last executing test programs:

22m38.401218767s ago: executing program 1 (id=1354):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x12, 0x20, 0x10009c, 0xfffffffffffffffe})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
ioctl$KVM_KVMCLOCK_CTRL(r3, 0xaead)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_emit_vhci(&(0x7f0000003fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@none, 0x4}}}, 0xd)

22m38.244796089s ago: executing program 1 (id=1357):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4)
socket$packet(0x11, 0x3, 0x300)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000000)="0900bf65653f47f4020000008bd458d1e7cbdaf300000f34e7e4165f081ae36850f6d15c3e681411f7a496c0da04003c242f5bedaf6bec340dee49474362b24cb800edc500", 0x0, 0x48)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000800)=ANY=[], 0x8)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000180)={0xa, 0x4ea1, 0x4080000, @dev={0xfe, 0x80, '\x00', 0x1a}}, 0x1c, 0x0}, 0x80c0)
ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f000000ed80))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = io_uring_setup(0x2c48, &(0x7f0000000200)={0x0, 0xdfc8, 0x20000, 0x2, 0x1af})
r3 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000280)={0x0, "a609c9a21c468e4c7ce0feedb60e015e287ecf21a6bd7fea7a6a697a8544bb24c1bc9e4c6cae46bf47727edede72cc9804318174a5c916ba30b5520bada75d9a", 0x16}, 0x48, 0xfffffffffffffffd)
r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r4, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x6}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time}], 0x70)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0xe)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000100)={r3, 0x4c, 0xd0}, &(0x7f0000000300)=ANY=[@ANYBLOB="656e633d6f61657020686173683d7368613338342d67656e657269060000000000000000000000000000000000000000000000f0ffffffffffffff00"/78], &(0x7f0000000380)="7c67339aac7cef3fe7fb1fc0a5f06450f86ab0f9a683f952ddcc46ce095f437dd0b3ef7b15a27b78827a3a52198eaa91398a25905260e6ed60335154efe7b2c103c13be0315db96f7b38b0bb", &(0x7f0000000400)=""/208)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r2, 0x18, &(0x7f0000000000), 0x1)
r5 = dup(0xffffffffffffffff)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000000140), 0x4)
setsockopt$MRT_DONE(r6, 0x0, 0xc9, 0x0, 0x0)
syz_io_uring_setup(0x50b6, &(0x7f0000000740)={0x0, 0x1c2a, 0x10000, 0x0, 0x4, 0x0, r5}, &(0x7f0000000180), &(0x7f00000001c0))
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)

22m38.131177018s ago: executing program 1 (id=1360):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000007b00), 0x40040, 0x0)
ioctl$RTC_PIE_ON(r1, 0x7005)
pread64(r1, &(0x7f0000007b40)=""/183, 0xb7, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000680)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000400)="7e5dbf5a5b85fb563f4d48fc8883b5fb4ddc6170e2385a6a863a975ee74a0b5734e8798c4ac1feb8a36a", 0x2a}, {&(0x7f0000000440)="894a5783f255ddbbeb3ef8c163fad4394fc81ef56a089183b2fefde0cd94e567ed5ef58f7ffd5467ad096e89bd925486bd661ad07eff993c4a757a2d379da87970404990934206c78da816d0475285ffbd6a6d541514ff5935e0b061fa1d12fe0a9b9b78a8958626edb905f4648cff90d6ad0f9b3a7c34770ffd97e1f7f71cc8d380b8c3aa32004fbf12da184e5c876ede", 0x91}, {&(0x7f0000000500)="a589288ea1823c1cb4db71334c4a53a7be1bf3e44c8af8656dfe8d9fc76e1144b2f2fa638eb10a569f14cb8ffe4773523e", 0x31}, {&(0x7f00000006c0)="866a15a5446a589eda0d74d1a34aa4bc3b044ee637eea5d00738748bb38c28fde7e52de4df05e5f73b58fe9171e3b4cd9247839d613fcc295b496552e9c5e377972877518718e56c13dca4c14c4eebbaa18d13b4d5d9bf25b77cc48345e4ffe9de7e52ece4c17d593d2dc031b2ef548c6bf8fbffdd86f7db3a3e56ea68889ea7", 0x80}, {&(0x7f0000000740)="1f078f059b6129ba633b268b8ae8895f7df23603b9d0458b455a2d7279e446a92437", 0x22}, {&(0x7f0000000780)="1323b591b748f0eee3ff319df02f3fdeb33169e1e893ffb87159be61abdf11e6eb819dcb111e9dce913d7ce11a34c7cc79a7cef69de2c04962deaf1a51fd8f1067e410ebd89d63735e28230630bc87c40a796880c0c0c9b4c2c247fe3cea23e5c20783c8cbccdb2b2dc210ee8bfbb57f448951584a68550a4ba27f5bf37f9552bf9eee997a4b4dd9541fb9717541783e53904be266f215066a406a7c1e4157a434578d18466cf062d55682d3d7826f24ba5cd82d450149399702fdf5ed2f44455f", 0xc1}], 0x6, &(0x7f00000008c0)=[@op={0x10, 0x117, 0x3, 0x1}, @iv={0xc0, 0x117, 0x2, 0xad, "e27a21c342f252bbfd46d77fc1d6b6eb1b7fb83e3413903930a7931227e9a5d1068de568f60f22509a1c1b09e6ddc62bfba58c7762991202c04843f8e3dfe56fac1633f8b0cb2f02f89280812605f92a9846102605b7699f520154ce855817b38c9072e108939cd6adba167626c4a2ced33abb3106a65fcd4bf15c83de1226294e9570085f01d9bf5956261d902972c54396a0126600d65ed474fa594bead59fbf263f999d79b615152083e948"}, @assoc={0x10, 0x117, 0x4, 0x249db089}, @assoc={0x10, 0x117, 0x4, 0xc}, @op={0x10, 0x117, 0x3, 0x1}, @iv={0xe4, 0x117, 0x2, 0xd4, "697e97c2bea01756e9ae49fcbb8f869888724eef5295ef2ea4b95a933d91ddd130a6edc1ec76cceafcc73d2f204a312e2d7c78e9bd853de5e835e392004c7dd4da8e38f64d2319003ceaa293dab57ac1d3633570cad91e035f37f6b745da01a387fc561da83fbb897970beb672a1c10db85b703c54bda81c9bb2a0ea205c093be6def602aa26c24ad0c3a6ed055360b9e27e1e5685fe797c25e27f2274814f7cf01ff13df920acf0a560a7b828f29c9b6ccec36137a39fd5a4b6d8d28d0a00bc4b008c3fc4d6a22c0349c23010a893bdf0b922af"}], 0x1e4, 0x40}], 0x1, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r5, &(0x7f0000000700)={&(0x7f0000000500)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x1}, 0x8)
r6 = dup(r5)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2}}, 0x20)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000140)=""/123, 0x20000, 0x0, 0x1000, 0x2}, 0x1c)
ioctl$VFAT_IOCTL_READDIR_SHORT(r3, 0x82187202, &(0x7f00000001c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000500000000000500200001000000050008"], 0x7c}}, 0x80)
r7 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
dup3(r7, r3, 0x0)

22m37.203498797s ago: executing program 1 (id=1366):
unshare(0x6a040000) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=@newtaction={0x74, 0x30, 0x0, 0x70bd28, 0x25dfdbfc, {}, [{0x60, 0x1, [@m_ctinfo={0x5c, 0x8, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x7}]}, {0x1f, 0x6, "7e02758ca31871f3041b4b6e82e781d7df56965400000000000000"}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x74}}, 0x0) (async)
syz_emit_vhci(0x0, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, 0x0, 0x0) (async)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), &(0x7f0000000380)=@v2={0x2000000, [{0x7, 0xa3}, {0x4, 0x2}]}, 0x14, 0x1) (async)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00') (async)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='attr/fscreate\x00')
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000100)=""/120, 0x78}], 0x1, 0x4, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r3 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000)=0xffff0018) (async)
unshare(0x8000000) (async)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPKT(r4, 0x80045438, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0) (async)
r5 = socket$inet6(0xa, 0x80000, 0x88)
sendmmsg$inet(r5, &(0x7f0000003b40)=[{{&(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x1b}}], 0x3, 0x40000)

22m36.642612598s ago: executing program 1 (id=1372):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x2000, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

22m36.571217856s ago: executing program 1 (id=1375):
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000380)='asymmetric\x00', &(0x7f00000002c0)=@keyring={'key_or_keyring:', r0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, r5, 0x1, 0x50bd26, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8, 0x3, r4}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, 0x0, 0x0, 0x80000000}, 0x94)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="c3009fed738cd2d07ba52e0000", @ANYRES16, @ANYBLOB="000226bd7000fedbdf250200000008000200010000000c000300010000000000000014000b00fe8000000000000000000000000000aa05000d00010000000800090000000000080009000100000014000c00fe8800000000000000000000000001010c00030000000000000000000c000300040000000000000005000d0010000000"], 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002300)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

22m21.502139106s ago: executing program 32 (id=1375):
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000380)='asymmetric\x00', &(0x7f00000002c0)=@keyring={'key_or_keyring:', r0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, r5, 0x1, 0x50bd26, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8, 0x3, r4}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, 0x0, 0x0, 0x80000000}, 0x94)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="c3009fed738cd2d07ba52e0000", @ANYRES16, @ANYBLOB="000226bd7000fedbdf250200000008000200010000000c000300010000000000000014000b00fe8000000000000000000000000000aa05000d00010000000800090000000000080009000100000014000c00fe8800000000000000000000000001010c00030000000000000000000c000300040000000000000005000d0010000000"], 0x88}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002300)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000140)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

21m13.891213284s ago: executing program 0 (id=1844):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r1)
r2 = io_uring_setup(0x2cf1, &(0x7f0000000200)={0x0, 0x93b0, 0x3, 0x0, 0x315})
io_uring_register$IORING_REGISTER_CLOCK(r2, 0x1d, &(0x7f0000000000)={0x1}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0xfd70, 0x0, &(0x7f0000000340)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r6, r5, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x400c6314, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
syz_io_uring_submit(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

