last executing test programs:

7m52.315199489s ago: executing program 32 (id=3941):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0xfa, 0x41b}}}, 0x7)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x3a0, 0x5, 0x101}, 0x48)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="01c0c20000000000fc00000008004500001c0000000000023f3b1501e0000001167c9078ac141430"], 0x0)

7m41.360846242s ago: executing program 0 (id=3998):
syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$misdntimer(0xffffff9c, 0x0, 0x4000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r2, 0x6, 0x19, 0x0, 0x0)
lsm_get_self_attr(0x64, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000280)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x8000000, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m40.441423809s ago: executing program 0 (id=4001):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0)
syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0xc0105b08, &(0x7f0000000040))

7m39.739885438s ago: executing program 0 (id=4003):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x1, 0x0)
getsockopt$inet_mreqsrc(r1, 0x0, 0x53, 0x0, &(0x7f0000000040))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x1, 0x1, 0x1}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001380), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r0, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000140)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x1c}}, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x4, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff7ffc}, {0x16, 0x7f, 0x5d}, {0xf1, 0x6, 0x6, 0x6}, {0x0, 0x6, 0x51, 0x9}]})
r6 = syz_clone(0xce47e0dcaf13c6d8, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r6, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x24c, 0x0, 0x11, 0x148, 0x120, 0x10, 0x1b8, 0x2a8, 0x2a8, 0x1b8, 0x2a8, 0xac, 0x0, {[{{@ip={@empty, @multicast2, 0x0, 0x0, 'veth1_vlan\x00', 'rose0\x00'}, 0x10, 0xd8, 0x120, 0x1c, {}, [@common=@unspec=@helper={{0x44}, {0x0, 'irc-20000\x00'}}, @common=@unspec=@connlabel={{0x24}, {0x0, 0x7}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local, 'ip6gre0\x00'}}}, {{@ip={@private, @multicast2, 0x0, 0x0, 'wlan0\x00', 'ip_vti0\x00'}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x2a8)

7m39.659048695s ago: executing program 0 (id=4005):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0), 0x80000)
sendfile(r0, r0, 0x0, 0xb)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
io_setup(0x7ff, &(0x7f0000000000)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x1}])
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r4, 0x0)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0xfffffffe, 0xbde, 0x3ff, 0x10000}})

7m39.541123885s ago: executing program 0 (id=4006):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r1, 0x12, 0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000080)={0x28, r4, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1d56c49b6b843de8}]}]}, @ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040041}, 0x40)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
ioctl$TCSETSW2(r2, 0x5425, 0x0)

7m39.361508285s ago: executing program 0 (id=4007):
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x70}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
connect$pptp(r1, &(0x7f0000001280)={0x18, 0x2, {0x1, @broadcast}}, 0x1e)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
ioctl$VIDIOC_QUERYMENU(r6, 0xc008561c, &(0x7f00000001c0)={0x980900, 0x8081, @name="6736516728a5678c18a4ec047f3f1fa52fe9a9987d0406b3a0c705c611b66f06"})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0x0, 0x4, 0x3, 0x378, 0x5, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x1a, 0xf2, 0x10, 0xfffffffb, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x5, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x1, 0x10000, 0x8000401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0xffff, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x9, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0xffffff87, 0xe, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x103, 0x5, 0x63, 0x4, 0x18000, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x8, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0xa, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x8, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x2, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x103, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x5, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x8000005, 0x7, 0xffd, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x2, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0xc, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xffe, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0xff, 0x2, 0x6, 0x0, 0x2, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x8, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x9, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x4, 0x8, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x9, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x0, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0x85e5, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x2, 0x30, 0xb, 0x101, 0x2, 0x9, 0x100003, 0x7, 0x8, 0x8, 0x0, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0x0, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x7, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x100, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x1000, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x7, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x4, 0x4, 0xff, 0xee, 0x6, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0x0, 0x6, 0xea, 0xbb2d, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0x0, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0x3, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af85, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x4, 0xdd, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]})
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005880)=@newtfilter={0x40, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0xfff1}}]}}]}, 0x40}}, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r6, 0xc02c5638, &(0x7f00000012c0)={0x3, 0x2})

7m39.283344329s ago: executing program 33 (id=4007):
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x70}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
connect$pptp(r1, &(0x7f0000001280)={0x18, 0x2, {0x1, @broadcast}}, 0x1e)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
ioctl$VIDIOC_QUERYMENU(r6, 0xc008561c, &(0x7f00000001c0)={0x980900, 0x8081, @name="6736516728a5678c18a4ec047f3f1fa52fe9a9987d0406b3a0c705c611b66f06"})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0x0, 0x4, 0x3, 0x378, 0x5, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x1a, 0xf2, 0x10, 0xfffffffb, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x5, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x1, 0x10000, 0x8000401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0xffff, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x9, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0xffffff87, 0xe, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x103, 0x5, 0x63, 0x4, 0x18000, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x8, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0xa, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x8, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x2, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x103, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x5, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x8000005, 0x7, 0xffd, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x2, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0xc, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xffe, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0xff, 0x2, 0x6, 0x0, 0x2, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x8, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x9, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x4, 0x8, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x9, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x0, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0x85e5, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x2, 0x30, 0xb, 0x101, 0x2, 0x9, 0x100003, 0x7, 0x8, 0x8, 0x0, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0x0, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x7, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x100, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x1000, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x7, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x4, 0x4, 0xff, 0xee, 0x6, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0x0, 0x6, 0xea, 0xbb2d, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0x0, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0x3, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af85, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x4, 0xdd, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]})
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005880)=@newtfilter={0x40, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0xfff1}}]}}]}, 0x40}}, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r6, 0xc02c5638, &(0x7f00000012c0)={0x3, 0x2})

7m36.691814078s ago: executing program 4 (id=4021):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r4, 0x0, 0x32, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0xc)
r5 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000380)={r7, 0x0, 0x1ff, 0x0, 0x0, [<r8=>0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, <r9=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r9})
close_range(r0, 0xffffffffffffffff, 0x0)
r10 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r10, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_group_source_req(r10, 0x29, 0x2f, &(0x7f0000000240)={0x0, {{0xa, 0x0, 0x0, @mcast1, 0xfffffffe}}, {{0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x100b}}}, 0x108)

7m36.153955736s ago: executing program 4 (id=4026):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
r1 = accept4(r0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_DELOBJ={0x6c, 0x14, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_OBJ_USERDATA={0x49, 0x8, "feb85a876f209b03bc396899c948f5c9ee8b390c5f6ad6be35981a06764d2c8d043f154b623aa132ad2d032048eca8f286cfca5bddf7ce648f60a6679b6506fb6f948d38e5"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x204, 0x16, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0xe0, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_virt_wifi\x00'}, {0x14, 0x1, 'ip6tnl0\x00'}, {0x14, 0x1, 'pim6reg\x00'}, {0x14, 0x1, 'dvmrp1\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xffff0001}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'nicvf0\x00'}, {0x14, 0x1, 'bridge0\x00'}, {0x14, 0x1, 'bridge_slave_0\x00'}, {0x14, 0x1, 'nr0\x00'}, {0x14, 0x1, 'bond0\x00'}]}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0xc4, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x90, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}, {0x14, 0x1, 'vlan0\x00'}, {0x14, 0x1, 'veth0_to_bridge\x00'}, {0x14, 0x1, 'bridge0\x00'}, {0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'veth1_virt_wifi\x00'}, {0x14, 0x1, 'macvtap0\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x101}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'macvlan1\x00'}]}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x298}}, 0x4000084)

7m36.070652995s ago: executing program 4 (id=4027):
io_setup(0x8, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(0x0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1000002, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
dup(0xffffffffffffffff)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

7m36.020100841s ago: executing program 4 (id=4028):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0), 0x80000)
sendfile(r0, r0, 0x0, 0xb)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
io_setup(0x7ff, &(0x7f0000000000)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x1}])
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r4)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0xfffffffe, 0xbde, 0x3ff, 0x10000}})

7m35.871713601s ago: executing program 4 (id=4030):
r0 = socket$inet6(0xa, 0xa, 0x400000)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
close(0xffffffffffffffff)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d0000000080211000001080211000000505050"], 0x3c}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
r8 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xe, 0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

7m35.580707896s ago: executing program 4 (id=4031):
socket$nl_generic(0x10, 0x3, 0x10)
socket$pppoe(0x18, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x18b00, 0x0)
r2 = socket$kcm(0x29, 0x5, 0x0)
sendmmsg$inet(r2, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000001800)}}], 0x1, 0x0)
mount(&(0x7f00000000c0), 0x0, 0x0, 0x8c7c88, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x0, 0x3}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7fff}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)

7m35.495889383s ago: executing program 34 (id=4031):
socket$nl_generic(0x10, 0x3, 0x10)
socket$pppoe(0x18, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x18b00, 0x0)
r2 = socket$kcm(0x29, 0x5, 0x0)
sendmmsg$inet(r2, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000001800)}}], 0x1, 0x0)
mount(&(0x7f00000000c0), 0x0, 0x0, 0x8c7c88, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x0, 0x3}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7fff}]}, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)

7m35.357768301s ago: executing program 1 (id=4033):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000c80)=@newlink={0x19c, 0x10, 0x403, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x21d, 0x22020}, [@IFLA_OPERSTATE={0x5, 0x10, 0xdb}, @IFLA_CARRIER={0x5, 0x21, 0x2}, @IFLA_CARRIER={0x5, 0x21, 0x4}, @IFLA_VFINFO_LIST={0x15c, 0x16, 0x0, 0x1, [{0x5c, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x10, 0xa, {0x0, 0x1f880000}}, @IFLA_VF_MAC={0x28, 0x1, {0x47e1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0x5}}, @IFLA_VF_RATE={0x10, 0x6, {0x8, 0x6, 0xff}}]}, {0x5c, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x1000, 0x5}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0x5, 0x9}}, @IFLA_VF_IB_NODE_GUID={0x10, 0xa, {0x1000, 0x7}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0xfffffffb, 0x8000000000000001}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0xff, 0xfffffff1}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0x80000001, 0x3}}]}, {0x9c, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0xf, 0x16a}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x8, 0xfffffffa}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0xe}}, @IFLA_VF_VLAN={0x10, 0x2, {0x4, 0x4c, 0x62}}, @IFLA_VF_IB_PORT_GUID={0x10, 0xb, {0x401, 0x3}}, @IFLA_VF_IB_NODE_GUID={0x10, 0xa, {0xcf1a, 0x8ef4}}, @IFLA_VF_MAC={0x28, 0x1, {0x2, @remote}}, @IFLA_VF_RATE={0x10, 0x6, {0x10000, 0x2, 0x100000}}, @IFLA_VF_TRUST={0xc, 0x9, {0xffffffff}}]}, {0x4}]}, @IFLA_LINKMODE={0x5}]}, 0x19c}, 0x1, 0xba01, 0x0, 0x4851}, 0x4000040)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000180)={0x0, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x10)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x8, 0x4000)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), r4)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000005c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x24, r5, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_SEC_OUT_LEVEL={0x8, 0x2a, 0xffffffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x20000000)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=@newsa={0x15c, 0x10, 0x1, 0x8000000, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@empty, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@broadcast, 0x0, 0x6c}, @in=@remote, {0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4, 0xd, 0xa}, {0x0, 0x400}, 0xfffffffc, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @lifetime_val={0x24, 0x9, {0x3, 0x10, 0x1, 0x1}}]}, 0x15c}}, 0x20000000)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r7, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x88, 0x0, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x8}]}, @NL802154_ATTR_SEC_LEVEL={0x34, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x8}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x4}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x3}]}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x5}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x40011}, 0x40000c4)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r7)
sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01000000000000000000010000000400048008000200010000000800010000000000040008804c000c8004000b8004000b801c000b80080009000000000004000a"], 0x78}}, 0x0)
sendmsg$NLBL_CIPSOV4_C_REMOVE(r4, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000e40)=ANY=[@ANYBLOB="d036f3081214e7c9b0d99ed3fa3f60a003dde4a7cc923c450000", @ANYRES16=r9, @ANYBLOB="00022abd7000fbdbdf2502000000080002000200000034010c8054000b8008000900bce1454e08000a00ce39000008000a0093f30000080009009899c21408000a005a160000080009002dde3d2f08000a0064a30000080009009efc335808000900b236c84508000a007f6d000024000b8008000a0012380000080009002f3f9651080009008ed6fb3b08000a003c40000024000b8008000a00cba80000080009001f95657e08000900d6443a3808000a0017e7000014000b8008000a00695a00000800090075bc5a251c000b8008000a00990f000008000900e13bc109080009000526c27e2c000b8008000a004926000008000a00ab7e000008000a00b86c000008000900c6c41a0608000a00c8d100001c000b8008000a000d02000008000a00aa80000008000a000f7800001c000b8008000a001e1300000800090072e7285a08000a00cab90000a4000c8034000b8008000900f86b6c3b08000a000c9b000008000a0050f0000008000900c95bbd7e0800090064a95b0808000900cbf0022a0c000b8008000a00b221000044000b8008000a0050590000080009002e59196a08000a003f0f0000080009003407432908000a00f525000008000a00c1cf000008000a0036a00000080009007f18575e1c000b8008000900a854834b08000a00f272000008000a00033e000018000c8014000b80080009000100000008000900891a9d6a8000088024000780080005006fee9f3708000600b5000000080005003313bb34080005006842e50824000780080006002600000008000600e700000008000500deb4fa58080006002800000034000780080006005f000000080006001b000000080005007955e15a08000600fc00000008000600c1000000080006009100000008000100010000000c0108800c000780080006004c00000044000780080006003e000000080006005000000008000600d100000008000600a200000008000500925fb51a080006009000000008000600f100000008000500a471bd5e2400078008000500d24e0e0a08000500e595d46808000600cb00000008000500658eac211c000780080006001c0000000800050055292d0b080006007d0000003c00078008000500e4ab1b1d08000500d4ed701d08000500ff95a32608000500ed9d736b08000600bb00000008000600aa00000008000600a80000003c000780080005000dc4026e08000600e8000000080006005a0000000800060054000000080005005c61941f08000600ee00000008000500af10d563"], 0x3a0}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
gettid()
pread64(r2, &(0x7f000001a240)=""/102387, 0x18ff3, 0x41e)

7m34.624760687s ago: executing program 1 (id=4036):
io_setup(0x8, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(0x0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1000002, 0x0)
r2 = dup(r1)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
dup(0xffffffffffffffff)
ftruncate(r3, 0xee72)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

7m34.531683578s ago: executing program 1 (id=4037):
pipe(&(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000) (fail_nth: 29)
write$binfmt_misc(r1, &(0x7f0000000180)='5', 0x1)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

7m34.411844064s ago: executing program 1 (id=4038):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0), 0x80000)
sendfile(r0, r0, 0x0, 0xb)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
io_setup(0x7ff, &(0x7f0000000000)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x1}])
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r4)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0xfffffffe, 0xbde, 0x3ff, 0x10000}})

7m34.34177382s ago: executing program 1 (id=4039):
r0 = socket$inet6(0xa, 0xa, 0x400000)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
close(0xffffffffffffffff)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d0000000080211000001080211000000505050"], 0x3c}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
r8 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xe, 0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

7m34.201054894s ago: executing program 1 (id=4040):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r3 = socket(0x10, 0x803, 0x0)
write(r3, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000900)={0x0, 0xd, 0x5, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r5, &(0x7f00000024c0)=[{{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000800)=""/245, 0xf5}], 0x1}, 0x9}], 0x1, 0x10000, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, 0x0, 0x0)
close(r0)

7m34.154956453s ago: executing program 35 (id=4040):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r3 = socket(0x10, 0x803, 0x0)
write(r3, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000900)={0x0, 0xd, 0x5, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r5, &(0x7f00000024c0)=[{{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000800)=""/245, 0xf5}], 0x1}, 0x9}], 0x1, 0x10000, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, 0x0, 0x0)
close(r0)

7m15.481549714s ago: executing program 3 (id=4114):
io_setup(0x8, 0x0)
syz_open_procfs(0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000004540))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1000002, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
dup(0xffffffffffffffff)
ftruncate(r2, 0xee72)
sendfile(r1, r2, 0x0, 0x8000fffffffe)

7m15.446219616s ago: executing program 3 (id=4115):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0)
mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x400000)

7m15.361641082s ago: executing program 3 (id=4116):
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @local, 0x1}, 0x1c)
r1 = dup(r0)
r2 = open(&(0x7f00000000c0)='./file0\x00', 0x16f8c2, 0x0)
ftruncate(r2, 0x200004)
openat$comedi(0xffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x0, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
ioctl$EVIOCGBITSND(r3, 0x40044591, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r3}})
sendfile(r1, r2, 0x0, 0x80001d00c0d1)

7m15.36144837s ago: executing program 3 (id=4117):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0), 0x80000)
sendfile(r0, r0, 0x0, 0xb)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}])
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r2)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0xfffffffe, 0xbde, 0x3ff, 0x10000}})

7m15.311433102s ago: executing program 3 (id=4118):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000007"], 0x50)
write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='7\x00', 0x2)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
dup(r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd74)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r6, &(0x7f0000000080), 0x1c)
fcntl$dupfd(r6, 0x0, r6)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r5, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000019080)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
setsockopt$RDS_FREE_MR(0xffffffffffffffff, 0x114, 0x3, &(0x7f00000007c0)={{}, 0x12}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000001680)=@raw={'raw\x00', 0x3c1, 0x3, 0x2dc, 0x0, 0x111, 0x4b4, 0xec, 0xd4feffff, 0x214, 0x202, 0x225, 0x214, 0x278, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0xfc}, @empty, [], [], 'veth1_vlan\x00', 'team_slave_0\x00'}, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x81, 'syz1\x00'}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, [], [0x0, 0xffffffff], 'veth1_to_hsr\x00', 'erspan0\x00'}, 0x0, 0xe0, 0x128, 0x0, {}, [@common=@unspec=@limit={{0x3c}, {0x0, 0x8000000}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xa, 'syz1\x00', {0x7f}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x338)
r9 = syz_open_procfs(0x0, &(0x7f00000190c0)='net/vlan/config\x00')
pread64(r9, &(0x7f0000000080)=""/102356, 0x18fd4, 0x3)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r10=>r2, {0x1}}, './file0\x00'})
ioctl$I2C_SMBUS(r10, 0x720, 0x0)

7m15.221301992s ago: executing program 3 (id=4119):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280))
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket(0x10, 0x803, 0xd)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0xe, 0x9}, {0xffff, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = dup(r1)
r4 = fcntl$dupfd(r0, 0x0, r1)
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r5 = socket(0x22, 0x3, 0x7)
connect$inet(r5, &(0x7f0000000240)={0x2, 0x2, @multicast2}, 0x10)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@workdir={'workdir', 0x3d, './file1/file0'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r7, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x20000000)
socket$inet6(0xa, 0x2, 0x0)
r8 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r8, &(0x7f0000001fc0)=""/184, 0xb8)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})
r9 = eventfd2(0x8001, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f00000000c0)={0x0, r9})
r10 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f0000000180)='batadv0\x00', 0x10)

7m15.197109533s ago: executing program 36 (id=4119):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280))
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket(0x10, 0x803, 0xd)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0xe, 0x9}, {0xffff, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = dup(r1)
r4 = fcntl$dupfd(r0, 0x0, r1)
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r5 = socket(0x22, 0x3, 0x7)
connect$inet(r5, &(0x7f0000000240)={0x2, 0x2, @multicast2}, 0x10)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@workdir={'workdir', 0x3d, './file1/file0'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r7, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x20000000)
socket$inet6(0xa, 0x2, 0x0)
r8 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r8, &(0x7f0000001fc0)=""/184, 0xb8)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})
r9 = eventfd2(0x8001, 0x0)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f00000000c0)={0x0, r9})
r10 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f0000000180)='batadv0\x00', 0x10)

7m14.569839282s ago: executing program 7 (id=4123):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000001a00)=[{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000b00)="33726054c6a3efd4ca0e36d314f29237a2bbddb1f39ac7fa557facb699cab0620d23daa9e3abec2969efcc6a63c59c1f22e87fd56a3b4f5145dfbe69f1b3b3b878306c4c66d2e29e1963d71c9f8caa3213d12ac2c450888d58066a7554d08d8688d28d511a7e6e3c061dd7d79feb79636e92a200d631115b273f831b93731ba6722bc53d120a09169e9ae59d9e2dc320efd34dac22feb4fc52365fce5a3e60d68ac3a0e4a9afa09f56999e081a0db7ebd8c1aa", 0xb3}, {&(0x7f0000000640)="0456b0cbf44a5fc555bf989b2b709aa2", 0x10}, {&(0x7f0000004080)="1e602a5fdaa2620a17ddc755d3b4d6277bf9f2e2cc079b10c9107da3c8ba193708fff23713215bad281209cffffa3f03f5acf7563c48af684365bd286ff628456260c7d14c60c18fd44aeab4518855f0c69250ad6ca44086a6019cb8ef584c240c44964069ae083ec1cb296bb8f73931f51758f8ddc7dc21f9892bc600831b05c7735e1278c121be1105fd517dc8b469f197566509bf366cad28bd438a34ed50f3c97f1cab6357dd6919aa860f57937bcb46770c3e35d697532456809d5ab7e8f61ea254ed", 0xc5}], 0x3, &(0x7f0000004180)=[@op={0x10}, @assoc={0x10, 0x117, 0x4, 0x9}, @iv={0xf8, 0x117, 0x2, 0xfffffffffffffea4, "965110088eae8d56001cd00a76f3ee5b4371a9159d1684bcf775f81e7b477b4d9be34c98be0da3029e90d712e5c6bf05a78efd0eb503969b299db9a37705fea411486b3539df51770a1311fa9aa2dde2ddd4cac1fc5d6037d0c4a1fad8159c5edf252396fc727701974d1e3b3279136014fb84be255421dadcd8d54909e6ac5897f6159d34c629b9c7fa1ce7cbc9d334c99fc4e7051c7c7df9042992ad57fb85c664988baaddc2a938aa97f333c4924c3811d7ddd67a062af4edba6e08d53b8e2cf5931f66cba1415193c2a0c4ac48f74162f1495f1b570a848a6cfdaa6249cd0e717ab813fc"}, @op={0x10, 0x117, 0x3, 0x1}, @op={0x10}, @assoc={0x10, 0x117, 0x4, 0xffff}, @op={0x10, 0x117, 0x3, 0x1}], 0x158, 0x91}], 0x1, 0x2004004)
r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), r0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0xff}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004010}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="4c00000044000701fcffffff00000000017c000038000480312d", @ANYRESOCT], 0x4c}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x2404c0c1)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r4, 0x300, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50000}, 0x20000000)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r0)
sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, r5, 0x300, 0x70bd29, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0xc6, @link='syz0\x00'}}}, ["", "", "", ""]}, 0x68}}, 0x20000000)

