}, {0xffff8d49, 0x8, 0x8, 0xffffffff, 0x40, 0x8001}, {0x2, 0x5, 0x6, 0x9, 0x10001, 0x7}, {0x7, 0x3, 0x4, 0x5, 0x80, 0x2}, {0x1ff, 0x40, 0x7fffffff, 0xcf, 0xc, 0x5}, {0x8001, 0x42c, 0x8, 0xaddd, 0x9, 0xa}, {0x4e8f, 0x2, 0x2, 0x9, 0xc, 0x1000}, {0x40e0, 0xcd4e, 0x7fffffff, 0xffe000, 0x85, 0x8}, {0x0, 0x8, 0x8, 0x7, 0x3, 0xd}, {0x4e0, 0x7fff, 0x3, 0xff, 0xfffffff7, 0xda}, {0x2, 0x1, 0x8, 0x49d, 0x6, 0x2}, {0x55, 0xfffffff8, 0x7, 0x8, 0x800, 0xf0}, {0x4, 0x4, 0xfffffffc, 0xfffffff4, 0xa0d, 0x7}, {0x2, 0x3, 0x8001, 0x8, 0xa, 0x1}, {0x8, 0x0, 0x4, 0x4, 0x9, 0x1ff}, {0x7, 0x2, 0x1, 0x2, 0x7, 0x2}, {0x3, 0x8, 0x2, 0x9, 0x7, 0x8}, {0x1, 0x7, 0x5, 0x4782b, 0xc, 0xb}, {0x8, 0xd7, 0x9f, 0x3ff, 0x9, 0x3}, {0x4639, 0x3, 0xfffffff9, 0x9, 0x9f, 0x1}, {0x1, 0x1000, 0xdd43, 0x4, 0x9, 0x80}, {0x1000, 0xa, 0x2, 0x2, 0x8, 0xffffff6b}, {0xee, 0x2, 0xffffffff, 0x60b5, 0x800, 0x3}, {0x7, 0x5, 0x0, 0x2, 0x1000, 0x401}, {0x29, 0xf, 0x6, 0xfffffff4, 0x7fff, 0x1}, {0x9, 0x0, 0x2, 0xb0000000, 0x7fffffff, 0x2}, {0x2, 0xfffffff9, 0x1, 0x795, 0x0, 0x2}, {0x6e15, 0x800, 0x6, 0x4, 0x5, 0x3}, {0x7, 0x0, 0xc, 0xfffffffd, 0x3ff, 0x93}, {0x3, 0x3, 0xead, 0x7fffffff, 0x5, 0x9}, {0xd1ea, 0x5, 0xffffff57, 0x4, 0x1405, 0x2}, {0x3, 0x8, 0x2, 0x5, 0xd3cb, 0x9}, {0x9, 0x5, 0x66eb, 0x1, 0x7, 0xc229}, {0x7, 0x38000000, 0x3, 0xc678, 0x5, 0x2be}, {0x0, 0x2, 0xf2, 0x5, 0x10001, 0xfff}, {0x1fffc0, 0x0, 0x2, 0x1, 0x80000001, 0x6}, {0x6, 0x2, 0x0, 0x1ccad6fc, 0x9, 0x1}, {0x8, 0xf, 0x5, 0xc, 0x0, 0x100}, {0x9, 0x0, 0x2, 0x7, 0x2, 0x92fd}, {0x101, 0x9, 0x4, 0x8, 0x3, 0x1}, {0x1, 0xe7ab, 0x0, 0x4, 0x2566, 0x8}, {0x7, 0x7, 0x8, 0x10, 0x7, 0x8000}, {0x1, 0x10, 0x8, 0x4, 0x8, 0x4}, {0x6, 0xfffff800, 0x7, 0x101, 0x3, 0x89e3}, {0x3ff, 0x6, 0x5, 0x80000000, 0xf8, 0x21c4d336}, {0x9, 0x5, 0x4, 0x1, 0x3, 0x401}, {0x0, 0xaa, 0x1, 0x4, 0xbf, 0x2}, {0x8001, 0xfffffff8, 0x1, 0x0, 0x545c, 0x1}, {0x2, 0xfff, 0xe2b, 0x7f, 0x79a, 0x4}, {0x3, 0x7, 0xfffffffa, 0x9a69, 0x200, 0x2}, {0xca, 0x145, 0xab9, 0xc, 0x6, 0x9}, {0x80000001, 0x7, 0x4, 0x3, 0x5, 0x6}, {0x5, 0x91, 0x3, 0x5, 0xe90, 0x10001}, {0x5, 0xc7, 0xc496, 0xfe3, 0x82b, 0xeb}, {0x7, 0xf7, 0x719, 0x3, 0xcb97}, {0x7, 0x8a48, 0x7fffffff, 0x5, 0x5, 0xb476}, {0xffff4641, 0x9, 0x0, 0x7e, 0x9, 0x4}, {0x1, 0x1, 0x8, 0xffffffc0, 0x6d, 0x55b}, {0x100, 0x6, 0xffff, 0x6, 0x6, 0xfffffffa}, {0xffff, 0x3, 0x7c, 0xd, 0x3ff, 0x6}, {0x8, 0x10000, 0x234, 0x6, 0x8, 0x8}, {0x1, 0xe, 0x101, 0x8, 0xb, 0x4}, {0x7, 0x40, 0x3, 0x96, 0x3, 0x1}, {0x5, 0x2, 0x7, 0x9, 0x6, 0x3}, {0x10001, 0x1, 0x100, 0x8d12, 0x6, 0xc649}, {0x7, 0x9, 0xffff1e3b, 0x4, 0x200, 0x4}, {0xb, 0x3, 0xc, 0x1, 0xffff0ae0, 0xee}, {0x6, 0x8, 0x3ff, 0x0, 0x77e, 0x9}, {0x9, 0x40, 0x2, 0x5, 0x7, 0x6}, {0x8, 0x100, 0x2, 0x5, 0x3, 0x323}, {0x800, 0x9d, 0x1cd05445, 0x2, 0x80000000, 0x2}, {0x4, 0x6, 0x870a, 0x80000001, 0x5, 0x4}, {0x9, 0x3, 0x8, 0x4, 0xb04a, 0x8000}, {0x7, 0x8, 0x3, 0x1, 0x8001, 0x101}, {0xf, 0x10001, 0x2b6f, 0xb7, 0xfd, 0x7}, {0x7, 0x7, 0xd, 0xa, 0x5, 0x7f0d}, {0x1, 0x34, 0x40, 0xffff0000, 0xfffffff9, 0x3}, {0xc75a, 0x5, 0xfffffffd, 0x3, 0x10000, 0xffff7fff}, {0x8, 0x6c4, 0x5204, 0x1000, 0x1, 0xe9a0}, {0xc3, 0x1, 0x1, 0xfffffffb, 0xffffffff, 0x2}, {0xb, 0x6, 0x3, 0x8, 0x1, 0x1}, {0x6, 0x9, 0x6, 0x0, 0x4, 0x4}, {0x7, 0x6, 0x1, 0x6, 0x4f3, 0x8000}, {0x10, 0x8000, 0x4, 0x6, 0x1, 0x7}, {0xd, 0x9, 0x0, 0x1, 0xfff, 0x3}, {0x0, 0x7ffe, 0x80000001, 0x8, 0x6, 0x5}, {0xffffff81, 0x7, 0xd6, 0x401, 0x2, 0x3}, {0x7, 0x5, 0x9, 0xc5, 0x2}, {0x8000, 0x80000001, 0x4, 0x7, 0x5, 0x1629}, {0x4685, 0xd, 0x5, 0x1, 0x2, 0x4}, {0x7e5f, 0x1df4, 0xb, 0x2f2e, 0x8000, 0x6}, {0x4, 0xfffffffe, 0x4, 0x2, 0x1, 0xa9}, {0x8, 0x3, 0x3, 0x6, 0x7, 0x7}, {0x7fff, 0x8001, 0x40, 0xfffffffd, 0x79e, 0x7}, {0xffff, 0x6, 0x7f, 0x8, 0x9}, {0x5, 0xdb, 0x8, 0x6, 0x74ac86a8, 0x5}, {0x4, 0x1, 0x6, 0xfffffffd, 0xec000000, 0x5}, {0xb, 0x800, 0x7fffffff, 0x1, 0xa, 0x1}, {0xb, 0x3, 0x4c1, 0x2, 0x0, 0x2}, {0x6, 0x689, 0x7, 0x800, 0x4, 0xf98}, {0x8, 0xb1, 0x7, 0x1, 0xe8}, {0x7, 0x8de, 0xe370, 0x3, 0xa609, 0x35}, {0x3, 0x6, 0x9, 0x9, 0x3, 0x6}, {0x157dde4b, 0x1, 0x10, 0x0, 0x7, 0x1}], [{}, {}, {0x2}, {0x0, 0x1}, {0x4}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1}, {0x5, 0x1}, {0x0, 0x1}, {}, {0x1}, {0x5}, {0x5, 0x3}, {0x3}, {0x3}, {0x5}, {0x5}, {0x3}, {0x2}, {0x4}, {0x2, 0x1}, {0x1}, {0x2}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x5}, {0x3, 0x1}, {0x4, 0x1}, {0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0xcbc6e306b9df7771, 0x1}, {0x2, 0x1}, {0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {}, {0x1}, {0x1}, {0x2}, {0x3, 0x1}, {0x7, 0x1}, {}, {0x3}, {0x1}, {0x1}, {0x1, 0x1}, {0x3}, {0x3}, {0x2, 0x1}, {0x1, 0x1}, {0x6}, {0x2}, {}, {0x1, 0x1}, {0x5}, {}, {0x1}, {0x1, 0x1}, {0x2, 0x1}, {0xbb8882a69f2524cb}, {0x0, 0x1}, {0x3, 0x1}, {0x5}, {0x5}, {}, {0x5, 0x1}, {}, {0x5}, {0x0, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x2}, {0x3, 0x1}, {0x4}, {0x2, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x1}, {0x83e6e88e375774fa}, {}, {}, {0x2, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x4, 0x1}, {0x5}, {0x2, 0x1}, {0x1}, {0x3}, {0x0, 0x1}, {0x2}, {}, {0x2}, {0x1}, {0x3, 0x1}, {0x2}, {0x4}, {0x5, 0x1}, {0x5, 0x1}, {0x1}, {0x3, 0x1}, {0x5}, {0x2}]}}, @TCA_PEDIT_KEYS_EX={0x60, 0x5, 0x0, 0x1, [{0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0x34, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}]}]}, @TCA_PEDIT_KEYS_EX={0x11c, 0x5, 0x0, 0x1, [{0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x2c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x5}]}, {0x54, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x4}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}, {0xc, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x1c, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6, 0x1, 0x3}]}]}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x1150}, 0x1, 0x0, 0x0, 0x40050}, 0x890)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000005"])
r4 = dup(r2)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet_mreqn(r4, 0x0, 0x24, 0x0, &(0x7f0000000380))
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f00000003c0)={@loopback, 0x23})
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000740)=ANY=[], 0x0)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r9, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r9, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r9, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r9, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)

1.399257098s ago: executing program 0 (id=2643):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$sock(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@timestamping={{0x10, 0x1, 0x25, 0x8}}], 0x10}, 0x24040801) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) (async)
r1 = syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2)
io_setup(0x13, &(0x7f0000000040)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x2, r1, 0x0}]) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) (async)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000880)}], 0x2)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={0x0, 0x24}}, 0x0) (async)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x6, 0x10001, 0x34324152, 0x0, 0xb, [{}, {0x10}, {0x2}, {0x40, 0x101}, {0x0, 0xffffffff}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) (async)
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async)
rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) (async)
r5 = gettid()
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) (async)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) (async)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

1.398797072s ago: executing program 1 (id=2644):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0xfffffff9, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x629, 0x89, 0xf4c, 0x8, 0x2, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x3, 0x5, 0x3e, 0x8c, 0x6, 0x10002, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x7, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x7fffffff, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3, 0x7c9d, 0x9, 0x8, 0x3, 0x3, 0x81, 0x3, 0x42, 0x3], [0x7, 0x40a, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x6, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x753, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x7, 0x0, 0xb9, 0xce7, 0x1ff, 0x1000002, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0x6b, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0xb, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x1001]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1.397946739s ago: executing program 3 (id=2645):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000001c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
setreuid(0xee00, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400)
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000580)=""/128, 0x80}, {&(0x7f0000000340)=""/54, 0x36}], 0x2, 0x5b, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
unlink(&(0x7f0000000280)='./file1\x00')

1.39593654s ago: executing program 1 (id=2646):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0xc4bc, 0x10100, 0x0, 0xbe}, &(0x7f0000002000)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r3, 0x48eb, 0x1158, 0x2, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (fail_nth: 7)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x10004, &(0x7f0000000280)={<r6=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @mcast1, 0x3}, r6, 0x7}}, 0x48)

1.308702325s ago: executing program 1 (id=2647):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x2, 0x39d}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

1.229997854s ago: executing program 0 (id=2648):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@bridge_delneigh={0x3c, 0x1c, 0xc07, 0x2000, 0x0, {0xa, 0x0, 0x0, r1, 0x40, 0x10}, [@NDA_DST_IPV6={0x14, 0x1, @mcast1}, @NDA_LLADDR={0xa, 0x2, @local}]}, 0x3c}}, 0x20024090)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5)
r7 = dup(r6)
ioctl$SIOCSIFHWADDR(r7, 0x8924, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)

962.548547ms ago: executing program 3 (id=2649):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000008000000e27f000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000000)=0x2c, 0x4)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r4, 0x400, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c)
r5 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x24b9)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x15ca, 0x0, 0x0, 0x40e00, 0x1}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="1802000001000000ff000000030000001800000003000049c3daad27d187eb75cbe8ae9b6ebd910000001a000400000095d2fb000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000680)="548852ac5b4eba7aeaccd2c62b2b", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x8}, 0x50)
ioctl$KVM_GET_XSAVE2(0xffffffffffffffff, 0x9000aecf, &(0x7f000026c000/0x4000)=nil)
pread64(0xffffffffffffffff, &(0x7f0000000140)=""/100, 0x64, 0x200)
pread64(r0, &(0x7f00000001c0)=""/200, 0xc8, 0x0)

961.921031ms ago: executing program 1 (id=2650):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
syz_emit_ethernet(0x85, &(0x7f0000000500)={@remote, @local, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0xbc, 0x0, "d3", "789c2222584e025ac76cc58949d62fdb20693d84327f438ad03e4853d2aad5879c3d465076e6692dc3462f0c6fb55b543566db8db2d09d3fd4a176436b04edadcc2251d87dc01143f4b980c088d2cf26591b8f51aa3c11336cd0b5bcf18843d2932bc1fe1002e09867cd43c03c9774b4"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x567, 0x865, 0x254]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000001340)=<r2=>0x0)
move_pages(r2, 0x0, &(0x7f0000001380), &(0x7f00000013c0)=[0x6], &(0x7f0000001400)=[0x0, 0x0], 0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000b40)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000600)='\'', 0x1}], 0x1}, 0x81)
sendmmsg$inet(r4, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000700)={0x4, 0x0, [{0xd8, 0x4, 0x0, 0x0, @adapter={0x9, 0x4, 0x6cf, 0x1ff, 0x9}}, {0x8, 0x5, 0x1, 0x0, @irqchip={0x3, 0x200}}, {0x7fffffff, 0x4, 0x1, 0x0, @adapter={0x4, 0x7, 0x7ff, 0x3f9a, 0x6}}, {0x7, 0x3, 0x0, 0x0, @adapter={0xfffffffffffffffd, 0x9, 0x7, 0x7fffffff, 0x2}}]})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x509, 0x0, 0x0, {}, [@IFA_LOCAL={0x8}]}, 0x20}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f00000005c0)={{0xa, 0x1, 0x8a9c, 0x3, 'syz0\x00', 0x3}, 0x3, 0x2, 0x3, r2, 0x1, 0x8, 'syz0\x00', &(0x7f0000000240)=['/dev/sequencer\x00'], 0xf})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
bind$rds(r5, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
creat(&(0x7f0000000040)='./file0\x00', 0x0)

499.89151ms ago: executing program 2 (id=2651):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000380), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
getitimer(0x0, &(0x7f0000000040))
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r6, 0x110, 0x1, &(0x7f0000000300)='GPL\x00', 0x4)
fsopen(&(0x7f0000000540)='jfs\x00', 0x1)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c00028008000500010000001400070000000000000000050000000000000001"], 0x74}}, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

0s ago: executing program 1 (id=2652):
creat(&(0x7f0000000100)='./file0\x00', 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb57}, 0x94)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10)
sendto$inet(r2, 0x0, 0x45, 0x8004, &(0x7f0000000500)={0x2, 0x0, @empty}, 0x10) (async, rerun: 64)
r3 = dup(r1) (rerun: 64)
write$FUSE_BMAP(r3, &(0x7f0000000300)={0x18, 0x0, 0x0, {0xfffffffffffffffa}}, 0x18) (async)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) (async)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000480)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="10"], 0x10)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) (async)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x21, 0xffffffff, 0xfffffffff12bd390, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@posixacl}]}})

kernel console output (not intermixed with test programs):

1: USB disconnect, device number 73
[  583.539387][    C0] ldusb 6-1:0.55: usb_submit_urb failed (-19)
[  583.549515][T13834] ldusb 6-1:0.55: Couldn't submit interrupt_out_urb -19
[  583.552699][ T6043] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  583.786306][T13847] kAFS: No cell specified
[  584.663659][ T6282] usb 8-1: USB disconnect, device number 57
[  584.764420][T13850] ieee802154 phy0 wpan0: encryption failed: -22
[  585.269646][T13858] fuse: Bad value for 'user_id'
[  585.271964][T13858] fuse: Bad value for 'user_id'
[  586.064766][T13871] kAFS: No cell specified
[  586.807008][ T5987] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  586.860498][T13877] trusted_key: encrypted_key: key user:syz not found
[  587.144764][ T5987] usb 6-1: Using ep0 maxpacket: 8
[  587.181087][ T5987] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  587.189171][ T5987] usb 6-1: config 0 has no interface number 0
[  587.199821][ T5987] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  587.205422][ T5987] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  587.211306][ T5987] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  587.217692][ T5987] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  587.225660][ T5987] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  587.243000][ T5987] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.265610][T13893] binder_alloc: 13892: binder_alloc_buf, no vma
[  587.270456][ T5987] usb 6-1: config 0 descriptor??