21m12.701726302s ago: executing program 0 (id=1850):
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = syz_clone(0x20020000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
openat$tun(0xffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xb6, &(0x7f0000000140)=""/182, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(r0, 0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x6)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score\x00')
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000480)=""/177, 0xb1}], 0x1, 0x5, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f000000e280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3d4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc080ce00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906932966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935377df7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c75e00000000000000f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e095464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b1ec1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cbbc44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af4180753388f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$sock(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@timestamping={{0x10, 0x1, 0x25, 0x8}}], 0x10}, 0x24040801)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000011ac0)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f00000001c0)=[{&(0x7f00000002c0)="ce4bca2f4d0edfc14688a3632b527885639658ede5dc8e3bc1424a5a5b33fc76f72f9717c6e73b5cf3750afaee5c48ae395f74f4e1c7990bffb3d80b0049e738bad3a8f270cb0e1df53dd697657f7a08d42eb40b", 0x54}, {&(0x7f00000004c0)="5f96cc032109490bb5eb9c66117f132d088032fcd018dd2b1c91805b6577dd7375eb3b42725fc5d2314cbad279db179c93614d1a19849f7d2446dd9446effb108be3bdc2d33cd838c6e31729903f0070e9ece9dbc72268491f1e1975488b0d4b659eadbab57dc61d49d41aaeeb3b6da446df0dac737cb9a6c9e0599ee94f5947", 0x80}, {&(0x7f0000000140)}], 0x3, 0x0, 0x0, 0x40885}}], 0x1, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x80, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x3, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f, 0x0, 0x4, 0x0, 0xd9e})
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x6, 0x0)
getpgid(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001800000000000000000000000000000000000080000000005be7"], 0x48)

21m12.415487841s ago: executing program 0 (id=1852):
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000040)})
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x2)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x3, 0x0, &(0x7f0000000080)=0x48)
r2 = openat$vsock(0xffffff9c, &(0x7f0000000200), 0x224100, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f0000001740)=0xe4)
quotactl$Q_GETNEXTQUOTA(0xffffffff80000902, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, r3, &(0x7f0000001780))
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket(0x3, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x1000}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000008, 0x10, 0xffffffffffffffff, 0xf9f3c000)
socket$netlink(0x10, 0x3, 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000003c0)=ANY=[@ANYBLOB="300000004800010002000000000000000a00000037a65df97cd6d1598fe681190ba2ed7bcccbf08082316d", @ANYRES32=0x0, @ANYBLOB="020000001400010000000000000000000000000000000001"], 0x30}, 0x1, 0x0, 0x0, 0x8000000}, 0x20048000)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

21m11.410845757s ago: executing program 0 (id=1856):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x0)
r0 = socket(0x1d, 0x2, 0x6)
mkdir(&(0x7f0000000140)='./file1\x00', 0x1a0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
statx(r1, &(0x7f0000000040)='./file0\x00', 0x400, 0x20, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, r2, &(0x7f00000003c0)={0x0, 0x6, 0x1000, 0x476, 0x1, 0xfffffffffffffffc, 0x3, 0x0, 0xfeff})
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000"])
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b)
setsockopt$sock_attach_bpf(r0, 0x6a, 0x6e, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000008740)={0x0, @multicast2, @broadcast}, 0x0)

21m10.560764866s ago: executing program 0 (id=1866):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r0, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010b6d840a88145546d68955a2280005caefca865e4397e158a42f46dbe79ac24dce6ddcd0b8d9c11cd81142351d8fa20bebf5a3828e77e22c73917b52705fa265ea21893809128002e20c22b0cc137a2b572d5faaf4be7f7b1829ac0b9fa21fa80a9db27be0028461e9eee9d587ae5337feac8bef41ec241d94c468063b7b729c8aab38a04c4a3ca70a4a9aebaec192d804a6a8444b058830355f0e052f30a7c48f64d4d9c8814aacde235ce0956472d304925c29cf808c44079e6a9355d5a4b71ceb15bb628cfc3cdb664de60641f125cfd5503b72c3d45d4e519bc2034f266428de040c44a8ad79bb1cedc074c7714011d159"], 0x3c}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x8, &(0x7f0000006680))
shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
socket(0x2c, 0x80000, 0x188)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r2, &(0x7f0000000280)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @rand_addr=0x64010102}}, 0x24)
bind$rxrpc(r2, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x24)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x8c941, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000240)='contention_end\x00'}, 0x18)
ioctl$BLKPG(r4, 0x1269, &(0x7f00000001c0)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x0, 0x1000, 0xd}})
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0)
close(r6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r6, 0x8b20, &(0x7f0000000000)={'wlan1\x00', @random="c30014016800"})
write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb}, 0x11000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0xa})

21m9.487724417s ago: executing program 0 (id=1870):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000000)=0xbe8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x1}, 0x6e)
modify_ldt$write(0x1, &(0x7f0000000000)={0x3fd, 0xffffffffffffffff, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
modify_ldt$write(0x1, &(0x7f0000000340)={0x8, 0x20000000}, 0x10)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xe000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x8}, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000002c0))
syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xe7b5, 0x13500, 0x0, 0x352}, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="1508000065ffff017f000e0800395032303030884f44593606e2b68de8a0962d155703646345a1f280b5d40740fc59f8ad875bba06c75521c7a003d9508d7f4ae70545ecb79ec4be5cc6ed08f20ae7755d99e373987f044e92c7fbfb217cd1b4ff1400d0b153f70d3f493818ae0df3c6780f733380d5238b6a149558f94f8ee2c80b562d220fc5aef1e89f7aaca6c7a40a43dc55e81c20799affffffff98fd4705a53bdd939bb7f460f6b9b0d8f40b6837fb6814b2227a299cadb39fce48163273a68e1b178881b8058ad954c8f9fa5ef8987faf6e6995ce9e4f9e1544d3a4e16ed04c7b2999396ae16fcafeb85654084e3b8e9686fcfcb814c4fc958ca10653a667fb177623fc649022c354082dbe2a2df36a2e262d000000000000000000000000000000007ea07f107dc117b757d991762502"], 0x15)
r6 = dup(r5)
open(&(0x7f0000000180)='./file0\x00', 0x440, 0xc2)
write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
r7 = openat(0xffffffffffffffff, &(0x7f000000c380)='./file0\x00', 0x20842, 0x127)
writev(r7, &(0x7f0000000280)=[{&(0x7f0000000980)="26ca14319c02f06bb0909407872e26b3ee6929abb5989b30f9c0aa412f416caf1a72f7cdbe150a3c2e52fb2a158ffe637033d2e2bf4d1ac323de410d9f6449fc5e3776e9a8e2f1eaa93ade238e336528d2d8f04f2e848cac72199de55dceb34e80d6e5f4970aefc405811c872cc2dcfbd19374ea4b2316360ae812d08f06d47df9367685ee823923af10f6ba9bd0bc549890cf60dcbdd516e29b2a7427dbfff8630b0f94e04ba157ea246218945ece46f7d04ce49aa9bc61f28e448c07a395d598964dc68399e0bbd5164437a4df92c3f72ac44beb00c3e63fe400792b366a3290f6b9ad099a02457b03ed81f22a9f94d22c7be8729a89ed045ce52cc95adb8cb553071135925eac5ea8fd3d4cb7b2771d72d9a259bef51edea5fd8377ad96a07da9a934c9394f92dd594d2adbd2fec185e5ddf6c67cccf54a02b5487f56a6fd48352cb7afaba7c6f347945105029f37e4c9925b4572cb16e44d495ef92cca0160d28f85bda750b63f5b294e293efbea5c11c8b1e9110fc34d0240cc1cfad2351a1b13dd9df71ed0783e6f8a4e6d0a19960b847e8d0d83ff231e5667d9dbf88f6345c68dd0f4322d125544231ca5aba2773d19e0c6dc0fc49697617bb8c5646cf90af3ec3b244815fd543b468d95d53a438f80be9293611620708c4d10020683584c55d038b3690b2912c765aba6b9fdf0ae36347ae340c0755dceafc6d5371f4b5fb178", 0x34}], 0x1)
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040))
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000200)=0x8)

20m54.131934912s ago: executing program 33 (id=1870):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x121040, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f0000000000)=0xbe8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x1}, 0x6e)
modify_ldt$write(0x1, &(0x7f0000000000)={0x3fd, 0xffffffffffffffff, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
modify_ldt$write(0x1, &(0x7f0000000340)={0x8, 0x20000000}, 0x10)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xe000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x8}, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000002c0))
syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xe7b5, 0x13500, 0x0, 0x352}, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="1508000065ffff017f000e0800395032303030884f44593606e2b68de8a0962d155703646345a1f280b5d40740fc59f8ad875bba06c75521c7a003d9508d7f4ae70545ecb79ec4be5cc6ed08f20ae7755d99e373987f044e92c7fbfb217cd1b4ff1400d0b153f70d3f493818ae0df3c6780f733380d5238b6a149558f94f8ee2c80b562d220fc5aef1e89f7aaca6c7a40a43dc55e81c20799affffffff98fd4705a53bdd939bb7f460f6b9b0d8f40b6837fb6814b2227a299cadb39fce48163273a68e1b178881b8058ad954c8f9fa5ef8987faf6e6995ce9e4f9e1544d3a4e16ed04c7b2999396ae16fcafeb85654084e3b8e9686fcfcb814c4fc958ca10653a667fb177623fc649022c354082dbe2a2df36a2e262d000000000000000000000000000000007ea07f107dc117b757d991762502"], 0x15)
r6 = dup(r5)
open(&(0x7f0000000180)='./file0\x00', 0x440, 0xc2)
write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
r7 = openat(0xffffffffffffffff, &(0x7f000000c380)='./file0\x00', 0x20842, 0x127)
writev(r7, &(0x7f0000000280)=[{&(0x7f0000000980)="26ca14319c02f06bb0909407872e26b3ee6929abb5989b30f9c0aa412f416caf1a72f7cdbe150a3c2e52fb2a158ffe637033d2e2bf4d1ac323de410d9f6449fc5e3776e9a8e2f1eaa93ade238e336528d2d8f04f2e848cac72199de55dceb34e80d6e5f4970aefc405811c872cc2dcfbd19374ea4b2316360ae812d08f06d47df9367685ee823923af10f6ba9bd0bc549890cf60dcbdd516e29b2a7427dbfff8630b0f94e04ba157ea246218945ece46f7d04ce49aa9bc61f28e448c07a395d598964dc68399e0bbd5164437a4df92c3f72ac44beb00c3e63fe400792b366a3290f6b9ad099a02457b03ed81f22a9f94d22c7be8729a89ed045ce52cc95adb8cb553071135925eac5ea8fd3d4cb7b2771d72d9a259bef51edea5fd8377ad96a07da9a934c9394f92dd594d2adbd2fec185e5ddf6c67cccf54a02b5487f56a6fd48352cb7afaba7c6f347945105029f37e4c9925b4572cb16e44d495ef92cca0160d28f85bda750b63f5b294e293efbea5c11c8b1e9110fc34d0240cc1cfad2351a1b13dd9df71ed0783e6f8a4e6d0a19960b847e8d0d83ff231e5667d9dbf88f6345c68dd0f4322d125544231ca5aba2773d19e0c6dc0fc49697617bb8c5646cf90af3ec3b244815fd543b468d95d53a438f80be9293611620708c4d10020683584c55d038b3690b2912c765aba6b9fdf0ae36347ae340c0755dceafc6d5371f4b5fb178", 0x34}], 0x1)
ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x40086603, &(0x7f0000000040))
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000200)=0x8)

