last executing test programs:

12.129683792s ago: executing program 0 (id=379):
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r2)
pipe2$watch_queue(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r5, 0x9)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r3)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x8)
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r3)
keyctl$get_persistent(0x16, 0x0, r3)
read$watch_queue(r4, &(0x7f0000000200)=""/88, 0x58)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000280), 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x14800a00, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f0000000000))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r7 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r7, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r7, &(0x7f00000001c0), 0x8)

11.309835983s ago: executing program 0 (id=383):
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r2)
pipe2$watch_queue(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r5, 0x9)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r3)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x8)
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r3)
keyctl$get_persistent(0x16, 0x0, r3)
read$watch_queue(r4, &(0x7f0000000200)=""/88, 0x58)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000280), 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x14800a00, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f0000000000))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(r7, 0xffffffffffffffff, &(0x7f00000001c0), 0x8)

10.376085719s ago: executing program 0 (id=386):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
ioctl$CDROM_DEBUG(r1, 0x5330, 0x1)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001440), 0x2202, 0x0)
io_setup(0x104, &(0x7f0000000180)=<r2=>0x0)
io_submit(r2, 0x0, &(0x7f0000000340))
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000001b80)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa000000000090"], 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)={[{@mpol={'mpol', 0x3d, {'prefer', '=static'}}, 0x4e}], [], 0x9})
syz_usb_connect(0x4, 0x2d, &(0x7f0000000080)=ANY=[@ANYRESDEC=r1], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = getpid()
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(0xffffffffffffffff, 0x40044104, &(0x7f0000000140))
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4048aec9, &(0x7f00000009c0)={0x1})
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendmmsg(r7, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="177cd794ed1eac7fecbafb7bc1826a397e1e7aca947e0e9a7193d75dbb1b799b3b052b814a37fb6d9964d741e1d0edbb0325a11641c4f26269115593f1081d5786257c3def15d58390d9e38ba3facf78266dd7515a4f535c40d58455f1a8b5abd559348864d0f44a006602c197454a47086dbfb04775ede2750d2488b739159e2bdfed1facb8de0fb23080a16f9b3c27e4e590fe34fdc47da11e4f8d60d77ab8e42271bfeb8399c044ff0a1b48608237566684d468113405e532506d9e2ac4cca35c0821bea6ab5169", 0xc9}, {&(0x7f0000000500)="9f1658d474a83842b09945ba9ce283c15e9c6c692e0d611d7a4b665c3cfbc024ececfe6de64533895965c84a533d0725928cd211d03bbab29d0212bae4ca15e30d1ef1f46054d878b51963215529691c7ca33f4cd0eef721aa31b6f146c3518bd067d6afada985cd667eb398809f8eab018cfc080fa3658c563811defba3fe121b8683a6", 0x84}, {&(0x7f00000006c0)="3e0522065b5d4384bb43a7c433a00ff6dcceed5f70e78c1afd4e391ceea145a320d169977d0148f3a9d9235b5e1cf8427a0a3270b19da379906c4b33b48d8ac821612566ec1b64c327b3e8304027fecd986d24613b37c260bf89096987d54b890cd36238c26d6bbd29251a49021abfde983beb249d2f101c62768c75436008ab342fbefc7d6d0c1e9ea77a50bb7be389b275347c6008260c75d580d69b23e2c9ed4f517267", 0xa5}, {&(0x7f0000000780)="d21ca2c8c0c8c80c198277ebed8e50b63fb3244894abcae43309324dc15097d0cddc1e8e157d1d08957914eea210b9f8c6f98e3ada85a5b1db33d3458d3697c90b1ffb92626d3f3bd95f4dbb76b2f89621c075861e6a0130a153721a3f2081286f3e89509b235e0e925db1a1f31659be453eade043521ada8b5add87d104bfe9d618c7d557f3ccc6ed57cdd730e2d98ad47ac7df5e84bd0e833ffc94dac3f3376a988aa2bada", 0xa6}, {&(0x7f0000000840)="3637a8f7c6feef6621836156adfe4f28e7c180a110bb1851673fb43ee00ad3eddcc8ac38296f2d546e6f625170da6f260d28cd9aaa5399d39c8b2ba1224d2857ed0eceaeadeead8d39e3a235a00ce2bdb03ab21e7e57b46d4d4f38babd94a1b471e912b666b853ee339fda1f264d9d742bb77cd120debe556a77f0ebf1b3eba3d9b583b72dc81b6fe335f202bdb560b92ebfce8b85947b566266f869e8e7c22b269a308289f7bbb6f71e6879a7a1c9943e28980fb4ba", 0xb6}, {&(0x7f0000000c00)="565a24b4cea3662dff0a3665368d2f7db1effbd6c4acc0d3f71c7f753be97efab031493c84bd11cecd94554aba3eee778200799a2c6c0a6557d070858b6076cfef01e94965bb50da8f7ec10652f11c3028338048ccda3d92053a4aba320ee5b70166a4db1e154632682d2bb9678b842d5684842aa5577345ae811c190778cace7e4ab25579587e", 0x87}, {&(0x7f0000000400)="24e4051fd040b92bea6e8a7c54fae912711561756923c9336ea44fe11175e9e1df163d76b6d70d0646a07517a9ac7f2223e178097ca2f4de04e5d8604f", 0x3d}, {&(0x7f0000000cc0)="3c4134e2e0bb51f49ce71b61d532f1c34b66c3ea34f16ee64668d6edaa1fd6b1920950d739011b4bb2d4127d9801deba2fc9d859bfde3141b4bb4b0b2a1627606bfad24df62632213e58be00f1277d96db0342541c44fbcff89050d89b63e3b115466fc924597f55e3247058039f05645d606ab6d051e4c13b52f97a2881185067924501e6943af1328b9dd8d590fb11a73144dc42b854874213a57e7c30a85ef990f9e0ee29091c402f36fb9c1736271701d12e60dc21224a7181722fa427880bf093ce5828523c58369476ec589d5e748f7c8fc18a1bc2f3a2a5c1244bc0e801d7", 0xe2}], 0x8, &(0x7f0000000dc0)=[{0x40, 0x103, 0x174, "7e7c2bf5b817da347c3dc4e2d5ef507850e76bce12cf4d2af3012eeaffff7c10dec00e81dd9e1cf3d5292f83e0df70d99f"}, {0xac, 0x1, 0x7, "c89e2e65ff569f0ff3beafec6645fb8f4f67970e1efc7833de047edf28e60288fc36061ec1644a3ee117e50ce1327383a85546b24ae777471e02b030b1be0fa726e9782c6ba9d5c28d4266180e4b0b888529fc201458881e49f9868bd09121133736d26f9040d8883dee5fa6012e0305d49b3177ddbf735af4a84f5e06bf6651734d28d4347a77da9f5a5259c5ed47ca6aac8c72d23fc0a5e2dd9bbc77dd8c"}, {0x54, 0x3a, 0x7, "2a3c86bef1e5507cd75f64c78199c0eabe9b0abf7de2542a850ba233e51c9cd92774a4a1acd343cbe1b05e61bc02aa81793c417f8bf0837263f20857f01ab6ea18c524c78371db"}, {0xbc, 0x118, 0x5, "c70da6702923189651f4d24f09c9569d001f18e6298589aa7d45a3760d771df90550617eefa70e718b788627781a28bd0964b889365733df734853a444058fd5b3cd284307a6756ba1ac75351b68b5054818069f692e7ed77b817c42e2d6ded8f43b2a8be30c674058c6f96d1866508bad41d7dcbc373a98a2cc42dd36feba5e2db76401202b836b7634b932dbb855c3a0e0aede5bc93524626f44fe9fd15af53d77ca1ef0e6cfce0aeddc8910"}], 0x1fc}}], 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401, @void, @value}, 0x90)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r3, 0xc0401273, &(0x7f0000000000)={'\x00', 0x0, 0x40, 0x5, 0x8000000000000000, 0x8000000000000001, r4})

10.213068901s ago: executing program 1 (id=387):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000000040ac0562420000000000010902"], 0x0)
socket$inet6(0xa, 0x4, 0x3b8)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x400100bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000800000000b1bdaab3654f333e23ecb100000000000000f80234663d0f877026"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x58, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x30}, @IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0x58}}, 0x0)
shutdown(r2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r7 = io_uring_setup(0x4822, &(0x7f00000004c0)={0x0, 0x0, 0x400})
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, &(0x7f0000000480)={0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5, 0xbccb61613cc2e58}})
read(r8, &(0x7f0000000100)=""/41, 0x29)
close_range(r7, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

8.230736816s ago: executing program 0 (id=396):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a300000000058010000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038e3000d400acc20f896064e79c929702145fa63595955b57c5c023e63c8a0b353b0f092392779d44d411d6ad83ca91a8e8b282cc8bfb1ab91caa2ade3593a098f600f3e5645182a9ca5ace4cf126873c040cb3327edf3073be8b51d83cd436a3de9f9797c6d6bbb2a290d1c41dc2d836f9e12779d77160fe31758fff54b25fe4976ec2f65358361ce1aa371dc03936b25fa521423d30d6fd8e686"], 0x1d0}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x60)
r2 = syz_open_procfs(0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000001c0), 0x100000, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x5016, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYRES16=r4, @ANYRES16=r3, @ANYRESOCT=r4, @ANYRES32=r4], 0x34}}, 0x0)
preadv(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/223, 0xdf}], 0x1, 0xfffff62d, 0x0)
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000017c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, 0x0, 0xd}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB], 0x14}}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x14}}, 0x0)
r7 = socket$inet(0xa, 0x801, 0x84)
syz_open_dev$usbfs(&(0x7f0000000240), 0xfffffffe, 0x490000)
connect$inet(r7, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r7, 0x8)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCINQ(r8, 0x541b, &(0x7f0000000480))
r9 = accept4(r7, 0x0, 0x0, 0x0)
sendto$inet(r9, &(0x7f00000002c0)="cc", 0x1, 0x44800, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r9, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet(r9, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0)

7.68148224s ago: executing program 1 (id=389):
r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYRES8=r0, @ANYBLOB="55161542592a30a991338193c6c7dd1cf7bcf220fbe7ff99736c6d295f10d3207ca5d86f497693b455c324b9174e405f67c099623a1a96a43827104b4a1d08d4a2402bb5be865b91b7a821612c304d34965debb56a827152afc305cd931aa4187ee1e65fd254f58f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='jbd2_write_superblock\x00'}, 0x10)
rt_sigprocmask(0x2, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
syz_clone(0x40000011, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="30000000010101020000000000000000020000000c001980080001008cba"], 0x30}, 0x1, 0x0, 0x0, 0x20044008}, 0x24004800)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x3938700}, 0x0, 0x0)
setitimer(0x3, &(0x7f0000000080)={{}, {0x0, 0x2710}}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
dup2(r6, r7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r7, 0x0)
r8 = fcntl$dupfd(r2, 0x0, r1)
ioctl$SCSI_IOCTL_GET_PCI(r8, 0x2275, &(0x7f0000000000))
r9 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r10 = userfaultfd(0x801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_WRITEPROTECT(r10, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2})
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x5, 0x2, 0x8})
ioctl$TCFLSH(r9, 0x40384708, 0x20000000)

7.159549574s ago: executing program 1 (id=394):
io_setup(0x6, &(0x7f0000000000))
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="4f3bfde51b257f40", 0x8}], 0x1)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000380)=@ng={0x4, 0x12, "ff6d7a4e4e22"}, 0x8, 0x3)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
userfaultfd(0x801)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = creat(0x0, 0x0)
r6 = open$dir(&(0x7f0000001640)='./file0\x00', 0x4c00, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1c, 0x17, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000006000000000000000200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000003008500000083000000bf090000000000005509010000000000950000000000000009c1a70c0100000018000000000001000000000003000000180000000200000000000000060000001839000003000000000000880000000000b5050600fcffffffbf91000000000000b7020000000000008500000085000000b70000000000000095000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x9d00, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r6, 0x8, &(0x7f0000000500)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x2, 0xa, 0x3, 0xdf25}, 0x10, 0xffffffffffffffff, r1, 0x1, &(0x7f0000000580)=[r1, r5, r1, r5], &(0x7f00000005c0)=[{0x1, 0x1, 0x7, 0x9}], 0x10, 0x2, @void, @value}, 0x90)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r8, 0x5202)
sendfile(r2, r1, &(0x7f0000002080)=0x64, 0x23b)

6.840230118s ago: executing program 1 (id=395):
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r2)
pipe2$watch_queue(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r5, 0x9)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r3)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x8)
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r3)
keyctl$get_persistent(0x16, 0x0, r3)
read$watch_queue(r4, &(0x7f0000000200)=""/88, 0x58)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000280), 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x14800a00, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f0000000000))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r7 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r7, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r7, &(0x7f00000001c0), 0x8)

6.140849091s ago: executing program 3 (id=398):
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x17)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000d00)={r0}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000dc0)={0x6, 0x6, &(0x7f0000000640)=@framed={{}, [@map_fd={0x18, 0x0, 0x2, 0x0, r0}, @ldst={0x1, 0x2, 0x3}]}, &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket(0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000340)=[@in={0x2, 0x0, @empty}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x20)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x228542, 0x3d)
unshare(0x6a040000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
io_submit(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e24, @multicast1}, 0x10)
r2 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000001f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001800)=ANY=[@ANYBLOB="180000002900000037000000ceefbe78f1b60000"], 0x18}}], 0x1, 0x0)
r3 = socket$inet(0x2, 0x2000080001, 0x84)
bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r3, &(0x7f00000000c0)="18", 0x1, 0x4c851, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r3, &(0x7f0000000100)='h', 0x1, 0x0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendto$inet(r3, &(0x7f0000000300)="99", 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000600), &(0x7f00000004c0)=0x4)
r4 = socket$netlink(0x10, 0x3, 0x4)
recvmmsg(r3, &(0x7f00000071c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10002, 0x0)
writev(r4, &(0x7f0000000280)=[{&(0x7f0000000340)="4800000014001d0d09074beafd0d8c560284606080ffe0064e204e20590000a2bc5603ca00000f7f8907000020008d42188fedc22e47ad8f75edc6d100000101ff0000000309ff5b", 0x48}], 0x1)

5.960824549s ago: executing program 1 (id=399):
socket$kcm(0x10, 0x400000002, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)=ANY=[@ANYBLOB])
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
iopl(0x3)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
pwritev2(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="d0600b401f39b97bf93ecf49759e94b4519a0de2f87e5c417273a5dce55efb335b22dce602ca972f116438489fdab766171401f130eb1c9e78ec70db15755f97ca197fc3da0b85ea0d2f7bdffcc1caa5810430b5448f4ae272489f5c7ac1e4660c4f7b0446d5457181924a3d4dbfdfee93a14379adfe7c1effdacb69a945", 0x7e}], 0x1, 0xa, 0x6e6f2b53, 0x10)
sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRES8=r3, @ANYBLOB="356a48745552987210f837794ba98667e1ea1e0e0a49b61414f814ee1deb195180f4edc008b1bc2511637c24d4ef953d57c22f21d903e1e5caee18a3cb58bcae54ba46b68423020eec22242be97c298ae22b743cbbddfefff2463214201d4fbecd2aa82e29bdff930d243f51a7282f0806f668b68c1fea15eeb1fa38b76503eea11f0e92ef0db724dec3187318e094192069500fc3531d7a43bbd5db74840fc7ecc6f8edbe9fc6703aeb61a17105", @ANYBLOB="4a9bd465e0d60340353edd5b2f4925a453b707459d0be5316c7f3b6517f053cc3d6d8bb4c2990cb43499207cf68010b141c39f07025db0cb2c4fc32cf04379e3e528cdcd0708b046a650c22b08017ae4eb05b217fd5b94896c680f93cba69b572b84662cfd76e34512c66b7ceae041081d6479ac336928b388", @ANYRES16=r2], 0x10}}, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x109280, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x3)
ioctl$FBIOPUT_CON2FBMAP(r4, 0x4610, &(0x7f0000000080)={0x1b})
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x200, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x3, &(0x7f0000000600)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ext4\x00', 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sendmmsg$inet(r3, 0x0, 0x0, 0xff88)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/custom1\x00', 0x0, 0x0)