[  587.333783][ T5987] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  587.653352][  T839] usb 6-1: USB disconnect, device number 74
[  587.653634][    C1] ldusb 6-1:0.55: usb_submit_urb failed (-19)
[  587.660952][  T839] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  588.356635][T13908] kAFS: No cell specified
[  590.030497][T12800] Bluetooth: hci3: command 0x0406 tx timeout
[  591.151002][T13934] binder_alloc: 13933: binder_alloc_buf, no vma
[  592.516470][T13945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2184'.
[  592.656428][T13950] kAFS: No cell specified
[  592.693354][T13951] input: syz1 as /devices/virtual/input/input7
[  594.478241][T13965] capability: warning: `syz.3.2189' uses 32-bit capabilities (legacy support in use)
[  594.504469][T13965] overlayfs: missing 'lowerdir'
[  595.052246][T13967] binder_alloc: 13966: binder_alloc_buf, no vma
[  595.111767][T13970] netlink: zone id is out of range
[  595.114204][T13970] netlink: zone id is out of range
[  595.116640][T13970] netlink: zone id is out of range
[  595.119019][T13970] netlink: zone id is out of range
[  595.121783][T13970] netlink: zone id is out of range
[  595.127544][T13970] netlink: zone id is out of range
[  595.129777][T13970] netlink: zone id is out of range
[  595.132019][T13970] netlink: zone id is out of range
[  595.143470][T13970] netlink: zone id is out of range
[  595.145380][T13970] netlink: zone id is out of range
[  596.022479][ T6050] libceph: connect (1)[c::]:6789 error -101
[  596.027182][ T6050] libceph: mon0 (1)[c::]:6789 connect error
[  596.062268][T13981] ceph: No mds server is up or the cluster is laggy
[  596.551629][T13992] kAFS: No cell specified
[  597.720271][T14009] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2197'.
[  597.727240][T14009] netlink: 'syz.3.2197': attribute type 5 has an invalid length.
[  597.739162][T14009] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2197'.
[  597.979383][T11072] IPVS: starting estimator thread 0...
[  598.063683][T14017] IPVS: using max 23 ests per chain, 55200 per kthread
[  599.149536][T14022] e1000e 0000:00:02.0 eth1: NIC Link is Down
[  599.580331][T14052] kAFS: No cell specified
[  599.602228][T14050] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2207'.
[  599.913498][ T6043] usb 8-1: new high-speed USB device number 58 using dummy_hcd
[  600.021892][T14070] overlayfs: failed to resolve './file0/file0': -2
[  600.068107][ T6043] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  600.071732][ T6043] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  600.077721][ T6043] usb 8-1: config 0 interface 0 has no altsetting 0
[  600.083256][ T6043] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  600.088877][ T6043] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  600.092175][ T6043] usb 8-1: Product: syz
[  600.096850][ T6043] usb 8-1: Manufacturer: syz
[  600.100317][ T6043] usb 8-1: SerialNumber: syz
[  600.114802][ T6043] usb 8-1: config 0 descriptor??
[  600.127519][ T6043] hub 8-1:0.0: bad descriptor, ignoring hub
[  600.130006][ T6043] hub 8-1:0.0: probe with driver hub failed with error -5
[  600.167210][ T6043] usb 8-1: selecting invalid altsetting 0
[  600.389922][T14071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  600.395711][T14071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  600.513754][T11072] usb 8-1: USB disconnect, device number 58
[  600.995998][T14086] binder: BINDER_SET_CONTEXT_MGR already set
[  600.998796][T14086] binder: 14083:14086 ioctl 4018620d 800002c0 returned -16
[  601.007358][T14086] binder: 14083:14086 ioctl c0306201 80000440 returned -11
[  601.151383][T14092] trusted_key: encrypted_key: insufficient parameters specified
[  601.728018][T14098] Illegal XDP return value 4294967274 on prog  (id 191) dev N/A, expect packet loss!
[  602.284171][T14110] FAULT_INJECTION: forcing a failure.
[  602.284171][T14110] name failslab, interval 1, probability 0, space 0, times 0
[  602.288723][T14110] CPU: 3 UID: 0 PID: 14110 Comm: syz.0.2216 Not tainted syzkaller #0 PREEMPT(full) 
[  602.288748][T14110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  602.288759][T14110] Call Trace:
[  602.288766][T14110]  <TASK>
[  602.288773][T14110]  dump_stack_lvl+0x16c/0x1f0
[  602.288805][T14110]  should_fail_ex+0x512/0x640
[  602.288825][T14110]  should_failslab+0xc2/0x120
[  602.288849][T14110]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  602.288872][T14110]  ? skb_clone+0x190/0x3f0
[  602.288903][T14110]  skb_clone+0x190/0x3f0
[  602.288931][T14110]  netlink_deliver_tap+0xabd/0xd30
[  602.288963][T14110]  netlink_unicast+0x71f/0x870
[  602.288995][T14110]  ? __pfx_netlink_unicast+0x10/0x10
[  602.289020][T14110]  ? __pfx_tc_ctl_tclass+0x10/0x10
[  602.289049][T14110]  netlink_ack+0x696/0xb80
[  602.289084][T14110]  netlink_rcv_skb+0x332/0x420
[  602.289101][T14110]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  602.289119][T14110]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  602.289156][T14110]  ? netlink_deliver_tap+0x1ae/0xd30
[  602.289187][T14110]  netlink_unicast+0x5a7/0x870
[  602.289217][T14110]  ? __pfx_netlink_unicast+0x10/0x10
[  602.289244][T14110]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  602.289279][T14110]  netlink_sendmsg+0x8d1/0xdd0
[  602.289310][T14110]  ? __pfx_netlink_sendmsg+0x10/0x10
[  602.289340][T14110]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  602.289364][T14110]  ____sys_sendmsg+0xa95/0xc70
[  602.289383][T14110]  ? btrfs_partially_delete_raid_extent.isra.0+0xb0/0x490
[  602.289405][T14110]  ? __pfx_____sys_sendmsg+0x10/0x10
[  602.289430][T14110]  ? get_compat_msghdr+0x11a/0x170
[  602.289466][T14110]  ___sys_sendmsg+0x134/0x1d0
[  602.289494][T14110]  ? __pfx____sys_sendmsg+0x10/0x10
[  602.289532][T14110]  ? find_held_lock+0x2b/0x80
[  602.289567][T14110]  __sys_sendmsg+0x16d/0x220
[  602.289594][T14110]  ? __pfx___sys_sendmsg+0x10/0x10
[  602.289632][T14110]  ? rcu_is_watching+0x12/0xc0
[  602.289653][T14110]  __do_fast_syscall_32+0x7c/0x3a0
[  602.289672][T14110]  do_fast_syscall_32+0x32/0x80
[  602.289688][T14110]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  602.289709][T14110] RIP: 0023:0xf709e579
[  602.289723][T14110] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  602.289740][T14110] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  602.289757][T14110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  602.289768][T14110] RDX: 0000000004020080 RSI: 0000000000000000 RDI: 0000000000000000
[  602.289778][T14110] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  602.289787][T14110] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  602.289797][T14110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  602.289819][T14110]  </TASK>
[  602.785111][ T6282] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  602.953853][ T6282] usb 6-1: Using ep0 maxpacket: 8
[  602.970875][ T6282] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  602.975031][ T6282] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  602.979385][ T6282] usb 6-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[  602.996168][ T6282] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  603.000489][ T6282] usb 6-1: config 250 has no interface number 0
[  603.008214][ T6282] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  603.020231][ T6282] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  603.055795][ T6282] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  603.063356][ T6282] usb 6-1: config 250 interface 228 has no altsetting 0
[  603.277933][ T6282] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  603.286153][ T6282] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  603.295643][ T6282] usb 6-1: Product: syz
[  603.302201][ T6282] usb 6-1: SerialNumber: syz
[  603.375972][ T6282] hub 6-1:250.228: bad descriptor, ignoring hub
[  603.388127][ T6282] hub 6-1:250.228: probe with driver hub failed with error -5
[  603.671937][   T40] kauditd_printk_skb: 452 callbacks suppressed
[  603.671959][   T40] audit: type=1326 audit(1757604946.243:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.735671][ T6282] usb 6-1: USB disconnect, device number 75
[  603.824126][   T40] audit: type=1326 audit(1757604946.263:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.847373][   T40] audit: type=1326 audit(1757604946.263:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.877054][   T40] audit: type=1326 audit(1757604946.273:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.897390][   T40] audit: type=1326 audit(1757604946.273:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.918585][   T40] audit: type=1326 audit(1757604946.273:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.927691][T14134] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  603.931036][T14134] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  603.935756][T14134] vhci_hcd vhci_hcd.0: Device attached
[  603.957632][   T40] audit: type=1326 audit(1757604946.273:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.957677][   T40] audit: type=1326 audit(1757604946.273:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.957711][   T40] audit: type=1326 audit(1757604946.273:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf708e579 code=0x7ffc0000
[  603.957745][   T40] audit: type=1326 audit(1757604946.273:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14127 comm="syz.3.2222" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf708e579 code=0x7ffc0000
[  604.035962][T14138] capability: warning: `syz.0.2224' uses deprecated v2 capabilities in a way that may be insecure
[  604.480473][ T1020] usb 42-1: SetAddress Request (2) to port 0
[  604.483324][ T1020] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  604.640654][T14152] netlink: 'syz.0.2226': attribute type 15 has an invalid length.
[  604.860983][T14135] vhci_hcd: connection reset by peer
[  604.864765][   T59] vhci_hcd: stop threads
[  604.866668][   T59] vhci_hcd: release socket
[  604.868857][   T59] vhci_hcd: disconnect device
[  605.241613][T14163] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2228'.
[  605.251231][T14163] netlink: 'syz.3.2228': attribute type 5 has an invalid length.
[  605.255092][T14163] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2228'.
[  606.981339][T14179] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  606.984486][T14179] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  606.988735][T14179] vhci_hcd vhci_hcd.0: Device attached
[  607.143598][T14180] vhci_hcd: connection closed
[  607.147456][ T1140] vhci_hcd: stop threads
[  607.151535][ T1140] vhci_hcd: release socket
[  607.153745][ T1140] vhci_hcd: disconnect device
[  607.167330][T11072] vhci_hcd: vhci_device speed not set
[  608.363867][ T5987] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  608.543578][ T5987] usb 8-1: Using ep0 maxpacket: 8
[  608.553204][ T5987] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  608.561586][ T5987] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  608.568401][ T5987] usb 8-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config
[  608.573941][ T5987] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  608.581282][ T5987] usb 8-1: config 250 has no interface number 0
[  608.587150][ T5987] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  608.592898][ T5987] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  608.601928][ T5987] usb 8-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  608.608450][ T5987] usb 8-1: config 250 interface 228 has no altsetting 0
[  608.613540][ T5987] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  608.620799][ T5987] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  608.627101][ T5987] usb 8-1: Product: syz
[  608.631068][ T5987] usb 8-1: SerialNumber: syz
[  608.648017][ T5987] hub 8-1:250.228: bad descriptor, ignoring hub
[  608.654750][ T5987] hub 8-1:250.228: probe with driver hub failed with error -5
[  608.673627][T10019] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[  608.833516][T10019] usb 7-1: Using ep0 maxpacket: 8
[  608.838157][T10019] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  608.841737][T10019] usb 7-1: config 0 has no interface number 0
[  608.846812][T10019] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  608.851648][T10019] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  608.857288][T10019] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  608.862184][T10019] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  608.868322][T10019] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  608.871449][T10019] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.876376][T10019] usb 7-1: config 0 descriptor??
[  608.902717][T10019] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  609.001058][ T5987] usb 8-1: USB disconnect, device number 59
[  609.164990][ T6050] usb 7-1: USB disconnect, device number 64
[  609.165044][    C0] ldusb 7-1:0.55: usb_submit_urb failed (-19)
[  609.176443][ T6050] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  609.277446][T14207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2239'.
[  609.282092][T14207] netlink: 'syz.1.2239': attribute type 5 has an invalid length.
[  609.286712][T14207] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2239'.
[  609.683756][ T1020] usb 42-1: device descriptor read/8, error -110
[  609.785404][T14213] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  609.788544][T14213] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  609.797430][T14213] vhci_hcd vhci_hcd.0: Device attached
[  609.938550][T14216] netlink: 'syz.2.2241': attribute type 15 has an invalid length.
[  609.949284][T14213] mkiss: ax0: crc mode is auto.
[  610.123692][T12061] usb 44-1: SetAddress Request (6) to port 0
[  610.126598][T12061] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd
[  610.205653][ T1020] usb usb42-port1: attempt power cycle
[  610.517375][T14214] vhci_hcd: connection reset by peer
[  610.521329][ T1140] vhci_hcd: stop threads
[  610.523823][ T1140] vhci_hcd: release socket
[  610.527970][ T1140] vhci_hcd: disconnect device
[  610.775709][ T1020] usb usb42-port1: unable to enumerate USB device
[  611.706561][T14240] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  611.709984][T14240] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  611.716669][T14240] vhci_hcd vhci_hcd.0: Device attached
[  611.965142][T14240] mkiss: ax0: crc mode is auto.