7m14.56964147s ago: executing program 7 (id=4124):
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0) (fail_nth: 11)

7m14.41925836s ago: executing program 7 (id=4125):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000), 0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000200)={<r1=>0x0, 0x41, "70410559cd3520c7f93c9d48f1fab4037a82ebf938b088b57c8c1801a03f919568169c24ec65d0cc0fe82c9f33cb523828144a7140e86457c2548a591012cabcbf"}, &(0x7f0000000280)=0x49)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000002c0)={<r2=>0x0, 0x8, 0x1, 0x2, 0xb1b9, 0x61e, 0x5, 0x11a5, {r1, @in={{0x2, 0x4e24, @multicast1}}, 0x1, 0xa561, 0x0, 0x7ff, 0x4}}, &(0x7f0000000040)=0xb0)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat(r4, &(0x7f0000000080)='./mnt\x00', r4, &(0x7f0000000100)='./mnt\x00')
write$P9_RLINK(r4, &(0x7f0000000100)={0x7, 0x47, 0x1}, 0x7)
waitid(0x1, r3, 0x0, 0x80000002, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) (async)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x1}}) (async)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r7, 0x54a2) (async)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r7, 0x54a2)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000400)={r8, 0x6e82}, &(0x7f0000000440)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={r2, 0x6}, &(0x7f00000003c0)=0x8) (async)
getsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={r2, 0x6}, &(0x7f00000003c0)=0x8)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000540)='inet_sock_set_state\x00', r9, 0x0, 0x1000}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000540)='inet_sock_set_state\x00', r9, 0x0, 0x1000}, 0x18)
r10 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r10, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
socket$inet(0x2, 0x1, 0x0) (async)
r11 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r11, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r11, &(0x7f0000e15000)={0x2, 0x4e24, @broadcast}, 0x10)
listen(r11, 0x0) (async)
listen(r11, 0x0)
listen(r10, 0x0)

7m14.371696711s ago: executing program 7 (id=4126):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0), 0x80000)
sendfile(r0, r0, 0x0, 0xb)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}])
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r2)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0xfffffffe, 0xbde, 0x3ff, 0x10000}})

7m14.291550413s ago: executing program 7 (id=4127):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x24004000)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r6, 0x0, 0x22)
setsockopt$bt_BT_SNDMTU(r6, 0x112, 0xc, &(0x7f0000000240)=0x6, 0x2)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_FWMARK={0x8, 0x12, 0xa}, @TCA_CAKE_ATM={0x8, 0x4, 0x2}]}}]}, 0x44}}, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
mount$9p_virtio(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', &(0x7f00000004c0), 0x8017, &(0x7f0000000200)={'trans=virtio,', {[{@version_u}]}})

7m13.611464271s ago: executing program 7 (id=4129):
r0 = socket$inet(0x2, 0x3, 0x4)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x1400037e)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0x1f2)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = socket$unix(0x1, 0x5, 0x0)
r4 = dup2(r3, r2)
close_range(r4, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
io_setup(0x7d, &(0x7f0000000600)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000000)="96", 0x1, 0x0, 0x0, 0x0, r5}])
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r7 = socket$tipc(0x1e, 0x5, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020800000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000038000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000004000480080007006e6174"], 0xc0}}, 0x0)
bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r10 = dup(r9)
write$UHID_INPUT(r10, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f360068090890e0878f0e1ac6e7049b3341959b759a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
listen(r7, 0x0)
r11 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r11, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x42, 0x200000}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x404c800}, 0x0)
sendmsg$tipc(r11, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r7, 0x0, 0x0, 0x400000000000000)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000ac0)={r10, 0x58, &(0x7f0000000a40)}, 0x10)

7m13.491470859s ago: executing program 37 (id=4129):
r0 = socket$inet(0x2, 0x3, 0x4)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x1400037e)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0x1f2)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = socket$unix(0x1, 0x5, 0x0)
r4 = dup2(r3, r2)
close_range(r4, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
io_setup(0x7d, &(0x7f0000000600)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000000)="96", 0x1, 0x0, 0x0, 0x0, r5}])
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
r7 = socket$tipc(0x1e, 0x5, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a01020800000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a310000000038000000050a01020000000000000000010020000c00024000000000000000010900010073797a310000000004000480080007006e6174"], 0xc0}}, 0x0)
bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r10 = dup(r9)
write$UHID_INPUT(r10, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f360068090890e0878f0e1ac6e7049b3341959b759a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
listen(r7, 0x0)
r11 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r11, &(0x7f0000002300)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x42, 0x200000}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x404c800}, 0x0)
sendmsg$tipc(r11, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x0)
accept4(r7, 0x0, 0x0, 0x400000000000000)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000ac0)={r10, 0x58, &(0x7f0000000a40)}, 0x10)

7m13.441191356s ago: executing program 5 (id=4131):
syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x80800) (async)
r0 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x80800)
mknodat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x6000, 0x7fb)
lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000003c0))
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000240)={0x2, 0x0, &(0x7f0000000100)=[0x0, <r1=>0x0]})
openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r2 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0xc1) (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0xc1)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {0x16a}}, './file0\x00'})
read$FUSE(0xffffffffffffffff, &(0x7f0000001100)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000300)={0x50, 0x0, r5, {0x7, 0x2b, 0x2, 0x400010, 0x8, 0x2, 0x6, 0x7, 0x0, 0x0, 0x4, 0x5}}, 0x50) (async)
write$FUSE_INIT(r4, &(0x7f0000000300)={0x50, 0x0, r5, {0x7, 0x2b, 0x2, 0x400010, 0x8, 0x2, 0x6, 0x7, 0x0, 0x0, 0x4, 0x5}}, 0x50)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r3, 0x4068aea3, &(0x7f00000000c0))
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f00000002c0)={&(0x7f00000010c0)=[0x0], 0x0, r1, 0x0, '\x00', 0x1})

7m13.301248544s ago: executing program 5 (id=4132):
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0xf000, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)

7m13.241133718s ago: executing program 5 (id=4133):
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000840)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}, 0xffff0000}, {{&(0x7f00000001c0)={0x2, 0x4e24, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000200)="f5a709", 0x3}], 0x1}}], 0x2, 0xe000)

7m13.240597453s ago: executing program 5 (id=4134):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
pipe2$9p(&(0x7f00000000c0), 0x80000)
sendfile(r0, r0, 0x0, 0xb)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz0\x00', 0x1ff)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}])
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r2)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x9, 0x0, 0x0, {0xfffffffe, 0xbde, 0x3ff, 0x10000}})

7m13.126357732s ago: executing program 5 (id=4135):
r0 = socket$inet6(0xa, 0xa, 0x400000)
sendmmsg$inet6(r0, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
close(0xffffffffffffffff)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
r7 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x4, 0xa}, {}, {0xe, 0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

7m11.989953014s ago: executing program 5 (id=4137):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000080)={0x4, 0x1, 0x0, "6cfef8b4b9fdcfc8bf98040c2599e8a8e9f887975c3cc41e122a623eb7c37334", 0x34343459})
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004002000080020"], 0x4c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
fsmount(0xffffffffffffffff, 0x1, 0xf8)
io_uring_enter(0xffffffffffffffff, 0x6e2, 0x2073f2, 0x1, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newtaction={0x14, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}}, 0x14}}, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000340))

7m11.900876612s ago: executing program 38 (id=4137):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000080)={0x4, 0x1, 0x0, "6cfef8b4b9fdcfc8bf98040c2599e8a8e9f887975c3cc41e122a623eb7c37334", 0x34343459})
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004002000080020"], 0x4c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
fsmount(0xffffffffffffffff, 0x1, 0xf8)
io_uring_enter(0xffffffffffffffff, 0x6e2, 0x2073f2, 0x1, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newtaction={0x14, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}}, 0x14}}, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000340))

7.871099367s ago: executing program 9 (id=6560):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000001500), 0x800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81b}}, './file0\x00'})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB])
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008c04"])
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000340)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x0, {0x0, 0x9, 0x20ff, 0x101, 0x8b, 0xd615, 0x9, 0x7fffffff, 0x7, 0x4000, 0x0, 0x0, 0x0, 0x3ff}}, {0x0, 0x13}}}, 0xa0)
sendfile(r5, r5, &(0x7f0000000080), 0x7f03)
r6 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, &(0x7f0000000240)=0x1)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f00000003c0)=ANY=[@ANYBLOB="736563fc128429def85e2411a85f7016a075726974790000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000539af13cdb500299abcdb33466aa9ca153e8bb65ac868e81904f48de42860e6e3b729af965dceb3557d06f783c0f81e13551c8e3625c39b41c02601d7ab2b6cf78f628d0e533974dd21420f3f0dbd9dad00fe7ca5c107487b19d70ff317d4b50a4cd5289ecd3995a85e844ef635f338324dc9afd1e"], 0x64)
r7 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r7, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x11, r6, 0xe0c83000)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="eecfd1a1478573c9760bba1f77fbf90000000500000000000000090000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events.local\x00', 0x26e1, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

7.382142899s ago: executing program 8 (id=6564):
socket$packet(0x11, 0x2, 0x300)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
preadv(r0, &(0x7f00000004c0)=[{0x0}, {&(0x7f0000000500)=""/215, 0xd7}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}, {&(0x7f00000003c0)=""/210, 0xd2}], 0x5, 0x35, 0xc3)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_xfrm(r0, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x1, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000700)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="80000000", @ANYRES16=0x0, @ANYBLOB="00042dbd7000fcdbdf250c0000000000018044000400200001000a004e2400008001fe8000000000000000000000000000aa07000000200002000a004e23000000ffff020000000000000000000000000001000000001c00028008000200008be800080004004489000008000200000000000800030008000000"], 0x80}, 0x1, 0x0, 0x0, 0x4830}, 0x20000000)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0x2000051e2, 0x3ff)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x1, 0x5, 0x9}}, 0x28)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x10720, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x13}, @in6=@dev={0xfe, 0x80, '\x00', 0x22}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x2c}, {0x5, 0xfffffffffffffffd, 0x40000003, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@rand_addr=0x64010102, 0x8000, 0x33}, 0x0, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe4)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffe0)
socket$kcm(0x10, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pipe(&(0x7f0000000040))
socket$inet6_udplite(0xa, 0x2, 0x88)

6.888266773s ago: executing program 9 (id=6565):
setfsgid(0xee00)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
munmap(&(0x7f0000901000/0x3000)=nil, 0x3000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e77, 0x20000000, 0x94a, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)={0x2a, 0x6, 0x0, {0x5, 0x2, 0x1, 0x0, '*'}}, 0x2a)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14210000", @ANYRES16=r5, @ANYBLOB="796104000000000000007e000000c94b2348dfcb03df17fc8e5c228cb3f25de83aff0ab1ebe501c8934a5c4261efc8762bb5d29ad0a1c0b52b"], 0x14}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
keyctl$set_timeout(0xf, 0x0, 0x1)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8})
pread64(0xffffffffffffffff, 0x0, 0x0, 0x4)

6.123590248s ago: executing program 8 (id=6569):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000380))
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000000)=0x3, 0x2)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/52, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000100)={@my=0x0})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4})
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000240)={@my=0x1, 0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000002c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000080)=0x3)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0)

6.087892549s ago: executing program 8 (id=6570):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi3\x00', 0x1, 0x0)
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000040)='))\x00', &(0x7f0000000140)="97e88654e19b38b40a2cf384080b6a679a67150d6298d9194244aea91970fe092b740979c9316d60d85c5ef53bdd021a82379daa131d1397e20b524debcba57ce8c2e31bce3a8b9fcc2abd579c6247af979a0e03d5528b4dc7fbee0b2970c05eb533781d4e8c1e3046deaae02eb28f4a892fef3e9da5def7528f6cc0c8f180bff74dce34b09f5d9e14532fd2eed92cd16ae0e6013b2838582575a4500d58861154ffcd55334c6516d0377cd05dd8e04f7b3133a8101f7046e5378e4a6d818f937d312b813c0d0a09109b5ca115bda9fe3e546cd70fc075a4a2b8a15876783d4efbaadb47e96f0d3f3afd5451cc05b195da97a69b637636ec1727ab004a4ff076b92f8957b74f5c7e94f1e06efddc6d14d77ccee3cece546a9e8cc5ef3e7178a13e5d6d0fe777712c983d6f30d5ed8d98b0a12a4b47bdc052874983719275b5631e5a3932619345e6b3bc560d42c1042275462a27b143db0a102afbfef86f7e2b67b89e9acc2a13cc3beceb861c0caf998225f1aa6ae3121d28c88dd2e8501875898e38c459bc01623438b2c3d94dff83e84e185bc87563809a6a80b92ce8aa3a6676fdadaacfe6111aeced21f1a159b5f8d87dbcbf884db1911cc88c998e87ab5710ab57bed73c3c9c1fb96dc36153c797ce8de9bdd420fcb56f8aa5e0e01b0ee221c5c10e54308fa7a032d0744f261e646871fb1a7b5fc8051f6cdcb4437111636e374dd46b16501cab2ff839520ed1f076bf791bbd552500b553756f8303b671cca35eac6a18bc8b5a4a00a2cf1e877f7cecba782ad115b73296e65d61bde2e5e7c35357f94e84af1d4fb12e6885c68cfa282d07322cbdecddc32c01a0e89b0bfb9b0cc2e9f8e53604af030963d619937dc50132a5445511e99505f61a15db0e8b9ebbdcd743eb7a87bec9b0ea6a9aad27384ce26c53e36d86859e8e7ec9e745cc6ae79654152fab57c21c1b749742d5747ad300361cae0c08f81791b2ff0ee870f5cb48ddb9948f3cfdf73e28d810da464f48fd9dce8ecb09e0825f43204a1566023e891a72354fe542797e0cb186efc82301e947ac56054bf04029fb607a1e31bea4477f91300081f0cab59493ed429617476c44b2fb87aaf59d7ac8e58c031bf7fc8626c765c15c5768321982410bdea4b31e220fbb742db3c179e01e19325bc4d52a86690b120b8362eb0ff798798b8327c98de665ac5a1d99001edf3ef51551e07c63b1c1afcd4bc0086fb4bf17d9df6adb16549671fbf3ed7581041576008cad78a4d1dd93811a6bf384b2c57d38d7e6789c29ca34fef8503e664e88f5e7599adf285307a0c493c75f92a13e2e70f41b2a715e265aa656bb8b9a9ffffa730f46fd1302579bf88f1423414c8134da1a5fae5bfbe15c1d0ee547579e629e120ba805ffff03c67eccb9d05ec609992dc2cbb4ed9b0d9fcf9e6f61284618fced76ced0d059c743f26ce2e182b058539bee7d2d9531234cc90d89583c40eafeedeed51ea8804f1b4117b8fecd907c5b9105b5d0a6227cd54b0137484e276463d1a0b3074fb1b65ba7fd27109fff8282a456de518a4e6e2b7fe838a65d205a06b1d95793dfde0210db5357eb0ff0cfb5b58f6d9ed289b1770242bb440c26268bbb378bd4f4d2dff0bcfb96bd9309839262bb05d749b9890f296778cdb16697ad418b2ee0c720d9e883af26b9c42cdb821e1460cd0ce63fe463f09568472dac3ac97db6052257942a09aa5f1e62b4337cbf7542eb4269144131fe852e381d5a0dd295f637f24675681be7bfd0b1f24c89d75eed1558e26d8a4c1c5a389a460cd60315581fc91c466461ebbae3f96a1b8d76c07604ec7e66d03b09fe95e09199c94967365be629c16049c04cb2304c1a314d36ec72ed374c58fcc476fc1f18a5e35dcf8ecf43db716218c57f44fad4172d87d289fbb4a6b6024ce7272271191db440489e5ee3ba4ff01c499dcd394b62f11df8459c45db65ad0678cd1fd09cf3ebacb1159365384a0dce6a75d4c64e31052f6e56aee3af470da47e7476dbac3cdf5638e58b4155cc95938b5387c449e023306855bbc72ccc33061cb045980322f0d4ff91c47ecd950d3024f9041c074586193358cd59b9c9901ef71fe122782a33096dede6bd1ffc955c9cf10ae1fe9a93e4b90e9361bd7b73616b25251f3ae733e3713e15686082311d147cedd9d9747cca1e3fca7eef77edba1c775483f8648f9dbcbe8a07431a5e5f4f2c40e162c573e4a9169256c886df6f2f07a35193eb2d3cf53beb72f1fecb24b595d5c329b1d2a529837c6b507b41008727a88a13d104a355a259547beaa96f2fc8a9d3ca6db9a2be753390060718fea5a2d90d23494fe0f317ee1d95f7a7c5bf779bb04df784f06182bcb5e20e960f06b3c3fc2bb103a5e376a55f9a0bee0bcc8f14755d2fe03535896fdab0814b7dcc31b1a81f5091fc87fb3499ca3da8875d08bf3567b8d780429d634e2f44984feb69052b439200bda5084ca038a9868bb4b4b3eba60a8dee0e4537a0462f25fcd46aa37179abdc1e139ad5b43aa5fe228725e952fabc0648443e4afca744e621b37cc41b86143ef980236222121a81971a3ad909b6742405dfa700f31b854b5de57e655d3c709808dbe008d8cb31a1c62e00b9959d1cc28c2a0a93cddf7b4ae87fed2f1bcfffb5e7fe484d99b1b5dc2dba6a2013a6a047c41a5a8fd8ba4b26b26dc4a93a6c93b620d9195c5c516651d94b58d32628549685cc66042669edf36c3cbb96b4553155547f31c5982744265c8f4aad98135839d52fde2a4c169c58d532ee002e93127029d3946c2a29a09d951b996afc0a116e8a42244110ff774420557dd85c2852648995d5039b983d1302c5c030545d49c26e1354ebfce7464e05002b9060288561c5d499878c6cdbc2b0505c2eec529ddb4473ce6102816eac1bd2cdbded75eb9105d909bc1891b5740b1ab899cb600c2e71524e7c1beca23978b7fc5d5233e97e92f2c56520efb1e1e84fef6063f8cf5551166e41c6533f920deb541ff37dd10034cb4072f45010995f646dc709904bc9d327c9c73d109e6ff9a40fed1878363d0483a461d3f219aa75dfaea60cffdf775f366b6f24e230d680e1eea9661256918bc1b7d8f5243512a901117ec06628d77ed7fb9c16136845ad8337d5c06917fb8e788832a536bf0c879edbc2cb9b4cb42e9e07247331429f4337f5a78e455af161a13141d607a73d0397f02d2653ad43c50b528be5aa2f4c1ab689bc5b0660eea5e4b9b38607d5511a9415a1ee8f08bb964f4473370eb8598fe201044e3ce3996340a8682b4029f50924920225a54c6bd3a23d57ec5d2904607420e3dc5e60cad47a9feeb5c5722eee2d6ae7045cc1d88cd82a66ab4f15adb652f261d90ed4ee68ebec237c6c52621a32d5a719b0831a4473153c1a3837324cdb29884d1dce454af78aebd95792368a347e18a38d9d3b1dac83987d583d7690f4440be27d97e853403f443b5583f704809a844783d5e3bb965585b7716f1d9196312d4ebf1b10d5c725944ecbf0960018a34b7c61b0dc15e80861edf15c727a4c48162e5e526d8d48fa6376d9821bea9b0a1cd0e3dbe0bec8a657abc4fb1379bf2ea58257a901c2f7d1eab32ad08bdb656321d0b43f351e830f05c9235fab830995433400ff318e2bbb6e9dd8ab4d74284dfd0f5fab6edc8782b867a3844a4a86fcee2a7809d601a9a5d9ef29702cca20a575402521cfde28659bd5fb13782f19bdca0f89be87ad265fb7d28711c6fe1381deb376ea1961374ceea4ea186e35e7f0c21c044188f44d302dcecfad434d0574f5e95a4b40989974a6d87c910aed8692d04c8d0b2f2ee211a3882e3a25c68054a804b2d2e9ffc28205987be891e359a08d0218830aaefc0949d6c80ace81ff5e3abd9a89ef379f8e62a5ed3be93a0f06bcc3b39fb55fba4adb53069cd25128f255150ed6b2a4f9b81e46a7af03fcd944712e267467a176a09c7ce0d7a4148b3eee0baa2e27d8be93e8fd1c6f7e0e133a248be8b0cdaea6b6b53c882fe74a5fcb60df81b42ed0964f2e9fdf77ee8469d0db436a510c100ec959c00ee088e13bb42342d8bbcfe253358b831f768be253dd017ba114c6b498dceca2ab4d2e0c44bbab5a184455d6f19996c58be0a1a8ff18cf1b96104d5a0a9f782fcee02192c8e91568696f142b31a41c8af8d40db86ee851534a241fba37872a6b4bab7f38586e962d0d6698075949bcf39ddcf078b8e12eb6d8a03bd4ebe5fe71ebdd02c3b900b93d8533c77dc33824810dfa56a9ab88ac578be0d4e6c28b68ba3723c51eb928a94960efbc61e352c733917d2cc69633d5d2adf729f2e33df474ca9eb484975d8bf4040a30fef6fb580debfd693b45b88dae26ba04effd53e2b3eeb26f96b15fb7863cc4c6b6b608a3a698faa9339275fabe31ee4276cbf9c50822fb61898f85a1bf1f4a0fd5b666751dbb22594810e0367aebd97ec6b43de8b554aa52f04675adb5bad6324ac39da60f0256d037a188efab5a4ad380915f376e71d854c9f6fd272ec605edd5dcc3071bb3182aa88fb7148e713f70bed10b9446fb249e2d5de32977741a034820d25d267fc3db98f6227e1feb9413be66101c430564da03f99794a5a1f2027221da8ae88a5913eab37b1cbd7f0e2715adf106f32e50485b1ea07107a3cc786e5b6863e44b42104cb089743755901e9f7286dbf66db743ac1b3f3787a596f7eb74e9d56f5c5b810d242560a4770eb82c073fd22118ba7f68998075273815f2a37d60f8cfeed7ec7f9c6d226a25f1238001915caa436b4cd126e88b0995e3933b2eea406cb826f83ace00b4c83486ec867553e255f46036e486ffece1a813b23c5a9c3b0425d2b9662a6b0095658885d90078da2e3fe9a12f0202677160881a69cfc0ff17e6605dbe9ad2409180d315fb9f358316fb3cfa665cb2f9ec494122c3f35c8eb3bc8607f20b5e5eca8c3bce9b240c750873adcf2053a17d9764406b0458fdd6a724a60cd91cc8b22bb6ee4c0c12990959c9abecdbd4c9e3862d933a58baca7bffc83c08b6446ff4bc2bc386aff685d4ae90ca7b69ba46b6829ded9877e82f7a79d25e2ffc8d4af61028e06be2d1735bc04d5f1f3a0edd62e5d73f8b7b652bc1df1c6f632af046d801070dfcb42fe51a30f2b4f6a6a746b78359e15206d3c9c5ed286f31e305fbba3900bfd67779225e0a0a6caa8f9859f4b8d26485e381ce61ce535d9b7c9d13ae139cad02af903d5029b795686bc5e2f13c5a2b3f3ce2a41e7329e81d34a5fdc19860a3fee56395c8221248eaed443b915fdc90a8cc6114533f3855840b46922de5c6c808d601db12e25e0e764e67b91319a1be859139ca1c785f43e571a8434dd7e138c1fc648f6c477f797003d643f77930a3c429cf1ab4bd72f3537c92e95755c69e520b644e107724676a66996ee669d62e0ba78253ab53716b63718c3966a217b0abff8804737fddac62299322ef97032a538cbd5b5ce61a6049d3b62b9be1f4fe54396d6c1ff03064ca82cb624d7bce7f7b571c93ca65730301a62f1c7d0c137881c48daebf33a56c1c4d223d8360d0f7ab4a614f92ba658c7aceb4f9fe6cc68a918c2353ef7988d3c635fc123be6288f518010880c3f01a31405d8e74c162d7dac40ce3e4f62de76ba431c3106567cf3df2dcfa30181480a82b8edf804c5e6c9161e20446a489f6f390b0a3374d6f8780563733de038b51774a1b9674f79a12798860a13f95b610173e7730fb4ae60fca190bd63a652a8dd370ad516d5774d45", 0x1000)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r2 = openat$vnet(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x4e, 0x1, 0xffffffff, 0x0, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000001180)={0x0, r2}, 0x8)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0xdebd, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
r6 = shmget$private(0x0, 0x4000, 0x10, &(0x7f0000ffb000/0x4000)=nil)
shmctl$SHM_INFO(r6, 0xe, &(0x7f0000001140)=""/29)
preadv(r5, &(0x7f0000000000)=[{&(0x7f0000000340)=""/187, 0xbb}], 0x1, 0x33, 0x200)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = syz_io_uring_setup(0x1c57, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x2, 0x3f, 0x0, r8}, &(0x7f0000000180)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r7})
io_uring_enter(r9, 0x2def, 0x4000, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$COMEDI_CMDTEST(r0, 0x8040640a, &(0x7f0000000080)={0x0, 0x30000, 0x2, 0x9, 0x1, 0x8, 0x0, 0x8, 0x1c0, 0x9845, 0x2, 0x1, 0x0, 0x0, 0x0})