5m32.262407441s ago: executing program 2 (id=5093):
syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)="6a7a022963dc21fafa13d7a90758fbde5687facc3e0066676b65b249d7af6784374a55ee30c6efd8e544f9d7d0b1")
syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004004}, 0x4000000)

5m31.916402522s ago: executing program 2 (id=5098):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000780)={0x50, r0, 0x801, 0x70bd2c, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x50}, 0x1, 0x0, 0x0, 0x40905}, 0x0)

5m31.840572751s ago: executing program 2 (id=5100):
keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha1-ssse3\x00'}})
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
sendmmsg(r2, &(0x7f000000bec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f000000aa40)=[{0xc, 0x1}], 0xc}}], 0x2, 0x40840)
r3 = openat$nullb(0xffffff9c, &(0x7f0000000140), 0x80202, 0x0)
ioctl$BLKSSZGET(r3, 0x1268, &(0x7f0000000180))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
request_key(&(0x7f0000000080)='big_key\x00', 0x0, &(0x7f0000000000)='/\x00', 0x0)
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000000)="10", 0x5e0, 0x20008040, &(0x7f0000000080)={0x11, 0x8100, r7, 0x1, 0x6, 0x6, @broadcast}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r0, 0xffffffffffffffff, 0x2f, 0x5}, 0x20)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r8, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xcc540, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
preadv2(r10, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x1, 0x0, 0x0, 0x0)

5m28.449206952s ago: executing program 2 (id=5107):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0)
pivot_root(&(0x7f0000007b00)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00')
umount2(&(0x7f0000000040)='.\x00', 0x2)

5m28.354486817s ago: executing program 2 (id=5109):
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000002200)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2)

5m27.67259794s ago: executing program 2 (id=5110):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100"])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r8, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r9 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(r7, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

5m27.509519129s ago: executing program 34 (id=5110):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100"])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r8, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r9 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(r7, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

6.398913505s ago: executing program 5 (id=6549):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="143f00001000010000000000000000000500000a50000000060a010400000000000000000a0000030900010073797a31000000002400048020000180070001006374000014000280080002400000000108000140000000090900020073797a3200"], 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

6.39815625s ago: executing program 5 (id=6550):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r0, 0x2d3e, 0x0, 0xf00, 0x0, 0x0)

6.304130915s ago: executing program 5 (id=6551):
keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha1-ssse3\x00'}})
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
sendmmsg(r2, &(0x7f000000bec0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f000000aa40)=[{0xc, 0x1}], 0xc}}], 0x2, 0x40840)
r3 = openat$nullb(0xffffff9c, &(0x7f0000000140), 0x80202, 0x0)
ioctl$BLKSSZGET(r3, 0x1268, &(0x7f0000000180))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
request_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000001400)={'syz', 0x0}, &(0x7f0000000000)='/\x00', 0x0)
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r7=>0x0})
sendto$packet(r6, &(0x7f0000000000)="10", 0x5e0, 0x20008040, &(0x7f0000000080)={0x11, 0x8100, r7, 0x1, 0x6, 0x6, @broadcast}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r0, 0xffffffffffffffff, 0x2f, 0x5}, 0x20)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r8, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xcc540, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
preadv2(r10, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x0)

5.178426041s ago: executing program 3 (id=6554):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaa8aaaabb86dd000186dd06100004aaaaaaaaaabbfc000000000000000000000000000001aaaaaaaaaabbfe8000"/62], 0x0)
r5 = memfd_create(&(0x7f0000000b00)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xa6l\a\xb0\xf5\xa9^a\xf0h\x16\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xb4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\xc5>\xfe3\x05\xa8C\xfc\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\x00\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac\x05+r\xe6_U}\xa5\x8a\xd6`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1UAA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97cy\xef\xbc\x1a\xbf\xc4\xdd\xe2\x9eBk\x1d\x8eg>\x87\x0e:\x9f\x88\xc0\x9ay\xffQ\xd6\xaf\xf5\xc1\xf3{\x91\xfc\x02t\'H \x97L\x86\x85N\xba\x96R\xc7\x7f,\xc4\xae*\x94\xc9\xa5/h\xf3\xa9O-\xf2Y\x0f)9DrH\x0e\x1b', 0x2)
fcntl$addseals(r5, 0x409, 0x8)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r6, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$mptcp(0x0, r1)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000200}, 0xc, 0x0}, 0x20044880)
sendmsg$key(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32=r3], 0x40}}, 0x0)
unshare(0x40020000)
read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020)

4.226741671s ago: executing program 3 (id=6559):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
lsm_set_self_attr(0x66, &(0x7f0000000240)=ANY=[], 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
lsm_get_self_attr(0x69, &(0x7f0000000240)={0x0, 0x0, 0x4d, 0x2d, ""/45}, &(0x7f0000000040)=0x4d, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000380)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x5}, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000200)={0x9, 0x3}, 0x8)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x2, 0x141301)
syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e00000000052bf2b07baa479bf0ff1d3d1e0036b40001000600000057feffff20000800", @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300800004000000040000000b00"/28], 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f00000002c0)=0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000190001090000000000000000021800000002fd010000000008000100ac14140008000500ac1e0101100016800c00010000000010000000040600150001000000"], 0x44}}, 0x0)

3.408579947s ago: executing program 4 (id=6562):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
io_uring_register$IORING_UNREGISTER_EVENTFD(r3, 0x5, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x36, 0xe, 0x9, 0xc, 0x2, 0xd, 0x5}})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000280)={[{0x219e, 0x1, 0x6, 0x10, 0x7f, 0x3, 0x1, 0x80, 0x3, 0x5, 0x0, 0x1f, 0x4}, {0x2c, 0x0, 0x4, 0x2, 0x89, 0x40, 0x80, 0x1, 0x4, 0x7, 0x7, 0x2, 0x5}, {0x2, 0x0, 0x9, 0x4, 0x1, 0x75, 0xfb, 0x0, 0xd, 0x6, 0x2, 0xf, 0x6}], 0x8})
r5 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb)
ftruncate(r5, 0xffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r6=>0xffffffffffffffff})
r7 = open(&(0x7f0000000300)='./file2\x00', 0x101042, 0xa3)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x4052, r7, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x105, 0x105, 0x9, [@func_proto={0x0, 0xa, 0x0, 0xd, 0x0, [{0x10, 0x1}, {0x3, 0x3}, {0x1, 0x5}, {0xb, 0x3}, {0xf, 0x3}, {0x9}, {0x3, 0x4}, {0xd, 0x3}, {0x9, 0x5}, {0x9, 0x1}]}, @datasec={0x5, 0x9, 0x0, 0xf, 0x1, [{0x4}, {0x4, 0x0, 0x1}, {0x3, 0x2, 0x100}, {0x3, 0x4, 0x3}, {0x2, 0x0, 0xc000}, {0x2, 0x9, 0xcef4}, {0x5, 0x9, 0x10000}, {0x4, 0x3ff, 0x2}, {0x2, 0x1, 0xfffffffe}], "13"}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0xd}]}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0x1c, 0x0, 0x69, 0x1}, @ptr={0x2, 0x0, 0x0, 0x2, 0x4}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x2e, 0x61, 0x0]}}, &(0x7f0000000300)=""/87, 0x129, 0x57, 0x1, 0x56f, 0x10000, @value=r7}, 0x28)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4)
getsockopt$sock_buf(r6, 0x1, 0x3b, 0x0, &(0x7f00000000c0)=0x4c)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x40000000000006, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0x9, 0x8, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4], 0x1, 0x3c4212})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.358476227s ago: executing program 3 (id=6563):
syz_open_dev$sg(&(0x7f0000000100), 0xe68d, 0x40002)
r0 = socket(0x10, 0x803, 0x0)
write(r0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="6112b400000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67200000000000150600000fff070067070000200000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991e"], 0x0}, 0x94)
prlimit64(0x0, 0xc, &(0x7f0000000280)={0x10001, 0x6}, &(0x7f0000000300))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000ac0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000004e350000000000006507000002000000070700004a0000000f75000000000000bf5400000000000007040000040011002e53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06503b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774ad68a50fc977859c9c6faebbb46bec1adb3e92797093af2bd9869c0309166f02abb842e1c391aecdf0022d7a02074bab65154752555dec6716a2c038e9b18d989186f01292c146cd01a5e6096f3f66ad4657074a5902421e87a1085784dce59e76f799a3ce0014276b5cf0265ba31675989f177f7def37411a3f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, 0x0, 0x0, 0x10020, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa230180c20000000800450000b00000000000119078000000000000000000004e20009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424dbcfd56f1375461caaa2f19935e6996c7096ffeeb03000000000000649a3bfbc1f3cdb042d2643fcbb2c5a57df67d54"], 0x0)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r3, &(0x7f0000000040)={0x24, @short={0x2, 0xffff, 0xaaa2}}, 0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000100)={0x18, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000014000100000080000000000004000080080002"], 0x1c}], 0x1, 0x0, 0x0, 0xc080}, 0x0)
gettid()