5.740815654s ago: executing program 3 (id=401):
io_setup(0x6, &(0x7f0000000000))
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="4f3bfde51b257f40", 0x8}], 0x1)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000380)=@ng={0x4, 0x12, "ff6d7a4e4e22"}, 0x8, 0x3)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
userfaultfd(0x801)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = creat(0x0, 0x0)
r6 = open$dir(&(0x7f0000001640)='./file0\x00', 0x4c00, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1c, 0x17, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000006000000000000000200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000003008500000083000000bf090000000000005509010000000000950000000000000009c1a70c0100000018000000000001000000000003000000180000000200000000000000060000001839000003000000000000880000000000b5050600fcffffffbf91000000000000b7020000000000008500000085000000b70000000000000095000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x9d00, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r6, 0x8, &(0x7f0000000500)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x2, 0xa, 0x3, 0xdf25}, 0x10, 0xffffffffffffffff, r1, 0x1, &(0x7f0000000580)=[r1, r5, r1, r5], &(0x7f00000005c0)=[{0x1, 0x1, 0x7, 0x9}], 0x10, 0x2, @void, @value}, 0x90)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r8, 0x5202)
sendfile(r2, r1, &(0x7f0000002080)=0x64, 0x23b)

5.624784198s ago: executing program 0 (id=402):
socket$kcm(0x10, 0x400000002, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)=ANY=[@ANYBLOB])
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
iopl(0x3)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
pwritev2(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="d0600b401f39b97bf93ecf49759e94b4519a0de2f87e5c417273a5dce55efb335b22dce602ca972f116438489fdab766171401f130eb1c9e78ec70db15755f97ca197fc3da0b85ea0d2f7bdffcc1caa5810430b5448f4ae272489f5c7ac1e4660c4f7b0446d5457181924a3d4dbfdfee93a14379adfe7c1effdacb69a945", 0x7e}], 0x1, 0xa, 0x6e6f2b53, 0x10)
sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRES8=r3, @ANYBLOB="356a48745552987210f837794ba98667e1ea1e0e0a49b61414f814ee1deb195180f4edc008b1bc2511637c24d4ef953d57c22f21d903e1e5caee18a3cb58bcae54ba46b68423020eec22242be97c298ae22b743cbbddfefff2463214201d4fbecd2aa82e29bdff930d243f51a7282f0806f668b68c1fea15eeb1fa38b76503eea11f0e92ef0db724dec3187318e094192069500fc3531d7a43bbd5db74840fc7ecc6f8edbe9fc6703aeb61a17105", @ANYBLOB="4a9bd465e0d60340353edd5b2f4925a453b707459d0be5316c7f3b6517f053cc3d6d8bb4c2990cb43499207cf68010b141c39f07025db0cb2c4fc32cf04379e3e528cdcd0708b046a650c22b08017ae4eb05b217fd5b94896c680f93cba69b572b84662cfd76e34512c66b7ceae041081d6479ac336928b388", @ANYRES16=r2], 0x10}}, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x109280, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x3)
ioctl$FBIOPUT_CON2FBMAP(r4, 0x4610, &(0x7f0000000080)={0x1b})
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x200, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x3, &(0x7f0000000600)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ext4\x00', 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sendmmsg$inet(r3, 0x0, 0x0, 0xff88)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))

5.430250509s ago: executing program 3 (id=403):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
ioctl$CDROM_DEBUG(r1, 0x5330, 0x1)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001440), 0x2202, 0x0)
io_setup(0x104, &(0x7f0000000180)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r2}])
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000001b80)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa000000000090"], 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)={[{@mpol={'mpol', 0x3d, {'prefer', '=static'}}, 0x4e}], [], 0x9})
syz_usb_connect(0x4, 0x2d, &(0x7f0000000080)=ANY=[@ANYRESDEC=r1], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r5 = getpid()
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(0xffffffffffffffff, 0x40044104, &(0x7f0000000140))
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x4048aec9, &(0x7f00000009c0)={0x1})
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmmsg(r8, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="177cd794ed1eac7fecbafb7bc1826a397e1e7aca947e0e9a7193d75dbb1b799b3b052b814a37fb6d9964d741e1d0edbb0325a11641c4f26269115593f1081d5786257c3def15d58390d9e38ba3facf78266dd7515a4f535c40d58455f1a8b5abd559348864d0f44a006602c197454a47086dbfb04775ede2750d2488b739159e2bdfed1facb8de0fb23080a16f9b3c27e4e590fe34fdc47da11e4f8d60d77ab8e42271bfeb8399c044ff0a1b48608237566684d468113405e532506d9e2ac4cca35c0821bea6ab5169", 0xc9}, {&(0x7f0000000500)="9f1658d474a83842b09945ba9ce283c15e9c6c692e0d611d7a4b665c3cfbc024ececfe6de64533895965c84a533d0725928cd211d03bbab29d0212bae4ca15e30d1ef1f46054d878b51963215529691c7ca33f4cd0eef721aa31b6f146c3518bd067d6afada985cd667eb398809f8eab018cfc080fa3658c563811defba3fe121b8683a6", 0x84}, {&(0x7f00000006c0)="3e0522065b5d4384bb43a7c433a00ff6dcceed5f70e78c1afd4e391ceea145a320d169977d0148f3a9d9235b5e1cf8427a0a3270b19da379906c4b33b48d8ac821612566ec1b64c327b3e8304027fecd986d24613b37c260bf89096987d54b890cd36238c26d6bbd29251a49021abfde983beb249d2f101c62768c75436008ab342fbefc7d6d0c1e9ea77a50bb7be389b275347c6008260c75d580d69b23e2c9ed4f517267", 0xa5}, {&(0x7f0000000780)="d21ca2c8c0c8c80c198277ebed8e50b63fb3244894abcae43309324dc15097d0cddc1e8e157d1d08957914eea210b9f8c6f98e3ada85a5b1db33d3458d3697c90b1ffb92626d3f3bd95f4dbb76b2f89621c075861e6a0130a153721a3f2081286f3e89509b235e0e925db1a1f31659be453eade043521ada8b5add87d104bfe9d618c7d557f3ccc6ed57cdd730e2d98ad47ac7df5e84bd0e833ffc94dac3f3376a988aa2bada", 0xa6}, {&(0x7f0000000840)="3637a8f7c6feef6621836156adfe4f28e7c180a110bb1851673fb43ee00ad3eddcc8ac38296f2d546e6f625170da6f260d28cd9aaa5399d39c8b2ba1224d2857ed0eceaeadeead8d39e3a235a00ce2bdb03ab21e7e57b46d4d4f38babd94a1b471e912b666b853ee339fda1f264d9d742bb77cd120debe556a77f0ebf1b3eba3d9b583b72dc81b6fe335f202bdb560b92ebfce8b85947b566266f869e8e7c22b269a308289f7bbb6f71e6879a7a1c9943e28980fb4ba", 0xb6}, {&(0x7f0000000c00)="565a24b4cea3662dff0a3665368d2f7db1effbd6c4acc0d3f71c7f753be97efab031493c84bd11cecd94554aba3eee778200799a2c6c0a6557d070858b6076cfef01e94965bb50da8f7ec10652f11c3028338048ccda3d92053a4aba320ee5b70166a4db1e154632682d2bb9678b842d5684842aa5577345ae811c190778cace7e4ab25579587e", 0x87}, {&(0x7f0000000400)="24e4051fd040b92bea6e8a7c54fae912711561756923c9336ea44fe11175e9e1df163d76b6d70d0646a07517a9ac7f2223e178097ca2f4de04e5d8604f", 0x3d}, {&(0x7f0000000cc0)="3c4134e2e0bb51f49ce71b61d532f1c34b66c3ea34f16ee64668d6edaa1fd6b1920950d739011b4bb2d4127d9801deba2fc9d859bfde3141b4bb4b0b2a1627606bfad24df62632213e58be00f1277d96db0342541c44fbcff89050d89b63e3b115466fc924597f55e3247058039f05645d606ab6d051e4c13b52f97a2881185067924501e6943af1328b9dd8d590fb11a73144dc42b854874213a57e7c30a85ef990f9e0ee29091c402f36fb9c1736271701d12e60dc21224a7181722fa427880bf093ce5828523c58369476ec589d5e748f7c8fc18a1bc2f3a2a5c1244bc0e801d7", 0xe2}], 0x8, &(0x7f0000000dc0)=[{0x40, 0x103, 0x174, "7e7c2bf5b817da347c3dc4e2d5ef507850e76bce12cf4d2af3012eeaffff7c10dec00e81dd9e1cf3d5292f83e0df70d99f"}, {0xac, 0x1, 0x7, "c89e2e65ff569f0ff3beafec6645fb8f4f67970e1efc7833de047edf28e60288fc36061ec1644a3ee117e50ce1327383a85546b24ae777471e02b030b1be0fa726e9782c6ba9d5c28d4266180e4b0b888529fc201458881e49f9868bd09121133736d26f9040d8883dee5fa6012e0305d49b3177ddbf735af4a84f5e06bf6651734d28d4347a77da9f5a5259c5ed47ca6aac8c72d23fc0a5e2dd9bbc77dd8c"}, {0x54, 0x3a, 0x7, "2a3c86bef1e5507cd75f64c78199c0eabe9b0abf7de2542a850ba233e51c9cd92774a4a1acd343cbe1b05e61bc02aa81793c417f8bf0837263f20857f01ab6ea18c524c78371db"}, {0xbc, 0x118, 0x5, "c70da6702923189651f4d24f09c9569d001f18e6298589aa7d45a3760d771df90550617eefa70e718b788627781a28bd0964b889365733df734853a444058fd5b3cd284307a6756ba1ac75351b68b5054818069f692e7ed77b817c42e2d6ded8f43b2a8be30c674058c6f96d1866508bad41d7dcbc373a98a2cc42dd36feba5e2db76401202b836b7634b932dbb855c3a0e0aede5bc93524626f44fe9fd15af53d77ca1ef0e6cfce0aeddc8910"}], 0x1fc}}], 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401, @void, @value}, 0x90)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r4, 0xc0401273, &(0x7f0000000000)={'\x00', 0x0, 0x40, 0x5, 0x8000000000000000, 0x8000000000000001, r5})

5.399473698s ago: executing program 2 (id=404):
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r2)
pipe2$watch_queue(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r5, 0x9)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r3)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x8)
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r3)
keyctl$get_persistent(0x16, 0x0, r3)
read$watch_queue(r4, &(0x7f0000000200)=""/88, 0x58)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000280), 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x14800a00, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r8, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(r7, r8, &(0x7f00000001c0), 0x8)

4.421711229s ago: executing program 2 (id=405):
io_setup(0x6, &(0x7f0000000000))
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="4f3bfde51b257f40", 0x8}], 0x1)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000380)=@ng={0x4, 0x12, "ff6d7a4e4e22"}, 0x8, 0x3)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
userfaultfd(0x801)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = creat(0x0, 0x0)
r6 = open$dir(&(0x7f0000001640)='./file0\x00', 0x4c00, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608054c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1c, 0x17, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000006000000000000000200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000003008500000083000000bf090000000000005509010000000000950000000000000009c1a70c0100000018000000000001000000000003000000180000000200000000000000060000001839000003000000000000880000000000b5050600fcffffffbf91000000000000b7020000000000008500000085000000b70000000000000095000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x9d00, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r6, 0x8, &(0x7f0000000500)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x2, 0xa, 0x3, 0xdf25}, 0x10, 0xffffffffffffffff, r1, 0x1, &(0x7f0000000580)=[r1, r5, r1, r5], &(0x7f00000005c0)=[{0x1, 0x1, 0x7, 0x9}], 0x10, 0x2, @void, @value}, 0x90)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r7}, 0x10)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r8, 0x5202)
sendfile(r2, r1, &(0x7f0000002080)=0x64, 0x23b)

4.160921955s ago: executing program 2 (id=406):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102400, 0x19000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x7d, &(0x7f0000019340), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, 0x0, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x7ffff}, &(0x7f0000019300), 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
pipe2(&(0x7f0000000240), 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000840)='io\x00')
read$FUSE(r4, &(0x7f0000002140)={0x2020}, 0x2100)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1}})
readv(r3, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
mount$9p_fd(0x0, &(0x7f00000005c0)='./file0/file0/file0/file0/file0\x00', 0x0, 0x800040, 0x0)
umount2(&(0x7f0000000180)='./file0/file0/file0/file0/file0\x00', 0x0)
read$FUSE(r6, &(0x7f00000021c0)={0x2020}, 0x2020)
syz_fuse_handle_req(r6, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)

2.417280627s ago: executing program 3 (id=407):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05000000000c00"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="030000e001000000030000"], 0x80}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x20000000000003b0, 0x0, 0xd)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r2)
sendmsg$TIPC_NL_MEDIA_GET(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x130, r6, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x5c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x372}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}]}, @TIPC_NLA_BEARER={0x5c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_NAME={0xb, 0x1, @l2={'ib', 0x3a, 'nr0\x00'}}]}, @TIPC_NLA_LINK={0x64, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x24008980}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f0000000140)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffff1b}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = socket(0x15, 0x5, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r9, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3b}}, {0x20000010304, @dev}, 0x4, {0x2, 0x0, @multicast1=0xe000cc02}})
getsockopt(r8, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0x2a)