5.924198356s ago: executing program 9 (id=6572):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e21, 0xb, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x9}}, 0x24)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
gettid()
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f00000008c0)={0x7, 0x1, 'client0\x00', 0x0, "84d08b2b6b566e48", "6939b32180a83e59dcec9302df8ceee275519785b2dee5104b9dde4e60910c2a", 0x414, 0x1ff})
read(r3, &(0x7f0000000440)=""/247, 0x26)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r6 = openat$binderfs(0xffffff9c, &(0x7f00000001c0)='./binderfs2/custom1\x00', 0x800, 0x0)
r7 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x74)
r8 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x5)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000880)={0xb8, 0x0, &(0x7f0000000540)=[@free_buffer={0x40086303, r7}, @free_buffer={0x40086303, r8}, @decrefs={0x40046307, 0x2}, @increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x8, 0x1, 0x3d}, @fd={0x66642a85, 0x0, r4}, @flat=@weak_binder={0x77622a85, 0xa}}, &(0x7f0000000300)={0x0, 0x1c, 0x34}}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f00000003c0)={@fda={0x66646185, 0x3, 0x2, 0x21}, @flat=@weak_binder={0x77622a85, 0x1200, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f00000006c0)=""/205, 0xcd, 0x1, 0x37}}, &(0x7f0000000340)={0x0, 0x1c, 0x34}}, 0x1000}], 0x0, 0x0, &(0x7f00000007c0)})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0xd000000, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000080)={0x31, @time={0x3, 0xfffefffd}, 0x4, {0x0, 0x2}, 0xa, 0x1, 0x4})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r3, 0x402c5342, &(0x7f00000000c0)={0x2, 0x1, 0x3, {0x4, 0x40}, 0x82c7, 0xf})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)

4.967940363s ago: executing program 9 (id=6578):
socket$packet(0x11, 0x2, 0x300)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
preadv(r0, &(0x7f00000004c0)=[{0x0}, {&(0x7f0000000500)=""/215, 0xd7}, {0x0}, {&(0x7f0000000740)=""/165, 0xa5}, {&(0x7f00000003c0)=""/210, 0xd2}], 0x5, 0x35, 0xc3)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_xfrm(r0, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x1, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000700)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="80000000", @ANYRES16=0x0, @ANYBLOB="00042dbd7000fcdbdf250c0000000000018044000400200001000a004e2400008001fe8000000000000000000000000000aa07000000200002000a004e23000000ffff020000000000000000000000000001000000001c00028008000200008be800080004004489000008000200000000000800030008000000"], 0x80}, 0x1, 0x0, 0x0, 0x4830}, 0x20000000)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0x2000051e2, 0x3ff)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x1, 0x5, 0x9}}, 0x28)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
recvmmsg(0xffffffffffffffff, &(0x7f00000034c0), 0x0, 0x10720, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x13}, @in6=@dev={0xfe, 0x80, '\x00', 0x22}, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x2c}, {0x5, 0xfffffffffffffffd, 0x40000003, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x81, 0x2}, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@rand_addr=0x64010102, 0x8000, 0x33}, 0x0, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000}}, 0xe4)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffe0)
socket$kcm(0x10, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pipe(&(0x7f0000000040))
socket$inet6_udplite(0xa, 0x2, 0x88)

3.797936587s ago: executing program 6 (id=6584):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80001, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000005c0), 0xa0280, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='-\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
inotify_init()
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000280)={0x26, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)

3.506137363s ago: executing program 6 (id=6585):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
openat$kvm(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x3a, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$fb(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0xd8000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000a40)="6457d028"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4b, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d149909748"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

3.221349726s ago: executing program 2 (id=6586):
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a45352, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000240)="d800000019008111e0020f060d8107040a60000007000000000455a12a00090008000699e3ffffff14000500fe80817806000567b8b7b940020000090800160600000000", 0x44}], 0x1}, 0x40004000)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xe, 0x4]}, 0x0, 0x8)
syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
bind$rose(0xffffffffffffffff, 0x0, 0x0)
ptrace$ARCH_GET_GS(0x1e, 0xffffffffffffffff, 0x0, 0x1004)

3.147842438s ago: executing program 2 (id=6587):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000009c0)=@newqdisc={0xac, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x66}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4ebe, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}, @TCA_RATE={0x6, 0x5, {0x4, 0xfa}}]}, 0xac}}, 0x0)

3.084743071s ago: executing program 2 (id=6588):
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x70}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
connect$pptp(r1, &(0x7f0000001280)={0x18, 0x2, {0x1, @broadcast}}, 0x1e)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
ioctl$VIDIOC_QUERYMENU(r6, 0xc008561c, &(0x7f00000001c0)={0x980900, 0x8081, @name="6736516728a5678c18a4ec047f3f1fa52fe9a9987d0406b3a0c705c611b66f06"})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0x0, 0x4, 0x3, 0x378, 0x5, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x1a, 0xf2, 0x10, 0xfffffffb, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x5, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x1, 0x10000, 0x8000401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0xffff, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x9, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0xffffff87, 0xe, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x103, 0x5, 0x63, 0x4, 0x18000, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x8, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0xa, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x8, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x2, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x103, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x5, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x8000005, 0x7, 0xffd, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x2, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0xc, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xffe, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0xff, 0x2, 0x6, 0x0, 0x2, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x8, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x9, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x4, 0x8, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x9, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x0, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0x85e5, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x2, 0x30, 0xb, 0x101, 0x2, 0x9, 0x100003, 0x7, 0x8, 0x8, 0x0, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0x0, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x7, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x100, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x1000, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x7, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x4, 0x4, 0xff, 0xee, 0x6, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0x0, 0x6, 0xea, 0xbb2d, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0x0, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0x3, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af85, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x4, 0xdd, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]})
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r8, &(0x7f0000000040)="e2", 0x12d8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005880)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}}, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r6, 0xc02c5638, &(0x7f00000012c0)={0x3, 0x2})

2.667245299s ago: executing program 6 (id=6589):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="0c338c88dc44d31ec97f31bde8692d1a", 0x10}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fchmodat(0xffffffffffffff9c, 0x0, 0x20)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45fd629100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db220100002600000000000080622e"], 0x0}, 0x94)
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000005000000fd0900009f0b000005010000", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000e200"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r1}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r1}, 0x38)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000100)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRESOCT], 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0xfffb, 0x3000000, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='bridge0\x00', 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$NFT_BATCH(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc0c4}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x6c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x3}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x6}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a74000000060a0b0400000000000000000200018000000480440001800a000100696e6e6572000000340002800800024000000084080003400000000a080004400000000c080001400000000010000580090001006d657461000000000900010073797a30000000000900020073797a32000000001400000011000100690ae0f8c64954f7e720e52e415021e95c095efc3c15a62aa20c89fb97b62a6e28739da943e23974bce6ecbbb8ef148d1ebe149fdf005dde750e11c2757e9d28500393f5e1f8b9631ad71e7fed6309f13d362392fc3d2627871f844d6e818e63"], 0x9c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18020000080400030000000000000000850000007a000000850000000e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

2.587296978s ago: executing program 8 (id=6577):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_usbip_server_init(0x3)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x100000000000000, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000034c0)={0x2020}, 0xcac)

2.346126648s ago: executing program 2 (id=6590):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@security={'security\x00', 0xe, 0x4, 0x388, 0xffffffff, 0x0, 0x0, 0x110, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f00000002c0), {[{{@uncond, 0x0, 0xa4, 0x110}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x8, 0x14c, 0xfa09, 0x1, 0x0, "c3e3ddf97432736cf58aebc8e59d8e658da487d6a0db576833fa7f4a7e00e790f91f9dea4283587f801dfeb24d5f7f70109d592d5b456e5e4341ee7643871e99"}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xff000000, 0xffffffff, 0xff], [0xff, 0xffffffff, 0xff, 0xffffff00], 'nr0\x00', 'bond_slave_0\x00', {0xff}, {0xff}, 0x3c, 0x6, 0x5, 0x8}, 0x0, 0xa4, 0xe4}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x5, 0xa47, 0x97a0, 0x1, 0x0, 0x1, 0x7, 0x8]}}}, {{@uncond, 0x0, 0xa4, 0xcc}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x10, 0x1}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3e4)
mkdir(&(0x7f0000000000)='./file0\x00', 0x19)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$dlm_monitor(0xffffff9c, &(0x7f0000000000), 0x40, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
io_uring_setup(0x2e34, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r6, &(0x7f0000000980)=[{0x0}, {0x0}], 0x2, 0x5, 0xa, 0x14)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
socket(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

2.332583632s ago: executing program 6 (id=6591):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
getdents64(r3, &(0x7f0000001d40)=""/44, 0x2c)
socket$kcm(0x29, 0x6, 0x0)
close(r1)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=fscache'])
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)

2.213948917s ago: executing program 6 (id=6592):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80001, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000005c0), 0xa0280, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='-\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
inotify_init()
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000280)={0x26, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)

1.576483005s ago: executing program 9 (id=6593):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
migrate_pages(0x0, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
listen(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
openat$sndseq(0xffffff9c, &(0x7f0000000080), 0x84900)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
write(r2, &(0x7f00000002c0)="240000001a005f0214f9d4010400000004000000000000000009000000000400012a46cdd3", 0x25)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
dup(r0)

1.149894012s ago: executing program 6 (id=6594):
add_key$fscrypt_provisioning(&(0x7f0000000200), 0x0, &(0x7f0000000400)=ANY=[], 0x48, 0xffffffffffffffff)
socket$inet6(0xa, 0x1, 0x8010000000000084)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socket(0x200000000000011, 0x4000000000080002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffff9, 0x10100, 0x0, 0xd3, 0x0, r1}, 0x0, &(0x7f00000001c0)=<r3=>0x0)
socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet(0x2, 0x2, 0x0)
r5 = syz_io_uring_setup(0x460, &(0x7f0000000480)={0x0, 0x40000020, 0x10, 0x2, 0x34f}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x1, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(r5, 0x799b, 0xcca2, 0x4, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x0, 0x0, 0x0)
r8 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffff07000000000000001c006800000f119078ac14143fffffffff4e224e2300089078"], 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x8230}, 0x3})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)

1.120472271s ago: executing program 8 (id=6595):
syz_open_dev$sndctrl(&(0x7f00000017c0), 0x0, 0x4800)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0x698c, 0x4000, 0x2, 0xfffffffe})
openat$dir(0xffffffffffffff9c, &(0x7f0000001500)='.\x00', 0x20000, 0x140)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r0 = socket(0x10, 0x4, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$usbfs(&(0x7f0000000040), 0x10, 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)

1.000726728s ago: executing program 2 (id=6596):
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2) (async)
get_mempolicy(0x0, 0x0, 0x7, &(0x7f0000001000/0x4000)=nil, 0x3) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x800, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x14, 0xc7, {[{0x8}, {0x9, 0x6}, {0x5, 0x4}, {0x5, 0x7}], "71f57c74c077c834"}}]}, 0x28}, 0x1, 0x0, 0x0, 0x44}, 0x20000002)

762.622035ms ago: executing program 2 (id=6597):
socket$nl_route(0x10, 0x3, 0x0)
fchmodat(0xffffffffffffff9c, 0x0, 0x20)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45fd629100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db220100002600000000000080622e"], 0x0}, 0x94)
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000005000000fd0900009f0b000005010000", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000e200"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r1}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r1}, 0x38)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000100)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYRESOCT], 0x8)
connect$inet6(0xffffffffffffffff, &(0x7f00000003c0)={0xa, 0xfffb, 0x3000000, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='bridge0\x00', 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$NFT_BATCH(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc0c4}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x6c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x3}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private}}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x6}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a74000000060a0b0400000000000000000200018000000480440001800a000100696e6e6572000000340002800800024000000084080003400000000a080004400000000c080001400000000010000580090001006d657461000000000900010073797a30000000000900020073797a32000000001400000011000100690ae0f8c64954f7e720e52e415021e95c095efc3c15a62aa20c89fb97b62a6e28739da943e23974bce6ecbbb8ef148d1ebe149fdf005dde750e11c2757e9d28500393f5e1f8b9631ad71e7fed6309f13d362392fc3d2627871f844d6e818e63"], 0x9c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18020000080400030000000000000000850000007a000000850000000e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

539.942255ms ago: executing program 9 (id=6598):
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x70}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x8, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x2, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
connect$pptp(r1, &(0x7f0000001280)={0x18, 0x2, {0x1, @broadcast}}, 0x1e)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
ioctl$VIDIOC_QUERYMENU(r6, 0xc008561c, &(0x7f00000001c0)={0x980900, 0x8081, @name="6736516728a5678c18a4ec047f3f1fa52fe9a9987d0406b3a0c705c611b66f06"})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x80000000, 0x7, 0x9, 0x7a18fde9, 0x9, 0x0, 0x4, 0x3, 0x378, 0x5, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x1a, 0xf2, 0x10, 0xfffffffb, 0x8, 0x10001, 0x401, 0x80000000, 0x401, 0x3ca5, 0x5, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x5, 0xa, 0x1, 0x10000, 0x8000401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x9, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffd, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0xffff, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x9, 0x2, 0xb, 0x6, 0x4fa4, 0x80000000, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0xffffff87, 0xe, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0x9, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x201, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x103, 0x5, 0x63, 0x4, 0x18000, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x8, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0xc4c, 0x45e3, 0x5, 0x7, 0x3, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0xa, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x8, 0x6, 0xfffffffa, 0x5, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x2, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x81, 0x80000004, 0x9, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xae, 0x6, 0x1, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x103, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x8, 0x80000000, 0x5, 0x7, 0xa9c, 0x9, 0x8, 0x1, 0x2, 0x5, 0x1000, 0x69f, 0x1ff, 0x9, 0x10, 0x3, 0x10000, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x7fffffff, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x8000005, 0x7, 0xffd, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x2, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0xc, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xffe, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0xff, 0x2, 0x6, 0x0, 0x2, 0x4b15, 0x10000, 0x1, 0x6, 0x1, 0xd, 0x8, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x9, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x2, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x4, 0x8, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x9, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x0, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x10001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0x85e5, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x2, 0x30, 0xb, 0x101, 0x2, 0x9, 0x100003, 0x7, 0x8, 0x8, 0x0, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x6, 0x0, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x7, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x9, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbfb, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000001, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x100, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x1000, 0xc9, 0x2, 0xfffffffe, 0x924, 0x499, 0x100, 0x1, 0x5, 0xffff351b, 0x7, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x4, 0x4, 0xff, 0xee, 0x6, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x6, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x4, 0x6330, 0x0, 0x6, 0xea, 0xbb2d, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0x0, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x64c822e3, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0x3, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af85, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x9, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x4, 0xdd, 0x6, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]})
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r8, &(0x7f0000000040)="e2", 0x12d8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005880)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xd}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}}, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r6, 0xc02c5638, &(0x7f00000012c0)={0x3, 0x2})

0s ago: executing program 8 (id=6599):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x1254, &(0x7f0000000300)={0x0, 0x40ac, 0x10000, 0x42, 0x3f, 0x0, r1}, &(0x7f0000000180), &(0x7f00000000c0))
sendmmsg$inet(r1, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)="347c8b97308cd400cadc45e26a4f0b9d0a9f3f5a5e4fd170487d45acccf3723e0de08f2f24f5cb4ad9762d8af51cef115a3967cba028895fcaebf405b45dfe39fabc4209e6d13771d5ccd624cca6bfd540a583e14e78ed9ebf2e5b448e0fe6e6bedba26701beec754140bf8c9d0fff70a393153b41b1d22c2e6d5a40fbd3302070aaea08faeac8422c0ff2380b8e67242bf269ab66d38e01573bf546b8d6b750f4d5705024672855e06d67b089134485fcb6f9ab517f08adf37d69d01c9b9e160d4aaa2e261492fcbb59036308f1b8d3fb10b6eb8a87999a5cb6a85b606a82e3012468fe48899eb9a3fa9cbe2e19ee0c90ebdc93fb92fd36daa43d216f45618e02283e290fc2a4ee8fe1e316fa7e26f6bbb62cb40f36c5528c240a308e3107685961df6cfea9e84603294fe167eed0f528234d1e684fe888f78d27531eab41241c2867713376ff84048daaee5fccc4b98052809b7ef8005c7172a43c2dabbfa689b2e2a01a053cdfdc8ede", 0x16b}, {&(0x7f0000000080)="88435d1662090f9b10a79bc500a2de0cf53c94dbb9dc4cb411aa802f19f3527e7114461a4f7b855c01ab17c070c841de45cfcefe02ceefbe5e4a91feacb9af63e63687b60e5d364c4ed6252a7f0cbd7a2bce368bb92f78c2ffafd8f396014c2859ce4662bf8c6d9c08af1934d47afb80d7794020cae1219e24aa46c48c9fbeb303ad873e6204fe44e7d906dd1be34faeabb13d630594f0de905084915234d73ce99e6bc5b10594ce", 0xa8}], 0x2, 0x0, 0x0, 0x2000000}}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