3.135401623s ago: executing program 5 (id=6564):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r8, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r9 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(r7, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

2.936824731s ago: executing program 4 (id=6565):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r8, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r9 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(r7, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

2.300903998s ago: executing program 3 (id=6567):
r0 = socket$inet6(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0xa}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x402000, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
mmap(&(0x7f0000b8c000/0x3000)=nil, 0x3000, 0x3, 0x12, r4, 0xfae76000)

1.796972169s ago: executing program 4 (id=6568):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaa8aaaabb86dd000186dd06100004aaaaaaaaaabbfc000000000000000000000000000001aaaaaaaaaabbfe8000"/62], 0x0)
r5 = memfd_create(&(0x7f0000000b00)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xa6l\a\xb0\xf5\xa9^a\xf0h\x16\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xb4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\xc5>\xfe3\x05\xa8C\xfc\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\x00\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac\x05+r\xe6_U}\xa5\x8a\xd6`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1UAA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97cy\xef\xbc\x1a\xbf\xc4\xdd\xe2\x9eBk\x1d\x8eg>\x87\x0e:\x9f\x88\xc0\x9ay\xffQ\xd6\xaf\xf5\xc1\xf3{\x91\xfc\x02t\'H \x97L\x86\x85N\xba\x96R\xc7\x7f,\xc4\xae*\x94\xc9\xa5/h\xf3\xa9O-\xf2Y\x0f)9DrH\x0e\x1b', 0x2)
fcntl$addseals(r5, 0x409, 0x8)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r6, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$mptcp(0x0, r1)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000200}, 0xc, 0x0}, 0x20044880)
sendmsg$key(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32=r3], 0x40}}, 0x0)
unshare(0x40020000)
read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020)

1.78740155s ago: executing program 5 (id=6569):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100"])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r7, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r8 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r8, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(r8, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r8, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

1.213502146s ago: executing program 3 (id=6571):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r8, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r9 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(r7, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

1.137411497s ago: executing program 6 (id=6572):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
listxattr(&(0x7f0000000740)='./file0\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)

886.474058ms ago: executing program 4 (id=6573):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a80)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000018c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001", @ANYRESDEC=r0, @ANYRES32=r1], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x2040000}, 0x40)
r2 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r3, 0x0)
syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r6, 0xfffffffc)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r9, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07, 0x0, 0xff1f0000}, 0x2000000)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000002840)={0x0, &(0x7f0000000180)=[{0x3, 0x40, 0x40, 0xffff}, {0x5, 0x2, 0x1, 0x90000}, {0x0, 0x1, 0x1, 0x5}, {0x7, 0x6, 0x8, 0x5}, {0x1000, 0x6, 0x40, 0xffff}, {0x8, 0x6, 0x6, 0x7}, {0x1, 0x9, 0x4, 0x9}, {0x9, 0xb, 0xf, 0x46}]}, 0xffffffffffffff8c)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, &(0x7f0000000200)=0x15)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r2], 0x2b)
sendfile(0xffffffffffffffff, r2, 0x0, 0x4000000053d2)

774.666355ms ago: executing program 4 (id=6574):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b64c0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c0c1}, 0x44005)
sendmsg(r0, 0x0, 0x4004014)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r2, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018)
ioctl$SOUND_PCM_READ_CHANNELS(0xffffffffffffffff, 0x80045006, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x1a8, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x1d, 0xd601, 0x9}, [@nested={0x50, 0x12, 0x0, 0x1, [@nested={0x4c, 0xf8, 0x0, 0x1, [@typed={0x14, 0x133, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}, @nested={0x34, 0xfb, 0x0, 0x1, [@nested={0x30, 0x32, 0x0, 0x1, [@nested={0x29, 0x33, 0x0, 0x1, [@nested={0x4, 0x116}, @generic="96dbc7fe81960e9c3a477e80a501638be4c1577d2952cc91e8bfd4a452b0539cad"]}]}]}]}]}, @nested={0x144, 0x6, 0x0, 0x1, [@nested={0x140, 0xac, 0x0, 0x1, [@nested={0x13c, 0x13e, 0x0, 0x1, [@nested={0x138, 0x3c, 0x0, 0x1, [@nested={0x134, 0x61, 0x0, 0x1, [@nested={0x130, 0x9d, 0x0, 0x1, [@nested={0x12c, 0x63, 0x0, 0x1, [@typed={0x8, 0x60, 0x0, 0x0, @uid}, @typed={0x4, 0xa5}, @nested={0x119, 0x90, 0x0, 0x1, [@nested={0xe5, 0x44, 0x0, 0x1, [@typed={0x8, 0xb0, 0x0, 0x0, @str='GPL\x00'}, @generic="a4f2bdc07e8cc0404f617143e4f7b263ba6fc1453ff8932426cb0b2024dd0f1b7350887762644cd52aa6864acdf7e959a84b3dad1bc88841ef786cbde7d6215a38138e3e97b04c17bbc1841901c1583a335075ea5754b2eaa78293f03551b0562fb5a45f1f7cbb3d6e117248069b9fb39c95d130e184c9b4c03c06137216485441b97dd59aa0e33633390ce64bf88da83639f53a9b25264f438337448c8ad49b7c34940dd9f68826e015c57dcb", @typed={0x4, 0x13a}, @nested={0x25, 0x5b, 0x0, 0x1, [@generic="bc6dad2ec064a4d4fe3dd7c279ab0ab97e408884914301000000df366490a5e0ca"]}]}, @generic="f0d1352a224aadf38cc0be9a1bfc6ea31cfe9abdfc6e08360d8cf57b7256e18c92263487faf40caf4b040e15ce"]}]}]}]}]}]}]}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x5}, 0x0)
getsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000100)=0x8)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)

752.181487ms ago: executing program 5 (id=6575):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
lsm_set_self_attr(0x66, &(0x7f0000000240)=ANY=[], 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
lsm_get_self_attr(0x69, &(0x7f0000000240)={0x0, 0x0, 0x4d, 0x2d, ""/45}, &(0x7f0000000040)=0x4d, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000380)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x5}, 0x0)
write$rfkill(0xffffffffffffffff, &(0x7f0000000200)={0x9, 0x3}, 0x8)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x2, 0x141301)
syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300800004000000040000000b00"/28], 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f00000002c0)=0x1)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000190001090000000000000000021800000002fd010000000008000100ac14140008000500ac1e0101100016800c00010000000010000000040600150001000000"], 0x44}}, 0x0)

703.760042ms ago: executing program 6 (id=6576):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
write$cgroup_int(r1, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = creat(&(0x7f0000000240)='./file1\x00', 0x1bb)
io_setup(0x200, &(0x7f0000000140)=<r6=>0x0)
r7 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
read$midi(r7, 0x0, 0x0)
io_submit(r6, 0x1, &(0x7f0000000800)=[&(0x7f0000000840)={0x25, 0x0, 0x2, 0x1, 0x0, r5, 0x0}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth0_to_hsr\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
bind$packet(r2, &(0x7f0000000080)={0x11, 0x4, r8, 0x1, 0x6, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}}, 0x14)
sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xd}, {0xfff1, 0xfff2}}}, 0x24}}, 0x40000)

289.524354ms ago: executing program 3 (id=6577):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB])
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x1, 0x2000)
ioctl(r8, 0x6, &(0x7f0000000380)="6bb517c9357189c75295e34cd76ef13acddfcc2a04795a328dfd01f2a6bbf372337eff2a5b4e87c40db9e2d28aac3b1f9a2042abb29a08030cdfaebd958590d8600f69fb845e86ed8033ecaaf8cce2c848bfcf0393d1a73ea23b6f62c07e531cd06175e1f021096a2ffc3c5064c923ebdb4d9c0475b492be54b40184f424a065444a4f79c39f8c019c68a0ee5e3fed92817d3adf00c8ef429e9b2e61b1706e76c23abd9bef3a3f946474202adf1c1cc304c5aa37")
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
r9 = socket$inet6(0xa, 0x80002, 0x0)
ioctl$int_in(r7, 0x73, &(0x7f0000000340)=0xffffffff)
connect$inet6(r9, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

262.635395ms ago: executing program 6 (id=6578):
syz_emit_ethernet(0xfdef, &(0x7f0000000440)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0xb, 0x3, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @multicast2}}}}}}, 0x0) (async)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1a852a3ac0122d5100000000080000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x9, 0x1000, &(0x7f0000001cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r1, 0x19c00, 0x0, 0x1, 0x10, &(0x7f0000000240)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x49}, 0x94) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}, 0x94) (async)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) (async)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000240)=ANY=[], 0x12f4}}, 0x0) (async)
recvmsg$unix(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000880)=""/27, 0x1b}, {&(0x7f0000000400)=""/157, 0x9d}], 0x2}, 0x0) (async)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2800000, 0x0)
chdir(&(0x7f0000000000)='./file0\x00') (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

200.377151ms ago: executing program 4 (id=6579):
r0 = socket$inet6(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0xa}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000))
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x402000, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
mmap(&(0x7f0000b8c000/0x3000)=nil, 0x3000, 0x3, 0x12, r4, 0xfae76000)

198.472231ms ago: executing program 6 (id=6580):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r0, 0x2d3e, 0x0, 0xf00, 0x0, 0x0)