2.040626186s ago: executing program 2 (id=408):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
ioctl$CDROM_DEBUG(r1, 0x5330, 0x1)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001440), 0x2202, 0x0)
io_setup(0x104, &(0x7f0000000180)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r2}])
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000001b80)=ANY=[@ANYBLOB="bbbbbbbbbbbbaa000000000090"], 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)={[{@mpol={'mpol', 0x3d, {'prefer', '=static'}}, 0x4e}], [], 0x9})
syz_usb_connect(0x4, 0x2d, &(0x7f0000000080)=ANY=[@ANYRESDEC=r1], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r5 = getpid()
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(0xffffffffffffffff, 0x40044104, &(0x7f0000000140))
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x4048aec9, &(0x7f00000009c0)={0x1})
process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmmsg(r8, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="177cd794ed1eac7fecbafb7bc1826a397e1e7aca947e0e9a7193d75dbb1b799b3b052b814a37fb6d9964d741e1d0edbb0325a11641c4f26269115593f1081d5786257c3def15d58390d9e38ba3facf78266dd7515a4f535c40d58455f1a8b5abd559348864d0f44a006602c197454a47086dbfb04775ede2750d2488b739159e2bdfed1facb8de0fb23080a16f9b3c27e4e590fe34fdc47da11e4f8d60d77ab8e42271bfeb8399c044ff0a1b48608237566684d468113405e532506d9e2ac4cca35c0821bea6ab5169", 0xc9}, {&(0x7f0000000500)="9f1658d474a83842b09945ba9ce283c15e9c6c692e0d611d7a4b665c3cfbc024ececfe6de64533895965c84a533d0725928cd211d03bbab29d0212bae4ca15e30d1ef1f46054d878b51963215529691c7ca33f4cd0eef721aa31b6f146c3518bd067d6afada985cd667eb398809f8eab018cfc080fa3658c563811defba3fe121b8683a6", 0x84}, {&(0x7f00000006c0)="3e0522065b5d4384bb43a7c433a00ff6dcceed5f70e78c1afd4e391ceea145a320d169977d0148f3a9d9235b5e1cf8427a0a3270b19da379906c4b33b48d8ac821612566ec1b64c327b3e8304027fecd986d24613b37c260bf89096987d54b890cd36238c26d6bbd29251a49021abfde983beb249d2f101c62768c75436008ab342fbefc7d6d0c1e9ea77a50bb7be389b275347c6008260c75d580d69b23e2c9ed4f517267", 0xa5}, {&(0x7f0000000780)="d21ca2c8c0c8c80c198277ebed8e50b63fb3244894abcae43309324dc15097d0cddc1e8e157d1d08957914eea210b9f8c6f98e3ada85a5b1db33d3458d3697c90b1ffb92626d3f3bd95f4dbb76b2f89621c075861e6a0130a153721a3f2081286f3e89509b235e0e925db1a1f31659be453eade043521ada8b5add87d104bfe9d618c7d557f3ccc6ed57cdd730e2d98ad47ac7df5e84bd0e833ffc94dac3f3376a988aa2bada", 0xa6}, {&(0x7f0000000840)="3637a8f7c6feef6621836156adfe4f28e7c180a110bb1851673fb43ee00ad3eddcc8ac38296f2d546e6f625170da6f260d28cd9aaa5399d39c8b2ba1224d2857ed0eceaeadeead8d39e3a235a00ce2bdb03ab21e7e57b46d4d4f38babd94a1b471e912b666b853ee339fda1f264d9d742bb77cd120debe556a77f0ebf1b3eba3d9b583b72dc81b6fe335f202bdb560b92ebfce8b85947b566266f869e8e7c22b269a308289f7bbb6f71e6879a7a1c9943e28980fb4ba", 0xb6}, {&(0x7f0000000c00)="565a24b4cea3662dff0a3665368d2f7db1effbd6c4acc0d3f71c7f753be97efab031493c84bd11cecd94554aba3eee778200799a2c6c0a6557d070858b6076cfef01e94965bb50da8f7ec10652f11c3028338048ccda3d92053a4aba320ee5b70166a4db1e154632682d2bb9678b842d5684842aa5577345ae811c190778cace7e4ab25579587e", 0x87}, {&(0x7f0000000400)="24e4051fd040b92bea6e8a7c54fae912711561756923c9336ea44fe11175e9e1df163d76b6d70d0646a07517a9ac7f2223e178097ca2f4de04e5d8604f", 0x3d}, {&(0x7f0000000cc0)="3c4134e2e0bb51f49ce71b61d532f1c34b66c3ea34f16ee64668d6edaa1fd6b1920950d739011b4bb2d4127d9801deba2fc9d859bfde3141b4bb4b0b2a1627606bfad24df62632213e58be00f1277d96db0342541c44fbcff89050d89b63e3b115466fc924597f55e3247058039f05645d606ab6d051e4c13b52f97a2881185067924501e6943af1328b9dd8d590fb11a73144dc42b854874213a57e7c30a85ef990f9e0ee29091c402f36fb9c1736271701d12e60dc21224a7181722fa427880bf093ce5828523c58369476ec589d5e748f7c8fc18a1bc2f3a2a5c1244bc0e801d7", 0xe2}], 0x8, &(0x7f0000000dc0)=[{0x40, 0x103, 0x174, "7e7c2bf5b817da347c3dc4e2d5ef507850e76bce12cf4d2af3012eeaffff7c10dec00e81dd9e1cf3d5292f83e0df70d99f"}, {0xac, 0x1, 0x7, "c89e2e65ff569f0ff3beafec6645fb8f4f67970e1efc7833de047edf28e60288fc36061ec1644a3ee117e50ce1327383a85546b24ae777471e02b030b1be0fa726e9782c6ba9d5c28d4266180e4b0b888529fc201458881e49f9868bd09121133736d26f9040d8883dee5fa6012e0305d49b3177ddbf735af4a84f5e06bf6651734d28d4347a77da9f5a5259c5ed47ca6aac8c72d23fc0a5e2dd9bbc77dd8c"}, {0x54, 0x3a, 0x7, "2a3c86bef1e5507cd75f64c78199c0eabe9b0abf7de2542a850ba233e51c9cd92774a4a1acd343cbe1b05e61bc02aa81793c417f8bf0837263f20857f01ab6ea18c524c78371db"}, {0xbc, 0x118, 0x5, "c70da6702923189651f4d24f09c9569d001f18e6298589aa7d45a3760d771df90550617eefa70e718b788627781a28bd0964b889365733df734853a444058fd5b3cd284307a6756ba1ac75351b68b5054818069f692e7ed77b817c42e2d6ded8f43b2a8be30c674058c6f96d1866508bad41d7dcbc373a98a2cc42dd36feba5e2db76401202b836b7634b932dbb855c3a0e0aede5bc93524626f44fe9fd15af53d77ca1ef0e6cfce0aeddc8910"}], 0x1fc}}], 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401, @void, @value}, 0x90)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r4, 0xc0401273, &(0x7f0000000000)={'\x00', 0x0, 0x40, 0x5, 0x8000000000000000, 0x8000000000000001, r5})

1.066181323s ago: executing program 2 (id=409):
r0 = openat$dlm_control(0xffffff9c, &(0x7f0000000080), 0x10000, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000200), 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
r4 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
recvmmsg(r6, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r3, 0x541b, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc00c64b5, &(0x7f0000000140)={&(0x7f0000000040)=[0x0], 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r7, &(0x7f0000001040)=""/4096, 0x1000)
r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000004a40), 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r8, 0x40096102, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_buf(r10, 0x29, 0xd2, 0x0, &(0x7f00000004c0)=0xfffffe86)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r7, 0x28, 0x0, &(0x7f00000000c0)=0x8, 0x8)
mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x0)

1.06578832s ago: executing program 3 (id=410):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x39, 0x9, 0x70bd2d, 0x0, {0x4}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}]}, 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001100)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2ff1fa7216a446a00683782c3205bfedbe9d8f3b423cdacfa7e32fe0231368b2264f9c504c9f1f65515b2e1a38d52dce18bd10a48b043ccc42646d25ddd73d06d7535f7866907dc6751dfced1fd8accae669e173a649c1cfd6587d47578f4c35235138d5521f9453559c3dc5da860e8efbc6f2b2a3e3173d566a0f06c54c3a4903ef31c4d4acef2ce27e698a3c7a3a48a01010000009f2f0517e4ca0e1803a2971a50f713d4e21b3336f1ae0778f23526ec0fd97f734c4c815bf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39dc09244ba5dbe0f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f290276df9b7ac8d8cd249c8130b018d4300000000000000db3947c8dc7b1b4c4554ffdca8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefb24305b2bea20007840484511b6efaad206335a30ef7b9e01446a6285f4665a7fe37da2349f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9690100000000000000c176070bfff7909413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f00000000000000006952be5cb0417d33d3ab25493418494d9d10d76e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d1715c009a58e6eadac8f61b45853673df7ce88282dc813f7454ae22d79ac48034282f030408895886e9644179dcf66d93907cedd49e0c5752f7558cbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8848f710c359afe73947afebdf5536ee267258e0d613261c5ab2b8d8b63667ab3401d33b06055162ca577f0965ce0c19a11c74253755b9c544b43c442ea1e9dd43457bc644892075638fef8ae345054df1546f3e04d934e87dd5ec4d7654193e56de857e84c696eed500f80afbe140a12c83467a73bc2c0ce1e272f98f718839b041c64ac6b2fb724f7c5eb3dc217661843a5baa646e9bd8c72b7868014b8bc0e60b8fd493a762b85e470f73756342187620b771a60074e8686510085c2d3b915c10ab4b7fd90c63b8e73c264cc3917a0f4e0ce368a59cec421948be7a0d5b58c216040109f70a15738798fd9b59fe31dc2748028fde470d4252dc7aecf0b074a757662f01d43d27698ed0796cb1be1602e5e85c40822bdf9392cbf549322fc8a4219bb4ba20f3cde8bdb3702f909450db4032765d4be284d8eef7ff608fa6bf9fe4abe881acded27830f076ee6b6bef6b9000000ee2e8cbc4e89269658ea07ee7627397fbe79103b1c5fddceefd1addced50c56b0fc225aaad12819c1ddf703f4e7b65cadc071270dd42f8d7"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000005c0)={@fallback=r5, 0x2b, 0x0, 0xa315, &(0x7f00000004c0)=[0x0], 0x1, 0x0, &(0x7f0000000500), 0x0, 0x0}, 0x40)
lremovexattr(&(0x7f0000000740)='./file0\x00', &(0x7f0000000300)=ANY=[@ANYBLOB])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x0, 0x5, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000400000000000000170b000018550000090000000000000000000000950000000000000097bc4de5e4de73edd7ea2fb120c8f3ce4a06d4d04c5bc53b3a94cb22dd"], 0x0, 0x3878, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f0000000180)={0x4, [0x0, 0x0, 0x0, 0x0]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r6, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00', {}, 0x40})
sched_setaffinity(r1, 0x8, &(0x7f00000005c0)=0x7)
r7 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r7, 0x8983, &(0x7f0000000040))
iopl(0x3)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, 0x0)
shmget$private(0x0, 0x400000, 0x800, &(0x7f000000e000/0x400000)=nil)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

860.156976ms ago: executing program 1 (id=411):
socket$kcm(0x10, 0x400000002, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000140)=ANY=[@ANYBLOB])
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
iopl(0x3)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
pwritev2(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="d0600b401f39b97bf93ecf49759e94b4519a0de2f87e5c417273a5dce55efb335b22dce602ca972f116438489fdab766171401f130eb1c9e78ec70db15755f97ca197fc3da0b85ea0d2f7bdffcc1caa5810430b5448f4ae272489f5c7ac1e4660c4f7b0446d5457181924a3d4dbfdfee93a14379adfe7c1effdacb69a945", 0x7e}], 0x1, 0xa, 0x6e6f2b53, 0x10)
sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r1, @ANYRESDEC=r1, @ANYRES8=r3, @ANYBLOB="356a48745552987210f837794ba98667e1ea1e0e0a49b61414f814ee1deb195180f4edc008b1bc2511637c24d4ef953d57c22f21d903e1e5caee18a3cb58bcae54ba46b68423020eec22242be97c298ae22b743cbbddfefff2463214201d4fbecd2aa82e29bdff930d243f51a7282f0806f668b68c1fea15eeb1fa38b76503eea11f0e92ef0db724dec3187318e094192069500fc3531d7a43bbd5db74840fc7ecc6f8edbe9fc6703aeb61a17105", @ANYBLOB="4a9bd465e0d60340353edd5b2f4925a453b707459d0be5316c7f3b6517f053cc3d6d8bb4c2990cb43499207cf68010b141c39f07025db0cb2c4fc32cf04379e3e528cdcd0708b046a650c22b08017ae4eb05b217fd5b94896c680f93cba69b572b84662cfd76e34512c66b7ceae041081d6479ac336928b388", @ANYRES16=r2], 0x10}}, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x109280, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x3)
ioctl$FBIOPUT_CON2FBMAP(r4, 0x4610, &(0x7f0000000080)={0x1b})
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x200, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x3, &(0x7f0000000600)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='ext4\x00', 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sendmmsg$inet(r3, 0x0, 0x0, 0xff88)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/custom1\x00', 0x0, 0x0)

180.567795ms ago: executing program 0 (id=412):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000080)={0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x0, 0x1, 0x2})
close_range(r1, 0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
ftruncate(r3, 0xc17c)
sendmsg$nl_route_sched(r3, &(0x7f0000008f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14850}, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
unshare(0x42000000)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001439)
unshare(0x44000000)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r5, 0xffffffffffffffff, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0xb, 0x101000)
ioctl$USBDEVFS_REAPURB(r6, 0x4004550c, &(0x7f0000000140))
r7 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_TABLE(r7, 0x29, 0xd1, &(0x7f0000000040)=0xfe, 0x4)
r8 = getpid()
process_vm_readv(r8, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
write$FUSE_LK(r3, &(0x7f00000002c0)={0x28, 0x0, 0x0, {{0x0, 0x400000, 0x0, r8}}}, 0x28)

155.645828ms ago: executing program 3 (id=413):
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r2)
pipe2$watch_queue(&(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r5, 0x9)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, r3)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r4, 0x5760, 0x8)
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, r3)
keyctl$get_persistent(0x16, 0x0, r3)
read$watch_queue(r4, &(0x7f0000000200)=""/88, 0x58)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000280), 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_clone(0x14800a00, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$GIO_CMAP(r6, 0x4b70, &(0x7f0000000000))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r8, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(r7, r8, &(0x7f00000001c0), 0x8)