[T22158] cdc_wdm 14-1:1.0: skipping garbage
[ 1255.198313][T22158] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device
[ 1255.200229][T22158] cdc_wdm 14-1:1.0: Unknown control protocol
[ 1255.201042][T27224] syzkaller0: entered promiscuous mode
[ 1255.203973][T27224] syzkaller0: entered allmulticast mode
[ 1255.384514][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1255.504653][T22158] usb 14-1: USB disconnect, device number 20
[ 1256.434519][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1257.464550][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1258.390090][T27223] tipc: Resetting bearer <eth:syzkaller0>
[ 1258.443480][T22754] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1258.447297][T22754] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1258.470017][T27223] tipc: Disabling bearer <eth:syzkaller0>
[ 1258.514483][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1258.783293][T27277] tmpfs: Bad value for 'mpol'
[ 1259.544517][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1259.548216][   T24] kernel read not supported for file /video7 (pid: 24 comm: kworker/2:0)
[ 1259.590161][ T1140] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1259.974551][ T1326] usb 14-1: new low-speed USB device number 21 using dummy_hcd
[ 1260.146067][ T1326] usb 14-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1260.149291][ T1326] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1260.152153][ T1326] usb 14-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1260.155862][ T1326] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1260.159295][ T1326] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1260.162783][ T1326] usb 14-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1260.165729][ T1326] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1260.169984][T27300] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 1260.173190][ T1326] hub 14-1:1.0: bad descriptor, ignoring hub
[ 1260.175188][ T1326] hub 14-1:1.0: probe with driver hub failed with error -5
[ 1260.177680][ T1326] cdc_wdm 14-1:1.0: skipping garbage
[ 1260.179321][ T1326] cdc_wdm 14-1:1.0: skipping garbage
[ 1260.182336][ T1326] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device
[ 1260.184774][ T1326] cdc_wdm 14-1:1.0: Unknown control protocol
[ 1260.504766][T13654] Bluetooth: hci4: command 0x1003 tx timeout
[ 1260.504847][ T5961] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1260.570513][T27305] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1260.573516][T27305] syzkaller0: entered promiscuous mode
[ 1260.575959][T27305] syzkaller0: entered allmulticast mode
[ 1260.584565][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1260.627649][T27300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1260.636317][T27300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1260.795284][ T1326] usb 14-1: USB disconnect, device number 21
[ 1261.624757][ T5961] Bluetooth: hci5: command 0x1003 tx timeout
[ 1261.630157][T26218] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1261.634497][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1262.371406][T27319] FAULT_INJECTION: forcing a failure.
[ 1262.371406][T27319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1262.386122][T27319] CPU: 1 UID: 0 PID: 27319 Comm: syz.6.5472 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1262.386140][T27319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1262.386148][T27319] Call Trace:
[ 1262.386152][T27319]  <TASK>
[ 1262.386157][T27319]  dump_stack_lvl+0x16c/0x1f0
[ 1262.386173][T27319]  should_fail_ex+0x512/0x640
[ 1262.386187][T27319]  _copy_from_user+0x2e/0xd0
[ 1262.386200][T27319]  video_usercopy+0x723/0x1440
[ 1262.386214][T27319]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1262.386225][T27319]  ? __pfx_video_usercopy+0x10/0x10
[ 1262.386242][T27319]  ? hook_file_ioctl_common+0x145/0x410
[ 1262.386260][T27319]  v4l2_ioctl+0x1bd/0x250
[ 1262.386269][T27319]  ? __pfx_fput+0x1/0x10
[ 1262.386283][T27319]  v4l2_compat_ioctl32+0x214/0x2c0
[ 1262.386300][T27319]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[ 1262.386317][T27319]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1262.386335][T27319]  __do_fast_syscall_32+0x7c/0x3a0
[ 1262.386348][T27319]  do_fast_syscall_32+0x32/0x80
[ 1262.386360][T27319]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1262.386374][T27319] RIP: 0023:0xf712e579
[ 1262.386383][T27319] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1262.386394][T27319] RSP: 002b:00000000f511e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1262.386405][T27319] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0405668
[ 1262.386412][T27319] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1262.386419][T27319] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1262.386425][T27319] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1262.386431][T27319] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1262.386445][T27319]  </TASK>
[ 1262.450501][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1262.664515][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1262.869087][T27330] netlink: 146776 bytes leftover after parsing attributes in process `syz.8.5475'.
[ 1263.449809][T27345] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1263.452865][T27345] FAULT_INJECTION: forcing a failure.
[ 1263.452865][T27345] name failslab, interval 1, probability 0, space 0, times 0
[ 1263.457156][T27343] binder_alloc: 27342: binder_alloc_buf, no vma
[ 1263.457359][T27345] CPU: 3 UID: 0 PID: 27345 Comm: syz.8.5480 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1263.457376][T27345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1263.457383][T27345] Call Trace:
[ 1263.457387][T27345]  <TASK>
[ 1263.457391][T27345]  dump_stack_lvl+0x16c/0x1f0
[ 1263.457408][T27345]  should_fail_ex+0x512/0x640
[ 1263.457420][T27345]  ? __kvmalloc_node_noprof+0x124/0x620
[ 1263.457440][T27345]  should_failslab+0xc2/0x120
[ 1263.457453][T27345]  __kvmalloc_node_noprof+0x137/0x620
[ 1263.457472][T27345]  ? hhf_init+0x521/0x8c0
[ 1263.457486][T27345]  ? hhf_init+0x521/0x8c0
[ 1263.457495][T27345]  hhf_init+0x521/0x8c0
[ 1263.457505][T27345]  ? __pfx_hhf_init+0x10/0x10
[ 1263.457530][T27345]  qdisc_create+0x454/0xfc0
[ 1263.457548][T27345]  tc_modify_qdisc+0x11d8/0x2170
[ 1263.457567][T27345]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 1263.457583][T27345]  ? __mutex_lock+0x1ca/0xb90
[ 1263.457606][T27345]  ? __pfx_tc_modify_qdisc+0x10/0x10
[ 1263.457623][T27345]  rtnetlink_rcv_msg+0x3c6/0xe90
[ 1263.457637][T27345]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1263.457653][T27345]  ? __lock_acquire+0x622/0x1c90
[ 1263.457672][T27345]  netlink_rcv_skb+0x158/0x420
[ 1263.457686][T27345]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1263.457700][T27345]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1263.457719][T27345]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1263.457731][T27345]  ? is_vmalloc_addr+0x86/0xa0
[ 1263.457748][T27345]  netlink_unicast+0x58a/0x850
[ 1263.457764][T27345]  ? __pfx_netlink_unicast+0x10/0x10
[ 1263.457782][T27345]  netlink_sendmsg+0x8d1/0xdd0
[ 1263.457797][T27345]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1263.457812][T27345]  ? __import_iovec+0x1dd/0x650
[ 1263.457828][T27345]  ____sys_sendmsg+0xa95/0xc70
[ 1263.457845][T27345]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1263.457859][T27345]  ? get_compat_msghdr+0x11a/0x170
[ 1263.457878][T27345]  ___sys_sendmsg+0x134/0x1d0
[ 1263.457890][T27345]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1263.457909][T27345]  ? find_held_lock+0x2b/0x80
[ 1263.457929][T27345]  __sys_sendmsg+0x16d/0x220
[ 1263.457941][T27345]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1263.457958][T27345]  ? rcu_is_watching+0x12/0xc0
[ 1263.457972][T27345]  __do_fast_syscall_32+0x7c/0x3a0
[ 1263.457985][T27345]  do_fast_syscall_32+0x32/0x80
[ 1263.457997][T27345]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1263.458011][T27345] RIP: 0023:0xf7f07579
[ 1263.458020][T27345] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1263.458031][T27345] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1263.458042][T27345] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1263.458049][T27345] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1263.458055][T27345] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1263.458061][T27345] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1263.458068][T27345] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1263.458081][T27345]  </TASK>
[ 1263.507186][T27346] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5480'.
[ 1263.510455][T27343] binder: 27342:27343 ioctl c0306201 80000240 returned -11
[ 1263.519202][T27345] vlan0: entered allmulticast mode
[ 1263.634529][T22348] usb 11-1: new low-speed USB device number 18 using dummy_hcd
[ 1263.694495][T27357] 9pnet_fd: Insufficient options for proto=fd
[ 1263.704558][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1263.746332][T27304] tipc: Resetting bearer <eth:syzkaller0>
[ 1263.760904][T27304] tipc: Disabling bearer <eth:syzkaller0>
[ 1263.788123][T22348] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1263.791296][T22348] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1263.794069][T22348] usb 11-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1263.798506][T22348] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1263.801893][T22348] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1263.805551][T22348] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1263.808446][T22348] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.813227][T27341] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1263.817701][T22348] hub 11-1:1.0: bad descriptor, ignoring hub
[ 1263.820010][T22348] hub 11-1:1.0: probe with driver hub failed with error -5
[ 1263.823971][T22348] cdc_wdm 11-1:1.0: skipping garbage
[ 1263.827271][T22348] cdc_wdm 11-1:1.0: skipping garbage
[ 1263.831033][T22348] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device
[ 1263.834098][T22348] cdc_wdm 11-1:1.0: Unknown control protocol
[ 1263.856132][T27364] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1263.888632][T27364] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5486'.
[ 1263.898222][T27364] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5486'.
[ 1263.948765][T27367] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[ 1263.952610][T27367] overlayfs: missing 'lowerdir'
[ 1264.233658][T27341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1264.236994][T27341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1264.424789][   T24] usb 11-1: USB disconnect, device number 18
[ 1264.754644][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1265.205573][T27383] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5492'.
[ 1265.229537][T27385] 9pnet_fd: Insufficient options for proto=fd
[ 1265.742585][T27402] binder: 27401:27402 ioctl c0306201 80000240 returned -11
[ 1265.784540][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1266.031980][T27411] netlink: 146776 bytes leftover after parsing attributes in process `syz.6.5501'.
[ 1266.822691][T27431] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5506'.
[ 1266.828755][T27431] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5506'.
[ 1266.830579][T27433] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5507'.
[ 1266.834587][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1267.134671][   T40] kauditd_printk_skb: 28 callbacks suppressed
[ 1267.134683][   T40] audit: type=1326 audit(2000000188.509:1756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.143336][   T40] audit: type=1326 audit(2000000188.509:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.174527][   T40] audit: type=1326 audit(2000000188.509:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.181468][   T40] audit: type=1326 audit(2000000188.509:1759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.195382][   T40] audit: type=1326 audit(2000000188.509:1760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.204028][   T40] audit: type=1326 audit(2000000188.509:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.232250][   T40] audit: type=1326 audit(2000000188.509:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.251560][   T40] audit: type=1326 audit(2000000188.509:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.272762][   T40] audit: type=1326 audit(2000000188.509:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27447 comm="syz.8.5512" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1267.285833][T27456] netlink: 'syz.8.5514': attribute type 5 has an invalid length.
[ 1267.288321][T27456] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5514'.
[ 1267.334839][   T40] audit: type=1400 audit(2000000188.709:1765): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A30206B420A4C617A79467265653A202020202020202020202020202030206B420A416E6F6E4875676550616765733A20202020202020202030206B420A53686D656D506D644D61707065643A202020202020202030206B420A46696C65506D644D61707065643A20202020202020202030206B420A5368617265645F48756765746C623A202020202020202030206B420A507269766174 pid=27457 comm="syz.8.5515"
[ 1267.874564][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1267.937904][T27470] binder: BINDER_SET_CONTEXT_MGR already set
[ 1267.940624][T27470] binder: 27469:27470 ioctl 4018620d 80000040 returned -16
[ 1267.943948][T27470] binder: 27469:27470 ioctl c0306201 80000240 returned -11
[ 1268.058551][T27476] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5521'.
[ 1268.078583][T27480] lo speed is unknown, defaulting to 1000
[ 1268.914664][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1269.144848][T27496] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5526'.
[ 1269.148992][T27496] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1269.151790][T27496] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1269.357793][T27500] lo speed is unknown, defaulting to 1000
[ 1269.954504][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1270.294836][T27513] FAULT_INJECTION: forcing a failure.
[ 1270.294836][T27513] name failslab, interval 1, probability 0, space 0, times 0
[ 1270.298820][T27513] CPU: 2 UID: 0 PID: 27513 Comm: syz.2.5532 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1270.298836][T27513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1270.298856][T27513] Call Trace:
[ 1270.298860][T27513]  <TASK>
[ 1270.298865][T27513]  dump_stack_lvl+0x16c/0x1f0
[ 1270.298881][T27513]  should_fail_ex+0x512/0x640
[ 1270.298892][T27513]  ? __kvmalloc_node_noprof+0x124/0x620
[ 1270.298915][T27513]  should_failslab+0xc2/0x120
[ 1270.298929][T27513]  __kvmalloc_node_noprof+0x137/0x620
[ 1270.298947][T27513]  ? nf_tables_addchain.constprop.0+0x601/0x1c90
[ 1270.298965][T27513]  ? nf_tables_addchain.constprop.0+0x601/0x1c90
[ 1270.298978][T27513]  nf_tables_addchain.constprop.0+0x601/0x1c90
[ 1270.298995][T27513]  ? nft_chain_lookup+0x204/0x3e0
[ 1270.299011][T27513]  ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10
[ 1270.299025][T27513]  ? __pfx_nft_chain_lookup+0x10/0x10
[ 1270.299051][T27513]  ? nla_strcmp+0xff/0x130
[ 1270.299065][T27513]  ? nft_table_lookup.part.0+0x1e3/0x230
[ 1270.299080][T27513]  nf_tables_newchain+0x1e0d/0x2a90
[ 1270.299099][T27513]  ? __nla_validate_parse+0x600/0x2880
[ 1270.299115][T27513]  ? __pfx_nf_tables_newchain+0x10/0x10
[ 1270.299128][T27513]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1270.299148][T27513]  ? __nla_parse+0x40/0x60
[ 1270.299164][T27513]  nfnetlink_rcv_batch+0x18ea/0x2330
[ 1270.299189][T27513]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[ 1270.299207][T27513]  ? __local_bh_enable_ip+0xa4/0x120
[ 1270.299220][T27513]  ? __dev_queue_xmit+0x896/0x43e0
[ 1270.299237][T27513]  ? __dev_queue_xmit+0x8b7/0x43e0
[ 1270.299260][T27513]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1270.299290][T27513]  ? __nla_parse+0x40/0x60
[ 1270.299306][T27513]  nfnetlink_rcv+0x3c1/0x430
[ 1270.299321][T27513]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1270.299341][T27513]  netlink_unicast+0x58a/0x850
[ 1270.299357][T27513]  ? __pfx_netlink_unicast+0x10/0x10
[ 1270.299375][T27513]  netlink_sendmsg+0x8d1/0xdd0
[ 1270.299391][T27513]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1270.299406][T27513]  ? __import_iovec+0x1dd/0x650
[ 1270.299422][T27513]  ____sys_sendmsg+0xa95/0xc70
[ 1270.299439][T27513]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1270.299453][T27513]  ? get_compat_msghdr+0x11a/0x170
[ 1270.299473][T27513]  ___sys_sendmsg+0x134/0x1d0
[ 1270.299486][T27513]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1270.299504][T27513]  ? find_held_lock+0x2b/0x80
[ 1270.299525][T27513]  __sys_sendmsg+0x16d/0x220
[ 1270.299537][T27513]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1270.299556][T27513]  ? rcu_is_watching+0x12/0xc0
[ 1270.299570][T27513]  __do_fast_syscall_32+0x7c/0x3a0
[ 1270.299583][T27513]  do_fast_syscall_32+0x32/0x80
[ 1270.299595][T27513]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1270.299609][T27513] RIP: 0023:0xf706e579
[ 1270.299618][T27513] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1270.299628][T27513] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1270.299639][T27513] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1270.299646][T27513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1270.299652][T27513] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1270.299658][T27513] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1270.299665][T27513] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1270.299678][T27513]  </TASK>
[ 1270.624748][T27522] mac80211_hwsim hwsim37 wlan1: entered allmulticast mode
[ 1270.984561][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1271.412880][T27537] binder: BINDER_SET_CONTEXT_MGR already set
[ 1271.414987][T27537] binder: 27536:27537 ioctl 4018620d 80000040 returned -16
[ 1271.417859][T27537] binder: 27536:27537 ioctl c0306201 80000240 returned -11
[ 1271.494265][T27539] FAULT_INJECTION: forcing a failure.
[ 1271.494265][T27539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1271.498418][T27539] CPU: 1 UID: 0 PID: 27539 Comm: syz.8.5539 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1271.498435][T27539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1271.498443][T27539] Call Trace:
[ 1271.498447][T27539]  <TASK>
[ 1271.498452][T27539]  dump_stack_lvl+0x16c/0x1f0
[ 1271.498468][T27539]  should_fail_ex+0x512/0x640
[ 1271.498483][T27539]  _copy_to_user+0x32/0xd0
[ 1271.498497][T27539]  simple_read_from_buffer+0xcb/0x170
[ 1271.498515][T27539]  proc_fail_nth_read+0x197/0x270
[ 1271.498531][T27539]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1271.498547][T27539]  ? rw_verify_area+0xcf/0x680
[ 1271.498563][T27539]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1271.498578][T27539]  vfs_read+0x1e4/0xc60
[ 1271.498589][T27539]  ? fdget_pos+0x2a2/0x370
[ 1271.498601][T27539]  ? __pfx_vfs_read+0x10/0x10
[ 1271.498614][T27539]  ? find_held_lock+0x2b/0x80
[ 1271.498629][T27539]  ? __fget_files+0x20e/0x3c0
[ 1271.498650][T27539]  ksys_read+0x12a/0x250
[ 1271.498660][T27539]  ? __pfx_ksys_read+0x10/0x10
[ 1271.498671][T27539]  ? rcu_is_watching+0x12/0xc0
[ 1271.498686][T27539]  __do_fast_syscall_32+0x7c/0x3a0
[ 1271.498699][T27539]  do_fast_syscall_32+0x32/0x80
[ 1271.498711][T27539]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1271.498725][T27539] RIP: 0023:0xf7f07579
[ 1271.498734][T27539] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1271.498745][T27539] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1271.498755][T27539] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5026620
[ 1271.498762][T27539] RDX: 000000000000000f RSI: 00000000f7394ff4 RDI: 0000000000000000
[ 1271.498769][T27539] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1271.498775][T27539] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1271.498781][T27539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1271.498795][T27539]  </TASK>
[ 1271.566708][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1272.034495][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1272.132308][T27553] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 1272.764175][T27567] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5548'.
[ 1273.064556][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1273.446390][T27577] binder_alloc: 27570: binder_alloc_buf, no vma
[ 1273.576141][T27582] binder: BINDER_SET_CONTEXT_MGR already set
[ 1273.578145][T27582] binder: 27581:27582 ioctl 4018620d 80000040 returned -16
[ 1273.581267][T27582] binder: 27581:27582 ioctl c0306201 80000240 returned -11
[ 1273.767587][T27588] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5553'.
[ 1274.104536][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1274.184549][T26218] Bluetooth: hci0: command tx timeout
[ 1274.700087][T27611] binder_alloc: 27609: binder_alloc_buf, no vma
[ 1274.882146][T27613] binder: 27612:27613 ioctl c0306201 80000240 returned -11
[ 1275.144526][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1275.268558][T27618] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5565'.
[ 1276.194521][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1276.844235][T27650] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5574'.
[ 1276.848426][T27650] netlink: 120 bytes leftover after parsing attributes in process `syz.2.5574'.
[ 1276.851412][T27650] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5574'.
[ 1276.875744][T27650] netlink: 'syz.2.5574': attribute type 1 has an invalid length.
[ 1276.888048][T27650] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1276.919378][T27650] bond2: (slave ip6erspan0): making interface the new active one
[ 1276.922538][T27650] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 1277.234580][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1277.377030][T27668] FAULT_INJECTION: forcing a failure.
[ 1277.377030][T27668] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1277.382162][T27668] CPU: 1 UID: 0 PID: 27668 Comm: syz.8.5577 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1277.382183][T27668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1277.382192][T27668] Call Trace:
[ 1277.382209][T27668]  <TASK>
[ 1277.382217][T27668]  dump_stack_lvl+0x16c/0x1f0
[ 1277.382235][T27668]  should_fail_ex+0x512/0x640
[ 1277.382253][T27668]  _copy_from_user+0x2e/0xd0
[ 1277.382269][T27668]  __ia32_compat_sys_kexec_load+0x2eb/0x400
[ 1277.382288][T27668]  ? __pfx___ia32_compat_sys_kexec_load+0x10/0x10
[ 1277.382304][T27668]  ? rcu_is_watching+0x12/0xc0
[ 1277.382321][T27668]  __do_fast_syscall_32+0x7c/0x3a0
[ 1277.382337][T27668]  do_fast_syscall_32+0x32/0x80
[ 1277.382351][T27668]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1277.382368][T27668] RIP: 0023:0xf7f07579
[ 1277.382379][T27668] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1277.382393][T27668] RSP: 002b:00000000f4fcb55c EFLAGS: 00000296 ORIG_RAX: 000000000000011b
[ 1277.382406][T27668] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000001
[ 1277.382415][T27668] RDX: 0000000080000000 RSI: 0000000000320000 RDI: 0000000000000000
[ 1277.382423][T27668] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1277.382431][T27668] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1277.382439][T27668] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1277.382456][T27668]  </TASK>
[ 1277.436710][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1277.475612][T27669] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5579'.
[ 1278.274537][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1279.304520][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1280.263430][T27715] binder_alloc: 27710: binder_alloc_buf, no vma
[ 1280.354513][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1280.732706][T27734] binder_alloc: 27727: binder_alloc_buf, no vma
[ 1281.170761][T27742] binder: 27741:27742 ioctl c0306201 80000240 returned -11
[ 1281.286842][T27745] befs: (nbd8): No write support. Marking filesystem read-only
[ 1281.290788][T27745] syz.8.5604: attempt to access beyond end of device
[ 1281.290788][T27745] nbd8: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1281.296736][T27745] befs: (nbd8): unable to read superblock
[ 1281.394509][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1281.432808][T27749] binder_alloc: 27746: binder_alloc_buf, no vma
[ 1282.424545][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1282.681240][T27763] x_tables: duplicate underflow at hook 1
[ 1282.962093][T27771] netlink: 'syz.6.5613': attribute type 1 has an invalid length.
[ 1283.016970][T27771] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1283.129831][T27780] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5614'.
[ 1283.285261][T27778] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5612'.
[ 1283.464570][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1283.706463][T27785] binder_alloc: 27783: binder_alloc_buf, no vma
[ 1284.098478][T27791] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5616'.
[ 1284.504509][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1284.955021][   T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[ 1285.544531][    C0] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1286.010805][T27818] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5624'.
[ 1286.594538][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1286.910341][   T40] audit: type=1326 audit(2000000208.289:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27829 comm="syz.9.5629" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc6579 code=0x0
[ 1287.159836][T27841] binder: 27840:27841 ioctl c0306201 80000240 returned -11
[ 1287.624530][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1287.797144][T27861] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5640'.
[ 1287.988678][T27866] binder: 27865:27866 ioctl c0306201 80000240 returned -11
[ 1287.991000][T27864] binder_alloc: 27856: binder_alloc_buf, no vma
[ 1288.674499][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1288.893325][T27885] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1288.897748][T27884] tipc: Resetting bearer <eth:syzkaller0>