99.869243ms ago: executing program 6 (id=6581):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}], 0x1)

0s ago: executing program 6 (id=6582):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00'})
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaa8aaaabb86dd000186dd06100004aaaaaaaaaabbfc000000000000000000000000000001aaaaaaaaaabbfe8000"/62], 0x0)
r5 = memfd_create(&(0x7f0000000b00)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xa6l\a\xb0\xf5\xa9^a\xf0h\x16\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xb4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\xc5>\xfe3\x05\xa8C\xfc\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\x00\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac\x05+r\xe6_U}\xa5\x8a\xd6`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1UAA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97cy\xef\xbc\x1a\xbf\xc4\xdd\xe2\x9eBk\x1d\x8eg>\x87\x0e:\x9f\x88\xc0\x9ay\xffQ\xd6\xaf\xf5\xc1\xf3{\x91\xfc\x02t\'H \x97L\x86\x85N\xba\x96R\xc7\x7f,\xc4\xae*\x94\xc9\xa5/h\xf3\xa9O-\xf2Y\x0f)9DrH\x0e\x1b', 0x2)
fcntl$addseals(r5, 0x409, 0x8)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r6, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
syz_genetlink_get_family_id$mptcp(0x0, r1)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000200}, 0xc, 0x0}, 0x20044880)
sendmsg$key(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES32=r3], 0x40}}, 0x0)
unshare(0x40020000)
read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