[  612.475803][T14241] vhci_hcd: connection closed
[  612.476185][   T71] vhci_hcd: stop threads
[  612.480570][   T71] vhci_hcd: release socket
[  612.483051][   T71] vhci_hcd: disconnect device
[  613.450784][T14251] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  613.454078][T14251] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  613.459597][T14251] vhci_hcd vhci_hcd.0: Device attached
[  614.291384][T14252] vhci_hcd: connection closed
[  614.292773][ T1255] vhci_hcd: stop threads
[  614.303642][ T1255] vhci_hcd: release socket
[  614.308000][ T1255] vhci_hcd: disconnect device
[  614.534924][T14263] ieee802154 phy0 wpan0: encryption failed: -22
[  614.593587][ T5987] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[  614.743596][ T5987] usb 7-1: Using ep0 maxpacket: 8
[  614.893962][ T5987] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  614.897478][ T5987] usb 7-1: config 0 has no interface number 0
[  614.900055][ T5987] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  614.997442][ T5987] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  615.001216][ T5987] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  615.005646][ T5987] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  615.010345][ T5987] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  615.015196][ T5987] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.024182][ T5987] usb 7-1: config 0 descriptor??
[  615.036442][ T5987] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  615.203607][T12061] usb 44-1: device descriptor read/8, error -110
[  615.380917][ T5987] usb 7-1: USB disconnect, device number 65
[  615.389451][ T5987] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  615.453580][T11072] vhci_hcd: vhci_device speed not set
[  615.703639][ T6043] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  615.838076][T14283] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2259'.
[  615.873936][ T6043] usb 6-1: Using ep0 maxpacket: 8
[  615.878040][ T6043] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  615.881512][ T6043] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  615.885986][ T6043] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  615.890320][ T6043] usb 6-1: config 250 has no interface number 0
[  615.892849][ T6043] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  615.897815][ T6043] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  615.904318][ T6043] usb 6-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  615.910077][ T6043] usb 6-1: config 250 interface 228 has no altsetting 0
[  615.925002][ T6043] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  615.929848][ T6043] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  615.939517][ T6043] usb 6-1: Product: syz
[  615.941384][ T6043] usb 6-1: SerialNumber: syz
[  615.949067][ T6043] hub 6-1:250.228: bad descriptor, ignoring hub
[  615.952805][ T6043] hub 6-1:250.228: probe with driver hub failed with error -5
[  616.074566][ T1020] libceph: connect (1)[c::]:6789 error -101
[  616.077405][ T1020] libceph: mon0 (1)[c::]:6789 connect error
[  616.291781][ T5987] usb 6-1: USB disconnect, device number 76
[  616.349824][ T1020] libceph: connect (1)[c::]:6789 error -101
[  616.353211][ T1020] libceph: mon0 (1)[c::]:6789 connect error
[  616.461196][T12061] usb usb44-port1: attempt power cycle
[  616.563786][T14289] ceph: No mds server is up or the cluster is laggy
[  616.786948][T14311] ieee802154 phy0 wpan0: encryption failed: -22
[  617.035712][T12061] usb usb44-port1: unable to enumerate USB device
[  617.634636][T14330] FAULT_INJECTION: forcing a failure.
[  617.634636][T14330] name failslab, interval 1, probability 0, space 0, times 0
[  617.639831][T14330] CPU: 0 UID: 0 PID: 14330 Comm: syz.0.2271 Not tainted syzkaller #0 PREEMPT(full) 
[  617.639855][T14330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  617.639866][T14330] Call Trace:
[  617.639872][T14330]  <TASK>
[  617.639879][T14330]  dump_stack_lvl+0x16c/0x1f0
[  617.639910][T14330]  should_fail_ex+0x512/0x640
[  617.639925][T14330]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  617.639946][T14330]  should_failslab+0xc2/0x120
[  617.639968][T14330]  __kmalloc_cache_noprof+0x6a/0x3e0
[  617.639984][T14330]  ? __vmalloc_node_noprof+0xad/0xf0
[  617.639999][T14330]  ? bpf_prog_alloc_no_stats+0x116/0x5d0
[  617.640023][T14330]  bpf_prog_alloc_no_stats+0x116/0x5d0
[  617.640046][T14330]  bpf_prog_alloc+0x3b/0x230
[  617.640067][T14330]  bpf_prog_create_from_user+0xb4/0x2f0
[  617.640085][T14330]  ? __pfx_seccomp_check_filter+0x10/0x10
[  617.640106][T14330]  do_seccomp+0x73a/0x2640
[  617.640124][T14330]  ? __fget_files+0x20e/0x3c0
[  617.640141][T14330]  ? handle_mm_fault+0x1f0/0xd10
[  617.640159][T14330]  ? __pfx_do_seccomp+0x10/0x10
[  617.640177][T14330]  ? fput+0x9b/0xd0
[  617.640201][T14330]  ? ksys_write+0x1ac/0x250
[  617.640219][T14330]  ? __pfx_ksys_write+0x10/0x10
[  617.640239][T14330]  ? rcu_is_watching+0x12/0xc0
[  617.640260][T14330]  __do_fast_syscall_32+0x7c/0x3a0
[  617.640279][T14330]  do_fast_syscall_32+0x32/0x80
[  617.640294][T14330]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  617.640349][T14330] RIP: 0023:0xf709e579
[  617.640364][T14330] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  617.640381][T14330] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000162
[  617.640399][T14330] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000000000
[  617.640409][T14330] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  617.640419][T14330] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  617.640428][T14330] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  617.640438][T14330] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  617.640460][T14330]  </TASK>
[  617.956300][T14338] block device autoloading is deprecated and will be removed.
[  617.986594][T14342] kAFS: No cell specified
[  619.482197][T14362] ieee802154 phy0 wpan0: encryption failed: -22
[  619.658975][    C1] vkms_vblank_simulate: vblank timer overrun
[  621.161452][T14370] hub 2-0:1.0: USB hub found
[  621.169711][T14370] hub 2-0:1.0: 2 ports detected
[  621.806243][T14384] binder: 14383:14384 ioctl c0046209 0 returned -22
[  623.755454][T11072] usb 8-1: new high-speed USB device number 60 using dummy_hcd
[  623.877795][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  623.880667][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  623.933597][T11072] usb 8-1: Using ep0 maxpacket: 8
[  623.940019][T11072] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  623.944424][T11072] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  623.948524][T11072] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  623.952370][T11072] usb 8-1: config 250 has no interface number 0
[  623.959403][T11072] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  623.971846][T11072] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  623.976485][T11072] usb 8-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  623.982971][T11072] usb 8-1: config 250 interface 228 has no altsetting 0
[  623.989248][T11072] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  623.994117][T11072] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  623.999640][T11072] usb 8-1: Product: syz
[  624.001608][T11072] usb 8-1: SerialNumber: syz
[  624.015642][T11072] hub 8-1:250.228: bad descriptor, ignoring hub
[  624.019305][T11072] hub 8-1:250.228: probe with driver hub failed with error -5
[  624.324163][T11072] usb 8-1: USB disconnect, device number 60
[  626.863035][T14438] FAULT_INJECTION: forcing a failure.
[  626.863035][T14438] name failslab, interval 1, probability 0, space 0, times 0
[  626.869005][T14438] CPU: 3 UID: 0 PID: 14438 Comm: syz.0.2301 Not tainted syzkaller #0 PREEMPT(full) 
[  626.869031][T14438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  626.869045][T14438] Call Trace:
[  626.869051][T14438]  <TASK>
[  626.869058][T14438]  dump_stack_lvl+0x16c/0x1f0
[  626.869114][T14438]  should_fail_ex+0x512/0x640
[  626.869136][T14438]  ? __kmalloc_node_noprof+0xc5/0x500
[  626.869162][T14438]  should_failslab+0xc2/0x120
[  626.869184][T14438]  __kmalloc_node_noprof+0xd8/0x500
[  626.869206][T14438]  ? get_callchain_buffers+0x1ec/0x450
[  626.869228][T14438]  get_callchain_buffers+0x1ec/0x450
[  626.869250][T14438]  stack_map_alloc+0x313/0x650
[  626.869273][T14438]  map_create+0x58f/0x1f80
[  626.869307][T14438]  ? __pfx_map_create+0x10/0x10
[  626.869329][T14438]  ? __might_fault+0xe3/0x190
[  626.869349][T14438]  ? __might_fault+0xe3/0x190
[  626.869366][T14438]  ? __might_fault+0x13b/0x190
[  626.869396][T14438]  __sys_bpf+0x44d2/0x4de0
[  626.869424][T14438]  ? __pfx___sys_bpf+0x10/0x10
[  626.869450][T14438]  ? ksys_write+0x190/0x250
[  626.869481][T14438]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  626.869530][T14438]  ? fput+0x9b/0xd0
[  626.869553][T14438]  ? ksys_write+0x1ac/0x250
[  626.869574][T14438]  ? __pfx_ksys_write+0x10/0x10
[  626.869599][T14438]  __ia32_sys_bpf+0x76/0xe0
[  626.869617][T14438]  __do_fast_syscall_32+0x7c/0x3a0
[  626.869636][T14438]  do_fast_syscall_32+0x32/0x80
[  626.869653][T14438]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.869675][T14438] RIP: 0023:0xf709e579
[  626.869691][T14438] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  626.869707][T14438] RSP: 002b:00000000f548e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  626.869724][T14438] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000280
[  626.869736][T14438] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  626.869747][T14438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  626.869757][T14438] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  626.869768][T14438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  626.869792][T14438]  </TASK>
[  627.308111][T14439] ªªªªªª: renamed from wg2 (while UP)
[  627.373964][T11072] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[  627.553425][T11072] usb 8-1: Using ep0 maxpacket: 8
[  627.557508][T11072] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  627.565274][T11072] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  627.565598][T14449] hub 2-0:1.0: USB hub found
[  627.570339][T11072] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  627.571323][T14449] hub 2-0:1.0: 2 ports detected
[  627.576347][T11072] usb 8-1: config 250 has no interface number 0
[  627.580886][T11072] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  627.586730][T11072] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  627.592578][T11072] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  627.597822][T11072] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  627.604007][T11072] usb 8-1: config 250 interface 228 has no altsetting 0
[  627.610019][T11072] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  627.617261][T11072] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  627.621037][T11072] usb 8-1: Product: syz
[  627.623896][T11072] usb 8-1: SerialNumber: syz
[  627.637429][T11072] hub 8-1:250.228: bad descriptor, ignoring hub
[  627.641102][T11072] hub 8-1:250.228: probe with driver hub failed with error -5
[  627.944114][T11072] usb 8-1: USB disconnect, device number 61
[  628.016562][T14453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  628.326999][T14457] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  628.329881][T14457] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  628.334398][T14457] vhci_hcd vhci_hcd.0: Device attached
[  628.497520][T14457] mkiss: ax0: crc mode is auto.
[  628.515240][T14466] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2309'.
[  628.677896][T12061] usb 42-1: SetAddress Request (6) to port 0
[  628.681074][T12061] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd
[  629.392379][T14480] binder: 14479:14480 ioctl c0046209 0 returned -22
[  629.805128][T14458] vhci_hcd: connection reset by peer
[  629.809151][   T71] vhci_hcd: stop threads
[  629.810839][   T71] vhci_hcd: release socket
[  629.812740][   T71] vhci_hcd: disconnect device
[  632.420879][T14542] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  632.432949][T14542] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  633.843126][T14563] geneve2: left promiscuous mode
[  633.851136][ T1255] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  633.857809][ T1255] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[  633.861647][ T1255] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  633.866396][ T1255] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0
[  633.870929][ T1255] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  633.876173][ T1255] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0
[  633.880035][ T1255] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  633.885505][ T1255] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0
[  634.220094][T12061] usb 42-1: device descriptor read/8, error -110
[  634.855228][T14575] overlayfs: failed to resolve './file0': -2
[  634.874751][T12061] usb usb42-port1: attempt power cycle
[  635.434633][T12061] usb usb42-port1: unable to enumerate USB device
[  635.722385][T14586] ieee802154 phy0 wpan0: encryption failed: -22
[  637.113110][T14602] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.117960][T14602] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  637.367487][T14602] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  637.371726][T14602] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  638.111685][T14602] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.116379][T14602] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  638.228803][T14602] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.238705][T14602] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  638.442921][ T1255] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  638.453966][ T1255] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  638.475761][   T46] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  638.478978][   T46] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  638.557313][ T1255] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  638.560731][ T1255] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  638.564603][ T1255] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  638.568031][ T1255] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  638.671297][T14626] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  638.674188][T14626] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  638.679431][T14626] vhci_hcd vhci_hcd.0: Device attached
[  638.703935][ T6043] usb 8-1: new high-speed USB device number 62 using dummy_hcd
[  638.790966][T14644] netlink: 'syz.1.2341': attribute type 15 has an invalid length.
[  638.865339][ T6043] usb 8-1: Using ep0 maxpacket: 8
[  638.873933][ T6043] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  638.877370][ T6043] usb 8-1: config 0 has no interface number 0
[  638.891788][ T6043] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  638.898648][ T6043] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  638.904602][ T6043] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  638.909528][ T6043] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  638.915576][ T6043] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  638.920205][ T6043] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.943694][   T10] usb 42-1: SetAddress Request (10) to port 0
[  638.946362][   T10] usb 42-1: new SuperSpeed USB device number 10 using vhci_hcd
[  638.983305][ T6043] usb 8-1: config 0 descriptor??
[  639.006279][ T6043] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  639.154406][T14649] ieee802154 phy0 wpan0: encryption failed: -22
[  639.305075][ T5987] usb 8-1: USB disconnect, device number 62
[  639.314320][ T5987] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  639.391651][T14634] vhci_hcd: connection reset by peer
[  639.397155][ T1140] vhci_hcd: stop threads
[  639.398737][ T1140] vhci_hcd: release socket
[  639.405609][ T1140] vhci_hcd: disconnect device
[  639.611233][T14653] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  639.617424][T14653] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  639.636342][T14653] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  639.642563][T14653] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  639.656461][T14653] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  639.659593][T14653] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  639.666487][T14653] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  639.672093][T14653] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  639.676923][T14653] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  639.679700][T14653] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  639.684880][T14653] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  639.690575][T14653] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  639.694379][T14653] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  639.697488][T14653] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  639.705620][T14653] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  639.709265][T14653] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  639.891348][T14661] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  639.909429][T14662] binder: BINDER_SET_CONTEXT_MGR already set
[  639.912726][T14662] binder: 14658:14662 ioctl 4018620d 800002c0 returned -16
[  639.917737][T14662] binder: 14658:14662 ioctl c0306201 80000440 returned -11
[  639.924488][T14661] syzkaller0: entered promiscuous mode
[  639.927170][T14661] syzkaller0: entered allmulticast mode
[  639.997259][T14661] tipc: Resetting bearer <eth:syzkaller0>
[  640.489805][T14660] tipc: Resetting bearer <eth:syzkaller0>
[  640.512262][T14660] tipc: Disabling bearer <eth:syzkaller0>
[  641.193858][T14692] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2350'.
[  641.603519][T12800] Bluetooth: hci0: command 0x0406 tx timeout
[  641.683613][ T5979] Bluetooth: hci2: command 0x0406 tx timeout
[  641.686182][ T5979] Bluetooth: hci1: command 0x0406 tx timeout
[  641.790521][ T5980] Bluetooth: hci3: command 0x0406 tx timeout
[  642.458456][T14710] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2355'.
[  643.472265][T14715] smc: removing ib device syz1
[  643.763667][ T5980] Bluetooth: hci0: command 0x0406 tx timeout
[  643.763718][T12800] Bluetooth: hci1: command 0x0406 tx timeout
[  643.766676][ T5980] Bluetooth: hci2: command 0x0406 tx timeout
[  643.832676][ T5979] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  643.840791][ T5979] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  643.846332][ T5979] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  643.852817][ T5979] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  643.853979][T12800] Bluetooth: hci3: command 0x0406 tx timeout
[  643.860938][T12800] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  644.013508][   T10] usb 42-1: device descriptor read/8, error -110
[  644.439789][T14726] FAULT_INJECTION: forcing a failure.