[ 1289.714488][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1290.030020][T27901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5653'.
[ 1290.746460][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1290.935119][T27884] tipc: Disabling bearer <eth:syzkaller0>
[ 1291.784530][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1292.817914][T27940] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5666'.
[ 1292.824491][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1293.508968][T27948] binder: 27947:27948 ioctl 4018620d 0 returned -22
[ 1293.516944][T27948] binder: 27947:27948 ioctl c0306201 80000240 returned -11
[ 1293.582440][T27956] openvswitch: netlink: IP tunnel TTL not specified.
[ 1293.758562][T27960] binder: BINDER_SET_CONTEXT_MGR already set
[ 1293.760441][T27960] binder: 27959:27960 ioctl 4018620d 80000040 returned -16
[ 1293.763110][T27960] binder: 27959:27960 ioctl c0306201 80000240 returned -11
[ 1293.824816][T22158] usb 13-1: new high-speed USB device number 16 using dummy_hcd
[ 1293.864591][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1294.062742][T22158] usb 13-1: Using ep0 maxpacket: 32
[ 1294.077881][T22158] usb 13-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1294.081487][T22158] usb 13-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1294.085100][T22158] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1294.110318][T22158] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1294.114359][T22158] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1294.117729][T22158] usb 13-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1294.122047][T22158] usb 13-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1294.126648][T22158] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1294.130711][T22158] usb 13-1: config 0 descriptor??
[ 1294.361582][T22158] usblp 13-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1294.372259][T22158] usb 13-1: USB disconnect, device number 16
[ 1294.382786][T22158] usblp0: removed
[ 1294.792075][T27979] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5680'.
[ 1294.904558][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1294.934613][T22158] usb 13-1: new high-speed USB device number 17 using dummy_hcd
[ 1294.989270][T27981] binder: 27980:27981 ioctl 4018620d 0 returned -22
[ 1295.009801][T27981] binder: 27980:27981 ioctl c0306201 80000240 returned -11
[ 1295.072349][T27983] 9pnet_fd: Insufficient options for proto=fd
[ 1295.084734][T22158] usb 13-1: Using ep0 maxpacket: 32
[ 1295.093754][T22158] usb 13-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1295.104719][T22158] usb 13-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1295.108348][T22158] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1295.112148][T22158] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1295.118153][T22158] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1295.122058][T22158] usb 13-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1295.127940][T22158] usb 13-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1295.131627][T22158] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1295.137699][T22158] usb 13-1: config 0 descriptor??
[ 1295.363644][T22158] usblp 13-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1295.472236][T27992] vivid-007: =================  START STATUS  =================
[ 1295.475695][T27992] vivid-007: Enable Output Cropping: true
[ 1295.478408][T27992] vivid-007: Enable Output Composing: true
[ 1295.481009][T27992] vivid-007: Enable Output Scaler: true
[ 1295.483556][T27992] vivid-007: Tx RGB Quantization Range: Automatic
[ 1295.486363][T27992] vivid-007: Transmit Mode: HDMI
[ 1295.488473][T27992] vivid-007: Hotplug Present: 0x00000000
[ 1295.491541][T27992] vivid-007: RxSense Present: 0x00000000
[ 1295.494595][T27992] vivid-007: EDID Present: 0x00000000
[ 1295.497406][T27992] vivid-007: ==================  END STATUS  ==================
[ 1295.954503][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1296.126786][T22158] usb 13-1: USB disconnect, device number 17
[ 1296.149054][T22158] usblp0: removed
[ 1296.218980][T28008] bond3: entered promiscuous mode
[ 1296.221040][T28008] bond3: entered allmulticast mode
[ 1296.223774][T28008] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1296.280069][T28011] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5689'.
[ 1296.283732][T28011] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1296.287143][T28011] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1296.984525][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1297.109194][T28013] 9pnet_fd: Insufficient options for proto=fd
[ 1297.993064][T28034] netlink: 12 bytes leftover after parsing attributes in process `syz.8.5698'.
[ 1297.997039][T28034] netlink: 48 bytes leftover after parsing attributes in process `syz.8.5698'.
[ 1298.024517][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1298.060279][T28035] sch_tbf: peakrate 5120 is lower than or equals to rate 14185422764071487220 !
[ 1298.278063][T28047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5701'.
[ 1298.282559][T28047] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1298.285977][T28047] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1299.064509][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1299.642562][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.645254][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.104522][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1301.144607][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1301.289543][T28086] binder_alloc: 28084: binder_alloc_buf, no vma
[ 1301.518947][T28095] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5711'.
[ 1301.521956][T28095] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1301.524470][T28095] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1302.064700][T14610] usb 11-1: new full-speed USB device number 19 using dummy_hcd
[ 1302.184563][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1302.250047][T14610] usb 11-1: config 0 has no interfaces?
[ 1302.261343][T14610] usb 11-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=e7.40
[ 1302.273978][T14610] usb 11-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1302.285742][T14610] usb 11-1: Product: syz
[ 1302.290383][T14610] usb 11-1: SerialNumber: syz
[ 1302.316248][T14610] usb 11-1: config 0 descriptor??
[ 1302.560421][T14610] usb 11-1: USB disconnect, device number 19
[ 1302.756179][T28115] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5720'.
[ 1303.224556][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1303.366712][T28125] binder: 28124:28125 ioctl c0306201 0 returned -14
[ 1303.380606][T28125] binder: 28124:28125 ioctl c0306201 80000240 returned -11
[ 1303.684815][T28133] binder: 28131:28133 ioctl c0306201 80000240 returned -11
[ 1304.015337][T28137] binder: 28136:28137 ioctl c0306201 80000240 returned -11
[ 1304.095121][T28139] vivid-007: =================  START STATUS  =================
[ 1304.098336][T28139] vivid-007: Enable Output Cropping: true
[ 1304.100336][T28139] vivid-007: Enable Output Composing: true
[ 1304.102441][T28139] vivid-007: Enable Output Scaler: true
[ 1304.104824][T28139] vivid-007: Tx RGB Quantization Range: Automatic
[ 1304.107436][T28139] vivid-007: Transmit Mode: HDMI
[ 1304.109517][T28139] vivid-007: Hotplug Present: 0x00000000
[ 1304.115694][T28139] vivid-007: RxSense Present: 0x00000000
[ 1304.118222][T28139] vivid-007: EDID Present: 0x00000000
[ 1304.120444][T28139] vivid-007: ==================  END STATUS  ==================
[ 1304.264548][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1305.298509][T28154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5732'.
[ 1305.304517][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1305.982868][T28158] binder: 28157:28158 ioctl c0306201 80000240 returned -11
[ 1306.035045][T28164] binder: 28162:28164 ioctl c0306201 80000240 returned -11
[ 1306.344575][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1306.984559][T26218] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1307.251763][T28196] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5744'.
[ 1307.254839][T28196] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1307.257352][T28196] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1307.394510][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1307.630256][T28199] binder: BINDER_SET_CONTEXT_MGR already set
[ 1307.632551][T28199] binder: 28198:28199 ioctl 4018620d 80000040 returned -16
[ 1307.635635][T28199] binder: 28198:28199 ioctl c0306201 80000240 returned -11
[ 1307.654084][T28201] binder: 28200:28201 ioctl c0306201 80000240 returned -11
[ 1308.424559][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1309.474596][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1309.819372][T28240] binder: BINDER_SET_CONTEXT_MGR already set
[ 1309.824577][T28240] binder: 28238:28240 ioctl 4018620d 80000040 returned -16
[ 1309.885187][T28240] binder: 28238:28240 ioctl c0306201 80000240 returned -11
[ 1310.216453][T28252] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5762'.
[ 1310.504505][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1311.189356][T28263] No control pipe specified
[ 1311.544545][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1312.055783][T28276] random: crng reseeded on system resumption
[ 1312.102283][T28278] binder: BINDER_SET_CONTEXT_MGR already set
[ 1312.104355][T28278] binder: 28277:28278 ioctl 4018620d 80000040 returned -16
[ 1312.176907][T28278] binder: 28277:28278 ioctl c0306201 80000240 returned -11
[ 1312.530952][T28285] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5772'.
[ 1312.594519][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1312.911594][T28292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5773'.
[ 1313.004612][T28294] overlayfs: failed to resolve './file0': -2
[ 1313.008592][T28294] random: crng reseeded on system resumption
[ 1313.624494][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1313.760561][T28318] netlink: 112 bytes leftover after parsing attributes in process `syz.9.5785'.
[ 1313.905638][T28319] input: syz0 as /devices/virtual/input/input30
[ 1314.058263][T28331] netlink: 71 bytes leftover after parsing attributes in process `syz.8.5790'.
[ 1314.129854][T28335] autofs: Bad value for 'fd'
[ 1314.132623][T28337] binder: 28336:28337 ioctl c0306201 80000240 returned -11
[ 1314.226268][T28340] binder: BINDER_SET_CONTEXT_MGR already set
[ 1314.228507][T28340] binder: 28339:28340 ioctl 4018620d 80000040 returned -16
[ 1314.231895][T28340] binder: 28339:28340 ioctl c0306201 80000240 returned -11
[ 1314.664553][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1314.693870][T28356] binder: 28353:28356 ioctl c00c620f 80000740 returned -22
[ 1314.950570][T28363] autofs: Unknown parameter '0x0000000000000000'
[ 1315.023333][T28368] binder: 28367:28368 ioctl c0306201 80000240 returned -11
[ 1315.495855][T28378] binder: BINDER_SET_CONTEXT_MGR already set
[ 1315.498024][T28378] binder: 28375:28378 ioctl 4018620d 80000040 returned -16
[ 1315.521860][T28378] binder: 28375:28378 ioctl c0306201 80000240 returned -11
[ 1315.650923][   T40] audit: type=1326 audit(2000000237.029:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.681010][   T40] audit: type=1326 audit(2000000237.029:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.704526][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1315.718225][   T40] audit: type=1326 audit(2000000237.029:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.724913][   T40] audit: type=1326 audit(2000000237.029:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.732795][   T40] audit: type=1326 audit(2000000237.029:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.739535][   T40] audit: type=1326 audit(2000000237.039:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.747969][   T40] audit: type=1326 audit(2000000237.039:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.756354][   T40] audit: type=1326 audit(2000000237.039:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.762975][   T40] audit: type=1326 audit(2000000237.039:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1315.778487][   T40] audit: type=1326 audit(2000000237.039:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28384 comm="syz.6.5811" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1316.541010][T28401] autofs: Unknown parameter '0x0000000000000000'
[ 1316.680680][T28405] binder: 28404:28405 ioctl c0306201 80000240 returned -11
[ 1316.683124][T28407] sp0: Synchronizing with TNC
[ 1316.744522][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1317.114203][T28415] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5820'.
[ 1317.118329][T28415] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1317.121554][T28415] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1317.794511][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1317.868553][T28425] autofs: Unknown parameter '0x0000000000000000'
[ 1318.091830][T28439] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5826'.
[ 1318.096123][T28439] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1318.099356][T28439] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1318.824572][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1319.198042][T28454] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5832'.
[ 1319.201462][T28454] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1319.203796][T28454] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1319.742432][T28457] binder: 28450:28457 ioctl c00c620f 80000740 returned -22
[ 1319.864492][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1320.914516][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1321.556634][T28493] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1321.559313][T28493] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1321.562915][T28493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5844'.
[ 1321.745271][T28499] program syz.8.5847 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1321.791885][T28501] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5845'.
[ 1321.796272][T28501] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1321.799084][T28501] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1321.944522][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1322.889440][T28532] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5857'.
[ 1322.892966][T28532] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5857'.
[ 1322.994523][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1323.100746][T28537] netlink: 16 bytes leftover after parsing attributes in process `syz.9.5859'.
[ 1323.195349][T28540] autofs: Unknown parameter 'fd0x0000000000000000'
[ 1323.401438][T28545] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5862'.
[ 1324.024523][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1324.642233][T28570] autofs: Unknown parameter 'fd0x0000000000000000'
[ 1324.812417][T28581] FAULT_INJECTION: forcing a failure.
[ 1324.812417][T28581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1324.816896][T28581] CPU: 1 UID: 0 PID: 28581 Comm: syz.9.5874 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1324.816925][T28581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1324.816934][T28581] Call Trace:
[ 1324.816939][T28581]  <TASK>
[ 1324.816944][T28581]  dump_stack_lvl+0x16c/0x1f0
[ 1324.816974][T28581]  should_fail_ex+0x512/0x640
[ 1324.816988][T28581]  _copy_to_user+0x32/0xd0
[ 1324.817013][T28581]  simple_read_from_buffer+0xcb/0x170
[ 1324.817033][T28581]  proc_fail_nth_read+0x197/0x270
[ 1324.817049][T28581]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1324.817066][T28581]  ? rw_verify_area+0xcf/0x680
[ 1324.817082][T28581]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1324.817097][T28581]  vfs_read+0x1e4/0xc60
[ 1324.817107][T28581]  ? fdget_pos+0x2a2/0x370
[ 1324.817119][T28581]  ? __pfx_vfs_read+0x10/0x10
[ 1324.817128][T28581]  ? find_held_lock+0x2b/0x80
[ 1324.817148][T28581]  ? __fget_files+0x20e/0x3c0
[ 1324.817170][T28581]  ksys_read+0x12a/0x250
[ 1324.817179][T28581]  ? __pfx_ksys_read+0x10/0x10
[ 1324.817191][T28581]  ? rcu_is_watching+0x12/0xc0
[ 1324.817205][T28581]  __do_fast_syscall_32+0x7c/0x3a0
[ 1324.817219][T28581]  do_fast_syscall_32+0x32/0x80
[ 1324.817231][T28581]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1324.817245][T28581] RIP: 0023:0xf7fc6579
[ 1324.817254][T28581] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1324.817265][T28581] RSP: 002b:00000000f50e6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1324.817276][T28581] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50e6620
[ 1324.817282][T28581] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[ 1324.817289][T28581] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1324.817295][T28581] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1324.817302][T28581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1324.817315][T28581]  </TASK>
[ 1324.889035][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1325.065073][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1325.117213][T28595] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5877'.
[ 1325.120212][T28595] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[ 1325.122770][T28595] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1325.260147][T28598] autofs: Unknown parameter 'fd0x0000000000000000'
[ 1326.104498][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1327.154651][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1327.891838][T28645] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1328.184563][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1328.544625][T22268] usb 11-1: new full-speed USB device number 20 using dummy_hcd
[ 1328.706259][T22268] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1328.709460][T22268] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 64
[ 1328.713385][T22268] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1328.717597][T22268] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1328.720477][T22268] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1329.224653][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1329.480697][T22268] usb 11-1: usb_control_msg returned -32
[ 1329.482654][T22268] usbtmc 11-1:16.0: can't read capabilities
[ 1329.553668][T28686] netlink: 16 bytes leftover after parsing attributes in process `syz.8.5906'.
[ 1329.763922][T28699] binder: 28697:28699 ioctl 4018620d 0 returned -22
[ 1329.770575][T28699] binder: 28697:28699 ioctl c0306201 80000240 returned -11
[ 1330.094396][T28719] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0)
[ 1330.274511][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1330.943736][T28725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5914'.
[ 1331.314546][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1332.312444][T14610] usb 11-1: USB disconnect, device number 20
[ 1332.344483][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1332.747343][T28761] binder: BINDER_SET_CONTEXT_MGR already set
[ 1332.750015][T28761] binder: 28760:28761 ioctl 4018620d 80000040 returned -16
[ 1332.753780][T28761] binder: 28760:28761 ioctl c0306201 80000240 returned -11
[ 1333.604608][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1333.774328][T28775] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5930'.
[ 1334.153967][T28781] binder: 28780:28781 ioctl c0306201 80000240 returned -11
[ 1334.243157][T28783] tmpfs: Bad value for 'mpol'
[ 1334.664693][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1335.704520][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1336.754523][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1336.794293][T28820] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5944'.
[ 1337.639382][T28829] netlink: 84 bytes leftover after parsing attributes in process `syz.6.5943'.
[ 1337.653056][T28829] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1337.708616][T28832] binder: 28831:28832 ioctl c0306201 80000240 returned -11
[ 1337.784550][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1337.919269][T28835] netlink: 96 bytes leftover after parsing attributes in process `syz.9.5951'.
[ 1338.695897][T28844] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5953'.
[ 1338.800379][T28848] netlink: 830 bytes leftover after parsing attributes in process `syz.8.5953'.
[ 1338.824504][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1339.619684][T28859] binder: 28858:28859 ioctl c0306201 80000240 returned -11
[ 1339.844392][T28863] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5960'.
[ 1339.874511][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1340.904483][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1340.995600][T28883] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5973'.
[ 1341.000915][T28883] netlink: 830 bytes leftover after parsing attributes in process `syz.6.5973'.
[ 1341.171168][T28892] block device autoloading is deprecated and will be removed.
[ 1341.174597][T28892] syz.6.5967: attempt to access beyond end of device
[ 1341.174597][T28892] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1341.757454][T28918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5978'.
[ 1341.763148][T28918] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5978'.
[ 1341.834949][T28926] FAULT_INJECTION: forcing a failure.
[ 1341.834949][T28926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1341.839521][T28926] CPU: 3 UID: 0 PID: 28926 Comm: syz.8.5982 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1341.839538][T28926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1341.839545][T28926] Call Trace:
[ 1341.839557][T28926]  <TASK>
[ 1341.839562][T28926]  dump_stack_lvl+0x16c/0x1f0
[ 1341.839590][T28926]  should_fail_ex+0x512/0x640
[ 1341.839609][T28926]  _copy_to_user+0x32/0xd0
[ 1341.839623][T28926]  simple_read_from_buffer+0xcb/0x170
[ 1341.839641][T28926]  proc_fail_nth_read+0x197/0x270
[ 1341.839658][T28926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1341.839674][T28926]  ? rw_verify_area+0xcf/0x680
[ 1341.839690][T28926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1341.839705][T28926]  vfs_read+0x1e4/0xc60
[ 1341.839716][T28926]  ? fdget_pos+0x2a2/0x370
[ 1341.839728][T28926]  ? __pfx_vfs_read+0x10/0x10
[ 1341.839737][T28926]  ? find_held_lock+0x2b/0x80
[ 1341.839770][T28926]  ? __fget_files+0x20e/0x3c0
[ 1341.839792][T28926]  ksys_read+0x12a/0x250
[ 1341.839802][T28926]  ? __pfx_ksys_read+0x10/0x10
[ 1341.839813][T28926]  ? rcu_is_watching+0x12/0xc0
[ 1341.839827][T28926]  __do_fast_syscall_32+0x7c/0x3a0
[ 1341.839841][T28926]  do_fast_syscall_32+0x32/0x80
[ 1341.839853][T28926]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1341.839867][T28926] RIP: 0023:0xf7f07579
[ 1341.839876][T28926] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1341.839887][T28926] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1341.839897][T28926] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5026620
[ 1341.839904][T28926] RDX: 000000000000000f RSI: 00000000f7394ff4 RDI: 0000000000000000
[ 1341.839910][T28926] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1341.839916][T28926] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1341.839922][T28926] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1341.839936][T28926]  </TASK>
[ 1341.954514][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1341.961928][T28932] overlayfs: missing 'lowerdir'
[ 1341.988718][T28932] netlink: 'syz.6.5984': attribute type 4 has an invalid length.
[ 1342.739000][T28940] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1342.831888][T28940] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1342.984530][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1343.003018][T28940] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1343.090103][T28940] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1343.210056][T28940] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.224016][T28940] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.232740][T28940] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.251193][T28940] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1343.991967][T28969] binder: 28968:28969 ioctl c0306201 80000240 returned -11
[ 1344.024549][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1344.806585][T28981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5999'.
[ 1345.064618][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1345.844746][T28997] binder: BINDER_SET_CONTEXT_MGR already set
[ 1345.849660][T28997] binder: 28996:28997 ioctl 4018620d 80000040 returned -16
[ 1345.852531][T28997] binder: 28996:28997 ioctl c0306201 80000240 returned -11
[ 1345.974689][T29008] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6011'.
[ 1345.977781][T29008] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6011'.
[ 1346.104518][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1346.792590][T29033] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6016'.
[ 1346.823607][T29037] binder: 29036:29037 ioctl c0306201 80000240 returned -11
[ 1347.144502][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1348.194497][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1348.348317][T29071] binder: 29069:29071 ioctl c0306201 80000240 returned -11
[ 1348.994557][T29091] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6036'.
[ 1349.006856][T29093] FAULT_INJECTION: forcing a failure.
[ 1349.006856][T29093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1349.011028][T29093] CPU: 1 UID: 0 PID: 29093 Comm: syz.8.6039 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1349.011045][T29093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1349.011052][T29093] Call Trace:
[ 1349.011057][T29093]  <TASK>
[ 1349.011073][T29093]  dump_stack_lvl+0x16c/0x1f0
[ 1349.011089][T29093]  should_fail_ex+0x512/0x640
[ 1349.011102][T29093]  ? __pfx_do_get_msr+0x10/0x10
[ 1349.011113][T29093]  _copy_to_user+0x32/0xd0
[ 1349.011126][T29093]  ? __pfx_do_get_msr+0x10/0x10
[ 1349.011136][T29093]  msr_io+0x21f/0x2a0
[ 1349.011149][T29093]  ? __pfx_msr_io+0x10/0x10
[ 1349.011164][T29093]  ? find_held_lock+0x2b/0x80
[ 1349.011179][T29093]  kvm_arch_vcpu_ioctl+0x829/0x52d0
[ 1349.011190][T29093]  ? kvm_arch_vcpu_ioctl+0x800/0x52d0