erred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1172.859096][T24985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1172.862479][T24985] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1172.868933][T24985] comedi comedi4: bad chanlist[1]=0xfffffffd chan=65533 range length=2
[ 1172.874704][T24985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1172.878335][T24985] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1172.998870][T22279] usb 9-1: USB disconnect, device number 52
[ 1173.664947][ T6061] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive
[ 1173.669139][ T6061] ath9k_htc: Failed to initialize the device
[ 1173.681279][T22279] usb 9-1: ath9k_htc: USB layer deinitialized
[ 1174.251921][T21807] usb 9-1: new high-speed USB device number 53 using dummy_hcd
[ 1174.481898][T21807] usb 9-1: Using ep0 maxpacket: 16
[ 1174.495396][T21807] usb 9-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[ 1174.500400][T21807] usb 9-1: New USB device found, idVendor=1fd2, idProduct=6006, bcdDevice= 0.00
[ 1174.506656][T21807] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1174.793016][T21807] usb 9-1: USB disconnect, device number 53
[ 1176.239310][T25004] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.667257][T25004] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.806760][T25004] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.920767][T25004] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.024722][   T56] IPVS: stop unused estimator thread 0...
[ 1178.261007][ T1142] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1178.308075][ T1142] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1178.326244][ T1142] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1178.752840][T25041] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4534'.
[ 1178.900581][ T1187] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1180.363741][T25064] wlan0 speed is unknown, defaulting to 1000
[ 1180.825752][T25056] ubi: mtd0 is already attached to ubi8
[ 1181.046310][T25062] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.287391][T25073] could not allocate digest TFM handle sha1-ssse3
[ 1181.336130][T25062] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.492439][T25083] FAULT_INJECTION: forcing a failure.
[ 1181.492439][T25083] name failslab, interval 1, probability 0, space 0, times 0
[ 1181.500969][T25083] CPU: 0 UID: 0 PID: 25083 Comm: syz.2.4542 Not tainted syzkaller #0 PREEMPT(full) 
[ 1181.500995][T25083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1181.501006][T25083] Call Trace:
[ 1181.501012][T25083]  <TASK>
[ 1181.501018][T25083]  dump_stack_lvl+0x16c/0x1f0
[ 1181.501049][T25083]  should_fail_ex+0x512/0x640
[ 1181.501070][T25083]  ? __kmalloc_noprof+0xbf/0x510
[ 1181.501092][T25083]  ? kernfs_fop_write_iter+0x237/0x510
[ 1181.501107][T25083]  should_failslab+0xc2/0x120
[ 1181.501129][T25083]  __kmalloc_noprof+0xd2/0x510
[ 1181.501152][T25083]  kernfs_fop_write_iter+0x237/0x510
[ 1181.501173][T25083]  vfs_write+0x7d0/0x11d0
[ 1181.501192][T25083]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1181.501233][T25083]  ? __pfx_vfs_write+0x10/0x10
[ 1181.501249][T25083]  ? find_held_lock+0x2b/0x80
[ 1181.501284][T25083]  ksys_write+0x12a/0x250
[ 1181.501304][T25083]  ? __pfx_ksys_write+0x10/0x10
[ 1181.501326][T25083]  ? rcu_is_watching+0x12/0xc0
[ 1181.501349][T25083]  __do_fast_syscall_32+0x7c/0x3a0
[ 1181.501375][T25083]  do_fast_syscall_32+0x32/0x80
[ 1181.501398][T25083]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1181.501420][T25083] RIP: 0023:0xf70ce579
[ 1181.501435][T25083] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1181.501453][T25083] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1181.501471][T25083] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[ 1181.501482][T25083] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000000
[ 1181.501492][T25083] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1181.501501][T25083] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1181.501518][T25083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1181.501543][T25083]  </TASK>
[ 1181.633910][T25085] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4543'.
[ 1181.724293][T25062] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.877754][T25062] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1182.407361][ T1187] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1182.432640][T11303] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1182.463917][T11303] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1182.489112][T11303] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1182.625851][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.636985][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1184.599754][T25098] overlayfs: statfs failed on './file0'
[ 1184.772971][T25107] syz1: rxe_newlink: already configured on syz_tun
[ 1185.030456][T25114] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[ 1185.059244][T25114] wlan0 speed is unknown, defaulting to 1000
[ 1185.085482][T25117] wlan0 speed is unknown, defaulting to 1000
[ 1185.182056][T25107] binder: 25106:25107 unknown command 4130185499
[ 1185.185106][T25107] binder: 25106:25107 ioctl c0306201 80000080 returned -22
[ 1185.562978][T25125] bond1: entered promiscuous mode
[ 1185.565708][T25125] bond1: entered allmulticast mode
[ 1185.568646][T25125] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1186.385501][   T40] audit: type=1326 audit(1756488994.868:2820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.399531][   T40] audit: type=1326 audit(1756488994.868:2821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.416656][   T40] audit: type=1326 audit(1756488994.908:2822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.447134][   T40] audit: type=1326 audit(1756488994.908:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.458336][   T40] audit: type=1326 audit(1756488994.908:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.497478][   T40] audit: type=1326 audit(1756488994.918:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.510054][   T40] audit: type=1326 audit(1756488994.918:2826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.520574][   T40] audit: type=1326 audit(1756488994.918:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.533851][   T40] audit: type=1326 audit(1756488994.918:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1186.543005][   T40] audit: type=1326 audit(1756488994.918:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25145 comm="syz.3.4557" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf702e579 code=0x7ffc0000
[ 1188.206370][T25167] wlan0 speed is unknown, defaulting to 1000
[ 1188.603612][T25171] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1189.504551][T25180] wlan0 speed is unknown, defaulting to 1000
[ 1189.811168][T22505] Bluetooth: hci3: command 0x0405 tx timeout
[ 1190.339667][T25188] wlan0 speed is unknown, defaulting to 1000
[ 1191.639202][T25194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4565'.
[ 1191.931009][T25204] mkiss: ax0: crc mode is auto.
[ 1191.940748][T25204] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4567'.
[ 1191.955967][T25204] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1193.105834][T25215] mkiss: ax0: crc mode is auto.
[ 1194.102337][T25219] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4572'.
[ 1195.371734][T25240] wlan0 speed is unknown, defaulting to 1000
[ 1196.002458][T25246] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4578'.
[ 1196.002538][T25246] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1196.060986][T25251] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[ 1196.401218][ T6061] usb 10-1: new high-speed USB device number 46 using dummy_hcd
[ 1196.670736][ T6061] usb 10-1: Using ep0 maxpacket: 32
[ 1197.110334][ T6061] usb 10-1: config index 0 descriptor too short (expected 156, got 27)
[ 1197.150788][ T6061] usb 10-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1197.156747][ T6061] usb 10-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1197.163174][ T6061] usb 10-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1197.170364][ T6061] usb 10-1: config 0 interface 0 has no altsetting 0
[ 1197.199337][ T6061] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1197.205002][ T6061] usb 10-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1197.209604][ T6061] usb 10-1: Product: syz
[ 1197.213278][ T6061] usb 10-1: Manufacturer: syz
[ 1197.215432][ T6061] usb 10-1: SerialNumber: syz
[ 1197.226264][ T6061] usb 10-1: config 0 descriptor??
[ 1197.238077][ T6061] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1197.247416][ T6061] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1197.512974][T25262] wlan0 speed is unknown, defaulting to 1000
[ 1197.715013][T25266] mkiss: ax0: crc mode is auto.
[ 1198.612362][ T1187] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1198.660710][T25276] FAULT_INJECTION: forcing a failure.
[ 1198.660710][T25276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1198.683469][T25276] CPU: 1 UID: 0 PID: 25276 Comm: syz.2.4584 Not tainted syzkaller #0 PREEMPT(full) 
[ 1198.683498][T25276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1198.683510][T25276] Call Trace:
[ 1198.683520][T25276]  <TASK>
[ 1198.683530][T25276]  dump_stack_lvl+0x16c/0x1f0
[ 1198.683565][T25276]  should_fail_ex+0x512/0x640
[ 1198.683598][T25276]  _copy_from_iter+0x29f/0x1720
[ 1198.683630][T25276]  ? __alloc_skb+0x200/0x380
[ 1198.683654][T25276]  ? __pfx__copy_from_iter+0x10/0x10
[ 1198.683684][T25276]  ? __pfx___might_resched+0x10/0x10
[ 1198.683736][T25276]  netlink_sendmsg+0x829/0xdd0
[ 1198.683769][T25276]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1198.683798][T25276]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[ 1198.683821][T25276]  ____sys_sendmsg+0xa95/0xc70
[ 1198.683841][T25276]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1198.683860][T25276]  ? get_compat_msghdr+0x11a/0x170
[ 1198.683899][T25276]  ___sys_sendmsg+0x134/0x1d0
[ 1198.683924][T25276]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1198.683959][T25276]  ? find_held_lock+0x2b/0x80
[ 1198.683991][T25276]  __sys_sendmsg+0x16d/0x220
[ 1198.684018][T25276]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1198.684107][T25276]  ? rcu_is_watching+0x12/0xc0
[ 1198.684133][T25276]  __do_fast_syscall_32+0x7c/0x3a0
[ 1198.684163][T25276]  do_fast_syscall_32+0x32/0x80
[ 1198.684192][T25276]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1198.684218][T25276] RIP: 0023:0xf70ce579
[ 1198.684235][T25276] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1198.684255][T25276] RSP: 002b:00000000f549d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1198.684277][T25276] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[ 1198.684290][T25276] RDX: 0000000024044040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1198.684302][T25276] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1198.684314][T25276] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1198.684326][T25276] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1198.684361][T25276]  </TASK>
[ 1199.136186][   T29] usb 10-1: USB disconnect, device number 46
[ 1199.141033][   T29] ldusb 10-1:0.0: LD USB Device #0 now disconnected
[ 1199.166732][T25285] wlan0 speed is unknown, defaulting to 1000
[ 1199.403479][T25286] wlan0 speed is unknown, defaulting to 1000
[ 1199.770872][T25292] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4588'.
[ 1200.458863][T25301] usb usb5: usbfs: process 25301 (syz.3.4591) did not claim interface 8 before use
[ 1202.120508][T25324] wlan0 speed is unknown, defaulting to 1000
[ 1202.719656][T25336] FAULT_INJECTION: forcing a failure.
[ 1202.719656][T25336] name failslab, interval 1, probability 0, space 0, times 0
[ 1202.725747][T25336] CPU: 1 UID: 0 PID: 25336 Comm: syz.2.4600 Not tainted syzkaller #0 PREEMPT(full) 
[ 1202.725774][T25336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1202.725783][T25336] Call Trace:
[ 1202.725790][T25336]  <TASK>
[ 1202.725799][T25336]  dump_stack_lvl+0x16c/0x1f0
[ 1202.725833][T25336]  should_fail_ex+0x512/0x640
[ 1202.725868][T25336]  should_failslab+0xc2/0x120
[ 1202.725895][T25336]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1202.725920][T25336]  ? skb_clone+0x190/0x3f0
[ 1202.725953][T25336]  skb_clone+0x190/0x3f0
[ 1202.725980][T25336]  netlink_deliver_tap+0xabd/0xd30
[ 1202.726014][T25336]  netlink_unicast+0x64c/0x870
[ 1202.726047][T25336]  ? __pfx_netlink_unicast+0x10/0x10
[ 1202.726074][T25336]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1202.726109][T25336]  netlink_sendmsg+0x8d1/0xdd0
[ 1202.726143][T25336]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1202.726172][T25336]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[ 1202.726199][T25336]  ____sys_sendmsg+0xa95/0xc70
[ 1202.726223][T25336]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1202.726242][T25336]  ? get_compat_msghdr+0x11a/0x170
[ 1202.726280][T25336]  ___sys_sendmsg+0x134/0x1d0
[ 1202.726311][T25336]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1202.726351][T25336]  ? find_held_lock+0x2b/0x80
[ 1202.726389][T25336]  __sys_sendmsg+0x16d/0x220
[ 1202.726418][T25336]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1202.726458][T25336]  ? rcu_is_watching+0x12/0xc0
[ 1202.726485][T25336]  __do_fast_syscall_32+0x7c/0x3a0
[ 1202.726530][T25336]  do_fast_syscall_32+0x32/0x80
[ 1202.726554][T25336]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1202.726578][T25336] RIP: 0023:0xf70ce579
[ 1202.726596][T25336] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1202.726616][T25336] RSP: 002b:00000000f54be55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1202.726637][T25336] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[ 1202.726650][T25336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1202.726662][T25336] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1202.726674][T25336] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1202.726687][T25336] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1202.726714][T25336]  </TASK>
[ 1203.750256][   T29] usb 10-1: new high-speed USB device number 47 using dummy_hcd
[ 1204.123544][   T29] usb 10-1: Using ep0 maxpacket: 16