0s ago: executing program 2 (id=414):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'})
r0 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x34}}, 0x20008084)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
unshare(0x8000000)
r2 = semget$private(0x0, 0x4000, 0x764)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000332000/0x4000)=nil, 0x4000, &(0x7f0000012480))
socket$inet6(0xa, 0x3, 0x9)
semctl$IPC_STAT(r2, 0x0, 0x2, 0x0)
mkdir(0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x4, 0x1804, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
modify_ldt$write(0x1, &(0x7f0000000000)={0x1001}, 0x10)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSWINSZ(r4, 0x5414, &(0x7f0000000440)={0x0, 0x7f})
modify_ldt$write(0x1, &(0x7f0000001700)={0x3c, 0x20000000, 0xffffffffffffefff}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000000)={0x1c, r6, 0xf03, 0x0, 0x0, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x1c}}, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x33, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:53721' (ED25519) to the list of known hosts.
[   43.463559][ T5344] cgroup: Unknown subsys name 'net'
[   43.677667][ T5344] cgroup: Unknown subsys name 'cpuset'
[   43.687589][ T5344] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   44.829453][ T5344] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   47.846843][ T4779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   47.851569][ T4779] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   47.856463][ T5365] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   47.857184][ T4779] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   47.859630][ T5365] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   47.861939][ T4779] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   47.865009][ T5365] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.866739][ T4779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   47.868380][ T5365] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   47.871127][ T4779] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   47.872767][ T5374] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.876278][ T5372] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   47.878852][ T5374] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   47.879010][ T4779] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   47.881277][ T5374] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.881347][ T5372] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   47.881775][ T5372] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   47.881897][ T5372] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   47.887900][ T5372] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   47.892308][ T5372] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   47.894713][ T5372] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   47.895577][ T5373] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   47.904548][ T5372] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   47.907436][ T5372] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   48.097790][ T5367] chnl_net:caif_netlink_parms(): no params data found
[   48.107033][ T5370] chnl_net:caif_netlink_parms(): no params data found
[   48.236488][ T5357] chnl_net:caif_netlink_parms(): no params data found
[   48.247608][ T5359] chnl_net:caif_netlink_parms(): no params data found
[   48.323277][ T5370] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.326704][ T5370] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.329320][ T5370] bridge_slave_0: entered allmulticast mode
[   48.332243][ T5370] bridge_slave_0: entered promiscuous mode
[   48.339227][ T5370] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.341658][ T5370] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.344131][ T5370] bridge_slave_1: entered allmulticast mode
[   48.346895][ T5370] bridge_slave_1: entered promiscuous mode
[   48.349908][ T5367] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.352191][ T5367] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.354688][ T5367] bridge_slave_0: entered allmulticast mode
[   48.356813][ T5367] bridge_slave_0: entered promiscuous mode
[   48.359498][ T5367] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.361846][ T5367] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.364430][ T5367] bridge_slave_1: entered allmulticast mode
[   48.366798][ T5367] bridge_slave_1: entered promiscuous mode
[   48.460126][ T5370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.487515][ T5370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.497114][ T5367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.569181][ T5367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.587648][ T5357] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.590240][ T5357] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.592760][ T5357] bridge_slave_0: entered allmulticast mode
[   48.596330][ T5357] bridge_slave_0: entered promiscuous mode
[   48.642402][ T5357] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.645091][ T5357] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.647600][ T5357] bridge_slave_1: entered allmulticast mode
[   48.650453][ T5357] bridge_slave_1: entered promiscuous mode
[   48.656221][ T5370] team0: Port device team_slave_0 added
[   48.674906][ T5359] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.676781][ T5359] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.678736][ T5359] bridge_slave_0: entered allmulticast mode
[   48.680677][ T5359] bridge_slave_0: entered promiscuous mode
[   48.706661][ T5370] team0: Port device team_slave_1 added
[   48.711250][ T5367] team0: Port device team_slave_0 added
[   48.714761][ T5359] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.716979][ T5359] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.719450][ T5359] bridge_slave_1: entered allmulticast mode
[   48.722166][ T5359] bridge_slave_1: entered promiscuous mode
[   48.741221][ T5357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.777540][ T5367] team0: Port device team_slave_1 added
[   48.805983][ T5357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.809733][ T5370] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.812188][ T5370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.821391][ T5370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.861400][ T5370] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.863942][ T5370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.871305][ T5370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.876613][ T5367] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.878856][ T5367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.887917][ T5367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.893797][ T5359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   48.915490][ T5357] team0: Port device team_slave_0 added
[   48.918545][ T5367] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.920927][ T5367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.929677][ T5367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.935155][ T5359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   48.952178][ T5357] team0: Port device team_slave_1 added
[   49.011303][ T5359] team0: Port device team_slave_0 added
[   49.041591][ T5370] hsr_slave_0: entered promiscuous mode
[   49.045115][ T5370] hsr_slave_1: entered promiscuous mode
[   49.060566][ T5359] team0: Port device team_slave_1 added
[   49.063230][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_0
[   49.065767][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.074951][ T5357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.109260][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.111737][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.120839][ T5357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.164636][ T5367] hsr_slave_0: entered promiscuous mode
[   49.167320][ T5367] hsr_slave_1: entered promiscuous mode
[   49.170350][ T5367] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.173169][ T5367] Cannot create hsr debugfs directory
[   49.243327][ T5359] batman_adv: batadv0: Adding interface: batadv_slave_0
[   49.245317][ T5359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.252172][ T5359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   49.256297][ T5359] batman_adv: batadv0: Adding interface: batadv_slave_1
[   49.258111][ T5359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   49.264831][ T5359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   49.269787][ T5357] hsr_slave_0: entered promiscuous mode
[   49.271724][ T5357] hsr_slave_1: entered promiscuous mode
[   49.273601][ T5357] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.275747][ T5357] Cannot create hsr debugfs directory
[   49.387904][ T5359] hsr_slave_0: entered promiscuous mode
[   49.390635][ T5359] hsr_slave_1: entered promiscuous mode
[   49.393204][ T5359] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   49.396019][ T5359] Cannot create hsr debugfs directory
[   49.556650][ T5370] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   49.562849][ T5370] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   49.568617][ T5370] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   49.572872][ T5370] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   49.597522][ T5357] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   49.600978][ T5357] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   49.604614][ T5357] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   49.607647][ T5357] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   49.638737][ T5367] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   49.641856][ T5367] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   49.645002][ T5367] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   49.648868][ T5367] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   49.683219][ T5359] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   49.687289][ T5359] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   49.693162][ T5359] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   49.698263][ T5359] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   49.727296][ T5370] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.745689][ T5357] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.752274][ T5370] 8021q: adding VLAN 0 to HW filter on device team0
[   49.763727][ T5357] 8021q: adding VLAN 0 to HW filter on device team0
[   49.767550][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.770152][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.782502][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.784418][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.802524][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.804805][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.810431][ T5367] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.818895][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.820764][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.828030][ T5367] 8021q: adding VLAN 0 to HW filter on device team0
[   49.841441][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.843678][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.848135][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.849948][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.890711][ T5359] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.917146][ T5359] 8021q: adding VLAN 0 to HW filter on device team0
[   49.923346][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.925868][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.932926][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.935630][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.954718][ T5372] Bluetooth: hci3: command tx timeout
[   49.954721][   T66] Bluetooth: hci1: command tx timeout
[   49.955010][   T66] Bluetooth: hci2: command tx timeout
[   49.958641][ T5360] Bluetooth: hci0: command tx timeout
[   50.010839][ T5357] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.019863][ T5370] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.034510][ T5367] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.081870][ T5370] veth0_vlan: entered promiscuous mode
[   50.087966][ T5357] veth0_vlan: entered promiscuous mode
[   50.095696][ T5357] veth1_vlan: entered promiscuous mode
[   50.099442][ T5367] veth0_vlan: entered promiscuous mode
[   50.110733][ T5367] veth1_vlan: entered promiscuous mode
[   50.115376][ T5359] 8021q: adding VLAN 0 to HW filter on device batadv0
[   50.118308][ T5370] veth1_vlan: entered promiscuous mode
[   50.136839][ T5367] veth0_macvtap: entered promiscuous mode
[   50.152038][ T5367] veth1_macvtap: entered promiscuous mode
[   50.175139][ T5357] veth0_macvtap: entered promiscuous mode
[   50.183599][ T5357] veth1_macvtap: entered promiscuous mode
[   50.190242][ T5370] veth0_macvtap: entered promiscuous mode
[   50.198401][ T5367] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.201545][ T5370] veth1_macvtap: entered promiscuous mode
[   50.217667][ T5367] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.222629][ T5367] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.227140][ T5367] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.230250][ T5367] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.233257][ T5367] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.241803][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.245456][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.249499][ T5370] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.253158][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.258303][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.261332][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.264355][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.268148][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.277768][ T5359] veth0_vlan: entered promiscuous mode
[   50.282801][ T5357] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.287349][ T5357] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.294458][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.298200][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.301840][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.305965][ T5370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.309620][ T5370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.314592][ T5370] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.321590][ T5370] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.325445][ T5370] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.328525][ T5370] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.331582][ T5370] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.357620][ T5357] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.361565][ T5357] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.365560][ T5357] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.368763][ T5357] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.374191][ T5359] veth1_vlan: entered promiscuous mode
[   50.411179][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.417015][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.419595][  T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.421904][  T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.449767][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.452156][ T5359] veth0_macvtap: entered promiscuous mode
[   50.452259][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.462784][ T5359] veth1_macvtap: entered promiscuous mode
[   50.472457][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.477407][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.478536][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.481263][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.488180][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.491910][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.495343][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   50.498093][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.501875][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_0
[   50.511724][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.519991][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.521202][ T5370] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   50.523212][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.531084][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.534808][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   50.538531][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   50.543029][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_1
[   50.551277][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.553439][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.569212][ T5359] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.572463][ T5359] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.576302][ T5359] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.579619][ T5359] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   50.590648][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.593364][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.666294][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.667068][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   50.668768][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.678965][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   50.734200][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.736588][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   50.879340][ T5433] netlink: 'syz.3.4': attribute type 72 has an invalid length.
[   50.896687][ T5434] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3'.
[   50.913909][   T63] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   51.056836][ T5433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   51.083958][   T63] usb 5-1: Using ep0 maxpacket: 32
[   51.086991][   T63] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   51.092000][   T63] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   51.094067][   T63] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   51.095998][   T63] usb 5-1: Product: syz
[   51.096936][   T63] usb 5-1: Manufacturer: syz
[   51.098014][   T63] usb 5-1: SerialNumber: syz
[   51.117787][   T63] usb 5-1: config 0 descriptor??
[   51.121430][ T5425] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   51.197419][ T5360] Bluetooth: hci1: Ignoring connect complete event for invalid link type
[   52.046869][ T5360] Bluetooth: hci2: command tx timeout
[   52.046921][ T5366] Bluetooth: hci3: command tx timeout
[   52.048792][ T5360] Bluetooth: hci1: command tx timeout
[   52.050320][   T66] Bluetooth: hci0: command tx timeout
[   52.173918][   T63] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   52.337633][   T63] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   52.344850][   T63] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   52.349211][   T63] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   52.353027][   T63] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.373738][ T5441] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[   52.379799][   T63] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[   53.147612][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   53.149197][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   53.206985][   T63] usb 7-1: USB disconnect, device number 2
[   53.403724][ T5456] hfs: unable to parse mount options
[   53.707570][ T5402] usb 5-1: USB disconnect, device number 2
[   53.744159][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   53.851015][ T5459] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'.
[   54.118596][   T66] Bluetooth: hci0: command tx timeout
[   54.121044][   T66] Bluetooth: hci3: command tx timeout
[   54.123252][   T66] Bluetooth: hci2: command tx timeout
[   54.123901][ T5360] Bluetooth: hci1: command tx timeout
[   54.257111][ T5465] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   54.261252][ T5466] netlink: 48 bytes leftover after parsing attributes in process `syz.3.10'.
[   54.266232][ T5466] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[   54.338391][ T5466] syz.3.10 (5466): /proc/5462/oom_adj is deprecated, please use /proc/5462/oom_score_adj instead.
[   54.399100][   T39] audit: type=1326 audit(1727960758.689:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5464 comm="syz.2.11" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f68579 code=0x0
[   54.786356][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   54.788710][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   55.507983][ T5474] overlayfs: failed to get index nlink (file1/bus, err=-61)
[   55.512952][ T5474] evm: overlay not supported
[   55.634006][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   55.695461][ T5479] 9pnet_fd: Insufficient options for proto=fd
[   55.725987][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   55.794306][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   55.857349][ T5481] netlink: 'syz.2.15': attribute type 4 has an invalid length.
[   55.933044][ T5481] netlink: 'syz.2.15': attribute type 4 has an invalid length.
[   56.214233][ T5360] Bluetooth: hci2: command tx timeout
[   56.214248][ T5366] Bluetooth: hci3: command tx timeout
[   56.214274][ T5366] Bluetooth: hci0: command tx timeout
[   56.216733][ T5360] Bluetooth: hci1: command tx timeout
[   56.702038][ T5491] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[   56.940742][ T5481] syz.2.15 (5481) used greatest stack depth: 21120 bytes left
[   57.185726][ T5502] netlink: 20 bytes leftover after parsing attributes in process `syz.1.21'.
[   57.289137][ T5503] overlayfs: failed to resolve './file1': -2
[   58.565086][ T5512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   58.824006][ T5401] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   58.827772][ T5516] netlink: 288 bytes leftover after parsing attributes in process `syz.2.24'.
[   59.013938][ T5401] usb 8-1: Using ep0 maxpacket: 8