[  644.439789][T14726] name failslab, interval 1, probability 0, space 0, times 0
[  644.445290][T14726] CPU: 1 UID: 0 PID: 14726 Comm: syz.2.2358 Not tainted syzkaller #0 PREEMPT(full) 
[  644.445315][T14726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  644.445326][T14726] Call Trace:
[  644.445333][T14726]  <TASK>
[  644.445341][T14726]  dump_stack_lvl+0x16c/0x1f0
[  644.445371][T14726]  should_fail_ex+0x512/0x640
[  644.445388][T14726]  ? __kmalloc_noprof+0xbf/0x510
[  644.445408][T14726]  ? nla_strdup+0xc6/0x150
[  644.445425][T14726]  should_failslab+0xc2/0x120
[  644.445447][T14726]  __kmalloc_noprof+0xd2/0x510
[  644.445473][T14726]  nla_strdup+0xc6/0x150
[  644.445493][T14726]  nf_tables_newtable+0xdeb/0x1b40
[  644.445519][T14726]  ? __pfx___nla_validate_parse+0x10/0x10
[  644.445541][T14726]  ? __pfx_nf_tables_newtable+0x10/0x10
[  644.445569][T14726]  ? __nla_parse+0x40/0x60
[  644.445589][T14726]  nfnetlink_rcv_batch+0x18ea/0x2330
[  644.445622][T14726]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  644.445644][T14726]  ? stack_depot_save_flags+0x29/0x9c0
[  644.445660][T14726]  ? __pfx_stack_trace_save+0x10/0x10
[  644.445681][T14726]  ? kasan_save_stack+0x42/0x60
[  644.445699][T14726]  ? kasan_save_stack+0x33/0x60
[  644.445715][T14726]  ? kasan_save_track+0x14/0x30
[  644.445732][T14726]  ? __kasan_slab_alloc+0x89/0x90
[  644.445806][T14726]  ? __nla_parse+0x40/0x60
[  644.445829][T14726]  nfnetlink_rcv+0x3c1/0x430
[  644.445848][T14726]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  644.445869][T14726]  ? is_vmalloc_addr+0x86/0xa0
[  644.445892][T14726]  netlink_unicast+0x5a7/0x870
[  644.445921][T14726]  ? __pfx_netlink_unicast+0x10/0x10
[  644.445946][T14726]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  644.445980][T14726]  netlink_sendmsg+0x8d1/0xdd0
[  644.446011][T14726]  ? __pfx_netlink_sendmsg+0x10/0x10
[  644.446047][T14726]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  644.446070][T14726]  ____sys_sendmsg+0xa95/0xc70
[  644.446093][T14726]  ? __pfx_____sys_sendmsg+0x10/0x10
[  644.446111][T14726]  ? get_compat_msghdr+0x11a/0x170
[  644.446146][T14726]  ___sys_sendmsg+0x134/0x1d0
[  644.446172][T14726]  ? __pfx____sys_sendmsg+0x10/0x10
[  644.446208][T14726]  ? find_held_lock+0x2b/0x80
[  644.446240][T14726]  __sys_sendmsg+0x16d/0x220
[  644.446265][T14726]  ? __pfx___sys_sendmsg+0x10/0x10
[  644.446298][T14726]  ? rcu_is_watching+0x12/0xc0
[  644.446319][T14726]  __do_fast_syscall_32+0x7c/0x3a0
[  644.446338][T14726]  do_fast_syscall_32+0x32/0x80
[  644.446353][T14726]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  644.446374][T14726] RIP: 0023:0xf701e579
[  644.446390][T14726] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  644.446407][T14726] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  644.446424][T14726] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  644.446435][T14726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  644.446445][T14726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  644.446454][T14726] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  644.446464][T14726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  644.446486][T14726]  </TASK>
[  644.470435][T14719] chnl_net:caif_netlink_parms(): no params data found
[  644.524490][   T10] usb usb42-port1: attempt power cycle
[  644.619579][T14729] binder: BINDER_SET_CONTEXT_MGR already set
[  644.622372][T14729] binder: 14727:14729 ioctl 4018620d 800002c0 returned -16
[  644.627906][T14729] binder: 14727:14729 ioctl c0306201 80000440 returned -11
[  644.811217][ T1246] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  644.823523][ T1246] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  644.987477][ T1246] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  644.992576][ T1246] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  645.057171][ T1246] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  645.061654][ T1246] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  645.075976][T14719] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.078255][T14719] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.080849][T14719] bridge_slave_0: entered allmulticast mode
[  645.087127][T14719] bridge_slave_0: entered promiscuous mode
[  645.092781][T14719] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.095502][T14719] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.097848][T14719] bridge_slave_1: entered allmulticast mode
[  645.100901][T14719] bridge_slave_1: entered promiscuous mode
[  645.128023][ T1246] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  645.132044][ T1246] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  645.170731][T14719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  645.177171][T14719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  645.237258][   T10] usb usb42-port1: unable to enumerate USB device
[  645.252003][T14719] team0: Port device team_slave_0 added
[  645.258837][T14719] team0: Port device team_slave_1 added
[  645.315192][T14719] batman_adv: batadv0: Adding interface: batadv_slave_0
[  645.318488][T14719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  645.330636][T14719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  645.350346][T14719] batman_adv: batadv0: Adding interface: batadv_slave_1
[  645.353153][T14719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  645.364088][T14719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  645.397696][T14740] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  645.399891][T14740] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  645.403705][T14740] vhci_hcd vhci_hcd.0: Device attached
[  645.673941][T12061] usb 38-1: SetAddress Request (2) to port 0
[  645.725543][T14719] hsr_slave_0: entered promiscuous mode
[  645.728830][T14719] hsr_slave_1: entered promiscuous mode
[  645.732356][T14719] debugfs: 'hsr0' already exists in 'hsr'
[  645.736867][T14719] Cannot create hsr debugfs directory
[  645.751977][ T1246] bridge_slave_1: left allmulticast mode
[  645.755144][ T1246] bridge_slave_1: left promiscuous mode
[  645.758323][ T1246] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.764055][ T1246] bridge_slave_0: left allmulticast mode
[  645.766385][ T1246] bridge_slave_0: left promiscuous mode
[  645.768366][ T1246] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.832297][T12061] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  645.843585][T12800] Bluetooth: hci2: command 0x0406 tx timeout
[  645.843737][ T5980] Bluetooth: hci1: command 0x0406 tx timeout
[  645.927393][ T5980] Bluetooth: hci4: command tx timeout
[  645.927393][T12800] Bluetooth: hci3: command 0x0406 tx timeout
[  646.069103][T14741] vhci_hcd: connection reset by peer
[  646.104307][   T71] vhci_hcd: stop threads
[  646.112185][   T71] vhci_hcd: release socket
[  646.116734][   T71] vhci_hcd: disconnect device
[  646.542214][ T1246] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  646.549648][ T1246] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  646.554871][ T1246] bond0 (unregistering): Released all slaves
[  646.627009][T14750] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  646.629770][T14750] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  646.633325][T14750] vhci_hcd vhci_hcd.0: Device attached
[  646.666185][ T1246] : left promiscuous mode
[  646.930031][T14753] vhci_hcd: connection closed
[  646.938320][   T46] vhci_hcd: stop threads
[  646.944095][   T46] vhci_hcd: release socket
[  646.947226][   T46] vhci_hcd: disconnect device
[  646.963552][ T6050] usb 44-1: enqueue for inactive port 0
[  647.334329][ T1246] hsr_slave_0: left promiscuous mode
[  647.337599][ T1246] hsr_slave_1: left promiscuous mode
[  647.340927][ T1246] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  647.345565][ T1246] batman_adv: batadv0: Removing interface: batadv_slave_0
[  647.355371][ T1246] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  647.358639][ T1246] batman_adv: batadv0: Removing interface: batadv_slave_1
[  647.410692][ T1246] veth1_macvtap: left promiscuous mode
[  647.413580][ T1246] veth0_macvtap: left promiscuous mode
[  647.416080][ T1246] veth1_vlan: left promiscuous mode
[  647.419093][ T1246] veth0_vlan: left promiscuous mode
[  647.491772][T14775] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  647.494648][T14775] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  647.505713][T14775] vhci_hcd vhci_hcd.0: Device attached
[  647.584213][ T6050] usb usb44-port1: attempt power cycle
[  647.796139][T14779] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  647.802526][T14779] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  647.827753][ T6021] usb 42-1: SetAddress Request (14) to port 0
[  647.890504][ T6021] usb 42-1: new SuperSpeed USB device number 14 using vhci_hcd
[  647.925522][ T5980] Bluetooth: hci1: command 0x0406 tx timeout
[  647.933656][ T5980] Bluetooth: hci2: command 0x0406 tx timeout
[  648.003708][ T5980] Bluetooth: hci4: command tx timeout
[  648.006164][ T5980] Bluetooth: hci3: command 0x0406 tx timeout
[  648.211192][T14776] vhci_hcd: connection reset by peer
[  648.213985][ T1255] vhci_hcd: stop threads
[  648.216467][ T1255] vhci_hcd: release socket
[  648.218474][ T1255] vhci_hcd: disconnect device
[  648.283546][T14784] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  648.287073][T14784] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  648.291178][T14784] vhci_hcd vhci_hcd.0: Device attached
[  648.484132][ T6050] usb 44-1: SetAddress Request (13) to port 0
[  648.487456][ T6050] usb 44-1: new SuperSpeed USB device number 13 using vhci_hcd
[  648.663129][ T1246] team0 (unregistering): Port device team_slave_1 removed
[  648.731673][T14785] vhci_hcd: connection reset by peer
[  648.742881][   T71] vhci_hcd: stop threads
[  648.745084][   T71] vhci_hcd: release socket
[  648.753261][   T71] vhci_hcd: disconnect device
[  648.794497][ T1246] team0 (unregistering): Port device team_slave_0 removed
[  649.168841][T14791] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  649.807546][T14719] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  649.897357][T14719] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  649.905758][T14719] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  649.926836][T14719] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  650.016043][T14806] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  650.018711][T14806] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  650.021818][T14806] vhci_hcd vhci_hcd.0: Device attached
[  650.085196][ T5980] Bluetooth: hci4: command tx timeout
[  650.092025][ T1246] IPVS: stop unused estimator thread 0...
[  650.174286][T14719] 8021q: adding VLAN 0 to HW filter on device bond0
[  650.198543][T14719] 8021q: adding VLAN 0 to HW filter on device team0
[  650.215655][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  650.219024][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  650.277226][T14806] mkiss: ax0: crc mode is auto.
[  650.289720][ T1246] bridge0: port 2(bridge_slave_1) entered blocking state
[  650.292932][ T1246] bridge0: port 2(bridge_slave_1) entered forwarding state
[  650.629593][T14719] 8021q: adding VLAN 0 to HW filter on device batadv0
[  650.841612][T14719] veth0_vlan: entered promiscuous mode
[  650.860570][T14719] veth1_vlan: entered promiscuous mode
[  650.930790][T14719] veth0_macvtap: entered promiscuous mode
[  650.982021][T12061] usb 38-1: device descriptor read/8, error -110
[  651.003624][T14807] vhci_hcd: connection closed
[  651.026707][  T218] vhci_hcd: stop threads
[  651.030737][  T218] vhci_hcd: release socket
[  651.050214][  T218] vhci_hcd: disconnect device
[  651.052471][T14719] veth1_macvtap: entered promiscuous mode
[  651.089848][T14719] batman_adv: batadv0: Interface activated: batadv_slave_0
[  651.104037][T14719] batman_adv: batadv0: Interface activated: batadv_slave_1
[  651.181837][  T218] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  651.195331][  T218] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  651.306450][  T218] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  651.328728][  T218] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  651.419969][T12061] usb usb38-port1: attempt power cycle
[  651.472585][  T218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  651.480156][  T218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  651.512086][  T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  651.520202][  T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  652.034617][T12061] usb usb38-port1: unable to enumerate USB device
[  652.163691][ T5980] Bluetooth: hci4: command tx timeout
[  653.133647][ T6021] usb 42-1: device descriptor read/8, error -110
[  653.525135][ T6021] usb usb42-port1: attempt power cycle
[  653.533908][ T6050] usb 44-1: device descriptor read/8, error -110
[  653.647571][ T6050] usb usb44-port1: unable to enumerate USB device
[  654.123542][T11072] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[  654.162157][ T6021] usb usb42-port1: unable to enumerate USB device
[  654.196216][T14874] input: syz1 as /devices/virtual/input/input8
[  654.320547][T14879] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  654.323961][T14879] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  654.333806][T11072] usb 7-1: Using ep0 maxpacket: 8
[  654.340055][T11072] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  654.344318][T11072] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  654.346084][T14879] vhci_hcd vhci_hcd.0: Device attached
[  654.347988][T11072] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  654.354547][T11072] usb 7-1: config 250 has no interface number 0
[  654.357054][T11072] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  654.361951][T11072] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  654.366715][T11072] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  654.370778][T11072] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  654.375796][T11072] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  654.381126][T11072] usb 7-1: config 250 interface 228 has no altsetting 0
[  654.386110][T11072] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  654.390197][T11072] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  654.393547][T11072] usb 7-1: Product: syz
[  654.395061][T11072] usb 7-1: SerialNumber: syz
[  654.401790][T11072] hub 7-1:250.228: bad descriptor, ignoring hub
[  654.405155][T11072] hub 7-1:250.228: probe with driver hub failed with error -5
[  654.479502][T14884] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  654.482580][T14884] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  654.486837][T14884] vhci_hcd vhci_hcd.0: Device attached
[  654.490791][T14879] mkiss: ax0: crc mode is auto.
[  654.493496][ T5980] Bluetooth: hci4: command tx timeout
[  654.657651][T11072] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 66 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  654.675303][T11072] usb 7-1: USB disconnect, device number 66
[  654.679939][T11072] usblp0: removed
[  654.753831][ T6050] usb 38-1: SetAddress Request (6) to port 0
[  654.756734][ T6050] usb 38-1: new SuperSpeed USB device number 6 using vhci_hcd
[  654.953665][ T6021] usb 44-1: SetAddress Request (14) to port 0
[  654.956469][ T6021] usb 44-1: new SuperSpeed USB device number 14 using vhci_hcd
[  655.170095][T14881] vhci_hcd: connection reset by peer
[  655.173315][ T1255] vhci_hcd: stop threads
[  655.177528][ T1255] vhci_hcd: release socket
[  655.179859][ T1255] vhci_hcd: disconnect device
[  655.491728][T14886] vhci_hcd: connection reset by peer
[  655.501380][  T218] vhci_hcd: stop threads
[  655.509925][  T218] vhci_hcd: release socket
[  655.512254][  T218] vhci_hcd: disconnect device
[  655.792115][T12800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  655.796275][T12800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  655.800580][T12800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  655.808923][T12800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  655.812970][T12800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  656.025101][T14896] chnl_net:caif_netlink_parms(): no params data found
[  656.617808][T14896] bridge0: port 1(bridge_slave_0) entered blocking state
[  656.620470][T14896] bridge0: port 1(bridge_slave_0) entered disabled state
[  656.623918][T14896] bridge_slave_0: entered allmulticast mode
[  656.634964][T14896] bridge_slave_0: entered promiscuous mode
[  656.640385][T14896] bridge0: port 2(bridge_slave_1) entered blocking state
[  656.644154][T14896] bridge0: port 2(bridge_slave_1) entered disabled state
[  656.647599][T14896] bridge_slave_1: entered allmulticast mode
[  656.652382][T14896] bridge_slave_1: entered promiscuous mode
[  657.071743][T14896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.160998][T14896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.533807][T14917] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  657.545404][T14917] cramfs: wrong magic
[  657.802262][T14896] team0: Port device team_slave_0 added
[  657.809793][T14896] team0: Port device team_slave_1 added
[  657.854246][T12800] Bluetooth: hci0: command tx timeout
[  657.934069][T14896] batman_adv: batadv0: Adding interface: batadv_slave_0
[  657.937593][T14896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.957638][T14896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  657.970575][T14896] batman_adv: batadv0: Adding interface: batadv_slave_1
[  657.979558][T14896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.001878][T14896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.344376][ T1255] bond0 (unregistering): Released all slaves
[  658.496323][ T1255] tipc: Left network mode
[  658.520934][ T1255] IPVS: stopping backup sync thread 8449 ...