[ 1204.129782][   T29] usb 10-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[ 1204.133801][   T29] usb 10-1: New USB device found, idVendor=1fd2, idProduct=6006, bcdDevice= 0.00
[ 1204.137628][   T29] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.455325][T25360] wlan0 speed is unknown, defaulting to 1000
[ 1206.172687][  T949] usb 10-1: USB disconnect, device number 47
[ 1206.867263][T25381] Invalid logical block size (6)
[ 1206.965283][T22505] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1206.980958][T22505] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1206.992312][T22505] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1207.002644][T22505] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1207.030584][T22505] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1207.384600][T25385] wlan0 speed is unknown, defaulting to 1000
[ 1207.586703][T25396] binder: 25389:25396 ioctl c0306201 0 returned -14
[ 1207.714574][T25385] chnl_net:caif_netlink_parms(): no params data found
[ 1207.924034][T25385] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1207.929299][T25385] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.937615][T25385] bridge_slave_0: entered allmulticast mode
[ 1207.946596][T25385] bridge_slave_0: entered promiscuous mode
[ 1207.952637][T25385] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1207.955887][T25385] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.957703][T25404] netlink: 'syz.3.4614': attribute type 4 has an invalid length.
[ 1207.959021][T25385] bridge_slave_1: entered allmulticast mode
[ 1207.966385][T25385] bridge_slave_1: entered promiscuous mode
[ 1208.035134][T25385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1208.043648][T25385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1208.111727][T25385] team0: Port device team_slave_0 added
[ 1208.118618][T25385] team0: Port device team_slave_1 added
[ 1208.205221][T25385] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1208.208639][T25385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1208.223157][T25385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1208.230526][T25385] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1208.233694][T25385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1208.245888][T25385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1208.323129][T25385] hsr_slave_0: entered promiscuous mode
[ 1208.328159][T25385] hsr_slave_1: entered promiscuous mode
[ 1208.636601][T25385] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.742719][T25385] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.838051][T25385] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.915227][T25385] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1209.111788][T25385] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1209.121879][T25385] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1209.128283][T25385] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1209.137465][T25385] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1209.180276][T22505] Bluetooth: hci4: command tx timeout
[ 1209.233142][T25385] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1209.259691][T25385] 8021q: adding VLAN 0 to HW filter on device team0
[ 1209.268532][T11303] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1209.271778][T11303] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1209.285174][T11295] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1209.288177][T11295] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1209.506774][T25385] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1209.558535][T25385] veth0_vlan: entered promiscuous mode
[ 1209.570875][T25385] veth1_vlan: entered promiscuous mode
[ 1209.604418][T25385] veth0_macvtap: entered promiscuous mode
[ 1209.612834][T25385] veth1_macvtap: entered promiscuous mode
[ 1209.633382][T25385] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1209.647344][T25385] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1209.661095][T22817] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1209.665975][T22817] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1209.672118][T22817] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1209.676839][T22817] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1209.780027][ T6061] usb 9-1: new full-speed USB device number 54 using dummy_hcd
[ 1209.786087][T11295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1209.789693][T11295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1209.828659][T11306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1209.833333][T11306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1209.942837][ T6061] usb 9-1: config 0 has no interfaces?
[ 1209.950293][ T6061] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1209.954544][ T6061] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1209.959542][ T6061] usb 9-1: Product: syz
[ 1209.961717][ T6061] usb 9-1: Manufacturer: syz
[ 1209.964013][ T6061] usb 9-1: SerialNumber: syz
[ 1209.975439][ T6061] usb 9-1: config 0 descriptor??
[ 1210.311746][  T949] usb 9-1: USB disconnect, device number 54
[ 1210.422806][T25452] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(14)
[ 1210.426451][T25452] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1210.429454][T25452] vhci_hcd vhci_hcd.0: Device attached
[ 1210.690369][ T6061] usb 41-1: new low-speed USB device number 6 using vhci_hcd
[ 1210.737842][T25457] vhci_hcd: connection reset by peer
[ 1210.741100][T22817] vhci_hcd: stop threads
[ 1210.744736][T22817] vhci_hcd: release socket
[ 1210.747443][T22817] vhci_hcd: disconnect device
[ 1211.183435][   T40] kauditd_printk_skb: 23 callbacks suppressed
[ 1211.183449][   T40] audit: type=1326 audit(1756489019.680:2853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.202391][   T40] audit: type=1326 audit(1756489019.680:2854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.211457][   T40] audit: type=1326 audit(1756489019.680:2855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=242 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.220082][   T40] audit: type=1326 audit(1756489019.680:2856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.230251][   T40] audit: type=1326 audit(1756489019.680:2857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.242234][   T40] audit: type=1326 audit(1756489019.680:2858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.250381][T22505] Bluetooth: hci4: command tx timeout
[ 1211.253453][   T40] audit: type=1326 audit(1756489019.680:2859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.265511][   T40] audit: type=1326 audit(1756489019.680:2860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.278025][   T40] audit: type=1326 audit(1756489019.680:2861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1211.287909][   T40] audit: type=1326 audit(1756489019.680:2862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25471 comm="syz.4.4633" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1213.340228][T22505] Bluetooth: hci4: command tx timeout
[ 1213.866074][T22279] Process accounting resumed
[ 1215.421483][T22505] Bluetooth: hci4: command tx timeout
[ 1215.689907][T15204] usb 9-1: new high-speed USB device number 55 using dummy_hcd
[ 1215.829767][ T6061] vhci_hcd: vhci_device speed not set
[ 1215.841087][T15204] usb 9-1: Using ep0 maxpacket: 16
[ 1215.856045][T15204] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1215.887033][T15204] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1215.901092][T15204] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1215.912819][T15204] usb 9-1: Product: syz
[ 1215.915519][T15204] usb 9-1: Manufacturer: syz
[ 1215.917594][T15204] usb 9-1: SerialNumber: syz
[ 1215.925365][T15204] usb 9-1: config 0 descriptor??
[ 1215.933433][T15204] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1215.937565][T15204] em28xx 9-1:0.0: DVB interface 0 found: bulk
[ 1216.050136][T25557] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4660'.
[ 1216.554726][T15204] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[ 1216.558343][T25561] mac80211_hwsim hwsim25 wlan0: entered promiscuous mode
[ 1216.984256][T15204] em28xx 9-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1216.992914][T15204] em28xx 9-1:0.0: board has no eeprom
[ 1217.299585][T15204] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1217.302326][T15204] em28xx 9-1:0.0: dvb set to bulk mode.
[ 1217.306631][T22354] em28xx 9-1:0.0: Binding DVB extension
[ 1217.321483][T15204] usb 9-1: USB disconnect, device number 55
[ 1217.324533][T15204] em28xx 9-1:0.0: Disconnecting em28xx
[ 1217.357227][T25574] random: crng reseeded on system resumption
[ 1217.376900][T22354] em28xx 9-1:0.0: Registering input extension
[ 1217.382034][T15204] em28xx 9-1:0.0: Closing input extension
[ 1217.400196][T15204] em28xx 9-1:0.0: Freeing device
[ 1217.843226][T25581] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[ 1217.892871][T25582] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[ 1217.896030][T25582] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1217.906544][T25582] vhci_hcd vhci_hcd.0: Device attached
[ 1218.079587][T11873] vhci_hcd: vhci_device speed not set
[ 1218.137304][T25583] vhci_hcd: connection closed
[ 1218.139547][T11873] usb 47-1: new high-speed USB device number 2 using vhci_hcd
[ 1218.199635][ T1142] vhci_hcd: stop threads
[ 1218.201432][ T1142] vhci_hcd: release socket
[ 1218.203447][ T1142] vhci_hcd: disconnect device
[ 1218.287715][T25596] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3484950563 (55759209008 ns) > initial count (50642361344 ns). Using initial count to start timer.
[ 1221.689428][  T949] usb 9-1: new high-speed USB device number 56 using dummy_hcd
[ 1221.844144][  T949] usb 9-1: config 0 has no interfaces?
[ 1221.846530][  T949] usb 9-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[ 1221.853301][  T949] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1221.861964][  T949] usb 9-1: config 0 descriptor??
[ 1222.114579][  T949] usb 9-1: USB disconnect, device number 56
[ 1223.249383][T11873] vhci_hcd: vhci_device speed not set
[ 1225.347935][T22505] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1
[ 1225.356122][T22505] Bluetooth: hci2: unexpected event for opcode 0x203e
[ 1226.537849][   T40] kauditd_printk_skb: 12 callbacks suppressed
[ 1226.537863][   T40] audit: type=1326 audit(1756489035.031:2875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[ 1226.551248][   T40] audit: type=1326 audit(1756489035.051:2876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc5598 code=0x7ffc0000
[ 1226.560404][   T40] audit: type=1326 audit(1756489035.051:2877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[ 1226.568810][   T40] audit: type=1326 audit(1756489035.051:2878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[ 1226.579890][   T40] audit: type=1326 audit(1756489035.051:2879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc5598 code=0x7ffc0000
[ 1226.587540][   T40] audit: type=1326 audit(1756489035.051:2880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[ 1226.597968][   T40] audit: type=1326 audit(1756489035.051:2881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[ 1226.623487][   T40] audit: type=1326 audit(1756489035.051:2882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc5598 code=0x7ffc0000
[ 1226.634118][   T40] audit: type=1326 audit(1756489035.051:2883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000
[ 1226.644238][   T40] audit: type=1326 audit(1756489035.061:2884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25745 comm="syz.5.4716" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc5598 code=0x7ffc0000
[ 1226.879046][  T949] usb 10-1: new high-speed USB device number 48 using dummy_hcd
[ 1227.049121][  T949] usb 10-1: Using ep0 maxpacket: 32
[ 1227.055596][  T949] usb 10-1: config 0 has an invalid interface number: 85 but max is 0
[ 1227.059775][  T949] usb 10-1: config 0 has no interface number 0
[ 1227.062333][  T949] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1227.067656][  T949] usb 10-1: config 0 interface 85 has no altsetting 0
[ 1227.077586][  T949] usb 10-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1227.081746][  T949] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1227.085140][  T949] usb 10-1: Product: syz
[ 1227.087161][  T949] usb 10-1: Manufacturer: syz
[ 1227.091445][  T949] usb 10-1: SerialNumber: syz
[ 1227.096399][  T949] usb 10-1: config 0 descriptor??
[ 1227.570554][T25765] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1227.713623][  T949] appletouch 10-1:0.85: Geyser mode initialized.
[ 1227.719768][  T949] input: appletouch as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.85/input/input33
[ 1227.916370][T11873] usb 10-1: USB disconnect, device number 48
[ 1227.939198][T11873] appletouch 10-1:0.85: input: appletouch disconnected
[ 1228.825116][T25786] Error: Driver 'c6xdigio' is already registered, aborting...
[ 1229.414332][T22505] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 1229.418172][T22505] Bluetooth: hci2: Injecting HCI hardware error event
[ 1229.428323][T22505] Bluetooth: hci2: hardware error 0x00
[ 1230.397012][T25820] netlink: 'syz.5.4742': attribute type 8 has an invalid length.
[ 1230.608805][   T56] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1230.904570][ T5333] Bluetooth: hci3: unexpected event for opcode 0x2040
[ 1231.487298][T25841] loop4: detected capacity change from 0 to 7
[ 1231.499042][T25841] Dev loop4: unable to read RDB block 7
[ 1231.501616][T25841]  loop4: unable to read partition table
[ 1231.504338][T25841] loop4: partition table beyond EOD, truncated
[ 1231.507087][T25841] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1231.568746][T22505] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 1231.827856][T25848] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1232.599814][T25856] ALSA: mixer_oss: invalid OSS volume 'DIG¨TAL1'
[ 1234.067003][T15204] libceph: connect (1)[c::]:6789 error -101
[ 1234.069849][T15204] libceph: mon0 (1)[c::]:6789 connect error
[ 1234.329010][T15204] libceph: connect (1)[c::]:6789 error -101
[ 1234.332512][T15204] libceph: mon0 (1)[c::]:6789 connect error
[ 1234.593400][T25877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4763'.
[ 1234.597951][T25877] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4763'.
[ 1234.840162][T15204] libceph: connect (1)[c::]:6789 error -101