[   59.017257][ T5401] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[   59.027443][ T5401] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[   59.030015][ T5401] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[   59.044991][ T5401] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[   59.048961][ T5401] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[   59.063985][ T5401] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   59.071849][ T5401] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[   59.075070][ T5401] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[   59.077625][ T5401] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[   59.080716][ T5401] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[   59.085898][ T5401] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[   59.088170][ T5522] process 'syz.0.25' launched './file2' with NULL argv: empty string added
[   59.090047][ T5401] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   59.098929][ T5401] usb 8-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[   59.102049][ T5401] usb 8-1: config 246 descriptor has 1 excess byte, ignoring
[   59.104843][ T5401] usb 8-1: config 246 has 1 interface, different from the descriptor's value: 42
[   59.107994][ T5401] usb 8-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[   59.111862][ T5401] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[   59.115705][ T5401] usb 8-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   59.126918][ T5401] usb 8-1: string descriptor 0 read error: -22
[   59.129301][ T5401] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   59.132744][ T5401] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.143010][ T5401] adutux 8-1:246.0: interrupt endpoints not found
[   59.953592][   T63] usb 8-1: USB disconnect, device number 2
[   60.646398][ T5536] Bluetooth: MGMT ver 1.23
[   60.803586][ T5541] syz.3.29: attempt to access beyond end of device
[   60.803586][ T5541] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0
[   60.807314][ T5541] EXT4-fs (loop3): unable to read superblock
[   60.844765][ T5541] usb 2-1: USB disconnect, device number 2
[   61.017649][ T5542] hub 2-0:1.0: USB hub found
[   61.019455][ T5542] hub 2-0:1.0: 6 ports detected
[   61.194014][ T5401] usb 2-1: new high-speed USB device number 3 using ehci-pci
[   61.387227][ T5401] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   61.396640][ T5401] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   61.420553][ T5401] usb 2-1: Product: QEMU USB Tablet
[   61.428673][ T5401] usb 2-1: Manufacturer: QEMU
[   61.452853][ T5401] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   61.524131][ T5401] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0002/input/input5
[   61.570319][ T5548] capability: warning: `syz.0.32' uses deprecated v2 capabilities in a way that may be insecure
[   61.606181][ T5401] hid-generic 0003:0627:0001.0002: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   61.988973][ T5550] netlink: 288 bytes leftover after parsing attributes in process `syz.2.33'.
[   62.907355][ T5559] netlink: 'syz.3.34': attribute type 3 has an invalid length.
[   62.909578][ T5559] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.34'.
[   62.914923][ T5559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.34'.
[   64.082989][ T5576] netlink: 24 bytes leftover after parsing attributes in process `syz.2.38'.
[   64.594999][ T5360] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   64.597313][ T5360] Bluetooth: hci3: Injecting HCI hardware error event
[   64.600372][ T5360] Bluetooth: hci3: hardware error 0x00
[   64.832718][    T9] cfg80211: failed to load regulatory.db
[   65.116734][ T5582] syz.3.39 uses obsolete (PF_INET,SOCK_PACKET)
[   65.703346][ T5366] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[   65.706959][ T5366] CPU: 1 UID: 0 PID: 5366 Comm: kworker/u33:4 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[   65.710667][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   65.714238][ T5366] Workqueue: hci2 hci_rx_work
[   65.716031][ T5366] Call Trace:
[   65.717227][ T5366]  <TASK>
[   65.718299][ T5366]  dump_stack_lvl+0x16c/0x1f0
[   65.719910][ T5366]  sysfs_warn_dup+0x7f/0xa0
[   65.721458][ T5366]  sysfs_create_dir_ns+0x24d/0x2b0
[   65.723232][ T5366]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   65.724977][ T5366]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   65.726822][ T5366]  ? kobject_add_internal+0x12d/0x990
[   65.728720][ T5366]  ? do_raw_spin_unlock+0x172/0x230
[   65.730534][ T5366]  kobject_add_internal+0x2c8/0x990
[   65.732369][ T5366]  kobject_add+0x16f/0x240
[   65.733928][ T5366]  ? __pfx_kobject_add+0x10/0x10
[   65.735640][ T5366]  ? class_to_subsys+0x3e/0x160
[   65.737386][ T5366]  ? do_raw_spin_unlock+0x172/0x230
[   65.739158][ T5366]  ? kobject_put+0xab/0x5a0
[   65.740760][ T5366]  device_add+0x289/0x1a70
[   65.742325][ T5366]  ? __pfx_dev_set_name+0x10/0x10
[   65.744033][ T5366]  ? __pfx_device_add+0x10/0x10
[   65.745675][ T5366]  ? mgmt_send_event_skb+0x2f2/0x460
[   65.747469][ T5366]  hci_conn_add_sysfs+0x17e/0x230
[   65.749191][ T5366]  le_conn_complete_evt+0xfc7/0x1cf0
[   65.750982][ T5366]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   65.752896][ T5366]  ? trace_contention_end+0xea/0x140
[   65.754583][ T5366]  hci_le_enh_conn_complete_evt+0x23d/0x380
[   65.756569][ T5366]  ? skb_pull_data+0x166/0x210
[   65.758202][ T5366]  hci_le_meta_evt+0x2e2/0x5d0
[   65.759828][ T5366]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[   65.761998][ T5366]  hci_event_packet+0x666/0x1190
[   65.763672][ T5366]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   65.765460][ T5366]  ? __pfx_hci_event_packet+0x10/0x10
[   65.767281][ T5366]  ? mark_held_locks+0x9f/0xe0
[   65.768933][ T5366]  ? kcov_remote_start+0x3cf/0x6e0
[   65.770642][ T5366]  ? lockdep_hardirqs_on+0x7c/0x110
[   65.772383][ T5366]  hci_rx_work+0x2c6/0x1610
[   65.773925][ T5366]  ? lock_acquire+0x2f/0xb0
[   65.775496][ T5366]  ? process_one_work+0x8bb/0x1b30
[   65.777226][ T5366]  process_one_work+0x958/0x1b30
[   65.778940][ T5366]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   65.780839][ T5366]  ? __pfx_process_one_work+0x10/0x10
[   65.782650][ T5366]  ? assign_work+0x1a0/0x250
[   65.784241][ T5366]  worker_thread+0x6c8/0xf00
[   65.785807][ T5366]  ? __pfx_worker_thread+0x10/0x10
[   65.787562][ T5366]  kthread+0x2c1/0x3a0
[   65.788990][ T5366]  ? _raw_spin_unlock_irq+0x23/0x50
[   65.790756][ T5366]  ? __pfx_kthread+0x10/0x10
[   65.792318][ T5366]  ret_from_fork+0x45/0x80
[   65.793853][ T5366]  ? __pfx_kthread+0x10/0x10
[   65.795419][ T5366]  ret_from_fork_asm+0x1a/0x30
[   65.797061][ T5366]  </TASK>
[   65.801036][ T5366] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   65.805920][ T5366] Bluetooth: hci2: failed to register connection device
[   66.158687][ T5593] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.161819][ T5593] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.673979][ T5360] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   66.774244][   T39] audit: type=1326 audit(1727960771.059:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5590 comm="syz.1.42" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x7fc00000
[   67.030916][   T39] audit: type=1326 audit(1727960771.319:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5595 comm="syz.1.43" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x0
[   67.523994][   T30] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   67.873974][ T5360] Bluetooth: hci2: command tx timeout
[   69.918898][ T5621] xt_HMARK: spi-set and port-set can't be combined
[   70.031526][ T5627] program syz.0.51 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   70.060151][ T5627] netlink: 'syz.0.51': attribute type 2 has an invalid length.
[   70.067740][   T39] audit: type=1326 audit(1727960774.359:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5626 comm="syz.0.51" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x0
[   70.757553][ T1374] ieee802154 phy0 wpan0: encryption failed: -22
[   70.759923][ T1374] ieee802154 phy1 wpan1: encryption failed: -22
[   72.533353][   T39] audit: type=1326 audit(1727960776.689:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5660 comm="syz.3.58" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x0
[   72.664089][   T64] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   72.803989][   T64] usb 8-1: device descriptor read/64, error -71
[   73.044050][   T64] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[   73.183954][   T64] usb 8-1: device descriptor read/64, error -71
[   73.295446][   T64] usb usb8-port1: attempt power cycle
[   73.643956][   T64] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[   73.674992][   T64] usb 8-1: device descriptor read/8, error -71
[   73.933977][   T64] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   73.954931][   T64] usb 8-1: device descriptor read/8, error -71
[   74.074183][   T64] usb usb8-port1: unable to enumerate USB device
[   74.512537][ T5686] tmpfs: Bad value for 'mpol'
[   75.320685][ T5693] netlink: 24 bytes leftover after parsing attributes in process `syz.3.64'.
[   75.346806][ T5693] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   75.349551][ T5693] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   75.387662][ T5696] syz.2.65: attempt to access beyond end of device
[   75.387662][ T5696] loop2: rw=4096, sector=2, nr_sectors = 2 limit=0
[   75.392034][ T5696] EXT4-fs (loop2): unable to read superblock
[   75.405393][ T5696] usb 2-1: USB disconnect, device number 3
[   75.487098][ T5697] hub 2-0:1.0: USB hub found
[   75.496399][ T5697] hub 2-0:1.0: 6 ports detected
[   75.684981][ T5401] usb 2-1: new high-speed USB device number 4 using ehci-pci
[   75.727795][ T5702] syz.0.67 (5702): drop_caches: 2
[   75.786176][ T5702] syz.0.67 (5702): drop_caches: 2
[   75.891122][ T5401] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   75.896718][ T5401] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   75.905993][ T5401] usb 2-1: Product: QEMU USB Tablet
[   75.910988][ T5401] usb 2-1: Manufacturer: QEMU
[   75.914597][ T5401] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   75.953950][ T5401] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0003/input/input7
[   75.980038][ T5401] hid-generic 0003:0627:0001.0003: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   76.206125][ T5693] syz.3.64 (5693) used greatest stack depth: 20288 bytes left
[   78.677459][ T5721] syz.0.72 (5721): drop_caches: 2
[   78.679211][ T5721] syz.0.72 (5721): drop_caches: 2
[   78.748476][ T5720] netlink: 288 bytes leftover after parsing attributes in process `syz.3.71'.
[   79.418240][ T5729] tmpfs: Bad value for 'mpol'
[   80.250105][ T5729] blktrace: Concurrent blktraces are not allowed on nbd1
[   80.659588][ T5743] netlink: 24 bytes leftover after parsing attributes in process `syz.1.77'.
[   80.678826][ T5743] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   80.683947][ T5743] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   81.380795][ T5751] netlink: 'syz.0.78': attribute type 3 has an invalid length.
[   81.382831][ T5751] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.78'.
[   81.392931][ T5749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.78'.
[   81.495042][ T5750] netlink: 288 bytes leftover after parsing attributes in process `syz.3.79'.
[   83.876573][ T5777] syz.0.84 (5777): drop_caches: 2
[   83.878627][ T5777] syz.0.84 (5777): drop_caches: 2
[   84.541233][ T5789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.88'.
[   84.683925][  T980] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   84.844015][  T980] usb 6-1: Using ep0 maxpacket: 32
[   84.847072][  T980] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   84.849849][  T980] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   84.861435][  T980] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[   84.864724][  T980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.866749][  T980] usb 6-1: Product: syz
[   84.867872][  T980] usb 6-1: Manufacturer: syz
[   84.869099][  T980] usb 6-1: SerialNumber: syz
[   85.087123][  T980] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[   85.387006][ T1409] usb 6-1: USB disconnect, device number 3
[   85.426672][ T1409] usblp0: removed
[   85.451422][ T5787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.035718][ T5803] syz.0.92 (5803): drop_caches: 2
[   86.038477][ T5803] syz.0.92 (5803): drop_caches: 2
[   86.128503][ T5807] syz.1.93: attempt to access beyond end of device
[   86.128503][ T5807] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0
[   86.131968][ T5807] EXT4-fs (loop1): unable to read superblock
[   86.148363][ T5807] usb 2-1: USB disconnect, device number 4
[   86.155408][ T5796] tmpfs: Bad value for 'mpol'
[   86.373526][ T5809] hub 2-0:1.0: USB hub found
[   86.381554][ T5809] hub 2-0:1.0: 6 ports detected
[   86.593988][ T5401] usb 2-1: new high-speed USB device number 5 using ehci-pci
[   86.803545][ T5401] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[   86.806223][ T5401] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[   86.808426][ T5401] usb 2-1: Product: QEMU USB Tablet
[   86.809879][ T5401] usb 2-1: Manufacturer: QEMU
[   86.815818][ T5401] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[   86.848584][ T5401] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0004/input/input9
[   86.858442][ T5818] syz.2.95 (5818): drop_caches: 2
[   86.861635][ T5818] syz.2.95 (5818): drop_caches: 2
[   86.918172][ T5401] hid-generic 0003:0627:0001.0004: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[   86.999054][ T5821] syz.3.102 (5821): drop_caches: 2
[   87.001339][ T5821] syz.3.102 (5821): drop_caches: 2
[   89.829817][ T5844] tmpfs: Bad value for 'mpol'
[   89.975570][ T5851] syz.3.103 (5851): drop_caches: 2
[   89.977204][ T5851] syz.3.103 (5851): drop_caches: 2
[   90.501098][ T5854] tmpfs: Bad value for 'mpol'
[   90.777924][ T5859] syz.3.105 (5859): drop_caches: 2
[   90.780739][ T5859] syz.3.105 (5859): drop_caches: 2
[   91.746487][ T5862] syz.3.106 (5862): drop_caches: 2
[   91.748284][ T5862] syz.3.106 (5862): drop_caches: 2
[   92.105801][ T5844] blktrace: Concurrent blktraces are not allowed on nbd1
[   92.711720][ T5865] tmpfs: Bad value for 'mpol'
[   93.104823][ T5869] tmpfs: Bad value for 'mpol'
[   93.562398][ T5869] blktrace: Concurrent blktraces are not allowed on nbd2
[   95.667528][ T5898] syz.0.114 (5898): drop_caches: 2
[   95.669539][ T5898] syz.0.114 (5898): drop_caches: 2
[   95.952767][ T5901] syz.1.115 (5901): drop_caches: 2
[   95.955051][ T5901] syz.1.115 (5901): drop_caches: 2
[   96.130560][ T5912] syz.3.118 (5912): drop_caches: 2
[   96.133195][ T5912] syz.3.118 (5912): drop_caches: 2
[   96.695268][ T5914] tmpfs: Bad value for 'mpol'
[   97.037304][ T5914] blktrace: Concurrent blktraces are not allowed on nbd1
[   97.141940][ T5923] cgroup: fork rejected by pids controller in /syz3
[   97.150765][ T5920] loop8: detected capacity change from 0 to 131072
[   97.415101][ T5925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.723975][    T8] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   97.897287][    T8] usb 7-1: Using ep0 maxpacket: 8
[   97.900597][    T8] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[   97.914158][    T8] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[   97.916219][    T8] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[   97.923712][    T8] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[   97.927463][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[   97.930372][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   97.936401][    T8] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[   97.938711][    T8] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[   97.940873][    T8] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[   97.943254][    T8] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[   97.948892][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[   97.953938][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   97.973903][    T8] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[   97.997079][    T8] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[   97.999033][    T8] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[   98.001438][    T8] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[   98.005275][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[   98.008195][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   98.029092][    T8] usb 7-1: string descriptor 0 read error: -22
[   98.030768][    T8] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   98.033141][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.045004][    T8] adutux 7-1:246.0: interrupt endpoints not found
[   98.505081][ T6600] tmpfs: Bad value for 'mpol'
[   98.741539][    T8] usb 7-1: USB disconnect, device number 3
[   98.951592][ T6600] blktrace: Concurrent blktraces are not allowed on nbd1
[   99.114540][ T6614] tmpfs: Bad value for 'mpol'
[   99.186363][ T6615] blktrace: Concurrent blktraces are not allowed on nbd1
[   99.439335][ T6618] syz.2.130 (6618): drop_caches: 2
[   99.441173][ T6618] syz.2.130 (6618): drop_caches: 2
[   99.717360][ T6620] tmpfs: Bad value for 'mpol'
[   99.798101][ T6621] blktrace: Concurrent blktraces are not allowed on nbd3
[  100.234758][ T6628] tmpfs: Bad value for 'mpol'
[  100.321008][ T6630] blktrace: Concurrent blktraces are not allowed on nbd1
[  100.888510][ T6633] cgroup: fork rejected by pids controller in /syz0
[  100.961408][ T6709] warning: `syz.2.136' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  100.970545][ T6709] Driver unsupported XDP return value 0 on prog  (id 49) dev N/A, expect packet loss!
[  101.041770][ T6965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.138'.
[  101.199286][ T6968] cgroup: fork rejected by pids controller in /syz2
[  104.320887][ T7468] syz.2.141 (7468): drop_caches: 2
[  104.324246][ T7468] syz.2.141 (7468): drop_caches: 2
[  104.338323][ T7469] syz.0.139: attempt to access beyond end of device
[  104.338323][ T7469] loop0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  104.342145][ T7469] EXT4-fs (loop0): unable to read superblock
[  104.372725][ T7469] usb 2-1: USB disconnect, device number 5
[  104.501357][ T7487] hub 2-0:1.0: USB hub found
[  104.510170][ T7487] hub 2-0:1.0: 6 ports detected
[  104.556541][ T7490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.143'.
[  104.684373][   T64] usb 2-1: new high-speed USB device number 6 using ehci-pci
[  104.878493][   T64] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  104.881713][   T64] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  104.886344][   T64] usb 2-1: Product: QEMU USB Tablet
[  104.889963][   T64] usb 2-1: Manufacturer: QEMU
[  104.893290][   T64] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  104.944330][   T64] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0005/input/input10
[  105.028479][   T64] hid-generic 0003:0627:0001.0005: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  106.017834][ T7497] tmpfs: Bad value for 'mpol'
[  106.100211][ T7498] blktrace: Concurrent blktraces are not allowed on nbd2
[  106.285135][ T7504] input: syz0 as /devices/virtual/input/input11
[  106.514984][   T64] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  106.686239][   T64] usb 8-1: config 0 has no interfaces?
[  106.688402][   T64] usb 8-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  106.691701][   T64] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.699800][   T64] usb 8-1: config 0 descriptor??
[  106.977635][   T64] IPVS: starting estimator thread 0...
[  107.077012][ T7510] IPVS: using max 34 ests per chain, 81600 per kthread
[  107.525573][ T7522] netlink: 12 bytes leftover after parsing attributes in process `syz.0.151'.
[  107.661338][ T7529] syz.1.153 (7529): drop_caches: 2
[  107.672160][ T7529] syz.1.153 (7529): drop_caches: 2
[  108.784800][   T64] usb 8-1: USB disconnect, device number 7
[  108.934024][ T7541] syz.0.156: attempt to access beyond end of device
[  108.934024][ T7541] loop0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  108.938615][ T7541] EXT4-fs (loop0): unable to read superblock
[  108.971863][ T7541] usb 2-1: USB disconnect, device number 6
[  109.084689][ T7541] hub 2-0:1.0: USB hub found
[  109.086863][ T7541] hub 2-0:1.0: 6 ports detected
[  109.138792][ T7543] netlink: 4 bytes leftover after parsing attributes in process `syz.2.157'.
[  109.274058][   T64] usb 2-1: new high-speed USB device number 7 using ehci-pci
[  109.491915][   T64] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  109.496552][   T64] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  109.500605][   T64] usb 2-1: Product: QEMU USB Tablet
[  109.504316][   T64] usb 2-1: Manufacturer: QEMU
[  109.507399][   T64] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  109.552400][   T64] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0006/input/input12
[  109.620365][   T64] hid-generic 0003:0627:0001.0006: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  110.930672][ T7557] tmpfs: Bad value for 'mpol'
[  111.748682][ T7557] blktrace: Concurrent blktraces are not allowed on nbd1
[  111.932309][ T7573] netlink: 12 bytes leftover after parsing attributes in process `syz.3.163'.
[  112.951780][ T7590] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.171' sets config #0
[  113.019167][ T7587] tmpfs: Bad value for 'mpol'
[  113.078128][ T7593] bridge0: port 3(syz_tun) entered blocking state
[  113.079908][ T7593] bridge0: port 3(syz_tun) entered disabled state
[  113.081673][ T7593] syz_tun: entered allmulticast mode
[  113.083760][ T7593] syz_tun: entered promiscuous mode
[  113.102905][ T7593] bridge0: port 3(syz_tun) entered blocking state
[  113.105333][ T7593] bridge0: port 3(syz_tun) entered forwarding state
[  113.294474][ T7592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.584174][    T8] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  113.733909][    T8] usb 6-1: Using ep0 maxpacket: 8
[  113.738776][    T8] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  113.741985][    T8] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  113.746493][    T8] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  113.749125][    T8] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  113.752429][    T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  113.755992][    T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  113.770536][    T8] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  113.773504][    T8] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  113.776026][    T8] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  113.778606][    T8] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  113.788037][    T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  113.797144][    T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  113.808472][    T8] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  113.815742][    T8] usb 6-1: config 246 descriptor has 1 excess byte, ignoring