[ 1349.011201][T29093]  ? is_bpf_text_address+0x94/0x1a0
[ 1349.011217][T29093]  ? kernel_text_address+0x8d/0x100
[ 1349.011237][T29093]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1349.011254][T29093]  ? stack_trace_save+0x8e/0xc0
[ 1349.011269][T29093]  ? __lock_acquire+0xb8a/0x1c90
[ 1349.011286][T29093]  ? kasan_save_stack+0x42/0x60
[ 1349.011297][T29093]  ? kasan_save_track+0x14/0x30
[ 1349.011309][T29093]  ? __mutex_trylock_common+0xe9/0x250
[ 1349.011325][T29093]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1349.011341][T29093]  ? __pfx___might_resched+0x10/0x10
[ 1349.011354][T29093]  ? rcu_is_watching+0x12/0xc0
[ 1349.011366][T29093]  ? trace_contention_end+0xdd/0x130
[ 1349.011382][T29093]  ? __mutex_lock+0x1ca/0xb90
[ 1349.011394][T29093]  ? kvm_vcpu_ioctl+0x280/0x1690
[ 1349.011408][T29093]  ? __pfx___mutex_lock+0x10/0x10
[ 1349.011425][T29093]  ? kasan_quarantine_put+0x10a/0x240
[ 1349.011438][T29093]  ? kvm_vcpu_ioctl+0x1236/0x1690
[ 1349.011451][T29093]  kvm_vcpu_ioctl+0x1236/0x1690
[ 1349.011466][T29093]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1349.011479][T29093]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1349.011497][T29093]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1349.011512][T29093]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1349.011530][T29093]  ? do_vfs_ioctl+0x523/0x1a60
[ 1349.011546][T29093]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1349.011573][T29093]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[ 1349.011587][T29093]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1349.011601][T29093]  ? __fget_files+0x20e/0x3c0
[ 1349.011617][T29093]  ? __fput_deferred+0x480/0x480
[ 1349.011633][T29093]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1349.011648][T29093]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1349.011665][T29093]  __do_fast_syscall_32+0x7c/0x3a0
[ 1349.011678][T29093]  do_fast_syscall_32+0x32/0x80
[ 1349.011708][T29093]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1349.011722][T29093] RIP: 0023:0xf7f07579
[ 1349.011730][T29093] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1349.011742][T29093] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1349.011753][T29093] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008ae88
[ 1349.011759][T29093] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1349.011766][T29093] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1349.011772][T29093] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1349.011779][T29093] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1349.011793][T29093]  </TASK>
[ 1349.234482][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1349.924178][   T40] kauditd_printk_skb: 68 callbacks suppressed
[ 1349.924190][   T40] audit: type=1326 audit(2000000271.299:1845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29114 comm="syz.2.6047" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706e579 code=0x0
[ 1350.030177][T29121] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1350.032441][T29122] syzkaller0: entered promiscuous mode
[ 1350.034307][T29122] syzkaller0: entered allmulticast mode
[ 1350.047708][T29123] tipc: Resetting bearer <eth:syzkaller0>
[ 1350.059022][T29123] tipc: Disabling bearer <eth:syzkaller0>
[ 1350.264514][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1350.834254][T29146] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6055'.
[ 1350.841908][T29146] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6055'.
[ 1350.886727][T29146] syzkaller0: entered promiscuous mode
[ 1350.888360][T29146] syzkaller0: entered allmulticast mode
[ 1351.081742][T29161] syz.6.6060 (29161): attempted to duplicate a private mapping with mremap.  This is not supported.
[ 1351.304564][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1351.358931][T29168] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6063'.
[ 1351.858865][T29173] fuse: Bad value for 'group_id'
[ 1351.860672][T29173] fuse: Bad value for 'group_id'
[ 1352.344492][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1353.123129][T29201] fuse: Bad value for 'group_id'
[ 1353.125029][T29201] fuse: Bad value for 'group_id'
[ 1353.384584][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1353.532156][T29212] syz.9.6079: attempt to access beyond end of device
[ 1353.532156][T29212] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1353.653176][T29222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6081'.
[ 1353.688189][T29226] FAULT_INJECTION: forcing a failure.
[ 1353.688189][T29226] name failslab, interval 1, probability 0, space 0, times 0
[ 1353.692165][T29226] CPU: 3 UID: 0 PID: 29226 Comm: syz.9.6083 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1353.692189][T29226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1353.692205][T29226] Call Trace:
[ 1353.692213][T29226]  <TASK>
[ 1353.692222][T29226]  dump_stack_lvl+0x16c/0x1f0
[ 1353.692252][T29226]  should_fail_ex+0x512/0x640
[ 1353.692304][T29226]  ? fs_reclaim_acquire+0xae/0x150
[ 1353.692342][T29226]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1353.692364][T29226]  should_failslab+0xc2/0x120
[ 1353.692392][T29226]  __kmalloc_noprof+0xd2/0x510
[ 1353.692420][T29226]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1353.692437][T29226]  ? tomoyo_profile+0x47/0x60
[ 1353.692456][T29226]  tomoyo_path_number_perm+0x245/0x580
[ 1353.692476][T29226]  ? tomoyo_path_number_perm+0x237/0x580
[ 1353.692500][T29226]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1353.692544][T29226]  ? find_held_lock+0x2b/0x80
[ 1353.692561][T29226]  ? hook_file_ioctl_common+0x145/0x410
[ 1353.692588][T29226]  ? __fget_files+0x20e/0x3c0
[ 1353.692611][T29226]  ? __fput_deferred+0x480/0x480
[ 1353.692633][T29226]  security_file_ioctl_compat+0x9b/0x240
[ 1353.692658][T29226]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1353.692683][T29226]  __do_fast_syscall_32+0x7c/0x3a0
[ 1353.692705][T29226]  do_fast_syscall_32+0x32/0x80
[ 1353.692721][T29226]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1353.692740][T29226] RIP: 0023:0xf7fc6579
[ 1353.692752][T29226] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1353.692763][T29226] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1353.692773][T29226] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c040565f
[ 1353.692780][T29226] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1353.692787][T29226] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1353.692793][T29226] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1353.692799][T29226] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1353.692813][T29226]  </TASK>
[ 1353.692882][T29226] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1353.979343][T29231] fuse: Bad value for 'group_id'
[ 1353.981422][T29231] fuse: Bad value for 'group_id'
[ 1354.424495][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1354.502810][T29242] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6089'.
[ 1355.474491][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1355.842533][T29270] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6099'.
[ 1356.001961][T29280] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6101'.
[ 1356.504544][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1356.990374][T29301] netlink: 8 bytes leftover after parsing attributes in process `syz.9.6109'.
[ 1357.544516][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1357.788352][T29328] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6119'.
[ 1357.922500][T29335] syzkaller1: entered promiscuous mode
[ 1357.924832][T29335] syzkaller1: entered allmulticast mode
[ 1358.594585][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1359.212354][T29356] binder: 29355:29356 ioctl 4018620d 0 returned -22
[ 1359.216159][T29356] binder: 29355:29356 ioctl c0306201 80000240 returned -11
[ 1359.239517][T29360] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6130'.
[ 1359.624535][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1359.957191][T29374] binder: 29373:29374 ioctl c0306201 0 returned -14
[ 1360.112822][T29384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6137'.
[ 1360.117687][T29384] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6137'.
[ 1360.120171][T29382] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6136'.
[ 1360.212820][T29387] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6135'.
[ 1360.664595][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1360.958433][T29398] binder: 29397:29398 ioctl 4018620d 0 returned -22
[ 1360.962228][T29398] binder: 29397:29398 ioctl c0306201 80000240 returned -11
[ 1361.057917][T29400] FAULT_INJECTION: forcing a failure.
[ 1361.057917][T29400] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1361.064771][T29400] CPU: 2 UID: 0 PID: 29400 Comm: syz.9.6142 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1361.064789][T29400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1361.064796][T29400] Call Trace:
[ 1361.064801][T29400]  <TASK>
[ 1361.064806][T29400]  dump_stack_lvl+0x16c/0x1f0
[ 1361.064838][T29400]  should_fail_ex+0x512/0x640
[ 1361.064857][T29400]  should_fail_alloc_page+0xe7/0x130
[ 1361.064872][T29400]  prepare_alloc_pages+0x3c2/0x610
[ 1361.064888][T29400]  ? __lock_acquire+0x622/0x1c90
[ 1361.064905][T29400]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1361.064918][T29400]  ? __lock_acquire+0x622/0x1c90
[ 1361.064934][T29400]  ? lock_acquire+0x179/0x350
[ 1361.064952][T29400]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1361.064964][T29400]  ? lock_acquire+0x179/0x350
[ 1361.064979][T29400]  ? find_held_lock+0x2b/0x80
[ 1361.064994][T29400]  ? __lock_acquire+0xb8a/0x1c90
[ 1361.065011][T29400]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1361.065029][T29400]  ? policy_nodemask+0xea/0x4e0
[ 1361.065043][T29400]  alloc_pages_mpol+0x1fb/0x550
[ 1361.065057][T29400]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1361.065078][T29400]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1361.065094][T29400]  shmem_alloc_folio+0x135/0x160
[ 1361.065111][T29400]  shmem_alloc_and_add_folio+0x499/0xc20
[ 1361.065133][T29400]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[ 1361.065152][T29400]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[ 1361.065167][T29400]  shmem_get_folio_gfp+0x67f/0x1600
[ 1361.065181][T29400]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[ 1361.065193][T29400]  ? __lock_acquire+0x622/0x1c90
[ 1361.065209][T29400]  shmem_fault+0x1fe/0xa30
[ 1361.065221][T29400]  ? __pfx_shmem_fault+0x10/0x10
[ 1361.065234][T29400]  ? __lock_acquire+0xb8a/0x1c90
[ 1361.065253][T29400]  __do_fault+0x10d/0x490
[ 1361.065265][T29400]  ? __pfx_filemap_map_pages+0x10/0x10
[ 1361.065277][T29400]  __handle_mm_fault+0x374c/0x5490
[ 1361.065298][T29400]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1361.065316][T29400]  ? __pte_offset_map_lock+0x174/0x310
[ 1361.065330][T29400]  ? find_held_lock+0x2b/0x80
[ 1361.065340][T29400]  ? find_held_lock+0x2b/0x80
[ 1361.065355][T29400]  ? follow_page_pte+0x3af/0x14c0
[ 1361.065373][T29400]  handle_mm_fault+0x589/0xd10
[ 1361.065393][T29400]  __get_user_pages+0x589/0x3b80
[ 1361.065414][T29400]  ? __pfx___get_user_pages+0x10/0x10
[ 1361.065429][T29400]  ? __pfx_down_read_killable+0x10/0x10
[ 1361.065447][T29400]  get_user_pages_unlocked+0x1c1/0x780
[ 1361.065465][T29400]  ? __pfx_get_user_pages_unlocked+0x10/0x10
[ 1361.065480][T29400]  ? get_user_pages_fast_only+0xae/0xf0
[ 1361.065495][T29400]  ? __pfx_get_user_pages_fast_only+0x10/0x10
[ 1361.065510][T29400]  ? __pfx___might_resched+0x10/0x10
[ 1361.065526][T29400]  hva_to_pfn+0x886/0xe40
[ 1361.065544][T29400]  ? trace_sched_exit_tp+0xde/0x130
[ 1361.065557][T29400]  ? __pfx_hva_to_pfn+0x10/0x10
[ 1361.065582][T29400]  ? __pfx___schedule+0x10/0x10
[ 1361.065600][T29400]  kvm_follow_pfn+0x2d4/0x430
[ 1361.065619][T29400]  __kvm_faultin_pfn+0x11c/0x1a0
[ 1361.065636][T29400]  ? __pfx___kvm_faultin_pfn+0x10/0x10
[ 1361.065672][T29400]  vmx_set_apic_access_page_addr+0x52f/0x900
[ 1361.065687][T29400]  ? __pfx_vmx_set_apic_access_page_addr+0x10/0x10
[ 1361.065699][T29400]  ? find_held_lock+0x2b/0x80
[ 1361.065711][T29400]  ? vcpu_run+0x49ee/0x5500
[ 1361.065726][T29400]  vcpu_run+0x41bd/0x5500
[ 1361.065745][T29400]  ? __pfx_vcpu_run+0x10/0x10
[ 1361.065760][T29400]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[ 1361.065772][T29400]  ? __local_bh_enable_ip+0xa4/0x120
[ 1361.065787][T29400]  ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[ 1361.065801][T29400]  kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[ 1361.065819][T29400]  kvm_vcpu_ioctl+0x5eb/0x1690
[ 1361.065834][T29400]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1361.065848][T29400]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1361.065866][T29400]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1361.065881][T29400]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1361.065899][T29400]  ? do_vfs_ioctl+0x523/0x1a60
[ 1361.065915][T29400]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1361.065942][T29400]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[ 1361.065957][T29400]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1361.065971][T29400]  ? __fget_files+0x20e/0x3c0
[ 1361.065987][T29400]  ? __fput_deferred+0x480/0x480
[ 1361.066003][T29400]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1361.066017][T29400]  __ia32_compat_sys_ioctl+0x23f/0x370
[ 1361.066035][T29400]  __do_fast_syscall_32+0x7c/0x3a0
[ 1361.066048][T29400]  do_fast_syscall_32+0x32/0x80
[ 1361.066060][T29400]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1361.066078][T29400] RIP: 0023:0xf7fc6579
[ 1361.066088][T29400] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1361.066099][T29400] RSP: 002b:00000000f50e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1361.066110][T29400] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[ 1361.066117][T29400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1361.066124][T29400] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1361.066130][T29400] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1361.066136][T29400] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1361.066150][T29400]  </TASK>
[ 1361.067800][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.237587][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.334708][T29403] fuse: Unknown parameter 'grou00000000000000000000'
[ 1361.405804][T29407] binder: 29406:29407 ioctl c0306201 0 returned -14
[ 1361.460275][T29413] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1361.465585][T29413] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1361.471332][T29413] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1361.479327][T29413] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1361.596790][T29420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6150'.
[ 1361.714558][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1361.758313][T29423] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6149'.
[ 1362.754511][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1362.963036][T29456] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1363.127656][T29465] fuse: Bad value for 'rootmode'
[ 1363.314613][ T6068] usb 11-1: new full-speed USB device number 21 using dummy_hcd
[ 1363.444532][ T6068] usb 11-1: device descriptor read/64, error -71
[ 1363.684573][ T6068] usb 11-1: new full-speed USB device number 22 using dummy_hcd
[ 1363.744505][   T40] audit: type=1326 audit(2000000285.119:1846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.752968][   T40] audit: type=1326 audit(2000000285.119:1847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.764886][   T40] audit: type=1326 audit(2000000285.119:1848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.771979][   T40] audit: type=1326 audit(2000000285.119:1849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.780510][   T40] audit: type=1326 audit(2000000285.119:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.790139][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1363.795514][   T40] audit: type=1326 audit(2000000285.119:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.802955][   T40] audit: type=1326 audit(2000000285.119:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.806375][T29475] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1363.809895][   T40] audit: type=1326 audit(2000000285.119:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.819593][   T40] audit: type=1326 audit(2000000285.119:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.829387][   T40] audit: type=1326 audit(2000000285.119:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29472 comm="syz.8.6171" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[ 1363.837410][ T6068] usb 11-1: device descriptor read/64, error -71
[ 1363.954777][ T6068] usb usb11-port1: attempt power cycle
[ 1364.304581][ T6068] usb 11-1: new full-speed USB device number 23 using dummy_hcd
[ 1364.325666][ T6068] usb 11-1: device descriptor read/8, error -71
[ 1364.547706][T29502] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1364.578899][T29505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6182'.
[ 1364.584533][ T6068] usb 11-1: new full-speed USB device number 24 using dummy_hcd
[ 1364.604887][ T6068] usb 11-1: device descriptor read/8, error -71
[ 1364.723005][ T6068] usb usb11-port1: unable to enumerate USB device
[ 1364.824593][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1365.864599][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1366.010524][T29520] binder: BINDER_SET_CONTEXT_MGR already set
[ 1366.012454][T29520] binder: 29519:29520 ioctl 4018620d 80000040 returned -16
[ 1366.015875][T29520] binder: 29519:29520 ioctl c0306201 80000240 returned -11
[ 1366.238457][T29532] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1366.356027][T29529] input: syz1 as /devices/virtual/input/input31
[ 1366.914548][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1367.944511][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1367.977177][T29564] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1368.060088][T29568] binder: 29567:29568 ioctl c0306201 80000240 returned -11
[ 1368.793002][T29586] overlayfs: failed to resolve './file0': -2
[ 1368.984504][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1369.002211][T29591] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[ 1369.154821][T29597] random: crng reseeded on system resumption
[ 1370.024549][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1371.074516][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1371.503074][T29648] ªªªªª»: renamed from hsr0 (while UP)
[ 1371.507027][T29647] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6228'.
[ 1371.563465][T29649] netlink: 240 bytes leftover after parsing attributes in process `syz.9.6227'.
[ 1371.928385][T29655] netlink: 96 bytes leftover after parsing attributes in process `syz.6.6231'.
[ 1372.104491][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1372.510897][T29661] binder: BINDER_SET_CONTEXT_MGR already set
[ 1372.513044][T29661] binder: 29659:29661 ioctl 4018620d 80000040 returned -16
[ 1372.516463][T29661] binder: 29659:29661 ioctl c0306201 80000240 returned -11
[ 1372.942008][T29673] fuse: Bad value for 'user_id'
[ 1372.944143][T29673] fuse: Bad value for 'user_id'
[ 1373.154517][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1373.180245][T29681] input: syz1 as /devices/virtual/input/input32
[ 1373.879815][T29684] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6241'.
[ 1374.184615][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1374.581431][T29704] x_tables: ip_tables: dccp match: only valid for protocol 33
[ 1375.054188][T29714] futex_wake_op: syz.8.6248 tries to shift op by 32; fix this program
[ 1375.224545][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1375.933860][T29732] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6257'.
[ 1376.274480][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1377.210909][T29751] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6264'.
[ 1377.314487][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1378.044036][T29767] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6269'.
[ 1378.344540][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1379.016855][T29788] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6276'.
[ 1379.384561][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1380.344497][T22268] usb 13-1: new high-speed USB device number 18 using dummy_hcd
[ 1380.434510][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1380.504507][T22268] usb 13-1: Using ep0 maxpacket: 8
[ 1380.514355][T22268] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1380.526557][T22268] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1380.530031][T22268] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1380.533249][T22268] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1380.536734][T22268] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1380.541113][T22268] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1380.544208][T22268] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1380.559088][T22268] usbtmc 13-1:16.0: probe with driver usbtmc failed with error -22
[ 1380.848214][   T40] kauditd_printk_skb: 53 callbacks suppressed
[ 1380.848232][   T40] audit: type=1326 audit(2000000302.229:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.863495][   T40] audit: type=1326 audit(2000000302.229:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.873786][   T40] audit: type=1326 audit(2000000302.239:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=445 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.894776][   T40] audit: type=1326 audit(2000000302.239:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.902212][   T40] audit: type=1326 audit(2000000302.239:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.925982][   T40] audit: type=1326 audit(2000000302.239:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.941923][   T40] audit: type=1326 audit(2000000302.239:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.952753][   T40] audit: type=1326 audit(2000000302.239:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1380.961765][   T40] audit: type=1326 audit(2000000302.239:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf712e598 code=0x7ffc0000
[ 1380.970084][   T40] audit: type=1326 audit(2000000302.239:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29833 comm="syz.6.6289" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e579 code=0x7ffc0000
[ 1381.464529][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1382.504505][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1382.646016][T22348] libceph: connect (1)[c::]:6789 error -101
[ 1382.648013][T22348] libceph: mon0 (1)[c::]:6789 connect error
[ 1382.692687][T29859] ceph: No mds server is up or the cluster is laggy
[ 1382.995638][T29881] fuse: Bad value for 'user_id'
[ 1382.997291][T29881] fuse: Bad value for 'user_id'
[ 1383.153433][T29886] binder: 29884:29886 ioctl c0306201 0 returned -14
[ 1383.544500][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1383.812930][T19992] usb 13-1: USB disconnect, device number 18
[ 1383.955890][T29897] netlink: 72 bytes leftover after parsing attributes in process `syz.6.6305'.
[ 1384.584486][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1385.109123][T29919] kvm_intel: kvm [29913]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x6
[ 1385.624519][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1386.036906][T29935] netlink: 64 bytes leftover after parsing attributes in process `syz.6.6316'.
[ 1386.050784][T29937] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6314'.
[ 1386.106568][T29942] binder: 29933:29942 ioctl c0306201 0 returned -14
[ 1386.287003][T29950] 9pnet_fd: Insufficient options for proto=fd
[ 1386.664726][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1387.418959][T29968] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6323'.
[ 1387.489288][T29970] netlink: 64 bytes leftover after parsing attributes in process `syz.9.6325'.
[ 1387.533661][T29974] fuse: Bad value for 'rootmode'
[ 1387.704491][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1388.754486][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1389.784539][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1390.536820][T30008] fuse: Bad value for 'rootmode'
[ 1390.648372][T30012] ieee802154 phy0 wpan0: encryption failed: -22
[ 1390.824608][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1390.871370][T30018] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6340'.
[ 1391.874484][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1392.341474][T30031] fuse: Bad value for 'user_id'
[ 1392.343550][T30031] fuse: Bad value for 'user_id'
[ 1392.904562][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1392.948653][T30044] fuse: Bad value for 'rootmode'
[ 1393.630571][T30062] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6351'.
[ 1393.944540][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1394.069193][T30070] fuse: Unknown parameter 'use00000000000000000000'
[ 1394.517070][T30077] netlink: 64 bytes leftover after parsing attributes in process `syz.9.6357'.
[ 1394.562746][T30073] lo speed is unknown, defaulting to 1000
[ 1394.574038][T30073] lo speed is unknown, defaulting to 1000
[ 1394.581856][T30073] lo speed is unknown, defaulting to 1000
[ 1394.766882][T30073] infiniband s
z1: set active
[ 1394.769836][   T24] lo speed is unknown, defaulting to 1000
[ 1394.771797][T30073] infiniband s
z1: added lo
[ 1394.806743][T30073] RDS/IB: s
z1: added
[ 1394.813096][T30073] smc: adding ib device s
z1 with port count 1
[ 1394.815514][T30073] smc:    ib device s
z1 port 1 has pnetid 
[ 1394.821215][   T24] lo speed is unknown, defaulting to 1000
[ 1394.826123][T30073] lo speed is unknown, defaulting to 1000
[ 1394.984581][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1395.080708][T30073] lo speed is unknown, defaulting to 1000
[ 1395.492816][T30073] lo speed is unknown, defaulting to 1000
[ 1395.916835][T30073] lo speed is unknown, defaulting to 1000
[ 1395.962706][T30106] binder: 30105:30106 ioctl c0306201 0 returned -14
[ 1395.965289][T30106] binder_alloc: 30105: binder_alloc_buf, no vma