[  658.698445][   T40] kauditd_printk_skb: 21 callbacks suppressed
[  658.698459][   T40] audit: type=1326 audit(1757605001.273:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14940 comm="syz.0.2398" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709e579 code=0x0
[  658.752927][T14896] hsr_slave_0: entered promiscuous mode
[  658.756425][T14896] hsr_slave_1: entered promiscuous mode
[  658.759940][T14896] debugfs: 'hsr0' already exists in 'hsr'
[  658.762970][T14896] Cannot create hsr debugfs directory
[  659.000389][ T1255] hsr_slave_0: left promiscuous mode
[  659.003838][ T1255] hsr_slave_1: left promiscuous mode
[  659.853715][ T6050] usb 38-1: device descriptor read/8, error -110
[  659.926627][T12800] Bluetooth: hci0: command tx timeout
[  660.013720][ T6021] usb 44-1: device descriptor read/8, error -110
[  660.020608][T14955] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  660.022838][T14955] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  660.025791][T14955] vhci_hcd vhci_hcd.0: Device attached
[  660.220400][T14962] binder: 14958:14962 ioctl c0306201 80000440 returned -11
[  660.464778][ T6050] usb 38-1: SetAddress Request (7) to port 0
[  660.468033][ T6050] usb 38-1: new SuperSpeed USB device number 7 using vhci_hcd
[  660.482632][T14956] vhci_hcd: connection closed
[  660.483168][ T1140] vhci_hcd: stop threads
[  660.490585][ T1140] vhci_hcd: release socket
[  660.500787][ T1140] vhci_hcd: disconnect device
[  660.604461][ T6021] usb usb44-port1: attempt power cycle
[  660.985272][T14955] Falling back ldisc for ttyprintk.
[  661.117453][T14967] exFAT-fs (nullb0): invalid boot record signature
[  661.119973][T14967] exFAT-fs (nullb0): failed to read boot sector
[  661.122296][T14967] exFAT-fs (nullb0): failed to recognize exfat type
[  661.174671][ T6021] usb usb44-port1: unable to enumerate USB device
[  661.231707][T14970] FAULT_INJECTION: forcing a failure.
[  661.231707][T14970] name failslab, interval 1, probability 0, space 0, times 0
[  661.238873][T14970] CPU: 0 UID: 0 PID: 14970 Comm: syz.1.2402 Not tainted syzkaller #0 PREEMPT(full) 
[  661.238904][T14970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  661.238917][T14970] Call Trace:
[  661.238924][T14970]  <TASK>
[  661.238932][T14970]  dump_stack_lvl+0x16c/0x1f0
[  661.238965][T14970]  should_fail_ex+0x512/0x640
[  661.238982][T14970]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  661.239008][T14970]  should_failslab+0xc2/0x120
[  661.239032][T14970]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  661.239054][T14970]  ? __alloc_skb+0x2b2/0x380
[  661.239084][T14970]  __alloc_skb+0x2b2/0x380
[  661.239110][T14970]  ? __pfx___alloc_skb+0x10/0x10
[  661.239142][T14970]  netlink_ack+0x15d/0xb80
[  661.239172][T14970]  ? __pfx___dev_queue_xmit+0x10/0x10
[  661.239199][T14970]  netlink_rcv_skb+0x332/0x420
[  661.239218][T14970]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  661.239244][T14970]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  661.239286][T14970]  ? ns_capable+0xd7/0x110
[  661.239312][T14970]  nfnetlink_rcv+0x1b3/0x430
[  661.239334][T14970]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  661.239354][T14970]  ? netlink_deliver_tap+0x1ae/0xd30
[  661.239386][T14970]  netlink_unicast+0x5a7/0x870
[  661.239416][T14970]  ? __pfx_netlink_unicast+0x10/0x10
[  661.239445][T14970]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  661.239480][T14970]  netlink_sendmsg+0x8d1/0xdd0
[  661.239511][T14970]  ? __pfx_netlink_sendmsg+0x10/0x10
[  661.239543][T14970]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  661.239568][T14970]  ____sys_sendmsg+0xa95/0xc70
[  661.239594][T14970]  ? __pfx_____sys_sendmsg+0x10/0x10
[  661.239613][T14970]  ? get_compat_msghdr+0x11a/0x170
[  661.239649][T14970]  ___sys_sendmsg+0x134/0x1d0
[  661.239679][T14970]  ? __pfx____sys_sendmsg+0x10/0x10
[  661.239716][T14970]  ? find_held_lock+0x2b/0x80
[  661.239751][T14970]  __sys_sendmsg+0x16d/0x220
[  661.239780][T14970]  ? __pfx___sys_sendmsg+0x10/0x10
[  661.239817][T14970]  ? rcu_is_watching+0x12/0xc0
[  661.239839][T14970]  __do_fast_syscall_32+0x7c/0x3a0
[  661.239860][T14970]  do_fast_syscall_32+0x32/0x80
[  661.239877][T14970]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  661.239905][T14970] RIP: 0023:0xf7f42579
[  661.239921][T14970] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  661.239938][T14970] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  661.239956][T14970] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  661.239968][T14970] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  661.239979][T14970] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  661.239989][T14970] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  661.240000][T14970] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  661.240023][T14970]  </TASK>
[  662.263485][T12800] Bluetooth: hci0: command tx timeout
[  662.723890][T15001] trusted_key: encrypted_key: key user:syz not found
[  663.405242][T14896] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  663.645827][T14896] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  663.892043][T14896] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  664.055966][T14896] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  664.240771][T14896] 8021q: adding VLAN 0 to HW filter on device bond0
[  664.271707][T14896] 8021q: adding VLAN 0 to HW filter on device team0
[  664.285554][ T1255] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.289182][ T1255] bridge0: port 1(bridge_slave_0) entered forwarding state
[  664.310855][  T218] bridge0: port 2(bridge_slave_1) entered blocking state
[  664.314032][  T218] bridge0: port 2(bridge_slave_1) entered forwarding state
[  664.325210][T12800] Bluetooth: hci0: command tx timeout
[  664.435033][T14896] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  664.439398][T14896] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  664.600053][T14896] 8021q: adding VLAN 0 to HW filter on device batadv0
[  664.658709][T14896] veth0_vlan: entered promiscuous mode
[  664.671521][T14896] veth1_vlan: entered promiscuous mode
[  664.693627][T14896] veth0_macvtap: entered promiscuous mode
[  664.698617][T14896] veth1_macvtap: entered promiscuous mode
[  664.714738][T14896] batman_adv: batadv0: Interface activated: batadv_slave_0
[  664.722200][T14896] batman_adv: batadv0: Interface activated: batadv_slave_1
[  664.731096][ T1246] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  664.735101][ T1246] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  664.741956][ T1246] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  664.747507][  T218] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  664.799378][  T218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  664.806675][  T218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  664.837910][ T1246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  664.840785][ T1246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  664.928634][T15042] ieee802154 phy0 wpan0: encryption failed: -22
[  665.647804][ T6050] usb 38-1: device descriptor read/8, error -110
[  665.753818][ T6050] usb usb38-port1: attempt power cycle
[  665.988874][ T5980] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  665.991967][ T5980] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  665.992931][ T5980] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  665.994477][ T5980] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  665.996920][ T5980] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  666.163620][   T10] usb 8-1: new high-speed USB device number 63 using dummy_hcd
[  666.239247][T15053] chnl_net:caif_netlink_parms(): no params data found
[  666.279295][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.279343][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  666.334666][   T10] usb 8-1: Using ep0 maxpacket: 8
[  666.344245][   T10] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  666.344272][   T10] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  666.344291][   T10] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  666.344310][   T10] usb 8-1: config 250 has no interface number 0
[  666.344343][   T10] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  666.344367][   T10] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  666.344390][   T10] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  666.344411][   T10] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  666.344433][   T10] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  666.344458][   T10] usb 8-1: config 250 interface 228 has no altsetting 0
[  666.346566][   T10] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  666.404913][   T10] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  666.405798][ T6050] usb usb38-port1: unable to enumerate USB device
[  666.408376][   T10] usb 8-1: Product: syz
[  666.412811][   T10] usb 8-1: SerialNumber: syz
[  666.436707][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.436742][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  666.461247][   T10] hub 8-1:250.228: bad descriptor, ignoring hub
[  666.461275][   T10] hub 8-1:250.228: probe with driver hub failed with error -5
[  666.591074][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.596457][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  666.604670][T15053] bridge0: port 1(bridge_slave_0) entered blocking state
[  666.607723][T15053] bridge0: port 1(bridge_slave_0) entered disabled state
[  666.610688][T15053] bridge_slave_0: entered allmulticast mode
[  666.614119][T15053] bridge_slave_0: entered promiscuous mode
[  666.618878][T15053] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.621286][T15053] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.623863][T15053] bridge_slave_1: entered allmulticast mode
[  666.626690][T15053] bridge_slave_1: entered promiscuous mode
[  666.651925][   T10] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 63 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  666.704712][   T10] usb 8-1: USB disconnect, device number 63
[  666.716268][   T10] usblp0: removed
[  666.732700][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.737691][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  666.756891][T15053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  666.766096][T15053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  666.781958][T15065] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  666.784983][T15065] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  666.791367][T15065] vhci_hcd vhci_hcd.0: Device attached
[  666.837863][T15053] team0: Port device team_slave_0 added
[  666.842028][T15053] team0: Port device team_slave_1 added
[  666.904744][T15053] batman_adv: batadv0: Adding interface: batadv_slave_0
[  666.907558][T15053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  666.919412][T15053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  666.935691][T15053] batman_adv: batadv0: Adding interface: batadv_slave_1
[  666.939347][T15053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  666.950470][T15053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  666.965369][ T6282] vhci_hcd: vhci_device speed not set
[  667.024034][ T6282] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  667.055675][T15053] hsr_slave_0: entered promiscuous mode
[  667.059403][T15053] hsr_slave_1: entered promiscuous mode
[  667.063858][T15053] debugfs: 'hsr0' already exists in 'hsr'
[  667.066704][T15053] Cannot create hsr debugfs directory
[  667.314817][T15066] vhci_hcd: connection reset by peer
[  667.320990][  T218] vhci_hcd: stop threads
[  667.331534][  T218] vhci_hcd: release socket
[  667.344552][  T218] vhci_hcd: disconnect device
[  667.639928][   T46] bond0 (unregistering): Released all slaves
[  667.780493][   T46] tipc: Left network mode
[  667.800366][   T71] syzkaller0: tun_net_xmit 76
[  667.803066][   T71] syzkaller0: tun_net_xmit 48
[  667.833747][   T53] syzkaller0: tun_net_xmit 76
[  667.873824][ T6040] syzkaller0: tun_net_xmit 76
[  668.009280][ T5980] Bluetooth: hci1: command tx timeout
[  668.571600][T15084] ieee802154 phy0 wpan0: encryption failed: -22
[  670.083719][ T5980] Bluetooth: hci1: command tx timeout
[  670.280358][T15098] binder: BINDER_SET_CONTEXT_MGR already set
[  670.286119][T15098] binder: 15097:15098 ioctl 4018620d 800002c0 returned -16
[  670.300251][   T46] hsr_slave_0: left promiscuous mode
[  670.304724][   T46] hsr_slave_1: left promiscuous mode
[  670.345983][   T46] veth1_macvtap: left promiscuous mode
[  670.348669][   T46] veth0_macvtap: left promiscuous mode
[  670.352534][   T46] veth1_vlan: left promiscuous mode
[  670.355861][   T46] veth0_vlan: left promiscuous mode
[  670.736557][T15109] loop6: detected capacity change from 0 to 2560
[  670.743162][T14839] buffer_io_error: 138 callbacks suppressed
[  670.743183][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.749494][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.753063][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.760785][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.765028][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.768116][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.771524][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.778280][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.781853][T14839] ldm_validate_partition_table(): Disk read failed.
[  670.785175][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.789184][T14839] Buffer I/O error on dev loop6, logical block 0, async page read
[  670.793708][T14839] Dev loop6: unable to read RDB block 0
[  670.796677][T14839]  loop6: unable to read partition table
[  670.802134][T15109] ldm_validate_partition_table(): Disk read failed.
[  670.810469][T15109] Dev loop6: unable to read RDB block 0
[  670.813354][T15109]  loop6: unable to read partition table
[  670.819600][T15109] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  670.970844][ T5387] ldm_validate_partition_table(): Disk read failed.
[  670.975189][ T5387] Dev loop6: unable to read RDB block 0
[  670.978329][ T5387]  loop6: unable to read partition table
[  672.175223][ T6282] vhci_hcd: vhci_device speed not set
[  672.175453][ T5980] Bluetooth: hci1: command tx timeout
[  672.812069][T15125] trusted_key: encrypted_key: key user:syz not found
[  674.243676][ T5980] Bluetooth: hci1: command tx timeout
[  674.253927][T15053] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  674.306523][T15053] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  674.346071][T15155] : entered promiscuous mode
[  674.372291][T15053] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  674.383275][T15053] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  674.460356][T15168] Bluetooth: MGMT ver 1.23
[  674.469770][T15053] 8021q: adding VLAN 0 to HW filter on device bond0
[  674.479847][T15053] 8021q: adding VLAN 0 to HW filter on device team0
[  674.492669][  T218] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.496152][  T218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  674.797409][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  674.801158][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  674.920027][T15053] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  674.924311][T15053] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  675.437096][T15053] 8021q: adding VLAN 0 to HW filter on device batadv0
[  675.482286][T15053] veth0_vlan: entered promiscuous mode
[  675.496590][T15053] veth1_vlan: entered promiscuous mode
[  675.528627][T15053] veth0_macvtap: entered promiscuous mode
[  675.537444][T15053] veth1_macvtap: entered promiscuous mode
[  675.551541][T15053] batman_adv: batadv0: Interface activated: batadv_slave_0
[  675.560570][T15053] batman_adv: batadv0: Interface activated: batadv_slave_1
[  675.572084][ T1140] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  675.576982][ T1140] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  675.581251][ T1140] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  675.585616][ T1140] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  675.728227][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.736412][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.775444][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  675.780571][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  675.808371][T15191] mmap: syz.2.2441 (15191) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  675.829714][T15192] ieee802154 phy0 wpan0: encryption failed: -22
[  676.319221][T15197] FAULT_INJECTION: forcing a failure.
[  676.319221][T15197] name failslab, interval 1, probability 0, space 0, times 0
[  676.328276][T15197] CPU: 3 UID: 0 PID: 15197 Comm: syz.1.2443 Not tainted syzkaller #0 PREEMPT(full) 
[  676.328303][T15197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  676.328315][T15197] Call Trace:
[  676.328321][T15197]  <TASK>
[  676.328329][T15197]  dump_stack_lvl+0x16c/0x1f0
[  676.328359][T15197]  should_fail_ex+0x512/0x640
[  676.328375][T15197]  ? __kmalloc_noprof+0xbf/0x510
[  676.328397][T15197]  ? kernfs_fop_write_iter+0x237/0x510
[  676.328414][T15197]  should_failslab+0xc2/0x120
[  676.328436][T15197]  __kmalloc_noprof+0xd2/0x510
[  676.328455][T15197]  ? __pfx_aa_file_perm+0x10/0x10
[  676.328486][T15197]  kernfs_fop_write_iter+0x237/0x510
[  676.328506][T15197]  do_iter_readv_writev+0x662/0x9e0
[  676.328528][T15197]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  676.328559][T15197]  vfs_writev+0x35f/0xde0
[  676.328584][T15197]  ? __pfx_vfs_writev+0x10/0x10
[  676.328601][T15197]  ? __mutex_lock+0x1c5/0x1060
[  676.328627][T15197]  ? find_held_lock+0x2b/0x80
[  676.328651][T15197]  ? __pfx___mutex_lock+0x10/0x10
[  676.328685][T15197]  ? __fget_files+0x20e/0x3c0
[  676.328702][T15197]  ? __fget_files+0x180/0x3c0
[  676.328727][T15197]  ? do_writev+0x132/0x340
[  676.328744][T15197]  do_writev+0x132/0x340
[  676.328763][T15197]  ? __pfx_do_writev+0x10/0x10
[  676.328783][T15197]  ? rcu_is_watching+0x12/0xc0
[  676.328804][T15197]  __do_fast_syscall_32+0x7c/0x3a0
[  676.328822][T15197]  do_fast_syscall_32+0x32/0x80
[  676.328838][T15197]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  676.328859][T15197] RIP: 0023:0xf7f42579
[  676.328874][T15197] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  676.328890][T15197] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[  676.328907][T15197] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[  676.328918][T15197] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  676.328928][T15197] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  676.328939][T15197] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  676.328950][T15197] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  676.328973][T15197]  </TASK>
[  677.095200][T15206] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2445'.