[  113.817705][    T8] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42
[  113.820099][    T8] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  113.833952][    T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  113.837025][    T8] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  113.853128][    T8] usb 6-1: string descriptor 0 read error: -22
[  113.855626][    T8] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  113.858143][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.875915][    T8] adutux 6-1:246.0: interrupt endpoints not found
[  113.883925][ T5366] Bluetooth: hci2: command 0x0405 tx timeout
[  114.446695][ T7587] blktrace: Concurrent blktraces are not allowed on nbd2
[  114.869911][ T5402] usb 6-1: USB disconnect, device number 4
[  115.407869][ T7608] tmpfs: Bad value for 'mpol'
[  115.812418][ T7608] blktrace: Concurrent blktraces are not allowed on nbd2
[  116.405427][ T7637] xt_NFQUEUE: number of total queues is 0
[  116.514385][ T7638] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  117.250250][ T7642] tmpfs: Bad value for 'mpol'
[  117.329014][ T7644] blktrace: Concurrent blktraces are not allowed on nbd0
[  118.544590][ T7640] tmpfs: Bad value for 'mpol'
[  119.026215][ T7661] autofs: Bad value for 'fd'
[  119.121893][   T39] audit: type=1804 audit(1727960823.409:7): pid=7661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.188" name="/newroot/46/bus/bus" dev="overlay" ino=306 res=1 errno=0
[  119.150603][ T7640] blktrace: Concurrent blktraces are not allowed on nbd3
[  119.967924][ T5366] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  119.971358][ T5366] CPU: 1 UID: 0 PID: 5366 Comm: kworker/u33:4 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[  119.975067][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  119.978210][ T5366] Workqueue: hci0 hci_rx_work
[  119.979541][ T5366] Call Trace:
[  119.980426][ T5366]  <TASK>
[  119.981214][ T5366]  dump_stack_lvl+0x16c/0x1f0
[  119.982459][ T5366]  sysfs_warn_dup+0x7f/0xa0
[  119.983687][ T5366]  sysfs_create_dir_ns+0x24d/0x2b0
[  119.985043][ T5366]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  119.986520][ T5366]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  119.988049][ T5366]  ? kobject_add_internal+0x12d/0x990
[  119.989568][ T5366]  ? do_raw_spin_unlock+0x172/0x230
[  119.990994][ T5366]  kobject_add_internal+0x2c8/0x990
[  119.992388][ T5366]  kobject_add+0x16f/0x240
[  119.993603][ T5366]  ? __pfx_kobject_add+0x10/0x10
[  119.994924][ T5366]  ? class_to_subsys+0x3e/0x160
[  119.996268][ T5366]  ? do_raw_spin_unlock+0x172/0x230
[  119.997643][ T5366]  ? kobject_put+0xab/0x5a0
[  119.998845][ T5366]  device_add+0x289/0x1a70
[  120.000041][ T5366]  ? __pfx_dev_set_name+0x10/0x10
[  120.001371][ T5366]  ? __pfx_device_add+0x10/0x10
[  120.002653][ T5366]  ? mgmt_send_event_skb+0x2f2/0x460
[  120.004059][ T5366]  hci_conn_add_sysfs+0x17e/0x230
[  120.005373][ T5366]  le_conn_complete_evt+0xfc7/0x1cf0
[  120.006746][ T5366]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  120.008265][ T5366]  ? trace_contention_end+0xea/0x140
[  120.009652][ T5366]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  120.011200][ T5366]  ? skb_pull_data+0x166/0x210
[  120.012485][ T5366]  hci_le_meta_evt+0x2e2/0x5d0
[  120.013752][ T5366]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  120.015456][ T5366]  hci_event_packet+0x666/0x1190
[  120.016759][ T5366]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  120.018149][ T5366]  ? __pfx_hci_event_packet+0x10/0x10
[  120.019569][ T5366]  ? mark_held_locks+0x9f/0xe0
[  120.020836][ T5366]  ? kcov_remote_start+0x3cf/0x6e0
[  120.022192][ T5366]  ? lockdep_hardirqs_on+0x7c/0x110
[  120.023571][ T5366]  hci_rx_work+0x2c6/0x1610
[  120.024786][ T5366]  ? lock_acquire+0x2f/0xb0
[  120.026102][ T5366]  ? process_one_work+0x8bb/0x1b30
[  120.027568][ T5366]  process_one_work+0x958/0x1b30
[  120.028950][ T5366]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  120.030513][ T5366]  ? __pfx_process_one_work+0x10/0x10
[  120.031948][ T5366]  ? assign_work+0x1a0/0x250
[  120.033183][ T5366]  worker_thread+0x6c8/0xf00
[  120.034416][ T5366]  ? __pfx_worker_thread+0x10/0x10
[  120.035856][ T5366]  kthread+0x2c1/0x3a0
[  120.037052][ T5366]  ? _raw_spin_unlock_irq+0x23/0x50
[  120.038824][ T5366]  ? __pfx_kthread+0x10/0x10
[  120.040413][ T5366]  ret_from_fork+0x45/0x80
[  120.041931][ T5366]  ? __pfx_kthread+0x10/0x10
[  120.043522][ T5366]  ret_from_fork_asm+0x1a/0x30
[  120.045169][ T5366]  </TASK>
[  120.047422][ T5366] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  120.052114][ T5366] Bluetooth: hci0: failed to register connection device
[  120.298317][ T7683] tmpfs: Bad value for 'mpol'
[  120.385568][ T7685] blktrace: Concurrent blktraces are not allowed on nbd1
[  122.125185][ T5360] Bluetooth: hci0: command tx timeout
[  122.822021][ T7691] tmpfs: Bad value for 'mpol'
[  122.825564][ T7693] overlayfs: failed to resolve './file0': -2
[  122.895956][ T7698] blktrace: Concurrent blktraces are not allowed on nbd0
[  123.080122][ T7702] tmpfs: Bad value for 'mpol'
[  123.162551][ T7703] blktrace: Concurrent blktraces are not allowed on nbd3
[  123.284355][ T7705] tmpfs: Bad value for 'mpol'
[  124.682890][ T7705] blktrace: Concurrent blktraces are not allowed on nbd1
[  125.290922][ T7725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  125.594718][    T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  125.753931][    T8] usb 5-1: Using ep0 maxpacket: 8
[  125.787382][    T8] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  125.790677][    T8] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  125.793386][    T8] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  125.797008][    T8] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  125.801707][    T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  125.807308][    T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  125.835780][    T8] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  125.839408][    T8] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  125.842127][    T8] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  125.845555][    T8] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  125.850358][    T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  125.855025][    T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  125.876343][    T8] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  125.879639][    T8] usb 5-1: config 246 descriptor has 1 excess byte, ignoring
[  125.882355][    T8] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42
[  125.900234][    T8] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  125.919787][    T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  125.924591][    T8] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  125.975943][    T8] usb 5-1: string descriptor 0 read error: -22
[  125.978318][    T8] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  125.981621][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.127820][    T8] adutux 5-1:246.0: interrupt endpoints not found
[  126.638693][    T8] usb 5-1: USB disconnect, device number 3
[  126.754498][ T7758] tmpfs: Bad value for 'mpol'
[  126.823631][ T7759] blktrace: Concurrent blktraces are not allowed on nbd3
[  127.824623][ T7769] tmpfs: Bad value for 'mpol'
[  127.865545][ T7771] overlayfs: missing 'lowerdir'
[  128.259763][ T7769] blktrace: Concurrent blktraces are not allowed on nbd0
[  128.551300][ T7777] cgroup: fork rejected by pids controller in /syz1
[  129.331021][ T8289] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  129.333933][ T8289] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  129.335799][   T39] audit: type=1326 audit(1727960833.629:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8288 comm="syz.1.218" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x0
[  129.350251][ T8289] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  129.358170][ T8289] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  129.362654][ T8289] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  129.364575][ T8289] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  129.375798][ T8289] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  129.381230][ T8289] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  129.383025][ T8289] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  129.387074][ T8289] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  129.397281][ T8289] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  129.888278][ T8293] tmpfs: Bad value for 'mpol'
[  129.950076][ T8294] blktrace: Concurrent blktraces are not allowed on nbd1
[  130.479694][ T8300] syz.0.221 (8300): drop_caches: 2
[  130.482486][ T8300] syz.0.221 (8300): drop_caches: 2
[  131.155124][ T5360] Bluetooth: hci0: command 0x0c1a tx timeout
[  131.394101][ T5366] Bluetooth: hci1: command 0x0c1a tx timeout
[  131.397843][ T5360] Bluetooth: hci2: command 0x0405 tx timeout
[  131.749785][ T8702] netlink: 'syz.3.227': attribute type 1 has an invalid length.
[  131.833255][ T8793] tmpfs: Bad value for 'mpol'
[  131.905911][ T8795] blktrace: Concurrent blktraces are not allowed on nbd0
[  132.095798][ T8791] tmpfs: Bad value for 'mpol'
[  132.195108][ T1374] ieee802154 phy0 wpan0: encryption failed: -22
[  132.197337][ T1374] ieee802154 phy1 wpan1: encryption failed: -22
[  132.527346][ T8791] blktrace: Concurrent blktraces are not allowed on nbd3
[  132.806110][ T8802] netlink: 40 bytes leftover after parsing attributes in process `syz.1.240'.
[  132.861823][ T8805] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  133.234974][ T5360] Bluetooth: hci0: command 0x0c1a tx timeout
[  133.484716][ T5360] Bluetooth: hci2: command 0x0405 tx timeout
[  133.487057][ T5360] Bluetooth: hci1: command 0x0c1a tx timeout
[  134.827781][ T5360] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  134.832388][ T5360] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  134.837274][ T5360] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  134.841346][ T5360] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  134.844570][ T5360] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  134.848493][ T5360] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  135.007037][ T8830] chnl_net:caif_netlink_parms(): no params data found
[  135.178117][ T8830] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.180262][ T8830] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.182697][ T8830] bridge_slave_0: entered allmulticast mode
[  135.185953][ T8830] bridge_slave_0: entered promiscuous mode
[  135.190699][ T8830] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.192936][ T8830] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.195329][ T8830] bridge_slave_1: entered allmulticast mode
[  135.197629][ T8830] bridge_slave_1: entered promiscuous mode
[  135.233220][ T8830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  135.238332][ T8830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.291366][ T8830] team0: Port device team_slave_0 added
[  135.294229][ T8830] team0: Port device team_slave_1 added
[  135.317173][ T5360] Bluetooth: hci0: command 0x0c1a tx timeout
[  135.378607][ T8830] batman_adv: batadv0: Adding interface: batadv_slave_0
[  135.381156][ T8830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.388592][ T8830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  135.400144][ T8830] batman_adv: batadv0: Adding interface: batadv_slave_1
[  135.402028][ T8830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.408818][ T8830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  135.494974][ T8830] hsr_slave_0: entered promiscuous mode
[  135.498848][ T8830] hsr_slave_1: entered promiscuous mode
[  135.508063][ T8830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  135.513095][ T8830] Cannot create hsr debugfs directory
[  135.554163][ T5360] Bluetooth: hci1: command 0x0c1a tx timeout
[  135.554185][ T5366] Bluetooth: hci2: command 0x0405 tx timeout
[  135.715884][ T8830] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.831108][ T8830] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.921420][ T8830] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.027035][ T8830] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.146518][ T8830] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  136.153593][ T8830] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  136.179766][ T8830] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  136.186382][ T8830] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  136.230986][ T8830] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.241963][ T8830] 8021q: adding VLAN 0 to HW filter on device team0
[  136.263291][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.265302][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.289774][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.292263][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.557404][ T8830] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.611810][ T8830] veth0_vlan: entered promiscuous mode
[  136.629384][ T8830] veth1_vlan: entered promiscuous mode
[  136.680979][ T8830] veth0_macvtap: entered promiscuous mode
[  136.691138][ T8830] veth1_macvtap: entered promiscuous mode
[  136.703416][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.708807][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.714761][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.718778][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.722336][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.728299][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.732050][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.736151][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.742870][ T8830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.753150][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.758112][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.761341][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.765588][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.769439][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.773652][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.778505][ T8830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.782397][ T8830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.790558][ T8830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.806330][ T8830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.825692][ T8830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.828060][ T8830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.830343][ T8830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.913986][ T5366] Bluetooth: hci4: command tx timeout
[  136.922353][  T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.925328][  T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.950243][  T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.952677][  T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.974303][ T9385] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 1 (only 8 groups)
[  137.404747][ T5366] Bluetooth: hci0: command 0x0c1a tx timeout
[  137.432920][ T9393] syz.3.247 (9393): drop_caches: 2
[  137.463021][ T9393] syz.3.247 (9393): drop_caches: 2
[  137.634150][ T5366] Bluetooth: hci2: command 0x0405 tx timeout
[  137.644455][ T5366] Bluetooth: hci1: command 0x0c1a tx timeout
[  137.712289][ T9399] netlink: 20 bytes leftover after parsing attributes in process `syz.0.248'.
[  138.539578][ T9413] tmpfs: Bad value for 'mpol'
[  138.609479][ T9414] blktrace: Concurrent blktraces are not allowed on nbd1
[  139.004031][ T5366] Bluetooth: hci4: command tx timeout
[  139.186818][ T9425] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  139.494468][    T8] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  139.644386][    T8] usb 7-1: Using ep0 maxpacket: 8
[  139.658114][    T8] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  139.661433][    T8] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  139.684075][    T8] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  139.687836][    T8] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  139.690953][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  139.706642][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  139.711700][    T8] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  139.724018][    T8] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  139.726928][    T8] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  139.730504][    T8] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  139.746737][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  139.750868][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  139.761794][    T8] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  139.765566][    T8] usb 7-1: config 246 descriptor has 1 excess byte, ignoring
[  139.768165][    T8] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42
[  139.771297][    T8] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF
[  139.779356][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11
[  139.783698][    T8] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  139.799964][    T8] usb 7-1: string descriptor 0 read error: -22
[  139.801691][    T8] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  139.805460][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.817428][    T8] adutux 7-1:246.0: interrupt endpoints not found
[  139.994418][ T9436] syz.3.260 (9436): drop_caches: 2
[  140.005110][ T9436] syz.3.260 (9436): drop_caches: 2
[  141.073922][ T5366] Bluetooth: hci4: command tx timeout
[  141.077138][    T9] usb 7-1: USB disconnect, device number 4
[  141.132940][ T9446] tmpfs: Bad value for 'mpol'
[  141.197612][ T9448] blktrace: Concurrent blktraces are not allowed on nbd3
[  141.711729][ T9454] tmpfs: Bad value for 'mpol'
[  141.732795][ T9455] syz.2.266 (9455): drop_caches: 2
[  141.736103][ T9455] syz.2.266 (9455): drop_caches: 2
[  141.799532][ T9456] blktrace: Concurrent blktraces are not allowed on nbd1
[  142.064154][ T9459] fuse: Unknown parameter 'grou00000000000000000000'
[  142.348533][ T9467] tmpfs: Bad value for 'mpol'
[  142.793229][ T9478] syz.1.280: attempt to access beyond end of device
[  142.793229][ T9478] loop1: rw=4096, sector=2, nr_sectors = 2 limit=0
[  142.798032][ T9478] EXT4-fs (loop1): unable to read superblock
[  142.807834][ T9478] usb 2-1: USB disconnect, device number 7
[  143.153970][ T5366] Bluetooth: hci4: command tx timeout
[  143.242515][ T9467] blktrace: Concurrent blktraces are not allowed on nbd0
[  143.448504][ T9481] tmpfs: Bad value for 'mpol'
[  143.600235][ T5366] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  143.603579][ T5366] CPU: 0 UID: 0 PID: 5366 Comm: kworker/u33:4 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[  143.607254][ T5366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.610095][ T5366] Workqueue: hci4 hci_rx_work
[  143.611635][ T5366] Call Trace:
[  143.612508][ T5366]  <TASK>
[  143.613269][ T5366]  dump_stack_lvl+0x16c/0x1f0
[  143.614423][ T5366]  sysfs_warn_dup+0x7f/0xa0
[  143.615619][ T5366]  sysfs_create_dir_ns+0x24d/0x2b0
[  143.616984][ T5366]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  143.618471][ T5366]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  143.619891][ T5366]  ? kobject_add_internal+0x12d/0x990
[  143.621298][ T5366]  ? do_raw_spin_unlock+0x172/0x230
[  143.622654][ T5366]  kobject_add_internal+0x2c8/0x990
[  143.624042][ T5366]  kobject_add+0x16f/0x240
[  143.625221][ T5366]  ? __pfx_kobject_add+0x10/0x10
[  143.626528][ T5366]  ? class_to_subsys+0x3e/0x160
[  143.627887][ T5366]  ? do_raw_spin_unlock+0x172/0x230
[  143.629245][ T5366]  ? kobject_put+0xab/0x5a0
[  143.630445][ T5366]  device_add+0x289/0x1a70
[  143.631624][ T5366]  ? __pfx_dev_set_name+0x10/0x10
[  143.632943][ T5366]  ? __pfx_device_add+0x10/0x10
[  143.634219][ T5366]  ? mgmt_send_event_skb+0x2f2/0x460
[  143.635617][ T5366]  hci_conn_add_sysfs+0x17e/0x230
[  143.636937][ T5366]  le_conn_complete_evt+0xfc7/0x1cf0
[  143.638329][ T5366]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  143.639955][ T5366]  ? trace_contention_end+0xea/0x140
[  143.641324][ T5366]  hci_le_enh_conn_complete_evt+0x23d/0x380
[  143.642880][ T5366]  ? skb_pull_data+0x166/0x210
[  143.644146][ T5366]  hci_le_meta_evt+0x2e2/0x5d0
[  143.645394][ T5366]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  143.647095][ T5366]  hci_event_packet+0x666/0x1190
[  143.648456][ T5366]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  143.649906][ T5366]  ? __pfx_hci_event_packet+0x10/0x10
[  143.651329][ T5366]  ? mark_held_locks+0x9f/0xe0
[  143.652682][ T5366]  ? kcov_remote_start+0x3cf/0x6e0
[  143.654015][ T5366]  ? lockdep_hardirqs_on+0x7c/0x110
[  143.655356][ T5366]  hci_rx_work+0x2c6/0x1610
[  143.656557][ T5366]  ? lock_acquire+0x2f/0xb0
[  143.657754][ T5366]  ? process_one_work+0x8bb/0x1b30
[  143.659101][ T5366]  process_one_work+0x958/0x1b30
[  143.660418][ T5366]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  143.661830][ T5366]  ? __pfx_process_one_work+0x10/0x10
[  143.663242][ T5366]  ? assign_work+0x1a0/0x250
[  143.664466][ T5366]  worker_thread+0x6c8/0xf00
[  143.665690][ T5366]  ? __pfx_worker_thread+0x10/0x10
[  143.667046][ T5366]  kthread+0x2c1/0x3a0
[  143.668142][ T5366]  ? _raw_spin_unlock_irq+0x23/0x50
[  143.669523][ T5366]  ? __pfx_kthread+0x10/0x10
[  143.670741][ T5366]  ret_from_fork+0x45/0x80
[  143.671929][ T5366]  ? __pfx_kthread+0x10/0x10
[  143.673150][ T5366]  ret_from_fork_asm+0x1a/0x30
[  143.674472][ T5366]  </TASK>
[  143.675708][ T5366] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  143.679773][ T5366] Bluetooth: hci4: failed to register connection device
[  143.728890][ T9490] tmpfs: Bad value for 'mpol'
[  143.796775][ T9491] blktrace: Concurrent blktraces are not allowed on nbd0
[  144.489121][ T9481] blktrace: Concurrent blktraces are not allowed on nbd3
[  144.742241][ T9498] syz.1.277 (9498): drop_caches: 2
[  144.754823][ T9498] syz.1.277 (9498): drop_caches: 2
[  145.049525][ T9514] syz.3.281: attempt to access beyond end of device
[  145.049525][ T9514] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  145.054322][ T9514] EXT4-fs (loop3): unable to read superblock