[ 1395.998732][T30103] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6364'.
[ 1396.034514][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1396.058853][T30110] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6366'.
[ 1396.067989][T30112] netlink: 64 bytes leftover after parsing attributes in process `syz.9.6367'.
[ 1396.095027][T30110] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1396.099542][T30110] batman_adv: batadv0: Interface activated: dummy0
[ 1396.102269][T30110] batadv0: mtu less than device minimum
[ 1396.104779][T30110] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1396.108686][T30110] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1396.112576][T30110] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1396.116412][T30110] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1396.305411][T30118] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6369'.
[ 1397.074534][    C3] net_ratelimit: 16 callbacks suppressed
[ 1397.074547][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1397.461246][T30136] binder: 30135:30136 ioctl c0306201 0 returned -14
[ 1397.465587][T30136] binder_alloc: 30135: binder_alloc_buf, no vma
[ 1397.632710][T30141] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6376'.
[ 1397.922672][T30165] FAULT_INJECTION: forcing a failure.
[ 1397.922672][T30165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1397.937500][T30165] CPU: 0 UID: 0 PID: 30165 Comm: syz.8.6385 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1397.937520][T30165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1397.937527][T30165] Call Trace:
[ 1397.937531][T30165]  <TASK>
[ 1397.937536][T30165]  dump_stack_lvl+0x16c/0x1f0
[ 1397.937552][T30165]  should_fail_ex+0x512/0x640
[ 1397.937566][T30165]  _copy_to_user+0x32/0xd0
[ 1397.937580][T30165]  simple_read_from_buffer+0xcb/0x170
[ 1397.937598][T30165]  proc_fail_nth_read+0x197/0x270
[ 1397.937614][T30165]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1397.937631][T30165]  ? rw_verify_area+0xcf/0x680
[ 1397.937647][T30165]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1397.937662][T30165]  vfs_read+0x1e4/0xc60
[ 1397.937672][T30165]  ? fdget_pos+0x2a2/0x370
[ 1397.937684][T30165]  ? __pfx_vfs_read+0x10/0x10
[ 1397.937693][T30165]  ? find_held_lock+0x2b/0x80
[ 1397.937709][T30165]  ? __fget_files+0x20e/0x3c0
[ 1397.937735][T30165]  ksys_read+0x12a/0x250
[ 1397.937745][T30165]  ? __pfx_ksys_read+0x10/0x10
[ 1397.937756][T30165]  ? rcu_is_watching+0x12/0xc0
[ 1397.937770][T30165]  __do_fast_syscall_32+0x7c/0x3a0
[ 1397.937784][T30165]  do_fast_syscall_32+0x32/0x80
[ 1397.937796][T30165]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1397.937810][T30165] RIP: 0023:0xf7f07579
[ 1397.937819][T30165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1397.937830][T30165] RSP: 002b:00000000f5026590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1397.937840][T30165] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5026620
[ 1397.937847][T30165] RDX: 000000000000000f RSI: 00000000f7394ff4 RDI: 0000000000000000
[ 1397.937854][T30165] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1397.937860][T30165] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1397.937866][T30165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1397.937879][T30165]  </TASK>
[ 1398.114499][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1398.468375][T30172] binder: 30171:30172 ioctl c0306201 0 returned -14
[ 1398.471952][T30172] binder_alloc: 30171: binder_alloc_buf, no vma
[ 1398.779424][T30197] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6394'.
[ 1398.936256][T30204] binder_alloc: 30202: binder_alloc_buf, no vma
[ 1399.154501][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1399.212672][T30195] rdma_rxe: rxe_newlink: failed to add lo
[ 1399.424568][T22268] usb 13-1: new high-speed USB device number 19 using dummy_hcd
[ 1399.574479][T22268] usb 13-1: device descriptor read/64, error -71
[ 1399.733937][T30232] binder_alloc: 30231: binder_alloc_buf, no vma
[ 1399.904468][T22268] usb 13-1: new high-speed USB device number 20 using dummy_hcd
[ 1400.000882][T30245] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1400.000882][T30245]    program syz.9.6414 not setting count and/or reply_len properly
[ 1400.094476][T22268] usb 13-1: device descriptor read/64, error -71
[ 1400.184498][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1400.205746][T22268] usb usb13-port1: attempt power cycle
[ 1400.488851][T30249] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1400.554492][T22268] usb 13-1: new high-speed USB device number 21 using dummy_hcd
[ 1400.577235][T22268] usb 13-1: device descriptor read/8, error -71
[ 1400.824606][T22268] usb 13-1: new high-speed USB device number 22 using dummy_hcd
[ 1400.844918][T22268] usb 13-1: device descriptor read/8, error -71
[ 1400.954866][T22268] usb usb13-port1: unable to enumerate USB device
[ 1400.999966][T30259] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6418'.
[ 1401.224603][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1402.264576][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1402.521472][T30296] IPVS: Scheduler module ip_vs_sip not found
[ 1402.679975][ T5961] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1402.683663][ T5961] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1402.688544][ T5961] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1402.696324][ T5961] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1402.702191][ T5961] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1402.731987][T30300] lo speed is unknown, defaulting to 1000
[ 1402.735730][T30300] lo speed is unknown, defaulting to 1000
[ 1402.833518][T30303] binder_alloc: 30302: binder_alloc_buf, no vma
[ 1402.935866][T30300] chnl_net:caif_netlink_parms(): no params data found
[ 1403.061488][T30300] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1403.063765][T30300] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1403.069170][T30300] bridge_slave_0: entered allmulticast mode
[ 1403.073269][T30300] bridge_slave_0: entered promiscuous mode
[ 1403.081095][T30300] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1403.084300][T30300] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1403.090249][T30300] bridge_slave_1: entered allmulticast mode
[ 1403.094358][T30300] bridge_slave_1: entered promiscuous mode
[ 1403.134817][T30300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1403.139431][T30300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1403.193123][T30300] team0: Port device team_slave_0 added
[ 1403.201958][T30300] team0: Port device team_slave_1 added
[ 1403.229810][T30319] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1403.260259][T30300] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1403.262563][T30300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1403.272248][T30300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1403.276885][T30300] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1403.279070][T30300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1403.288735][T30300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1403.314563][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1403.368934][T30300] hsr_slave_0: entered promiscuous mode
[ 1403.371174][T30300] hsr_slave_1: entered promiscuous mode
[ 1403.558864][T30300] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1403.668364][T30300] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1403.768937][T30300] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1403.862724][T30300] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1404.028802][T30300] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1404.033381][T30300] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1404.038246][T30300] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1404.048933][T30300] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1404.092458][T30333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6443'.
[ 1404.102644][T30300] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1404.120534][T30300] 8021q: adding VLAN 0 to HW filter on device team0
[ 1404.127350][T10235] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1404.130330][T10235] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1404.140188][   T89] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1404.142916][   T89] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1404.344508][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1404.388872][T30359] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1404.404115][T30300] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1404.557790][T30300] veth0_vlan: entered promiscuous mode
[ 1404.562933][T30300] veth1_vlan: entered promiscuous mode
[ 1404.754579][T26218] Bluetooth: hci4: command tx timeout
[ 1404.837788][T30300] veth0_macvtap: entered promiscuous mode
[ 1404.842128][T30300] veth1_macvtap: entered promiscuous mode
[ 1404.860894][T30300] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1404.874376][T30300] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1404.885614][T30300] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.891797][T30300] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.898025][T30300] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.904121][T30300] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.982024][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1404.986533][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1405.012307][T22754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1405.015156][T22754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1405.087401][T30378] dns_resolver: Unsupported server list version (0)
[ 1405.141479][T30383] vivid-004: disconnect
[ 1405.143253][T30377] vivid-004: reconnect
[ 1405.277107][T30390] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6453'.
[ 1405.384521][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1406.059912][T30397] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1406.208080][T30401] netlink: 'syz.8.6459': attribute type 1 has an invalid length.
[ 1406.210610][T30401] netlink: 232 bytes leftover after parsing attributes in process `syz.8.6459'.
[ 1406.213425][T30401] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6459'.
[ 1406.255899][T30411] sg_write: data in/out 41084/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1406.255899][T30411]    program syz.6.6462 not setting count and/or reply_len properly
[ 1406.424592][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1406.464583][T22348] usb 14-1: new high-speed USB device number 22 using dummy_hcd
[ 1406.634644][T22348] usb 14-1: Using ep0 maxpacket: 32
[ 1406.638000][T22348] usb 14-1: config index 0 descriptor too short (expected 156, got 27)
[ 1406.640604][T22348] usb 14-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1406.644031][T22348] usb 14-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1406.647691][T22348] usb 14-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1406.651775][T22348] usb 14-1: config 0 interface 0 has no altsetting 0
[ 1406.656771][T22348] usb 14-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1406.659714][T22348] usb 14-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1406.662550][T22348] usb 14-1: Product: syz
[ 1406.663928][T22348] usb 14-1: Manufacturer: syz
[ 1406.665635][T22348] usb 14-1: SerialNumber: syz
[ 1406.670423][T22348] usb 14-1: config 0 descriptor??
[ 1406.673576][T22348] ldusb 14-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1406.679541][T22348] ldusb 14-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1406.824608][T26218] Bluetooth: hci4: command tx timeout
[ 1406.879358][T22348] usb 14-1: USB disconnect, device number 22
[ 1406.886544][T22348] ldusb 14-1:0.0: LD USB Device #0 now disconnected
[ 1407.464475][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1408.072777][T30440] input: syz1 as /devices/virtual/input/input33
[ 1408.504551][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1408.914662][T26218] Bluetooth: hci4: command tx timeout
[ 1409.196943][T30463] sp0: Synchronizing with TNC
[ 1409.205291][T30463] block nbd2: not configured, cannot reconfigure
[ 1409.212790][T30463] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1409.262026][T30465] sp0: Found TNC
[ 1409.350308][T30463] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1409.535431][T30463] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1409.554528][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1409.617616][T30463] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1409.621563][T30472] binder_alloc: 30469: binder_alloc_buf, no vma
[ 1409.675214][T30463] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1409.684125][T30463] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1409.692009][T30463] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1409.698794][T30463] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1410.280348][T30492] netlink: 96 bytes leftover after parsing attributes in process `syz.9.6483'.
[ 1410.594529][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1410.784938][ T5961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1410.794554][ T5961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1410.805248][ T5961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1410.819903][ T5961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1410.824937][ T5961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1410.833402][T30504] binder_alloc: 30498: binder_alloc_buf, no vma
[ 1410.850392][T30501] lo speed is unknown, defaulting to 1000
[ 1410.852973][T30501] lo speed is unknown, defaulting to 1000
[ 1410.881068][T30506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6489'.
[ 1410.984759][T26218] Bluetooth: hci4: command tx timeout
[ 1411.025096][T30501] chnl_net:caif_netlink_parms(): no params data found
[ 1411.086910][T30508] bridge2: entered promiscuous mode
[ 1411.088724][T30508] bridge2: entered allmulticast mode
[ 1411.183666][T30501] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1411.186579][T30501] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1411.189090][T30501] bridge_slave_0: entered allmulticast mode
[ 1411.191938][T30501] bridge_slave_0: entered promiscuous mode
[ 1411.195888][T30501] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1411.198758][T30501] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1411.201387][T30501] bridge_slave_1: entered allmulticast mode
[ 1411.204829][T30501] bridge_slave_1: entered promiscuous mode
[ 1411.257241][T30501] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1411.261658][T30501] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1411.385084][T30501] team0: Port device team_slave_0 added
[ 1411.388645][T30501] team0: Port device team_slave_1 added
[ 1411.453444][T30501] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1411.464613][T30501] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1411.473498][T30501] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1411.519631][T30501] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1411.522114][T30501] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1411.542463][T30501] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1411.634485][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1411.646053][T30501] hsr_slave_0: entered promiscuous mode
[ 1411.648410][T30501] hsr_slave_1: entered promiscuous mode
[ 1411.650608][T30501] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1411.653236][T30501] Cannot create hsr debugfs directory
[ 1411.687131][T30523] Invalid logical block size (768)
[ 1411.942397][T30531] fuse: Unknown parameter '0x0000000000000004'
[ 1411.993122][T30501] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1412.135147][T30501] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1412.286537][T30501] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1412.424025][T30501] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1412.620957][T30501] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1412.629649][T30501] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1412.637902][T30501] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1412.644491][T30501] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1412.664516][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1412.751633][T30501] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1412.779759][T30501] 8021q: adding VLAN 0 to HW filter on device team0
[ 1412.815630][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1412.817980][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1412.822353][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1412.824708][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1412.917733][ T5961] Bluetooth: hci2: command tx timeout
[ 1413.021818][T30549] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6499'.
[ 1413.027039][T30501] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1413.244133][T30501] veth0_vlan: entered promiscuous mode
[ 1413.249742][T30501] veth1_vlan: entered promiscuous mode
[ 1413.265860][T30501] veth0_macvtap: entered promiscuous mode
[ 1413.277079][T30501] veth1_macvtap: entered promiscuous mode
[ 1413.297792][T30501] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1413.307020][T30501] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1413.313136][T30501] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1413.318269][T30501] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1413.321731][T30501] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1413.325198][T30501] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1413.379901][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1413.382993][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1413.408655][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1413.411699][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1413.581642][T30575] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1413.584948][T30575] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6502'.
[ 1413.625048][T30578] fuse: Unknown parameter '0x0000000000000004'
[ 1413.714682][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1414.744592][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1414.951929][T30609] fuse: Unknown parameter '0x0000000000000004'
[ 1414.984624][ T5961] Bluetooth: hci2: command tx timeout
[ 1415.088820][T30620] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6519'.
[ 1415.224785][ T6068] usb 13-1: new high-speed USB device number 23 using dummy_hcd
[ 1415.404600][ T6068] usb 13-1: Using ep0 maxpacket: 8
[ 1415.417819][ T6068] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1415.421314][ T6068] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1415.436348][ T6068] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1415.439797][ T6068] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1415.443977][ T6068] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1415.447297][ T6068] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.680477][ T6068] usb 13-1: GET_CAPABILITIES returned 0
[ 1415.784583][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1415.802483][ T6068] usbtmc 13-1:16.0: can't read capabilities
[ 1416.138371][T30641] fuse: Unknown parameter '0x0000000000000004'
[ 1416.429844][T30647] netlink: 'syz.2.6527': attribute type 1 has an invalid length.
[ 1416.433124][T30647] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6527'.
[ 1416.824514][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1416.938839][ T6068] usb 13-1: USB disconnect, device number 23
[ 1417.064751][ T5961] Bluetooth: hci2: command tx timeout
[ 1417.423723][T30663] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6532'.
[ 1417.864490][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1417.932511][T30670] loop6: detected capacity change from 0 to 524287999
[ 1418.414320][T30684] input: syz0 as /devices/virtual/input/input34
[ 1418.904513][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1419.144620][ T5961] Bluetooth: hci2: command tx timeout
[ 1419.944955][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1420.984555][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1421.244095][T30702] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1421.248447][T30702] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6542'.
[ 1421.359459][T30704] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6545'.
[ 1421.707647][T26218] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1421.712982][T26218] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1421.717621][T26218] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1421.722161][T26218] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1421.728013][T26218] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1421.763738][T30711] lo speed is unknown, defaulting to 1000
[ 1421.768060][T30711] lo speed is unknown, defaulting to 1000
[ 1422.034520][    C3] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[ 1422.322646][T30711] chnl_net:caif_netlink_parms(): no params data found
[ 1422.330892][T30718] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3303861288 (422894244864 ns) > initial count (241705619456 ns). Using initial count to start timer.
[ 1422.340352][T30718] kvm: Disabled LAPIC found during irq injection
[ 1422.507228][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.509573][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.685590][T30711] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1422.690159][T30711] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1422.692464][T30711] bridge_slave_0: entered allmulticast mode
[ 1422.702754][T30711] bridge_slave_0: entered promiscuous mode
[ 1422.711097][T30711] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1422.718118][T30711] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1422.723352][T30711] bridge_slave_1: entered allmulticast mode
[ 1422.729218][T30711] bridge_slave_1: entered promiscuous mode
[ 1422.812618][T30711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1422.826893][T30711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1422.912993][T30711] team0: Port device team_slave_0 added
[ 1422.925669][T30711] team0: Port device team_slave_1 added
[ 1423.023120][T30711] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1423.027619][T30711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1423.064614][T30711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1423.083289][T30711] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1423.086073][T30711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1423.093987][T30711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1423.165523][T30730] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6550'.
[ 1423.224927][T30731] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6550'.
[ 1423.351554][T30711] hsr_slave_0: entered promiscuous mode
[ 1423.353890][T30711] hsr_slave_1: entered promiscuous mode
[ 1423.358258][T30711] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1423.360684][T30711] Cannot create hsr debugfs directory
[ 1423.486899][T30711] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1423.595795][T30711] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1423.689637][T30740] syzkaller0: entered promiscuous mode
[ 1423.691373][T30740] syzkaller0: entered allmulticast mode
[ 1423.794745][T26218] Bluetooth: hci0: command tx timeout
[ 1423.900822][T30711] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1423.962506][T30711] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1424.062603][T30711] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1424.075080][T30711] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1424.086712][T30711] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1424.091041][T30711] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1424.137751][T30711] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1424.167648][T30711] 8021q: adding VLAN 0 to HW filter on device team0
[ 1424.174743][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1424.177120][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1424.182505][T30749] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6555'.
[ 1424.185550][T27860] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1424.187882][T27860] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1424.211048][T30711] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1424.218356][T30711] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1424.365972][T30711] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1424.392920][T30711] veth0_vlan: entered promiscuous mode
[ 1424.400416][T30711] veth1_vlan: entered promiscuous mode
[ 1424.418508][T30711] veth0_macvtap: entered promiscuous mode
[ 1424.422350][T30711] veth1_macvtap: entered promiscuous mode
[ 1424.431241][T30711] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1424.437569][T30711] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1424.443151][T30711] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.446483][T30711] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.449153][T30711] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.451744][T30711] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1424.582375][T27860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1424.587301][T27860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1424.612883][ T1178] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1424.617052][ T1178] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1425.099778][T30761] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1425.187370][T30764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6543'.
[ 1425.484387][T30764] vlan2: entered allmulticast mode
[ 1425.488223][T30768] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6558'.
[ 1425.597622][T30778] x_tables: duplicate underflow at hook 2
[ 1425.655565][   T40] audit: type=1804 audit(2000000347.039:1919): pid=30779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.6560" name="/newroot/27/bus/bus" dev="overlay" ino=167 res=1 errno=0
[ 1425.655797][T30780] binder: 30775:30780 ioctl c0306201 0 returned -14
[ 1425.677104][   T40] audit: type=1804 audit(2000000347.049:1920): pid=30779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.6560" name="/newroot/27/bus/bus" dev="overlay" ino=167 res=1 errno=0