[  677.363804][ T5980] Bluetooth: hci1: command tx timeout
[  677.520275][T15216] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2446'.
[  678.430010][T15222] trusted_key: encrypted_key: key user:syz not found
[  678.578731][T15226] ieee802154 phy0 wpan0: encryption failed: -22
[  679.091778][T15227] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  679.095225][T15227] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  679.185283][T15230] mkiss: ax0: crc mode is auto.
[  679.250376][T15227] vhci_hcd vhci_hcd.0: Device attached
[  679.329074][T12800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  679.349697][T12800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  679.355530][T12800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  679.368183][T12800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  679.371969][T12800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  679.444339][   T53] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[  679.571143][T15228] vhci_hcd: connection closed
[  679.571412][   T46] vhci_hcd: stop threads
[  679.580901][   T46] vhci_hcd: release socket
[  679.582997][   T46] vhci_hcd: disconnect device
[  679.603480][   T53] usb 7-1: Using ep0 maxpacket: 8
[  679.607642][   T53] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  679.611793][   T53] usb 7-1: config 0 has no interface number 0
[  679.623593][   T53] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  679.628619][   T53] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  679.635247][   T53] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  679.639277][   T53] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  679.647907][   T53] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  679.676691][T15236] chnl_net:caif_netlink_parms(): no params data found
[  679.683288][   T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.697508][   T53] usb 7-1: config 0 descriptor??
[  679.704814][   T53] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  679.711660][T15246] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2456'.
[  679.965397][   T10] usb 7-1: USB disconnect, device number 67
[  679.973024][   T10] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  679.984689][T15236] bridge0: port 1(bridge_slave_0) entered blocking state
[  679.987133][T15236] bridge0: port 1(bridge_slave_0) entered disabled state
[  679.989745][T15236] bridge_slave_0: entered allmulticast mode
[  679.994875][T15236] bridge_slave_0: entered promiscuous mode
[  679.999886][T15236] bridge0: port 2(bridge_slave_1) entered blocking state
[  680.003275][T15236] bridge0: port 2(bridge_slave_1) entered disabled state
[  680.006707][T15236] bridge_slave_1: entered allmulticast mode
[  680.011188][T15236] bridge_slave_1: entered promiscuous mode
[  680.076102][T15236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  680.084105][T15236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  680.157002][T15236] team0: Port device team_slave_0 added
[  680.163227][T15236] team0: Port device team_slave_1 added
[  680.230866][T15236] batman_adv: batadv0: Adding interface: batadv_slave_0
[  680.234487][T15236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.246909][T15236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  680.253647][T15236] batman_adv: batadv0: Adding interface: batadv_slave_1
[  680.256555][T15236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.267858][T15236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  680.347138][T15236] hsr_slave_0: entered promiscuous mode
[  680.351374][T15236] hsr_slave_1: entered promiscuous mode
[  680.487655][T15255] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2457'.
[  680.892530][T15267] binder_alloc: 15265: binder_alloc_buf, no vma
[  680.897283][T15267] binder: 15265:15267 ioctl c0306201 80000440 returned -11
[  680.933684][T15269] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2459'.
[  681.222245][T15236] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  681.255399][T15236] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  681.262243][T15273] netlink: 'syz.1.2461': attribute type 15 has an invalid length.
[  681.301058][T15236] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  681.309731][T15236] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  681.444788][ T5980] Bluetooth: hci2: command tx timeout
[  681.592978][T15236] 8021q: adding VLAN 0 to HW filter on device bond0
[  681.612646][T15236] 8021q: adding VLAN 0 to HW filter on device team0
[  681.632971][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  681.636543][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  681.644778][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  681.647676][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  681.889594][T15236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  681.932237][T15236] veth0_vlan: entered promiscuous mode
[  681.946826][T15236] veth1_vlan: entered promiscuous mode
[  681.992560][T15236] veth0_macvtap: entered promiscuous mode
[  682.007628][T15236] veth1_macvtap: entered promiscuous mode
[  682.024253][T15236] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.035736][T15236] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.047770][   T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.053257][   T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.081990][   T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.086770][   T46] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.205475][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.233855][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.239897][T15292] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  682.242795][T15292] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  682.249380][T15292] vhci_hcd vhci_hcd.0: Device attached
[  682.273674][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  682.277480][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  682.349429][T15292] mkiss: ax0: crc mode is auto.
[  682.646607][T15300] random: crng reseeded on system resumption
[  682.675905][ T6060] usb 42-1: SetAddress Request (18) to port 0
[  682.679395][ T6060] usb 42-1: new SuperSpeed USB device number 18 using vhci_hcd
[  682.693213][T15301] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  682.696804][T15301] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  682.701892][T15301] vhci_hcd vhci_hcd.0: Device attached
[  682.809331][T15293] vhci_hcd: connection reset by peer
[  682.813488][   T13] vhci_hcd: stop threads
[  682.815571][   T13] vhci_hcd: release socket
[  682.817552][   T13] vhci_hcd: disconnect device
[  682.963529][ T1020] usb 44-1: SetAddress Request (18) to port 0
[  682.966948][ T1020] usb 44-1: new SuperSpeed USB device number 18 using vhci_hcd
[  683.523915][ T5980] Bluetooth: hci2: command tx timeout
[  683.655999][T15302] vhci_hcd: connection reset by peer
[  683.658969][ T1140] vhci_hcd: stop threads
[  683.661383][ T1140] vhci_hcd: release socket
[  683.663803][ T1140] vhci_hcd: disconnect device
[  683.764069][T11072] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[  683.923639][T11072] usb 7-1: Using ep0 maxpacket: 8
[  683.927950][T11072] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  683.931484][T11072] usb 7-1: config 0 has no interface number 0
[  683.934536][T11072] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  683.939655][T11072] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  683.945157][T11072] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  683.949735][T11072] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  683.955681][T11072] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  683.959776][T11072] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.965369][T11072] usb 7-1: config 0 descriptor??
[  683.973162][T11072] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  684.250703][T11072] usb 7-1: USB disconnect, device number 68
[  684.256016][T11072] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  685.286376][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  685.288439][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  685.449053][T15334] trusted_key: encrypted_key: key user:syz not found
[  685.613648][ T5980] Bluetooth: hci2: command tx timeout
[  686.194148][T15341] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  686.197096][T15341] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  686.201332][T15341] vhci_hcd vhci_hcd.0: Device attached
[  686.358924][T15341] mkiss: ax0: crc mode is auto.
[  686.743613][ T6050] usb 38-1: SetAddress Request (10) to port 0
[  686.745950][ T6050] usb 38-1: new SuperSpeed USB device number 10 using vhci_hcd
[  686.781353][T15346] netlink: 'syz.3.2475': attribute type 15 has an invalid length.
[  687.292121][T15351] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2476'.
[  687.333570][T15342] vhci_hcd: connection reset by peer
[  687.337683][  T218] vhci_hcd: stop threads
[  687.340150][  T218] vhci_hcd: release socket
[  687.345071][  T218] vhci_hcd: disconnect device
[  687.693703][ T5980] Bluetooth: hci2: command tx timeout
[  687.774519][ T6060] usb 42-1: device descriptor read/8, error -110
[  688.013578][ T1020] usb 44-1: device descriptor read/8, error -110
[  688.188833][T15364] netlink: 'syz.2.2478': attribute type 15 has an invalid length.
[  688.200769][ T6060] usb usb42-port1: attempt power cycle
[  688.208725][T15367] FAULT_INJECTION: forcing a failure.
[  688.208725][T15367] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.210563][T15365] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  688.216783][T15365] block device autoloading is deprecated and will be removed.
[  688.224313][T15367] CPU: 3 UID: 0 PID: 15367 Comm: syz.1.2482 Not tainted syzkaller #0 PREEMPT(full) 
[  688.224338][T15367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  688.224349][T15367] Call Trace:
[  688.224356][T15367]  <TASK>
[  688.224363][T15367]  dump_stack_lvl+0x16c/0x1f0
[  688.224393][T15367]  should_fail_ex+0x512/0x640
[  688.224414][T15367]  _copy_to_user+0x32/0xd0
[  688.224433][T15367]  snd_timer_user_status32.isra.0+0x215/0x2e0
[  688.224455][T15367]  ? __pfx_snd_timer_user_status32.isra.0+0x10/0x10
[  688.224489][T15367]  snd_timer_user_ioctl_compat+0x2ed/0x410
[  688.224512][T15367]  ? __pfx_snd_timer_user_ioctl_compat+0x10/0x10
[  688.224539][T15367]  ? __fget_files+0x20e/0x3c0
[  688.224561][T15367]  ? __pfx_snd_timer_user_ioctl_compat+0x10/0x10
[  688.224583][T15367]  __ia32_compat_sys_ioctl+0x23f/0x370
[  688.224612][T15367]  __do_fast_syscall_32+0x7c/0x3a0
[  688.224630][T15367]  do_fast_syscall_32+0x32/0x80
[  688.224646][T15367]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  688.224666][T15367] RIP: 0023:0xf7f42579
[  688.224679][T15367] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  688.224696][T15367] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  688.224712][T15367] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040585414
[  688.224724][T15367] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000
[  688.224733][T15367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  688.224743][T15367] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  688.224752][T15367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  688.224775][T15367]  </TASK>
[  688.413932][ T1020] usb usb44-port1: attempt power cycle
[  688.537521][T15373] warning: `syz.1.2484' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  688.637962][T15376] trusted_key: encrypted_key: key user:syz not found
[  688.810776][ T6060] usb usb42-port1: unable to enumerate USB device
[  689.130668][ T1020] usb usb44-port1: unable to enumerate USB device
[  689.317135][T15380] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  689.319750][T15380] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  689.323940][T15380] vhci_hcd vhci_hcd.0: Device attached
[  689.774685][ T5980] Bluetooth: hci2: command tx timeout
[  689.830341][T15380] No control pipe specified
[  689.848675][T15380] mkiss: ax0: crc mode is auto.
[  690.282054][T15389] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2487'.
[  690.455414][T15381] vhci_hcd: connection closed
[  690.455855][  T218] vhci_hcd: stop threads
[  690.460317][  T218] vhci_hcd: release socket
[  690.462440][  T218] vhci_hcd: disconnect device
[  691.853647][ T6050] usb 38-1: device descriptor read/8, error -110
[  691.870204][T15407] trusted_key: encrypted_key: key user:syz not found
[  691.975356][T15410] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2493'.
[  691.983656][T15410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2493'.
[  692.276801][T15412] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2494'.
[  692.283799][ T6050] usb usb38-port1: attempt power cycle
[  692.647447][T15423] netlink: 'syz.2.2496': attribute type 15 has an invalid length.
[  692.902959][ T6050] usb usb38-port1: unable to enumerate USB device
[  693.396853][T15429] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2497'.
[  694.167279][T15434] gtp0: entered promiscuous mode
[  694.174513][T15434] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2499'.
[  694.287482][  T839] usb 8-1: new high-speed USB device number 64 using dummy_hcd
[  694.433604][  T839] usb 8-1: Using ep0 maxpacket: 8
[  694.439038][  T839] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  694.442616][  T839] usb 8-1: config 179 has no interface number 0
[  694.445568][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  694.450203][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  694.456652][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  694.461122][  T839] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  694.464636][  T839] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  694.468854][  T839] usb 8-1: config 179 interface 65 has no altsetting 0
[  694.472059][  T839] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  694.476764][  T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.499398][  T839] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input10
[  694.689700][  T839] usb 8-1: USB disconnect, device number 64
[  694.692472][    C2] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  695.403095][T15456] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  695.405962][T15456] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  695.414945][T15456] vhci_hcd vhci_hcd.0: Device attached
[  695.664860][   T53] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[  695.712601][T15464] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2507'.
[  696.318620][T15457] vhci_hcd: connection reset by peer
[  696.321610][   T59] vhci_hcd: stop threads
[  696.324204][   T59] vhci_hcd: release socket
[  696.326231][   T59] vhci_hcd: disconnect device
[  696.519641][T15470] ieee802154 phy0 wpan0: encryption failed: -22
[  696.713469][ T6050] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  697.123566][ T6050] usb 6-1: Using ep0 maxpacket: 8
[  697.244358][ T6050] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  697.248111][ T6050] usb 6-1: config 0 has no interface number 0
[  697.250770][ T6050] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  697.255407][ T6050] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  697.260337][ T6050] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  697.266257][ T6050] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  697.272264][ T6050] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  697.276089][ T6050] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.281274][ T6050] usb 6-1: config 0 descriptor??
[  697.295670][ T6050] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  697.444262][T15482] trusted_key: encrypted_key: key user:syz not found
[  697.462376][T15481] binder: BINDER_SET_CONTEXT_MGR already set
[  697.472364][T15481] binder: 15475:15481 ioctl 4018620d 800002c0 returned -16
[  697.617196][T15481] binder: 15475:15481 ioctl c0306201 80000440 returned -11
[  697.642512][ T6040] usb 6-1: USB disconnect, device number 77
[  698.227861][ T6040] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  698.399767][T15494] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  698.402497][T15494] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  698.408462][T15494] vhci_hcd vhci_hcd.0: Device attached
[  698.428509][T15497] vhci_hcd: connection closed
[  698.428785][   T71] vhci_hcd: stop threads
[  698.433150][   T71] vhci_hcd: release socket
[  698.436558][   T71] vhci_hcd: disconnect device
[  698.500974][T15495] netlink: 'syz.2.2515': attribute type 15 has an invalid length.
[  698.856285][T15506] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2517'.
[  699.577011][T15516] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  699.650827][T15518] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  699.654280][T15518] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  699.659409][T15518] vhci_hcd vhci_hcd.0: Device attached
[  699.674798][T15516] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2520'.
[  699.802699][T15518] No control pipe specified
[  699.953799][ T6050] usb 44-1: SetAddress Request (22) to port 0
[  699.969404][T15518] mkiss: ax0: crc mode is auto.
[  699.978665][ T6050] usb 44-1: new SuperSpeed USB device number 22 using vhci_hcd
[  700.315585][T15529] FAULT_INJECTION: forcing a failure.