[  145.724263][ T5366] Bluetooth: hci4: command tx timeout
[  146.577615][ T9546] tmpfs: Bad value for 'mpol'
[  147.032495][ T9546] blktrace: Concurrent blktraces are not allowed on nbd1
[  148.247853][ T9565] input: syz0 as /devices/virtual/input/input13
[  150.277105][T10231] tmpfs: Bad value for 'mpol'
[  151.764034][T10245] autofs: Bad value for 'fd'
[  151.810192][   T39] audit: type=1804 audit(1727960856.099:9): pid=10245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.299" name="/newroot/80/bus/bus" dev="overlay" ino=495 res=1 errno=0
[  152.413719][T10251] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  152.416150][T10251] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  152.416239][   T39] audit: type=1326 audit(1727960856.719:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10250 comm="syz.2.301" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa4579 code=0x0
[  152.418336][T10251] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  152.438634][T10251] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  152.440990][T10251] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  152.443183][T10251] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  152.452378][T10251] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  152.460374][T10251] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  152.517937][T10231] blktrace: Concurrent blktraces are not allowed on nbd0
[  152.721035][T10256] syz.2.302 (10256): drop_caches: 2
[  152.725523][T10256] syz.2.302 (10256): drop_caches: 2
[  152.928684][   T39] audit: type=1326 audit(1727960857.219:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10342 comm="syz.3.306" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x0
[  153.133927][ T5401] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  153.316587][ T5401] usb 7-1: config 0 has no interfaces?
[  153.318574][ T5401] usb 7-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  153.331907][ T5401] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.336517][ T5401] usb 7-1: config 0 descriptor??
[  153.616296][ T5401] IPVS: starting estimator thread 0...
[  153.732781][T10444] IPVS: using max 34 ests per chain, 81600 per kthread
[  154.354085][ T5366] Bluetooth: hci0: command 0x0c1a tx timeout
[  154.433999][ T5366] Bluetooth: hci1: command 0x0c1a tx timeout
[  154.514795][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout
[  154.514803][ T5360] Bluetooth: hci2: command 0x0405 tx timeout
[  155.233705][    T8] usb 7-1: USB disconnect, device number 5
[  156.172061][T10469] tmpfs: Bad value for 'mpol'
[  156.501208][T10811] blktrace: Concurrent blktraces are not allowed on nbd3
[  156.514289][ T5366] Bluetooth: hci1: command 0x0c1a tx timeout
[  156.552460][T10815] syz.0.326 (10815): drop_caches: 2
[  156.562304][T10815] syz.0.326 (10815): drop_caches: 2
[  156.594060][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout
[  158.535239][T10838] syz.3.322 (10838): drop_caches: 2
[  158.541167][T10838] syz.3.322 (10838): drop_caches: 2
[  158.673987][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout
[  158.892140][    T8] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  159.440810][    T8] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  159.443171][    T8] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  159.454022][    T8] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  159.456484][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  159.464346][    T8] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  159.469303][    T8] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  159.471793][    T8] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  159.478367][    T8] usb 6-1: Product: syz
[  159.479561][    T8] usb 6-1: Manufacturer: syz
[  159.514240][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  159.515611][    T8] cdc_wdm 6-1:1.0: skipping garbage
[  159.522128][    T8] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  159.543883][    T8] cdc_wdm 6-1:1.0: Unknown control protocol
[  159.759051][T10852] fuse: Unknown parameter 'grou00000000000000000000'
[  160.122613][T10884] syz.2.328 (10884): drop_caches: 2
[  160.126678][T10884] syz.2.328 (10884): drop_caches: 2
[  160.188007][   T63] usb 6-1: USB disconnect, device number 5
[  160.358406][T10887] tmpfs: Bad value for 'mpol'
[  160.381577][T10889] netlink: 16 bytes leftover after parsing attributes in process `syz.2.331'.
[  160.753995][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout
[  160.762030][T10887] blktrace: Concurrent blktraces are not allowed on nbd0
[  161.045092][T10904] usb usb8: usbfs: process 10904 (syz.0.334) did not claim interface 0 before use
[  161.244764][T10906] netlink: 60 bytes leftover after parsing attributes in process `syz.0.334'.
[  161.466064][T10906] Κό: entered promiscuous mode
[  161.607129][T10910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.335'.
[  162.643278][T11641] tmpfs: Bad value for 'mpol'
[  162.846022][T12210] syz.2.341 (12210): drop_caches: 2
[  162.854395][T12210] syz.2.341 (12210): drop_caches: 2
[  163.410628][T11641] blktrace: Concurrent blktraces are not allowed on nbd1
[  163.699936][T12218] netlink: 52 bytes leftover after parsing attributes in process `syz.3.344'.
[  163.838269][T12223] veth1_macvtap: entered allmulticast mode
[  163.902042][   T39] audit: type=1326 audit(1727960868.189:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12216 comm="syz.1.342" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf743e579 code=0x0
[  164.875887][T12235] syz.2.347 (12235): drop_caches: 2
[  164.877907][T12235] syz.2.347 (12235): drop_caches: 2
[  165.359253][T12253] tmpfs: Bad value for 'mpol'
[  165.866235][T12253] blktrace: Concurrent blktraces are not allowed on nbd0
[  167.258397][   T39] audit: type=1326 audit(1727960871.549:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12277 comm="syz.0.354" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x0
[  167.910189][T12567] QAT: failed to copy from user cfg_data.
[  168.165398][T12842] syz.2.361 (12842): drop_caches: 2
[  168.167310][T12842] syz.2.361 (12842): drop_caches: 2
[  168.281348][T12840] tmpfs: Bad value for 'mpol'
[  168.957104][T12840] blktrace: Concurrent blktraces are not allowed on nbd1
[  170.968966][T12869] tmpfs: Bad value for 'mpol'
[  171.314005][ T5360] Bluetooth: hci2: command 0x0405 tx timeout
[  171.428588][T12869] blktrace: Concurrent blktraces are not allowed on nbd3
[  171.984574][T13044] syz.2.371 (13044): drop_caches: 2
[  171.987148][T13044] syz.2.371 (13044): drop_caches: 2
[  172.209189][ T5360] Bluetooth: hci4: unexpected event for opcode 0x200a
[  172.516049][T13052] tmpfs: Bad value for 'mpol'
[  173.396440][T13052] blktrace: Concurrent blktraces are not allowed on nbd3
[  173.801084][T13066] netlink: 16 bytes leftover after parsing attributes in process `syz.3.378'.
[  174.088938][T13063] tmpfs: Bad value for 'mpol'
[  174.476564][T13063] blktrace: Concurrent blktraces are not allowed on nbd1
[  174.502206][T13059] tmpfs: Bad value for 'mpol'
[  174.617905][T13077] syz.3.381 (13077): drop_caches: 2
[  174.628709][T13077] syz.3.381 (13077): drop_caches: 2
[  175.001452][T13079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.380'.
[  175.354340][T13074] blktrace: Concurrent blktraces are not allowed on nbd2
[  175.800929][T13097] tipc: Can't bind to reserved service type 0
[  176.019825][T13095] tmpfs: Bad value for 'mpol'
[  176.193967][    T8] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  176.348232][    T8] usb 6-1: config 0 has no interfaces?
[  176.350223][    T8] usb 6-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  176.355996][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.374112][    T8] usb 6-1: config 0 descriptor??
[  176.533185][T13095] blktrace: Concurrent blktraces are not allowed on nbd0
[  176.696924][    T8] IPVS: starting estimator thread 0...
[  176.784048][T13105] IPVS: using max 34 ests per chain, 81600 per kthread
[  176.923909][ T5366] Bluetooth: hci4: command 0x0c1a tx timeout
[  177.790234][ T5852] usb 6-1: USB disconnect, device number 6
[  177.889856][T13108] netlink: 40 bytes leftover after parsing attributes in process `syz.0.396'.
[  177.988641][T13112] xt_HMARK: spi-set and port-set can't be combined
[  178.560124][T13117] syz.2.390 (13117): drop_caches: 2
[  178.562242][T13117] syz.2.390 (13117): drop_caches: 2
[  178.581628][T13119] netlink: 16 bytes leftover after parsing attributes in process `syz.1.389'.
[  178.821828][T13125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.391'.
[  178.888336][T13127] tmpfs: Bad value for 'mpol'
[  179.079310][T13132] syz.1.394 (13132): drop_caches: 2
[  179.081414][T13132] syz.1.394 (13132): drop_caches: 2
[  179.194295][T13130] tmpfs: Bad value for 'mpol'
[  179.664526][T13127] blktrace: Concurrent blktraces are not allowed on nbd3
[  180.036607][T13130] blktrace: Concurrent blktraces are not allowed on nbd2
[  180.284487][T13148] hub 2-0:1.0: USB hub found
[  180.287534][T13148] hub 2-0:1.0: 6 ports detected
[  180.402476][T13154] syz.3.401 (13154): drop_caches: 2
[  180.405148][T13154] syz.3.401 (13154): drop_caches: 2
[  180.484159][ T5402] usb 2-1: new high-speed USB device number 8 using ehci-pci
[  180.668432][ T5402] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  180.672107][ T5402] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  180.677479][ T5402] usb 2-1: Product: QEMU USB Tablet
[  180.683971][ T5402] usb 2-1: Manufacturer: QEMU
[  180.687122][ T5402] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  180.729570][ T5402] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0007/input/input15
[  180.810031][ T5402] hid-generic 0003:0627:0001.0007: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  180.831227][T13163] tmpfs: Bad value for 'mpol'
[  181.705415][T13169] syz.2.405 (13169): drop_caches: 2
[  181.707595][T13169] syz.2.405 (13169): drop_caches: 2
[  181.852318][T13163] blktrace: Concurrent blktraces are not allowed on nbd3
[  184.359562][T13179] tmpfs: Bad value for 'mpol'
[  184.826852][T13179] blktrace: Concurrent blktraces are not allowed on nbd2
[  185.214849][T13188] QAT: failed to copy from user cfg_data.
[  185.375626][T13195] usb 2-1: USB disconnect, device number 8
[  185.466537][T13196] hub 2-0:1.0: USB hub found
[  185.469574][T13196] hub 2-0:1.0: 6 ports detected
[  185.644143][ T5402] usb 2-1: new high-speed USB device number 9 using ehci-pci
[  185.849440][ T5402] usb 2-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  185.868769][ T5402] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  185.872051][ T5402] usb 2-1: Product: QEMU USB Tablet
[  185.873932][ T5402] usb 2-1: Manufacturer: QEMU
[  185.875591][ T5402] usb 2-1: SerialNumber: 28754-0000:00:1d.7-1
[  185.904151][ T5402] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb2/2-1/2-1:1.0/0003:0627:0001.0008/input/input16
[  185.988656][ T5402] hid-generic 0003:0627:0001.0008: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  186.234593][T13202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf7450 pfn:0x126c3
[  186.237173][T13202] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  186.239126][T13202] raw: 00fff00000000000 ffffea0000aae408 ffffea0000ae2608 0000000000000000
[  186.241409][T13202] raw: 00000000000f7450 0000000000000000 00000000ffffffff 0000000000000000
[  186.244030][T13202] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
[  186.247806][T13202] page_owner tracks the page as freed
[  186.254550][T13202] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 13175, tgid 13175 (syz.3.407), ts 183715495981, free_ts 184591886346
[  186.263095][T13202]  post_alloc_hook+0x2d1/0x350
[  186.264728][T13202]  get_page_from_freelist+0x101e/0x3070
[  186.268775][T13202]  __alloc_pages_noprof+0x223/0x25c0
[  186.273612][T13202]  alloc_pages_mpol_noprof+0x2c9/0x610
[  186.278494][T13202]  folio_alloc_mpol_noprof+0x36/0xd0
[  186.280895][T13202]  vma_alloc_folio_noprof+0xee/0x1b0
[  186.282504][T13202]  do_pte_missing+0x2010/0x3e50
[  186.288461][T13202]  __handle_mm_fault+0x100a/0x2a10
[  186.292495][T13202]  handle_mm_fault+0x3fa/0xaa0
[  186.294530][T13202]  do_user_addr_fault+0x60d/0x13f0
[  186.295981][T13202]  exc_page_fault+0x5c/0xc0
[  186.299481][T13202]  asm_exc_page_fault+0x26/0x30
[  186.301220][T13202] page last free pid 13175 tgid 13175 stack trace:
[  186.308405][T13202]  free_unref_folios+0x956/0x1310
[  186.312120][T13202]  folios_put_refs+0x551/0x750
[  186.313566][T13202]  free_pages_and_swap_cache+0x36d/0x510
[  186.315285][T13202]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  186.316863][T13202]  tlb_finish_mmu+0x168/0x7b0
[  186.318118][T13202]  exit_mmap+0x3df/0xb30
[  186.319307][T13202]  __mmput+0x12a/0x480
[  186.320492][T13202]  mmput+0x62/0x70
[  186.321634][T13202]  do_exit+0x9bf/0x2d70
[  186.322869][T13202]  do_group_exit+0xd3/0x2a0
[  186.324311][T13202]  __ia32_sys_exit_group+0x3e/0x50
[  186.326252][T13202]  ia32_sys_call+0x13f8/0x1bb0
[  186.329314][T13202]  __do_fast_syscall_32+0x73/0x120
[  186.329576][T13202]  do_fast_syscall_32+0x32/0x80
[  186.336988][T13202]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  186.347264][T13202] ------------[ cut here ]------------
[  186.347301][T13202] kernel BUG at include/linux/mm.h:1444!
[  186.347448][T13202] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  186.347461][T13202] CPU: 2 UID: 0 PID: 13202 Comm: syz.0.412 Not tainted 6.12.0-rc1-syzkaller-00046-g7ec462100ef9 #0
[  186.347483][T13202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  186.347497][T13202] RIP: 0010:__iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.347519][T13202] Code: b0 8b 48 89 df e8 d0 23 4b fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 20 75 05 fd 48 c7 c6 60 c6 b0 8b 4c 89 e7 e8 b1 23 4b fd 90 <0f> 0b e8 09 75 05 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
[  186.347529][T13202] RSP: 0018:ffffc900063dec78 EFLAGS: 00010246
[  186.347538][T13202] RAX: 0000000000040000 RBX: 0000000000000005 RCX: ffffc9000cba1000
[  186.347545][T13202] RDX: 0000000000040000 RSI: ffffffff84873a5f RDI: ffff888021a9ccc4
[  186.347551][T13202] RBP: ffffea000049b0f4 R08: 0000000000000001 R09: fffffbfff2d315bb
[  186.347558][T13202] R10: ffffffff9698addf R11: ffff88802b728a40 R12: ffffea000049b0c0
[  186.347564][T13202] R13: ffff88805df70000 R14: 0000000000001000 R15: 0000000000001000
[  186.347570][T13202] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:00000000f5694b40
[  186.347595][T13202] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  186.347604][T13202] CR2: 0000000020000000 CR3: 0000000062288000 CR4: 0000000000352ef0
[  186.347610][T13202] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  186.347616][T13202] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  186.347622][T13202] Call Trace:
[  186.347625][T13202]  <TASK>
[  186.347629][T13202]  ? die+0x31/0x80
[  186.347640][T13202]  ? do_trap+0x232/0x430
[  186.347654][T13202]  ? __iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.347665][T13202]  ? __iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.347675][T13202]  ? do_error_trap+0xf4/0x230
[  186.347688][T13202]  ? __iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.347699][T13202]  ? handle_invalid_op+0x34/0x40
[  186.347713][T13202]  ? __iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.347723][T13202]  ? exc_invalid_op+0x2e/0x50
[  186.347738][T13202]  ? asm_exc_invalid_op+0x1a/0x20
[  186.347751][T13202]  ? __iov_iter_get_pages_alloc+0x1d0f/0x2230
[  186.347761][T13202]  ? __iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.347772][T13202]  ? __iov_iter_get_pages_alloc+0x1d0f/0x2230
[  186.347783][T13202]  ? __pfx___iov_iter_get_pages_alloc+0x10/0x10
[  186.347794][T13202]  ? delete_node+0x207/0x8e0
[  186.347807][T13202]  iov_iter_get_pages_alloc2+0x53/0xf0
[  186.347818][T13202]  p9_get_mapped_pages.part.0.constprop.0+0x4ca/0x7d0
[  186.347836][T13202]  ? p9pdu_vwritef+0x368/0x21d0
[  186.347848][T13202]  ? __pfx_p9_get_mapped_pages.part.0.constprop.0+0x10/0x10
[  186.347863][T13202]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  186.347874][T13202]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  186.347884][T13202]  ? p9_tag_alloc+0x4cc/0x870
[  186.347893][T13202]  ? reacquire_held_locks+0x464/0x4c0
[  186.347909][T13202]  p9_virtio_zc_request+0x991/0x1460
[  186.347922][T13202]  ? p9pdu_writef+0xc4/0x100
[  186.347933][T13202]  ? __pfx_p9pdu_writef+0x10/0x10
[  186.347944][T13202]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  186.347955][T13202]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  186.347969][T13202]  ? rcu_is_watching+0x12/0xc0
[  186.347979][T13202]  ? trace_9p_protocol_dump+0x192/0x220
[  186.347991][T13202]  ? rcu_is_watching+0x12/0xc0
[  186.348001][T13202]  ? p9_client_prepare_req+0x111/0x4d0
[  186.348011][T13202]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  186.348022][T13202]  p9_client_zc_rpc.constprop.0+0x29a/0x880
[  186.348034][T13202]  ? __pfx_p9_client_zc_rpc.constprop.0+0x10/0x10
[  186.348046][T13202]  ? p9_req_put+0x1c6/0x250
[  186.348061][T13202]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  186.348075][T13202]  p9_client_read_once+0x443/0x820
[  186.348086][T13202]  ? __pfx_p9_client_read_once+0x10/0x10
[  186.348097][T13202]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  186.348108][T13202]  ? lockdep_hardirqs_on+0x7c/0x110
[  186.348122][T13202]  p9_client_read+0x13f/0x1b0
[  186.348133][T13202]  v9fs_issue_read+0x115/0x310
[  186.348145][T13202]  ? __pfx_v9fs_issue_read+0x10/0x10
[  186.348156][T13202]  ? __local_bh_enable_ip+0xa4/0x120
[  186.348168][T13202]  netfs_read_to_pagecache+0x5c9/0x9a0
[  186.348182][T13202]  netfs_readahead+0x7fa/0xaa0
[  186.348193][T13202]  ? __pfx_netfs_readahead+0x10/0x10
[  186.348204][T13202]  read_pages+0x1a8/0xd80
[  186.348217][T13202]  ? xas_load+0x49/0x5b0
[  186.348230][T13202]  ? xa_load+0xc8/0x2c0
[  186.348244][T13202]  ? __pfx_read_pages+0x10/0x10
[  186.348256][T13202]  ? __pfx_xa_load+0x10/0x10
[  186.348271][T13202]  ? mark_lock+0xb5/0xc60
[  186.348285][T13202]  page_cache_ra_unbounded+0x543/0x6c0
[  186.348299][T13202]  page_cache_ra_order+0x7d9/0xc90
[  186.348313][T13202]  filemap_fault+0x148d/0x2820
[  186.348329][T13202]  ? __pfx_filemap_fault+0x10/0x10
[  186.348344][T13202]  ? lock_acquire+0x2f/0xb0
[  186.348358][T13202]  ? __pte_offset_map+0x42/0x540
[  186.348370][T13202]  ? __pfx_filemap_map_pages+0x10/0x10
[  186.348383][T13202]  __do_fault+0x10a/0x490
[  186.348393][T13202]  ? __pfx_filemap_map_pages+0x10/0x10
[  186.348406][T13202]  do_pte_missing+0x1a8/0x3e50
[  186.348422][T13202]  __handle_mm_fault+0x100a/0x2a10
[  186.348437][T13202]  ? __pfx_mt_find+0x10/0x10
[  186.348451][T13202]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  186.348466][T13202]  ? __pfx___handle_mm_fault+0x10/0x10
[  186.348481][T13202]  ? find_vma+0xc0/0x140
[  186.348492][T13202]  ? __pfx_find_vma+0x10/0x10
[  186.348504][T13202]  handle_mm_fault+0x3fa/0xaa0
[  186.348518][T13202]  do_user_addr_fault+0x7a3/0x13f0
[  186.348535][T13202]  exc_page_fault+0x5c/0xc0
[  186.348546][T13202]  asm_exc_page_fault+0x26/0x30
[  186.348557][T13202] RIP: 0010:_copy_to_user+0xa7/0xc0
[  186.348567][T13202] Code: 89 ee 48 89 ef e8 19 1f 04 fd 4d 85 f6 75 b5 e8 5f 1d 04 fd 89 de 4c 89 e7 e8 85 6d 65 fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb eb 8d 66 66 2e 0f 1f 84 00 00 00
[  186.348576][T13202] RSP: 0018:ffffc900063dfcd0 EFLAGS: 00050246
[  186.348589][T13202] RAX: 0000000000000001 RBX: 0000000000000014 RCX: 0000000000000014
[  186.348595][T13202] RDX: fffff52000c7bfb0 RSI: ffffc900063dfd68 RDI: 0000000020000000
[  186.348601][T13202] RBP: 0000000020000000 R08: 0000000000000000 R09: fffff52000c7bfaf
[  186.348607][T13202] R10: ffffc900063dfd7b R11: 0000000000000000 R12: ffffc900063dfd68
[  186.348613][T13202] R13: 0000000020000014 R14: 0000000000000000 R15: 00000000c0145608
[  186.348622][T13202]  video_usercopy+0xe70/0x1500
[  186.348635][T13202]  ? __pfx___video_do_ioctl+0x10/0x10
[  186.348648][T13202]  ? __pfx_video_usercopy+0x10/0x10
[  186.348663][T13202]  v4l2_ioctl+0x1ba/0x250
[  186.348675][T13202]  v4l2_compat_ioctl32+0x214/0x2c0
[  186.348686][T13202]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  186.348697][T13202]  __do_compat_sys_ioctl+0x259/0x2b0
[  186.348712][T13202]  __do_fast_syscall_32+0x73/0x120
[  186.348725][T13202]  do_fast_syscall_32+0x32/0x80
[  186.348738][T13202]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  186.348752][T13202] RIP: 0023:0xf7f56579
[  186.348760][T13202] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  186.348769][T13202] RSP: 002b:00000000f569456c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  186.348778][T13202] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0145608
[  186.348784][T13202] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  186.348790][T13202] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  186.348795][T13202] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  186.348801][T13202] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  186.348809][T13202]  </TASK>
[  186.348812][T13202] Modules linked in:
[  186.348861][T13202] ---[ end trace 0000000000000000 ]---
[  186.349003][T13202] RIP: 0010:__iov_iter_get_pages_alloc+0x1d10/0x2230
[  186.349350][T13202] Code: b0 8b 48 89 df e8 d0 23 4b fd 90 0f 0b 49 89 c5 e9 99 f6 ff ff e8 20 75 05 fd 48 c7 c6 60 c6 b0 8b 4c 89 e7 e8 b1 23 4b fd 90 <0f> 0b e8 09 75 05 fd 4c 8b 64 24 48 49 83 ec 01 e9 94 fd ff ff 4c
[  186.349369][T13202] RSP: 0018:ffffc900063dec78 EFLAGS: 00010246
[  186.349384][T13202] RAX: 0000000000040000 RBX: 0000000000000005 RCX: ffffc9000cba1000
[  186.349395][T13202] RDX: 0000000000040000 RSI: ffffffff84873a5f RDI: ffff888021a9ccc4
[  186.349407][T13202] RBP: ffffea000049b0f4 R08: 0000000000000001 R09: fffffbfff2d315bb
[  186.349419][T13202] R10: ffffffff9698addf R11: ffff88802b728a40 R12: ffffea000049b0c0
[  186.349431][T13202] R13: ffff88805df70000 R14: 0000000000001000 R15: 0000000000001000
[  186.349443][T13202] FS:  0000000000000000(0000) GS:ffff88802b600000(0063) knlGS:00000000f5694b40
[  186.349474][T13202] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  186.349488][T13202] CR2: 0000000020000000 CR3: 0000000062288000 CR4: 0000000000352ef0
[  186.349500][T13202] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  186.349511][T13202] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  186.349524][T13202] Kernel panic - not syncing: Fatal exception
[  186.350120][T13202] Kernel Offset: disabled