[ 1425.864530][T26218] Bluetooth: hci0: command tx timeout
[ 1427.751978][T30821] loop2: detected capacity change from 0 to 7
[ 1427.759548][T30821] Dev loop2: unable to read RDB block 7
[ 1427.761435][T30821]  loop2: unable to read partition table
[ 1427.763695][T30821] loop2: partition table beyond EOD, truncated
[ 1427.765965][T30821] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1427.799850][T30822] binder_alloc: binder_alloc_mmap_handler: 30811 80ffc000-80fff000 already mapped failed -16
[ 1427.954566][T26218] Bluetooth: hci0: command tx timeout
[ 1428.122537][T30829] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6576'.
[ 1428.223598][T30829] overlayfs: failed to resolve './file0': -2
[ 1428.322546][ T5961] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1428.327367][ T5961] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1428.330351][ T5961] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1428.333888][ T5961] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1428.345473][ T5961] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1428.347873][T30834] afs: Unknown parameter 'dyeà'
[ 1428.388875][T30831] lo speed is unknown, defaulting to 1000
[ 1428.392918][T30831] lo speed is unknown, defaulting to 1000
[ 1428.686186][T30842] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6579'.
[ 1428.687399][T30831] chnl_net:caif_netlink_parms(): no params data found
[ 1428.899454][T30831] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1428.902533][T30831] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1428.905850][T30831] bridge_slave_0: entered allmulticast mode
[ 1428.909847][T30831] bridge_slave_0: entered promiscuous mode
[ 1428.919007][T30831] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1428.922672][T30831] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1428.926729][T30831] bridge_slave_1: entered allmulticast mode
[ 1428.930676][T30831] bridge_slave_1: entered promiscuous mode
[ 1428.985991][T30831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1428.992087][T30831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1429.040158][T30831] team0: Port device team_slave_0 added
[ 1429.047705][T30831] team0: Port device team_slave_1 added
[ 1429.102643][T30831] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1429.106949][T30831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1429.120268][T30831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1429.127240][T30831] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1429.130072][T30831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1429.140857][T30831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1429.217182][T30831] hsr_slave_0: entered promiscuous mode
[ 1429.219522][T30831] hsr_slave_1: entered promiscuous mode
[ 1429.221613][T30831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1429.224049][T30831] Cannot create hsr debugfs directory
[ 1430.034547][T26218] Bluetooth: hci0: command tx timeout
[ 1430.099794][T30831] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1430.115480][T30831] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1430.126538][T30831] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1430.139088][T30831] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1430.262087][T30831] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1430.271844][T30831] 8021q: adding VLAN 0 to HW filter on device team0
[ 1430.283816][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1430.286753][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1430.294059][T27860] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1430.297086][T27860] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1430.329618][T30881] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6588'.
[ 1430.425965][T26218] Bluetooth: hci1: command tx timeout
[ 1430.426870][T30831] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1430.604204][T30831] veth0_vlan: entered promiscuous mode
[ 1430.611225][T30831] veth1_vlan: entered promiscuous mode
[ 1430.630271][T30831] veth0_macvtap: entered promiscuous mode
[ 1430.634339][T30831] veth1_macvtap: entered promiscuous mode
[ 1430.643517][T30831] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1430.648151][T30831] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1430.654470][T30831] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.657261][T30831] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.659988][T30831] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.663442][T30831] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.723188][T27860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1430.727557][T27860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1430.744367][T27860] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1430.747861][T27860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1430.936427][T30897] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(8)
[ 1430.938408][T30897] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1430.941296][T30897] vhci_hcd vhci_hcd.0: Device attached
[ 1431.006690][T22754] bridge_slave_1: left allmulticast mode
[ 1431.009151][T22754] bridge_slave_1: left promiscuous mode
[ 1431.012136][T22754] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1431.029471][T22754] bridge_slave_0: left promiscuous mode
[ 1431.031926][T22754] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1431.037581][T30899] vhci_hcd: connection closed
[ 1431.045695][T29667] vhci_hcd: stop threads
[ 1431.049702][T29667] vhci_hcd: release socket
[ 1431.057698][T29667] vhci_hcd: disconnect device
[ 1431.350082][T30907] x_tables: duplicate underflow at hook 2
[ 1431.615854][T22754] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1431.661526][T22754] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1431.694225][T22754] bond0 (unregistering): Released all slaves
[ 1431.743897][T22754] bond1 (unregistering): Released all slaves
[ 1432.004314][T22754] bond2 (unregistering): Released all slaves
[ 1432.227616][T22754] bond3 (unregistering): (slave vlan2): Releasing active interface
[ 1432.238421][T22754] bond3 (unregistering): Released all slaves
[ 1432.504574][T26218] Bluetooth: hci1: command tx timeout
[ 1432.561381][T22754] bond4 (unregistering): (slave veth5): Releasing active interface
[ 1432.570618][T22754] bond4 (unregistering): Released all slaves
[ 1432.589040][T22754] bond5 (unregistering): Released all slaves
[ 1433.310823][T30931] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6598'.
[ 1433.393815][T22754] 
[ 1433.394674][T22754] ======================================================
[ 1433.396892][T22754] WARNING: possible circular locking dependency detected
[ 1433.399087][T22754] 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 Not tainted
[ 1433.401751][T22754] ------------------------------------------------------
[ 1433.404944][T22754] kworker/u32:2/22754 is trying to acquire lock:
[ 1433.406963][T22754] ffff88806cc5ce00 (team->team_lock_key#12){+.+.}-{4:4}, at: team_del_slave+0x31/0x1b0
[ 1433.409978][T22754] 
[ 1433.409978][T22754] but task is already holding lock:
[ 1433.412516][T22754] ffff888072bc0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf0/0x720
[ 1433.415801][T22754] 
[ 1433.415801][T22754] which lock already depends on the new lock.
[ 1433.415801][T22754] 
[ 1433.419046][T22754] 
[ 1433.419046][T22754] the existing dependency chain (in reverse order) is:
[ 1433.421861][T22754] 
[ 1433.421861][T22754] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[ 1433.424286][T22754]        __mutex_lock+0x199/0xb90
[ 1433.425919][T22754]        ieee80211_open+0x132/0x210
[ 1433.427566][T22754]        __dev_open+0x2e7/0x7d0
[ 1433.429099][T22754]        netif_open+0xf2/0x160
[ 1433.430605][T22754]        dev_open+0xb2/0x260
[ 1433.432228][T22754]        team_add_slave+0xaf0/0x21a0
[ 1433.433949][T22754]        do_set_master+0x40c/0x730
[ 1433.435713][T22754]        do_setlink.constprop.0+0xbd8/0x4380
[ 1433.437598][T22754]        rtnl_newlink+0x1446/0x2000
[ 1433.439246][T22754]        rtnetlink_rcv_msg+0x95b/0xe90
[ 1433.440955][T22754]        netlink_rcv_skb+0x158/0x420
[ 1433.442617][T22754]        netlink_unicast+0x58a/0x850
[ 1433.444285][T22754]        netlink_sendmsg+0x8d1/0xdd0
[ 1433.446049][T22754]        ____sys_sendmsg+0xa95/0xc70
[ 1433.447733][T22754]        ___sys_sendmsg+0x134/0x1d0
[ 1433.449365][T22754]        __sys_sendmsg+0x16d/0x220
[ 1433.451002][T22754]        __do_fast_syscall_32+0x7c/0x3a0
[ 1433.452760][T22754]        do_fast_syscall_32+0x32/0x80
[ 1433.454468][T22754]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1433.456656][T22754] 
[ 1433.456656][T22754] -> #0 (team->team_lock_key#12){+.+.}-{4:4}:
[ 1433.459227][T22754]        __lock_acquire+0x126f/0x1c90
[ 1433.461055][T22754]        lock_acquire+0x179/0x350
[ 1433.462465][T22754]        __mutex_lock+0x199/0xb90
[ 1433.464283][T22754]        team_del_slave+0x31/0x1b0
[ 1433.466063][T22754]        team_device_event+0xd0/0x770
[ 1433.467772][T22754]        notifier_call_chain+0xb9/0x410
[ 1433.469469][T22754]        call_netdevice_notifiers_info+0xbe/0x140
[ 1433.471484][T22754]        unregister_netdevice_many_notify+0xf9d/0x2700
[ 1433.473613][T22754]        unregister_netdevice_queue+0x305/0x3f0
[ 1433.475618][T22754]        _cfg80211_unregister_wdev+0x64b/0x830
[ 1433.477579][T22754]        ieee80211_remove_interfaces+0x34e/0x720
[ 1433.479567][T22754]        ieee80211_unregister_hw+0x55/0x3a0
[ 1433.481428][T22754]        hwsim_exit_net+0x3ac/0x7d0
[ 1433.483067][T22754]        ops_undo_list+0x2eb/0xab0
[ 1433.484735][T22754]        cleanup_net+0x408/0x890
[ 1433.486309][T22754]        process_one_work+0x9cc/0x1b70
[ 1433.488523][T22754]        worker_thread+0x6c8/0xf10
[ 1433.490618][T22754]        kthread+0x3c5/0x780
[ 1433.492532][T22754]        ret_from_fork+0x5d4/0x6f0
[ 1433.494663][T22754]        ret_from_fork_asm+0x1a/0x30
[ 1433.496863][T22754] 
[ 1433.496863][T22754] other info that might help us debug this:
[ 1433.496863][T22754] 
[ 1433.500965][T22754]  Possible unsafe locking scenario:
[ 1433.500965][T22754] 
[ 1433.503979][T22754]        CPU0                    CPU1
[ 1433.506164][T22754]        ----                    ----
[ 1433.508392][T22754]   lock(&rdev->wiphy.mtx);
[ 1433.510259][T22754]                                lock(team->team_lock_key#12);
[ 1433.513306][T22754]                                lock(&rdev->wiphy.mtx);
[ 1433.516118][T22754]   lock(team->team_lock_key#12);
[ 1433.518183][T22754] 
[ 1433.518183][T22754]  *** DEADLOCK ***
[ 1433.518183][T22754] 
[ 1433.521426][T22754] 5 locks held by kworker/u32:2/22754:
[ 1433.523631][T22754]  #0: ffff88801ca8f948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1433.527825][T22754]  #1: ffffc9000349fd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1433.531808][T22754]  #2: ffffffff90349f90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[ 1433.535594][T22754]  #3: ffffffff9035ffe8 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x4d/0x3a0
[ 1433.539602][T22754]  #4: ffff888072bc0768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf0/0x720
[ 1433.543918][T22754] 
[ 1433.543918][T22754] stack backtrace:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1433.546352][T22754] CPU: 3 UID: 0 PID: 22754 Comm: kworker/u32:2 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1433.546376][T22754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1433.546390][T22754] Workqueue: netns cleanup_net
[ 1433.546413][T22754] Call Trace:
[ 1433.546420][T22754]  <TASK>
[ 1433.546427][T22754]  dump_stack_lvl+0x116/0x1f0
[ 1433.546446][T22754]  print_circular_bug+0x275/0x350
[ 1433.546470][T22754]  check_noncircular+0x14c/0x170
[ 1433.546493][T22754]  ? __pfx___up_read+0x10/0x10
[ 1433.546519][T22754]  __lock_acquire+0x126f/0x1c90
[ 1433.546546][T22754]  lock_acquire+0x179/0x350
[ 1433.546568][T22754]  ? team_del_slave+0x31/0x1b0
[ 1433.546591][T22754]  ? __pfx___might_resched+0x10/0x10
[ 1433.546611][T22754]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1433.546637][T22754]  __mutex_lock+0x199/0xb90
[ 1433.546653][T22754]  ? team_del_slave+0x31/0x1b0
[ 1433.546675][T22754]  ? team_del_slave+0x31/0x1b0
[ 1433.546695][T22754]  ? xsk_notifier+0x167/0x280
[ 1433.546719][T22754]  ? __pfx___mutex_lock+0x10/0x10
[ 1433.546738][T22754]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1433.546758][T22754]  ? rt_flush_dev+0x480/0x6a0
[ 1433.546786][T22754]  ? team_del_slave+0x31/0x1b0
[ 1433.546806][T22754]  team_del_slave+0x31/0x1b0
[ 1433.546828][T22754]  team_device_event+0xd0/0x770
[ 1433.546850][T22754]  notifier_call_chain+0xb9/0x410
[ 1433.546871][T22754]  ? __pfx_team_device_event+0x10/0x10
[ 1433.546895][T22754]  call_netdevice_notifiers_info+0xbe/0x140
[ 1433.546941][T22754]  unregister_netdevice_many_notify+0xf9d/0x2700
[ 1433.546967][T22754]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1433.546994][T22754]  ? __call_rcu_common.constprop.0+0x3f0/0xa10
[ 1433.547021][T22754]  ? find_held_lock+0x2b/0x80
[ 1433.547039][T22754]  unregister_netdevice_queue+0x305/0x3f0
[ 1433.547060][T22754]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1433.547085][T22754]  _cfg80211_unregister_wdev+0x64b/0x830
[ 1433.547111][T22754]  ieee80211_remove_interfaces+0x34e/0x720
[ 1433.547131][T22754]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 1433.547151][T22754]  ieee80211_unregister_hw+0x55/0x3a0
[ 1433.547178][T22754]  hwsim_exit_net+0x3ac/0x7d0
[ 1433.547207][T22754]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1433.547232][T22754]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[ 1433.547254][T22754]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[ 1433.547273][T22754]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1433.547298][T22754]  ops_undo_list+0x2eb/0xab0
[ 1433.547320][T22754]  ? __pfx_ops_undo_list+0x10/0x10
[ 1433.547340][T22754]  ? __local_bh_enable_ip+0xa4/0x120
[ 1433.547362][T22754]  cleanup_net+0x408/0x890
[ 1433.547382][T22754]  ? __pfx_cleanup_net+0x10/0x10
[ 1433.547404][T22754]  ? rcu_is_watching+0x12/0xc0
[ 1433.547423][T22754]  process_one_work+0x9cc/0x1b70
[ 1433.547453][T22754]  ? __pfx_process_one_work+0x10/0x10
[ 1433.547483][T22754]  ? assign_work+0x1a0/0x250
[ 1433.547508][T22754]  worker_thread+0x6c8/0xf10
[ 1433.547537][T22754]  ? __kthread_parkme+0x19e/0x250
[ 1433.547559][T22754]  ? __pfx_worker_thread+0x10/0x10
[ 1433.547585][T22754]  kthread+0x3c5/0x780
[ 1433.547609][T22754]  ? __pfx_kthread+0x10/0x10
[ 1433.547633][T22754]  ? rcu_is_watching+0x12/0xc0
[ 1433.547651][T22754]  ? __pfx_kthread+0x10/0x10
[ 1433.547674][T22754]  ret_from_fork+0x5d4/0x6f0
[ 1433.547698][T22754]  ? __pfx_kthread+0x10/0x10
[ 1433.547721][T22754]  ret_from_fork_asm+0x1a/0x30
[ 1433.547745][T22754]  </TASK>
[ 1433.874044][T22754] team0: Port device wlan1 removed
[ 1434.184578][T22754] hsr_slave_0: left promiscuous mode
[ 1434.186863][T22754] hsr_slave_1: left promiscuous mode
[ 1434.188817][T22754] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1434.191229][T22754] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1434.193902][T22754] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1434.196448][T22754] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1434.201428][T22754] veth1_macvtap: left promiscuous mode
[ 1434.203280][T22754] veth1_vlan: left promiscuous mode
[ 1434.205023][T22754] veth0_vlan: left promiscuous mode
[ 1434.549609][T22754] team0 (unregistering): Port device team_slave_1 removed
[ 1434.560733][T22754] team0 (unregistering): Port device team_slave_0 removed
[ 1435.058034][T22754] IPVS: stop unused estimator thread 0...
[ 1435.064164][T22754] ------------[ cut here ]------------
[ 1435.066649][T22754] WARNING: CPU: 1 PID: 22754 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x28c/0x320
[ 1435.070764][T22754] Modules linked in:
[ 1435.072477][T22754] CPU: 1 UID: 0 PID: 22754 Comm: kworker/u32:2 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1435.077717][T22754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1435.082121][T22754] Workqueue: netns cleanup_net
[ 1435.084175][T22754] RIP: 0010:xfrm_state_fini+0x28c/0x320
[ 1435.086815][T22754] Code: 99 f7 90 0f 0b 90 e9 e7 fe ff ff e8 1e 64 99 f7 90 0f 0b 90 e9 39 ff ff ff e8 10 64 99 f7 90 0f 0b 90 eb 8a e8 05 64 99 f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 d7 be fd f7 e9 f8 fd ff ff e8 fd be fd
[ 1435.095002][T22754] RSP: 0000:ffffc9000349faa0 EFLAGS: 00010293
[ 1435.097589][T22754] RAX: 0000000000000000 RBX: ffff88806fb68000 RCX: fffff52000693f25
[ 1435.100887][T22754] RDX: ffff888025e90000 RSI: ffffffff8a21f0eb RDI: ffff888025e90444
[ 1435.104081][T22754] RBP: ffff88806fb694c0 R08: 0000000000000005 R09: 0000000000000000
[ 1435.107460][T22754] R10: 0000000000000000 R11: 0000000000002c00 R12: ffffc9000349fbe8
[ 1435.110757][T22754] R13: dffffc0000000000 R14: fffffbfff20a4788 R15: ffffffff90523c20
[ 1435.114234][T22754] FS:  0000000000000000(0000) GS:ffff88809762d000(0000) knlGS:0000000000000000
[ 1435.118161][T22754] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1435.120963][T22754] CR2: 000000008004b000 CR3: 000000000e382000 CR4: 0000000000352ef0
[ 1435.124309][T22754] Call Trace:
[ 1435.126004][T22754]  <TASK>
[ 1435.127369][T22754]  ? __pfx_xfrm_net_exit+0x10/0x10
[ 1435.129587][T22754]  xfrm_net_exit+0x2d/0x70
[ 1435.131576][T22754]  ops_undo_list+0x2eb/0xab0
[ 1435.133525][T22754]  ? __pfx_ops_undo_list+0x10/0x10
[ 1435.135760][T22754]  ? __local_bh_enable_ip+0xa4/0x120
[ 1435.138037][T22754]  cleanup_net+0x408/0x890
[ 1435.139962][T22754]  ? __pfx_cleanup_net+0x10/0x10
[ 1435.142056][T22754]  ? rcu_is_watching+0x12/0xc0
[ 1435.143936][T22754]  process_one_work+0x9cc/0x1b70
[ 1435.145601][T22754]  ? __pfx_process_one_work+0x10/0x10
[ 1435.147367][T22754]  ? assign_work+0x1a0/0x250
[ 1435.148832][T22754]  worker_thread+0x6c8/0xf10
[ 1435.150305][T22754]  ? __kthread_parkme+0x19e/0x250
[ 1435.151930][T22754]  ? __pfx_worker_thread+0x10/0x10
[ 1435.153549][T22754]  kthread+0x3c5/0x780
[ 1435.154920][T22754]  ? __pfx_kthread+0x10/0x10
[ 1435.156520][T22754]  ? rcu_is_watching+0x12/0xc0
[ 1435.158158][T22754]  ? __pfx_kthread+0x10/0x10
[ 1435.159643][T22754]  ret_from_fork+0x5d4/0x6f0
[ 1435.161104][T22754]  ? __pfx_kthread+0x10/0x10
[ 1435.162576][T22754]  ret_from_fork_asm+0x1a/0x30
[ 1435.164100][T22754]  </TASK>
[ 1435.165162][T22754] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1435.167490][T22754] CPU: 1 UID: 0 PID: 22754 Comm: kworker/u32:2 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[ 1435.171237][T22754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1435.174558][T22754] Workqueue: netns cleanup_net
[ 1435.176115][T22754] Call Trace:
[ 1435.177200][T22754]  <TASK>
[ 1435.178148][T22754]  dump_stack_lvl+0x3d/0x1f0
[ 1435.179624][T22754]  panic+0x71c/0x800
[ 1435.180877][T22754]  ? __pfx_panic+0x10/0x10
[ 1435.182301][T22754]  ? show_trace_log_lvl+0x29b/0x3e0
[ 1435.183952][T22754]  ? check_panic_on_warn+0x1f/0xb0
[ 1435.185623][T22754]  ? xfrm_state_fini+0x28c/0x320
[ 1435.187238][T22754]  check_panic_on_warn+0xab/0xb0
[ 1435.188804][T22754]  __warn+0xf6/0x3c0
[ 1435.190053][T22754]  ? xfrm_state_fini+0x28c/0x320
[ 1435.191629][T22754]  report_bug+0x3c3/0x580
[ 1435.192998][T22754]  ? xfrm_state_fini+0x28c/0x320
[ 1435.194563][T22754]  handle_bug+0x184/0x210
[ 1435.195980][T22754]  exc_invalid_op+0x17/0x50
[ 1435.197425][T22754]  asm_exc_invalid_op+0x1a/0x20
[ 1435.199005][T22754] RIP: 0010:xfrm_state_fini+0x28c/0x320
[ 1435.200744][T22754] Code: 99 f7 90 0f 0b 90 e9 e7 fe ff ff e8 1e 64 99 f7 90 0f 0b 90 e9 39 ff ff ff e8 10 64 99 f7 90 0f 0b 90 eb 8a e8 05 64 99 f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 d7 be fd f7 e9 f8 fd ff ff e8 fd be fd
[ 1435.206766][T22754] RSP: 0000:ffffc9000349faa0 EFLAGS: 00010293
[ 1435.208673][T22754] RAX: 0000000000000000 RBX: ffff88806fb68000 RCX: fffff52000693f25
[ 1435.211153][T22754] RDX: ffff888025e90000 RSI: ffffffff8a21f0eb RDI: ffff888025e90444
[ 1435.213614][T22754] RBP: ffff88806fb694c0 R08: 0000000000000005 R09: 0000000000000000
[ 1435.216085][T22754] R10: 0000000000000000 R11: 0000000000002c00 R12: ffffc9000349fbe8
[ 1435.218549][T22754] R13: dffffc0000000000 R14: fffffbfff20a4788 R15: ffffffff90523c20
[ 1435.221016][T22754]  ? xfrm_state_fini+0x28b/0x320
[ 1435.222583][T22754]  ? __pfx_xfrm_net_exit+0x10/0x10
[ 1435.224213][T22754]  xfrm_net_exit+0x2d/0x70
[ 1435.225634][T22754]  ops_undo_list+0x2eb/0xab0
[ 1435.227154][T22754]  ? __pfx_ops_undo_list+0x10/0x10
[ 1435.228779][T22754]  ? __local_bh_enable_ip+0xa4/0x120
[ 1435.230493][T22754]  cleanup_net+0x408/0x890
[ 1435.231915][T22754]  ? __pfx_cleanup_net+0x10/0x10
[ 1435.233482][T22754]  ? rcu_is_watching+0x12/0xc0
[ 1435.235029][T22754]  process_one_work+0x9cc/0x1b70
[ 1435.236611][T22754]  ? __pfx_process_one_work+0x10/0x10
[ 1435.238304][T22754]  ? assign_work+0x1a0/0x250
[ 1435.239771][T22754]  worker_thread+0x6c8/0xf10
[ 1435.241245][T22754]  ? __kthread_parkme+0x19e/0x250
[ 1435.242822][T22754]  ? __pfx_worker_thread+0x10/0x10
[ 1435.244450][T22754]  kthread+0x3c5/0x780
[ 1435.245772][T22754]  ? __pfx_kthread+0x10/0x10
[ 1435.247291][T22754]  ? rcu_is_watching+0x12/0xc0
[ 1435.248805][T22754]  ? __pfx_kthread+0x10/0x10
[ 1435.250274][T22754]  ret_from_fork+0x5d4/0x6f0
[ 1435.251741][T22754]  ? __pfx_kthread+0x10/0x10
[ 1435.253209][T22754]  ret_from_fork_asm+0x1a/0x30
[ 1435.254698][T22754]  </TASK>
[ 1435.256335][T22754] Kernel Offset: disabled
[ 1435.257657][T22754] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:25:02  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000000 RBX=ffffffff93d0d400 RCX=0000000000000000 RDX=1ffff110056475e1
RSI=0000000000000001 RDI=ffff88802b23af18 RBP=ffff88802b23a400 RSP=ffffc90000007fb0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=ffff88809752d000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81934f26 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809752d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000003290bff8 CR3=000000004e297000 CR4=00352ef0
DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000001000008fb RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000001
RSI=00000000000000fb RDI=0000000000000001 RBP=ffffc90003d2fb20 RSP=ffffc90003d2fa00
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=0000000000000000 R13=1ffff920007a5f43 R14=1ffff920007a5f01 R15=0000000000000000
RIP=ffffffff81693ef8 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809762d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080036000 CR3=0000000051983000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000001 RBX=ffff8880248c0138 RCX=ffffffff819860c3 RDX=dffffc0000000000
RSI=0000000000000004 RDI=ffffffff8b855692 RBP=0000000000000293 RSP=ffffc900043afb40
R8 =0000000000000000 R9 =ffffed1004918027 R10=ffff8880248c013b R11=0000000000000001
R12=ffff8880248c0138 R13=0000000000000293 R14=0000000000000001 R15=ffff88804a6bd400
RIP=ffffffff81c32350 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809772d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055e39c026000 CR3=00000000589ff000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8556d185 RDI=ffffffff9b09f540 RBP=ffffffff9b09f500 RSP=ffffc9000349ed88
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff9b09f500 R15=ffffffff8556d120
RIP=ffffffff8556d1af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809782d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f0c40288 CR3=000000004c64d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f39c23f301aaf607 d1044de62d54fe0d
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 949ab7cd9d7f473f 5849286281f684d0
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 309ed168de378b9b 3879f7a74736b41e
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6da301a47bcb2434 3015021a9a8509cc
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ffffffff 00000000000000b4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000034
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 cfdfd822a81cf135 af35c2fa218d37df
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e1ce35a51157134 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f0c281a57b4cee33 19152d332147f094
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a222fe7000000000 e834d45b79c85288
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f51a6d148b10302b 40e0658e216096cd
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 deb593d656ff8f31 10a36a53c1fdbce5
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d9a5ffffffff8236 2abcffffffff8236 2605ffffffff8236 2c7affffffff8235
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7a21ffffffff8507 7adaffffffff8507 7738ffffffff8231 dbd3ffffffff8231
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1530ffffffff8231 b542ffffffff8231 bd36ffffffff8231 ddceffffffff8507
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2848ffffffff8494 2047ffffffff8494 2b91ffffffff8494 28beffffffff8494
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 28d7ffffffff8494 2b6dffffffff848b 162bffffffff848b 1ac7ffffffff81e6
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0b89ffffffff848b 113fffffffff848b 1283ffffffff848b 1f41ffffffff848b
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1901ffffffff848b 11a9ffffffff848b 1d7bffffffff848b 19adffffffff848b
ZMM24=0c0fc75e0c0fc75e 0c0fc75e0c0fc75e 0c0fc75e0c0fc75e 0c0fc75e0c0fc75e 0c0fc75e0c0fc75e 0c0fc75e0c0fc75e 0c0fc75e0c0fc75e 0c0fc75e0c0fc75e
ZMM25=146597cb146597cb 146597cb146597cb 146597cb146597cb 146597cb146597cb 146597cb146597cb 146597cb146597cb 146597cb146597cb 146597cb146597cb
ZMM26=5bbd2de35bbd2de3 5bbd2de35bbd2de3 5bbd2de35bbd2de3 5bbd2de35bbd2de3 5bbd2de35bbd2de3 5bbd2de35bbd2de3 5bbd2de35bbd2de3 5bbd2de35bbd2de3
ZMM27=24218d1024218d10 24218d1024218d10 24218d1024218d10 24218d1024218d10 24218d1024218d10 24218d1024218d10 24218d1024218d10 24218d1024218d10
ZMM28=00000200000001ff 000001fe000001fd 000001fc000001fb 000001fa000001f9 000001f8000001f7 000001f6000001f5 000001f4000001f3 000001f2000001f1
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=8e5b00008e5b0000 8e5b00008e5b0000 8e5b00008e5b0000 8e5b00008e5b0000 8e5b00008e5b0000 8e5b00008e5b0000 8e5b00008e5b0000 8e5b00008e5b0000