[  700.315585][T15529] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  700.321781][T15529] CPU: 0 UID: 0 PID: 15529 Comm: syz.0.2524 Not tainted syzkaller #0 PREEMPT(full) 
[  700.321808][T15529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  700.321820][T15529] Call Trace:
[  700.321828][T15529]  <TASK>
[  700.321837][T15529]  dump_stack_lvl+0x16c/0x1f0
[  700.321903][T15529]  should_fail_ex+0x512/0x640
[  700.321934][T15529]  should_fail_alloc_page+0xe7/0x130
[  700.321963][T15529]  prepare_alloc_pages+0x3c2/0x610
[  700.321992][T15529]  ? find_held_lock+0x2b/0x80
[  700.322015][T15529]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  700.322039][T15529]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  700.322063][T15529]  ? is_bpf_text_address+0x94/0x1a0
[  700.322145][T15529]  ? kernel_text_address+0x8d/0x100
[  700.322166][T15529]  ? __kernel_text_address+0xd/0x40
[  700.322184][T15529]  ? unwind_get_return_address+0x59/0xa0
[  700.322206][T15529]  ? arch_stack_walk+0xa6/0x100
[  700.322229][T15529]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  700.322256][T15529]  ? __lock_acquire+0x62e/0x1ce0
[  700.322286][T15529]  ? __pfx_stack_trace_save+0x10/0x10
[  700.322313][T15529]  ? __lock_acquire+0x62e/0x1ce0
[  700.322338][T15529]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  700.322369][T15529]  ? policy_nodemask+0xea/0x4e0
[  700.322399][T15529]  alloc_pages_mpol+0x1fb/0x550
[  700.322427][T15529]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  700.322455][T15529]  ? __lock_acquire+0x62e/0x1ce0
[  700.322481][T15529]  folio_alloc_mpol_noprof+0x36/0x2f0
[  700.322508][T15529]  vma_alloc_folio_noprof+0xed/0x1e0
[  700.322534][T15529]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  700.322569][T15529]  do_pte_missing+0x2230/0x3ba0
[  700.322591][T15529]  ? find_held_lock+0x2b/0x80
[  700.322617][T15529]  __handle_mm_fault+0x152a/0x2a50
[  700.322639][T15529]  ? mt_find+0x3ef/0xa30
[  700.322659][T15529]  ? __pfx___handle_mm_fault+0x10/0x10
[  700.322676][T15529]  ? __pfx_mt_find+0x10/0x10
[  700.322710][T15529]  ? find_vma+0xbf/0x140
[  700.322759][T15529]  ? __pfx_find_vma+0x10/0x10
[  700.322788][T15529]  handle_mm_fault+0x589/0xd10
[  700.322810][T15529]  ? trace_raw_output_exceptions+0x131/0x150
[  700.322839][T15529]  do_user_addr_fault+0x7a6/0x1370
[  700.322870][T15529]  ? rcu_is_watching+0x12/0xc0
[  700.322893][T15529]  exc_page_fault+0x5c/0xb0
[  700.322921][T15529]  asm_exc_page_fault+0x26/0x30
[  700.322939][T15529] RIP: 0010:_copy_to_user+0xb6/0xd0
[  700.322961][T15529] Code: 89 ee 48 89 ef e8 3a 0f da fc 4d 85 ff 75 a8 e8 80 14 da fc 89 de 4c 89 e7 e8 56 83 3f fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb eb 80 66 2e 0f 1f 84 00 00 00 00
[  700.322979][T15529] RSP: 0018:ffffc90002eefb28 EFLAGS: 00050246
[  700.322996][T15529] RAX: 0000000000000001 RBX: 0000000000000040 RCX: 0000000000000004
[  700.323008][T15529] RDX: fffff520005ddfc4 RSI: ffffc90002eefe1c RDI: 0000000080001000
[  700.323020][T15529] RBP: 0000000080000fc4 R08: 0000000000000000 R09: fffff520005ddfc3
[  700.323032][T15529] R10: ffffc90002eefe1f R11: 0000000000000000 R12: ffffc90002eefde0
[  700.323044][T15529] R13: 0000000080001004 R14: 00007ffffffff000 R15: 0000000000000000
[  700.323072][T15529]  ? _copy_to_user+0xaa/0xd0
[  700.323097][T15529]  binder_ioctl+0x5a25/0x71f0
[  700.323139][T15529]  ? tomoyo_path_number_perm+0x18d/0x580
[  700.323171][T15529]  ? __pfx_binder_ioctl+0x10/0x10
[  700.323203][T15529]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  700.323235][T15529]  ? do_vfs_ioctl+0x128/0x14f0
[  700.323266][T15529]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  700.323305][T15529]  ? find_held_lock+0x2b/0x80
[  700.323334][T15529]  ? __fget_files+0x20e/0x3c0
[  700.323359][T15529]  ? __pfx_binder_ioctl+0x10/0x10
[  700.323381][T15529]  compat_ptr_ioctl+0x6b/0xa0
[  700.323409][T15529]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  700.323437][T15529]  __ia32_compat_sys_ioctl+0x23f/0x370
[  700.323471][T15529]  __do_fast_syscall_32+0x7c/0x3a0
[  700.323491][T15529]  do_fast_syscall_32+0x32/0x80
[  700.323511][T15529]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  700.323533][T15529] RIP: 0023:0xf701e579
[  700.323549][T15529] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  700.323566][T15529] RSP: 002b:00000000f540e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  700.323584][T15529] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[  700.323596][T15529] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[  700.323606][T15529] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  700.323617][T15529] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  700.323628][T15529] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  700.323654][T15529]  </TASK>
[  700.523635][T15529] binder: 15528:15529 ioctl c0306201 80000440 returned -14
[  700.646660][T15533] netlink: 'syz.1.2526': attribute type 1 has an invalid length.
[  700.793857][   T53] vhci_hcd: vhci_device speed not set
[  700.873894][T15519] vhci_hcd: connection reset by peer
[  700.892779][   T71] vhci_hcd: stop threads
[  700.895220][   T71] vhci_hcd: release socket
[  700.897191][   T71] vhci_hcd: disconnect device
[  701.104078][    C0] hrtimer: interrupt took 838273 ns
[  702.660657][T15569] net_ratelimit: 6 callbacks suppressed
[  702.660735][T15569] netlink: zone id is out of range
[  702.670290][T15569] netlink: zone id is out of range
[  702.673669][T15569] netlink: zone id is out of range
[  702.679278][T15569] netlink: zone id is out of range
[  702.685364][T15569] netlink: zone id is out of range
[  702.689432][T15569] netlink: zone id is out of range
[  702.693147][T15569] netlink: zone id is out of range
[  702.695874][T15569] netlink: zone id is out of range
[  702.698045][T15569] netlink: zone id is out of range
[  702.700026][T15569] netlink: zone id is out of range
[  702.750912][T15569] tmpfs: Unknown parameter 'seclabel'
[  702.751785][T15572] syzkaller1: entered promiscuous mode
[  702.757176][T15572] syzkaller1: entered allmulticast mode
[  702.822029][T15574] netlink: 'syz.0.2536': attribute type 15 has an invalid length.
[  702.955747][T15576] sch_tbf: burst 19869 is lower than device lo mtu (65550) !
[  703.108063][T15588] binder: 15587:15588 ioctl 4018620d 0 returned -22
[  703.847593][T15601] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  703.942434][T15598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2543'.
[  703.946608][T15598] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2543'.
[  704.113600][ T6060] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[  704.273498][ T6060] usb 6-1: Using ep0 maxpacket: 8
[  704.279252][ T6060] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  704.282939][ T6060] usb 6-1: config 0 has no interface number 0
[  704.287475][ T6060] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  704.293878][ T6060] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  704.299281][ T6060] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  704.304792][ T6060] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  704.310516][ T6060] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  704.315277][ T6060] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.332427][ T6060] usb 6-1: config 0 descriptor??
[  704.364421][ T6060] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  705.053546][ T6050] usb 44-1: device descriptor read/8, error -110
[  705.464404][ T6050] usb usb44-port1: attempt power cycle
[  706.035538][ T6050] usb usb44-port1: unable to enumerate USB device
[  706.264825][T15619] binder: 15618:15619 ioctl 4018620d 0 returned -22
[  706.621621][T15627] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2554'.
[  706.633610][T15627] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  706.637503][T15627] overlayfs: missing 'lowerdir'
[  706.673526][ T1020] usb 6-1: USB disconnect, device number 78
[  706.678678][ T1020] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  707.276027][T15635] netlink: 'syz.1.2556': attribute type 15 has an invalid length.
[  707.447307][T15652] binder: 15651:15652 ioctl 4018620d 0 returned -22
[  708.104637][   T40] audit: type=1326 audit(1757605050.683:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.125143][T15667] binder: 15663:15667 ioctl c0306201 80000440 returned -11
[  708.188275][   T40] audit: type=1326 audit(1757605050.683:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.223031][   T40] audit: type=1326 audit(1757605050.783:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.242539][   T40] audit: type=1326 audit(1757605050.793:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.262736][   T40] audit: type=1326 audit(1757605050.793:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.305603][   T40] audit: type=1326 audit(1757605050.863:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=95 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.315147][   T40] audit: type=1326 audit(1757605050.863:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.324988][   T40] audit: type=1326 audit(1757605050.863:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.335116][   T40] audit: type=1326 audit(1757605050.863:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.345599][   T40] audit: type=1326 audit(1757605050.863:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15659 comm="syz.0.2564" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x7ffc0000
[  708.901135][T15677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2567'.
[  708.905981][T15677] netlink: 'syz.2.2567': attribute type 5 has an invalid length.
[  708.912175][T15677] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2567'.
[  708.942244][T15677] geneve2: entered promiscuous mode
[  708.946115][T15677] geneve2: entered allmulticast mode
[  709.090786][ T1255] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  709.116270][ T1255] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  709.127829][ T1255] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  709.131455][ T1255] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  709.199750][T15687] binder: 15686:15687 ioctl c0306201 0 returned -14
[  709.311788][T15689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2572'.
[  709.320792][T15689] net_ratelimit: 169 callbacks suppressed
[  709.320812][T15689] openvswitch: netlink: Unknown nsh attribute 0
[  709.327627][T15689] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  709.334224][T15691] netlink: 3812 bytes leftover after parsing attributes in process `syz.3.2573'.
[  709.840678][T15696] FAULT_INJECTION: forcing a failure.
[  709.840678][T15696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  709.846330][T15696] CPU: 3 UID: 0 PID: 15696 Comm: syz.2.2574 Not tainted syzkaller #0 PREEMPT(full) 
[  709.846352][T15696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  709.846362][T15696] Call Trace:
[  709.846368][T15696]  <TASK>
[  709.846374][T15696]  dump_stack_lvl+0x16c/0x1f0
[  709.846400][T15696]  should_fail_ex+0x512/0x640
[  709.846413][T15696]  _copy_from_iter+0x29f/0x1720
[  709.846429][T15696]  ? __pfx__copy_from_iter+0x10/0x10
[  709.846443][T15696]  ? __pfx___might_resched+0x10/0x10
[  709.846458][T15696]  file_tty_write.constprop.0+0x488/0x9b0
[  709.846484][T15696]  vfs_write+0x7d0/0x11d0
[  709.846499][T15696]  ? __pfx_tty_write+0x10/0x10
[  709.846516][T15696]  ? __pfx_vfs_write+0x10/0x10
[  709.846527][T15696]  ? find_held_lock+0x2b/0x80
[  709.846548][T15696]  ksys_write+0x12a/0x250
[  709.846560][T15696]  ? __pfx_ksys_write+0x10/0x10
[  709.846574][T15696]  ? rcu_is_watching+0x12/0xc0
[  709.846588][T15696]  __do_fast_syscall_32+0x7c/0x3a0
[  709.846600][T15696]  do_fast_syscall_32+0x32/0x80
[  709.846610][T15696]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  709.846624][T15696] RIP: 0023:0xf7f51579
[  709.846633][T15696] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  709.846644][T15696] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  709.846655][T15696] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002b40
[  709.846662][T15696] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000
[  709.846669][T15696] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  709.846675][T15696] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  709.846682][T15696] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  709.846695][T15696]  </TASK>
[  710.200277][T15704] overlayfs: missing 'lowerdir'
[  710.604435][T15711] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  710.607354][T15711] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  710.611731][T15711] vhci_hcd vhci_hcd.0: Device attached
[  711.069131][T15712] vhci_hcd: connection closed
[  711.069429][   T59] vhci_hcd: stop threads
[  711.074254][   T59] vhci_hcd: release socket
[  711.076692][   T59] vhci_hcd: disconnect device
[  712.702250][T15742] binder: 15741:15742 ioctl c0306201 0 returned -14
[  713.201661][T15751] trusted_key: encrypted_key: key user:syz not found
[  713.476398][T15754] trusted_key: encrypted_key: key user:syz not found
[  714.746961][T15766] overlayfs: failed to resolve './file0': -2
[  714.935929][T15771] binder: BINDER_SET_CONTEXT_MGR already set
[  714.938847][T15771] binder: 15769:15771 ioctl 4018620d 800002c0 returned -16
[  714.948156][T15771] binder: 15769:15771 ioctl c0306201 80000440 returned -11
[  716.011698][   T40] kauditd_printk_skb: 32 callbacks suppressed
[  716.011711][   T40] audit: type=1326 audit(1757605058.583:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15779 comm="syz.0.2599" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701e579 code=0x0
[  716.199229][T15787] trusted_key: encrypted_key: key user:syz not found
[  717.025360][T15799] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2602'.
[  717.031482][T15799] netlink: 'syz.0.2602': attribute type 5 has an invalid length.
[  717.072195][T15799] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2602'.
[  717.137784][T15799] geneve2: entered promiscuous mode
[  717.139643][T15799] geneve2: entered allmulticast mode
[  717.157915][ T1255] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  717.167969][   T59] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  717.171614][   T59] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  717.185727][   T59] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  717.415635][T15806] 9pnet_fd: Insufficient options for proto=fd
[  717.663736][   T53] usb 8-1: new high-speed USB device number 65 using dummy_hcd
[  717.834964][   T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  717.838588][   T53] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  717.842553][   T53] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  717.846679][   T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.858907][T15806] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  717.864733][   T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  717.969552][T15827] trusted_key: encrypted_key: key user:syz not found
[  718.062541][T15829] loop7: detected capacity change from 0 to 16384
[  718.187683][   T53] usb 8-1: USB disconnect, device number 65
[  718.928622][T15841] FAULT_INJECTION: forcing a failure.
[  718.928622][T15841] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.933815][T15841] CPU: 3 UID: 0 PID: 15841 Comm: syz.3.2618 Not tainted syzkaller #0 PREEMPT(full) 
[  718.933840][T15841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  718.933851][T15841] Call Trace:
[  718.933858][T15841]  <TASK>
[  718.933866][T15841]  dump_stack_lvl+0x16c/0x1f0
[  718.933897][T15841]  should_fail_ex+0x512/0x640
[  718.933945][T15841]  _copy_to_user+0x32/0xd0
[  718.933969][T15841]  simple_read_from_buffer+0xcb/0x170
[  718.933990][T15841]  proc_fail_nth_read+0x197/0x240
[  718.934011][T15841]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  718.934032][T15841]  ? rw_verify_area+0xcf/0x6c0
[  718.934049][T15841]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  718.934068][T15841]  vfs_read+0x1e4/0xcf0
[  718.934093][T15841]  ? __pfx_vfs_read+0x10/0x10
[  718.934110][T15841]  ? find_held_lock+0x2b/0x80
[  718.934135][T15841]  ? __fget_files+0x20e/0x3c0
[  718.934163][T15841]  ksys_read+0x12a/0x250
[  718.934182][T15841]  ? __pfx_ksys_read+0x10/0x10
[  718.934204][T15841]  ? rcu_is_watching+0x12/0xc0
[  718.934226][T15841]  __do_fast_syscall_32+0x7c/0x3a0
[  718.934246][T15841]  do_fast_syscall_32+0x32/0x80
[  718.934262][T15841]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  718.934284][T15841] RIP: 0023:0xf7fb4579
[  718.934298][T15841] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  718.934315][T15841] RSP: 002b:00000000f54b6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  718.934332][T15841] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f54b6620
[  718.934343][T15841] RDX: 000000000000000f RSI: 00000000f7444ff4 RDI: 0000000000000000
[  718.934354][T15841] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  718.934363][T15841] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  718.934373][T15841] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.934394][T15841]  </TASK>
[  719.037611][T15844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2617'.
[  719.042215][T15844] netlink: 'syz.1.2617': attribute type 5 has an invalid length.
[  719.047278][T15844] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2617'.
[  719.109628][T15844] geneve2: entered promiscuous mode
[  719.112258][T15844] geneve2: entered allmulticast mode
[  719.207078][ T1140] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  719.212905][ T1140] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  719.220021][ T1140] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  719.224426][ T1140] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  719.469816][T15855] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2623'.