VM DIAGNOSIS:
13:08:10  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000010001 RBX=0000000000000000 RCX=ffffffff8132cad0 RDX=ffff888023b04880
RSI=ffffffff8132cb18 RDI=ffffffff932de7c0 RBP=0000000000000000 RSP=ffffc90000007fd0
R8 =0000000000000001 R9 =fffffbfff265bcf8 R10=ffffffff932de7c7 R11=ffffc90000007ff8
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8132cb19 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b400000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0050 ffffc90006c29000 0000800f 00008200 DPL=0 LDT
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000033c07ff8 CR3=000000006f4a2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000027c00000000 0000000300000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000010001 RBX=0000000000000000 RCX=ffffffff8132cad0 RDX=ffff888020328000
RSI=ffffffff8132cb18 RDI=ffffffff932de7c0 RBP=0000000000000001 RSP=ffffc90000598fd0
R8 =0000000000000001 R9 =fffffbfff265bcf8 R10=ffffffff932de7c7 R11=ffffc90000598ff8
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8132cb19 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0050 ffffc90006c29000 0000800f 00008200 DPL=0 LDT
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002001b000 CR3=000000006f4a2000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000049 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85035a15 RDI=ffffffff9a63a260 RBP=ffffffff9a63a220 RSP=ffffc900063de6b0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=73203a6d6d6f4320
R12=0000000000000000 R13=0000000000000049 R14=ffffffff850359b0 R15=0000000000000000
RIP=ffffffff85035a3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020000000 CR3=0000000062288000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff8132cad0 RDX=ffff888044572440
RSI=ffffffff8132cb18 RDI=ffffffff932de7c0 RBP=0000000000000003 RSP=ffffc900005f0fd0
R8 =0000000000000001 R9 =fffffbfff265bcf8 R10=ffffffff932de7c7 R11=ffffc900005f0ff8
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff8132cb19 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007efececb3740 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020021000 CR3=00000000299f4000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fe070800 Opmask01=000000000000ffff Opmask02=000000000301ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000040000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff0cd6b980 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff0cd6b370 0000003000000010
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000042494c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000087fffffe 03ff200000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000201 0000000000000031 746e6576652f7475 706e692f7665642f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0078616d746e6569 6c6300726964666e 6f63007325203a29 287463656c657300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 005d4448514b404c 494600574c41434b 4a46005600051f0c 0d51464049405600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2d2e28332220
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2412bf2f2b2427bf 2d2e2832312435bf 3728252433342c2f 33bf2d2e28332220
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020