[  720.863794][ T6060] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[  721.083833][ T6060] usb 7-1: Using ep0 maxpacket: 8
[  721.089149][ T6060] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  721.093614][ T6060] usb 7-1: config 0 has no interface number 0
[  721.096139][ T6060] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  721.100732][ T6060] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  721.106023][ T6060] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  721.109936][ T6060] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  721.118197][ T6060] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  721.122626][ T6060] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.176378][ T6060] usb 7-1: config 0 descriptor??
[  721.199728][ T6060] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  721.865745][ T1140] bond0 (unregistering): Released all slaves
[  721.929349][ T1140] : left promiscuous mode
[  722.024269][ T1140] tipc: Left network mode
[  722.044959][ T1140] IPVS: stopping backup sync thread 8616 ...
[  722.251477][ T1140] hsr_slave_0: left promiscuous mode
[  722.254471][ T1140] hsr_slave_1: left promiscuous mode
[  722.534444][T15905] IPVS: length: 139 != 8
[  722.649154][  T839] usb 7-1: USB disconnect, device number 69
[  722.656149][  T839] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  722.717030][T15908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2636'.
[  722.721501][T15908] netlink: 'syz.0.2636': attribute type 5 has an invalid length.
[  722.725254][T15908] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2636'.
[  723.315551][T15920] binder: 15918:15920 ioctl c0306201 80000440 returned -11
[  724.552648][T15908] geneve3: entered promiscuous mode
[  724.555196][T15908] geneve3: entered allmulticast mode
[  724.621051][T15929] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.634392][T15929] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  724.670832][T15934] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  724.679705][T15934] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  724.791368][T15929] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.797557][T15929] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  725.098750][T15929] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.127437][T15929] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  725.229425][T15929] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  725.234160][T15929] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  725.239007][T15955] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  725.241875][T15955] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  725.265288][T15955] vhci_hcd vhci_hcd.0: Device attached
[  725.399245][T15955] mkiss: ax0: crc mode is auto.
[  725.447888][ T1140] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  725.456143][ T1140] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  725.473683][ T1140] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  725.477149][ T1140] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  725.493059][ T1140] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  725.497353][ T1140] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  725.512218][   T59] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  725.520369][   T59] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  725.574038][ T1020] usb 38-1: SetAddress Request (14) to port 0
[  725.577239][ T1020] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  725.860284][T15965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2651'.
[  725.867030][T15965] netlink: 'syz.2.2651': attribute type 5 has an invalid length.
[  725.870688][T15965] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2651'.
[  725.879964][T15957] vhci_hcd: connection reset by peer
[  725.882634][   T59] vhci_hcd: stop threads
[  725.885353][   T59] vhci_hcd: release socket
[  725.888171][   T59] vhci_hcd: disconnect device
[  725.908765][T15965] geneve3: entered promiscuous mode
[  725.911114][T15965] geneve3: entered allmulticast mode
[  726.138915][T15968] ------------[ cut here ]------------
[  726.141638][T15968] WARNING: CPU: 3 PID: 15968 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x30b/0x23f0
[  726.146418][T15968] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  726.149624][T15968] CPU: 3 UID: 0 PID: 15968 Comm: syz.1.2652 Not tainted syzkaller #0 PREEMPT(full) 
[  726.156221][T15968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  726.160933][T15968] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0
[  726.164383][T15968] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 4f c1 80 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 88 75 80 0e 00 75 0b c6 05 7f 75 80 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  726.172794][T15968] RSP: 0018:ffffc90004a1f7d0 EFLAGS: 00010246
[  726.175871][T15968] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  726.179570][T15968] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000040d40
[  726.183101][T15968] RBP: 0000000000000028 R08: 0000000000000005 R09: 0000000000000009
[  726.186758][T15968] R10: 0000000000000028 R11: 0000000000000000 R12: 0000000000040d40
[  726.190737][T15968] R13: 1ffff92000943f0f R14: ffffffff9ae77a24 R15: 0000000000000028
[  726.194373][T15968] FS:  0000000000000000(0000) GS:ffff8880977bd000(0063) knlGS:00000000f5446b40
[  726.198265][T15968] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  726.201556][T15968] CR2: 0000000080001000 CR3: 00000000680ea000 CR4: 0000000000352ef0
[  726.205275][T15968] Call Trace:
[  726.206872][T15968]  <TASK>
[  726.208235][T15968]  ? __do_fast_syscall_32+0x7c/0x3a0
[  726.210843][T15968]  ? do_fast_syscall_32+0x32/0x80
[  726.214158][T15968]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  726.217810][T15968]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  726.220762][T15968]  ? kasan_quarantine_put+0x10a/0x240
[  726.223794][T15968]  ? lockdep_hardirqs_on+0x7c/0x110
[  726.226522][T15968]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  726.229191][T15968]  ? policy_nodemask+0xea/0x4e0
[  726.231399][T15968]  alloc_pages_mpol+0x1fb/0x550
[  726.233607][T15968]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  726.235998][T15968]  ? v9fs_fid_get_acl+0x7a/0x120
[  726.238428][T15968]  ___kmalloc_large_node+0xed/0x160
[  726.241122][T15968]  ? v9fs_fid_get_acl+0x7a/0x120
[  726.245045][T15968]  __kmalloc_large_node_noprof+0x1c/0x70
[  726.247731][T15968]  __kmalloc_noprof.cold+0xc/0x61
[  726.250098][T15968]  ? __pfx_iget5_locked+0x10/0x10
[  726.252552][T15968]  ? v9fs_cache_inode_get_cookie+0x28f/0x3a0
[  726.256050][T15968]  v9fs_fid_get_acl+0x7a/0x120
[  726.258365][T15968]  v9fs_get_acl+0xee/0x530
[  726.260514][T15968]  v9fs_inode_from_fid_dotl+0x264/0x2f0
[  726.263215][T15968]  v9fs_mount+0x4fd/0xa90
[  726.266312][T15968]  ? rcu_is_watching+0x12/0xc0
[  726.268881][T15968]  ? __pfx_v9fs_mount+0x10/0x10
[  726.271125][T15968]  ? aa_get_newest_label+0xd2/0x250
[  726.273559][T15968]  ? apparmor_capable+0x114/0x1d0
[  726.275792][T15968]  ? __pfx_v9fs_mount+0x10/0x10
[  726.277918][T15968]  legacy_get_tree+0x10c/0x220
[  726.280557][T15968]  vfs_get_tree+0x8b/0x340
[  726.283040][T15968]  path_mount+0x1513/0x2000
[  726.285394][T15968]  ? __pfx_path_mount+0x10/0x10
[  726.287432][T15968]  ? kmem_cache_free+0x2d1/0x4d0
[  726.289568][T15968]  ? putname+0x154/0x1a0
[  726.291484][T15968]  ? getname_flags.part.0+0x1c5/0x550
[  726.293937][T15968]  ? __ia32_sys_mount+0x28b/0x310
[  726.296240][T15968]  __ia32_sys_mount+0x28b/0x310
[  726.298669][T15968]  ? __pfx___ia32_sys_mount+0x10/0x10
[  726.301428][T15968]  ? rcu_is_watching+0x12/0xc0
[  726.303662][T15968]  __do_fast_syscall_32+0x7c/0x3a0
[  726.305796][T15968]  do_fast_syscall_32+0x32/0x80
[  726.307917][T15968]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  726.310915][T15968] RIP: 0023:0xf7f42579
[  726.313152][T15968] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  726.322539][T15968] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  726.327108][T15968] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0
[  726.330995][T15968] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000500
[  726.334552][T15968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  726.338034][T15968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  726.341961][T15968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  726.345716][T15968]  </TASK>
[  726.347123][T15968] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  726.350205][T15968] CPU: 3 UID: 0 PID: 15968 Comm: syz.1.2652 Not tainted syzkaller #0 PREEMPT(full) 
[  726.354554][T15968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  726.358968][T15968] Call Trace:
[  726.360393][T15968]  <TASK>
[  726.361583][T15968]  dump_stack_lvl+0x3d/0x1f0
[  726.363636][T15968]  vpanic+0x6e8/0x7a0
[  726.365541][T15968]  ? __pfx_vpanic+0x10/0x10
[  726.367846][T15968]  ? __alloc_frozen_pages_noprof+0x30b/0x23f0
[  726.370579][T15968]  panic+0xca/0xd0
[  726.372215][T15968]  ? __pfx_panic+0x10/0x10
[  726.374156][T15968]  ? check_panic_on_warn+0x1f/0xb0
[  726.376434][T15968]  check_panic_on_warn+0xab/0xb0
[  726.378850][T15968]  __warn+0xf6/0x3c0
[  726.380833][T15968]  ? __alloc_frozen_pages_noprof+0x30b/0x23f0
[  726.383607][T15968]  report_bug+0x3c3/0x580
[  726.385427][T15968]  ? __alloc_frozen_pages_noprof+0x30b/0x23f0
[  726.387967][T15968]  handle_bug+0x184/0x210
[  726.389802][T15968]  exc_invalid_op+0x17/0x50
[  726.391902][T15968]  asm_exc_invalid_op+0x1a/0x20
[  726.394283][T15968] RIP: 0010:__alloc_frozen_pages_noprof+0x30b/0x23f0
[  726.397398][T15968] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 4f c1 80 09 83 fe 0a 0f 86 0a fe ff ff 80 3d 88 75 80 0e 00 75 0b c6 05 7f 75 80 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  726.405717][T15968] RSP: 0018:ffffc90004a1f7d0 EFLAGS: 00010246
[  726.408596][T15968] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  726.411998][T15968] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000040d40
[  726.415340][T15968] RBP: 0000000000000028 R08: 0000000000000005 R09: 0000000000000009
[  726.418996][T15968] R10: 0000000000000028 R11: 0000000000000000 R12: 0000000000040d40
[  726.423133][T15968] R13: 1ffff92000943f0f R14: ffffffff9ae77a24 R15: 0000000000000028
[  726.426443][T15968]  ? __do_fast_syscall_32+0x7c/0x3a0
[  726.428735][T15968]  ? do_fast_syscall_32+0x32/0x80
[  726.431155][T15968]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  726.434630][T15968]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  726.437338][T15968]  ? kasan_quarantine_put+0x10a/0x240
[  726.439600][T15968]  ? lockdep_hardirqs_on+0x7c/0x110
[  726.441886][T15968]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  726.444785][T15968]  ? policy_nodemask+0xea/0x4e0
[  726.447057][T15968]  alloc_pages_mpol+0x1fb/0x550
[  726.449183][T15968]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  726.451584][T15968]  ? v9fs_fid_get_acl+0x7a/0x120
[  726.453817][T15968]  ___kmalloc_large_node+0xed/0x160
[  726.456193][T15968]  ? v9fs_fid_get_acl+0x7a/0x120
[  726.458835][T15968]  __kmalloc_large_node_noprof+0x1c/0x70
[  726.461718][T15968]  __kmalloc_noprof.cold+0xc/0x61
[  726.463859][T15968]  ? __pfx_iget5_locked+0x10/0x10
[  726.466007][T15968]  ? v9fs_cache_inode_get_cookie+0x28f/0x3a0
[  726.468579][T15968]  v9fs_fid_get_acl+0x7a/0x120
[  726.470648][T15968]  v9fs_get_acl+0xee/0x530
[  726.472686][T15968]  v9fs_inode_from_fid_dotl+0x264/0x2f0
[  726.475191][T15968]  v9fs_mount+0x4fd/0xa90
[  726.477108][T15968]  ? rcu_is_watching+0x12/0xc0
[  726.479185][T15968]  ? __pfx_v9fs_mount+0x10/0x10
[  726.481450][T15968]  ? aa_get_newest_label+0xd2/0x250
[  726.483791][T15968]  ? apparmor_capable+0x114/0x1d0
[  726.486099][T15968]  ? __pfx_v9fs_mount+0x10/0x10
[  726.488317][T15968]  legacy_get_tree+0x10c/0x220
[  726.490585][T15968]  vfs_get_tree+0x8b/0x340
[  726.492609][T15968]  path_mount+0x1513/0x2000
[  726.494750][T15968]  ? __pfx_path_mount+0x10/0x10
[  726.497027][T15968]  ? kmem_cache_free+0x2d1/0x4d0
[  726.499194][T15968]  ? putname+0x154/0x1a0
[  726.501003][T15968]  ? getname_flags.part.0+0x1c5/0x550
[  726.503363][T15968]  ? __ia32_sys_mount+0x28b/0x310
[  726.505684][T15968]  __ia32_sys_mount+0x28b/0x310
[  726.508111][T15968]  ? __pfx___ia32_sys_mount+0x10/0x10
[  726.510584][T15968]  ? rcu_is_watching+0x12/0xc0
[  726.512605][T15968]  __do_fast_syscall_32+0x7c/0x3a0
[  726.514743][T15968]  do_fast_syscall_32+0x32/0x80
[  726.516874][T15968]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  726.520010][T15968] RIP: 0023:0xf7f42579
[  726.522156][T15968] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  726.530188][T15968] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  726.534012][T15968] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800003c0
[  726.537831][T15968] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000500
[  726.541278][T15968] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  726.544637][T15968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  726.548164][T15968] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  726.552044][T15968]  </TASK>
[  726.554192][T15968] Kernel Offset: disabled
[  726.556057][T15968] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:37:48  Registers:
info registers vcpu 0

CPU#0
RAX=0000000001700821 RBX=0000000000000000 RCX=ffffffff8b914bf9 RDX=0000000000000000
RSI=ffffffff8de4eeb1 RDI=ffffffff8c163180 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90aba490 R15=0000000000000000
RIP=ffffffff8b91375f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000003510bffc CR3=000000006d9bc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffffd40003ff058 RBX=ffffea0001ff82c0 RCX=ffffffff8205d0b8 RDX=fffff940003ff059
RSI=0000000000000008 RDI=ffffea0001ff82c0 RBP=0000000000000000 RSP=ffffc9000366f818
R8 =0000000000000000 R9 =fffff940003ff058 R10=ffffea0001ff82c7 R11=0000000000000000
R12=00000000f07f9000 R13=ffff88804b44ffc8 R14=dffffc0000000000 R15=0000000000000001
RIP=ffffffff8205d0ca RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975bd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7ef6e40 CR3=000000000e380000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7394ff4
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=dffffc0000000000 RBX=ffffffff8bad54e0 RCX=0000000000000000 RDX=0000000000000000
RSI=000000000000023f RDI=ffffffff8bad54e0 RBP=000000000000023f RSP=ffffc90004a8f6a0
R8 =ffffffff8a36d7f5 R9 =0000000000000000 R10=ffffc90004a8f830 R11=0000000000000000
R12=ffff88802358c880 R13=0000000000000000 R14=1ffff92000951ee4 R15=ffffffff8a36d7f5
RIP=ffffffff8187b44f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976bd000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000056313a978f80 CR3=000000006d9a7000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000002000002 Opmask01=0000000008110101 Opmask02=000000007ffeffff Opmask03=0000000000000000
Opmask04=00000000fffffffe Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056313a9776e0 000056313a9776e0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000056313a994900
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f254cbf1b20
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f254cbf1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 49074c440a48495e 175349432a5e444f
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c4f5f0504040519 694645585e444549
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c 2c2c2c2c2c2c2c2c
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69646165520073 25203a656c696620 7974706d6520676e 697070696b530065
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4245484d4952005f 090c164940454a0c 55585c41490c4b42 455c5c4547530049
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7361647c2a737369 63637c2a65686361 63627c2a6476787c 2a64767c2a64737c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e2e65726f632e74 656e2e6c74637379 73203034313d6873 657268745f676f64
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0036312f36312f32 2f302e2f323a312f 002d62620000302e 33312e2f66000036
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000050 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561aff5 RDI=ffffffff9b0ff700 RBP=ffffffff9b0ff6c0 RSP=ffffc90004a1f140
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000050 R14=ffffffff9b0ff6c0 R15=ffffffff8561af90
RIP=ffffffff8561b01f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977bd000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001000 CR3=00000000680ea000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000