[ 1234.846638][T15204] libceph: mon0 (1)[c::]:6789 connect error
[ 1234.942031][T25870] ceph: No mds server is up or the cluster is laggy
[ 1235.106408][T25887] pim6reg: entered allmulticast mode
[ 1235.122996][T25887] pim6reg: left allmulticast mode
[ 1238.007108][T25930] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1239.306830][T25943] binder: 25942:25943 ioctl c0306201 80000080 returned -14
[ 1239.647565][T25951] netlink: 'syz.4.4790': attribute type 1 has an invalid length.
[ 1239.669801][T25953] loop4: detected capacity change from 0 to 7
[ 1239.686465][T25953] Dev loop4: unable to read RDB block 7
[ 1239.689787][T25953]  loop4: unable to read partition table
[ 1239.693287][T25953] loop4: partition table beyond EOD, truncated
[ 1239.697773][T25953] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1239.726431][T25951] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1239.749851][T25955] ip6erspan0: entered promiscuous mode
[ 1239.762805][T25955] bond1: (slave ip6erspan0): making interface the new active one
[ 1239.770150][T25955] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 1242.968054][T25979] wlan0 speed is unknown, defaulting to 1000
[ 1243.028259][T25982] could not allocate digest TFM handle sha1-ssse3
[ 1243.639831][T26000] could not allocate digest TFM handle sha1-ssse3
[ 1244.128412][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.131056][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1246.505548][T26037] could not allocate digest TFM handle sha1-ssse3
[ 1246.960391][T26050] wlan0 speed is unknown, defaulting to 1000
[ 1247.979585][T26067] wlan0 speed is unknown, defaulting to 1000
[ 1249.250656][T26082] overlayfs: failed to clone upperpath
[ 1249.484189][T26080] wlan0 speed is unknown, defaulting to 1000
[ 1250.421124][T26101] could not allocate digest TFM handle sha1-ssse3
[ 1250.456192][T26106] wlan0 speed is unknown, defaulting to 1000
[ 1252.134647][T26124] wlan0 speed is unknown, defaulting to 1000
[ 1252.703661][T26129] loop4: detected capacity change from 0 to 7
[ 1252.711220][T26129] Dev loop4: unable to read RDB block 7
[ 1252.724745][T26129]  loop4: unable to read partition table
[ 1252.728706][T26129] loop4: partition table beyond EOD, truncated
[ 1252.734128][T26129] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1254.048122][T26148] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4833'.
[ 1254.484339][T26164] wlan0 speed is unknown, defaulting to 1000
[ 1255.299481][ T5333] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1255.310669][ T5333] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1255.316189][ T5333] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1255.321434][ T5333] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1255.328730][ T5333] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1255.376228][T26175] wlan0 speed is unknown, defaulting to 1000
[ 1256.112550][T22817] smc: removing ib device syz1
[ 1256.782651][T26175] chnl_net:caif_netlink_parms(): no params data found
[ 1257.161943][T26198] wlan0 speed is unknown, defaulting to 1000
[ 1257.380062][T26175] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1257.382741][T26175] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1257.385735][T26175] bridge_slave_0: entered allmulticast mode
[ 1257.391719][T26175] bridge_slave_0: entered promiscuous mode
[ 1257.407663][T22505] Bluetooth: hci5: command tx timeout
[ 1257.423718][T26175] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1257.427304][T26175] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1257.430645][T26175] bridge_slave_1: entered allmulticast mode
[ 1257.437305][T26175] bridge_slave_1: entered promiscuous mode
[ 1257.672727][T26175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1257.682933][T26175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1257.771032][T26175] team0: Port device team_slave_0 added
[ 1257.778614][T26175] team0: Port device team_slave_1 added
[ 1257.861298][T26175] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1257.864281][T26175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1257.877504][T26175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1257.892239][T26175] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1257.895476][T26175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1257.911025][T26175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1258.030509][T26175] hsr_slave_0: entered promiscuous mode
[ 1258.033729][T26175] hsr_slave_1: entered promiscuous mode
[ 1258.036637][T26175] debugfs: 'hsr0' already exists in 'hsr'
[ 1258.039814][T26175] Cannot create hsr debugfs directory
[ 1258.240115][T26209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4844'.
[ 1258.357733][T26212] overlayfs: failed to clone upperpath
[ 1258.531944][ T6676] team0: Port device netdevsim0 removed
[ 1258.645987][T26220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4847'.
[ 1259.364585][ T6676] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1259.372003][ T6676] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1259.376493][ T6676] bond0 (unregistering): Released all slaves
[ 1259.433016][T26228] mkiss: ax0: crc mode is auto.
[ 1259.453390][ T6676] : left promiscuous mode
[ 1259.502583][T22505] Bluetooth: hci5: command tx timeout
[ 1259.949898][ T6676] tipc: Left network mode
[ 1260.266182][ T6676] hsr_slave_0: left promiscuous mode
[ 1260.273951][ T6676] hsr_slave_1: left promiscuous mode
[ 1260.278711][ T6676] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1260.284363][ T6676] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1260.452147][T26236] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4852'.
[ 1261.578493][T22505] Bluetooth: hci5: command tx timeout
[ 1261.884658][T26255] loop4: detected capacity change from 0 to 7
[ 1261.894552][T26255]  loop4: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12
[ 1261.898544][T26255] loop4: p1 start 16843009 is beyond EOD, truncated
[ 1261.899119][ T6676] team0 (unregistering): Port device team_slave_1 removed
[ 1261.901954][T26255] loop4: p2 start 16843009 is beyond EOD, truncated
[ 1261.908894][T26255] loop4: p3 start 16843009 is beyond EOD, truncated
[ 1261.912155][T26255] loop4: p4 start 16843009 is beyond EOD, truncated
[ 1261.915675][T26255] loop4: p5 start 16843009 is beyond EOD, truncated
[ 1261.919269][T26255] loop4: p6 start 16843009 is beyond EOD, truncated
[ 1261.922277][T26255] loop4: p7 start 16843009 is beyond EOD, truncated
[ 1261.925335][T26255] loop4: p8 start 16843009 is beyond EOD, truncated
[ 1261.928911][T26255] loop4: p9 start 16843009 is beyond EOD, truncated
[ 1261.932038][T26255] loop4: p10 start 16843009 is beyond EOD, truncated
[ 1261.935020][T26255] loop4: p11 start 16843009 is beyond EOD, truncated
[ 1261.938357][T26255] loop4: p12 start 16843009 is beyond EOD, truncated
[ 1261.968129][T11306] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1262.155110][ T6676] team0 (unregistering): Port device team_slave_0 removed
[ 1262.375681][    C2] vkms_vblank_simulate: vblank timer overrun
[ 1263.647075][T22505] Bluetooth: hci5: command tx timeout
[ 1264.071988][T26175] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1264.083573][T26175] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1264.099146][T26175] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1264.124092][T26175] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1264.465762][T26175] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1264.516467][T26175] 8021q: adding VLAN 0 to HW filter on device team0
[ 1264.569202][T26281] netlink: 'syz.2.4862': attribute type 8 has an invalid length.
[ 1264.583068][T11306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1264.586319][T11306] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1264.621015][T11306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1264.625964][T11306] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1265.046394][T26175] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1265.102485][T26299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4867'.
[ 1265.156137][T26175] veth0_vlan: entered promiscuous mode
[ 1265.178044][T26175] veth1_vlan: entered promiscuous mode
[ 1265.242891][T26175] veth0_macvtap: entered promiscuous mode
[ 1265.260655][T26175] veth1_macvtap: entered promiscuous mode
[ 1265.299969][T26175] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1265.307531][T26175] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1265.373005][T11303] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1265.506586][T11303] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1265.511752][T11303] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1265.520423][T11303] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1265.932803][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1265.936357][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1266.056597][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1266.060470][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1266.762715][T26316] input: syz1 as /devices/virtual/input/input34
[ 1267.319973][T26324] wlan0 speed is unknown, defaulting to 1000
[ 1267.902859][   T40] kauditd_printk_skb: 33 callbacks suppressed
[ 1267.902879][   T40] audit: type=1326 audit(1756489076.403:2918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1267.938358][T26327] pim6reg: entered allmulticast mode
[ 1267.943770][   T40] audit: type=1326 audit(1756489076.413:2919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1267.956988][   T40] audit: type=1326 audit(1756489076.423:2920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1267.966148][   T40] audit: type=1326 audit(1756489076.423:2921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1267.975531][   T40] audit: type=1326 audit(1756489076.423:2922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1267.985122][   T40] audit: type=1326 audit(1756489076.423:2923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1267.994035][   T40] audit: type=1326 audit(1756489076.423:2924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1268.003649][   T40] audit: type=1326 audit(1756489076.423:2925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1268.035891][   T40] audit: type=1326 audit(1756489076.423:2926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1268.056769][   T40] audit: type=1326 audit(1756489076.423:2927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26326 comm="syz.4.4872" exe="/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf70ee579 code=0x7ffc0000
[ 1268.374290][T26344] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4876'.
[ 1268.383479][T26344] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1268.658632][T26339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4875'.
[ 1268.663724][T26339] bridge_slave_1: left allmulticast mode
[ 1268.668270][T26339] bridge_slave_1: left promiscuous mode
[ 1268.679012][T26339] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1269.104984][T26339] bridge_slave_0: left allmulticast mode
[ 1269.112544][T26339] bridge_slave_0: left promiscuous mode
[ 1269.122374][T26339] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1271.375044][T22505] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 1271.383917][T22505] CPU: 3 UID: 0 PID: 22505 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) 
[ 1271.383962][T22505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1271.383979][T22505] Workqueue: hci1 hci_rx_work
[ 1271.384008][T22505] Call Trace:
[ 1271.384017][T22505]  <TASK>
[ 1271.384027][T22505]  dump_stack_lvl+0x16c/0x1f0
[ 1271.384058][T22505]  sysfs_warn_dup+0x7f/0xa0
[ 1271.384083][T22505]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1271.384106][T22505]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1271.384130][T22505]  ? find_held_lock+0x2b/0x80
[ 1271.384154][T22505]  ? do_raw_spin_unlock+0x172/0x230
[ 1271.384186][T22505]  kobject_add_internal+0x2c4/0x9b0
[ 1271.384217][T22505]  kobject_add+0x16e/0x240
[ 1271.384246][T22505]  ? __pfx_kobject_add+0x10/0x10
[ 1271.384275][T22505]  ? do_raw_spin_unlock+0x172/0x230
[ 1271.384304][T22505]  ? kobject_put+0xab/0x5a0
[ 1271.384339][T22505]  device_add+0x288/0x1aa0
[ 1271.384355][T22505]  ? __pfx_dev_set_name+0x10/0x10
[ 1271.384377][T22505]  ? __pfx_device_add+0x10/0x10
[ 1271.384396][T22505]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1271.384424][T22505]  hci_conn_add_sysfs+0x17e/0x230
[ 1271.384473][T22505]  le_conn_complete_evt+0x1075/0x1d70
[ 1271.384492][T22505]  ? preempt_count_sub+0x160/0x160
[ 1271.384520][T22505]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1271.384542][T22505]  ? hci_event_packet+0x459/0x11c0
[ 1271.384569][T22505]  hci_le_conn_complete_evt+0x23c/0x370
[ 1271.384596][T22505]  hci_le_meta_evt+0x354/0x5e0
[ 1271.384616][T22505]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1271.384634][T22505]  hci_event_packet+0x685/0x11c0
[ 1271.384656][T22505]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1271.384680][T22505]  ? __pfx_hci_event_packet+0x10/0x10
[ 1271.384700][T22505]  ? kcov_remote_start+0x3c9/0x6d0
[ 1271.384725][T22505]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1271.384756][T22505]  hci_rx_work+0x2c5/0x16b0
[ 1271.384779][T22505]  ? rcu_is_watching+0x12/0xc0
[ 1271.384801][T22505]  process_one_work+0x9cf/0x1b70
[ 1271.384852][T22505]  ? __pfx_process_one_work+0x10/0x10
[ 1271.384897][T22505]  ? assign_work+0x1a0/0x250
[ 1271.384928][T22505]  worker_thread+0x6c8/0xf10
[ 1271.384956][T22505]  ? __kthread_parkme+0x19e/0x250
[ 1271.384982][T22505]  ? __pfx_worker_thread+0x10/0x10
[ 1271.385009][T22505]  kthread+0x3c5/0x780
[ 1271.385033][T22505]  ? __pfx_kthread+0x10/0x10
[ 1271.385059][T22505]  ? rcu_is_watching+0x12/0xc0
[ 1271.385075][T22505]  ? __pfx_kthread+0x10/0x10
[ 1271.385115][T22505]  ret_from_fork+0x5d4/0x6f0
[ 1271.385147][T22505]  ? __pfx_kthread+0x10/0x10
[ 1271.385178][T22505]  ret_from_fork_asm+0x1a/0x30
[ 1271.385217][T22505]  </TASK>
[ 1271.508363][T22505] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1271.515255][T22505] Bluetooth: hci1: failed to register connection device
[ 1272.278641][T26374] wlan0 speed is unknown, defaulting to 1000
[ 1272.470582][T26379] could not allocate digest TFM handle sha1-ssse3
[ 1272.763764][T26387] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4886'.
[ 1272.771955][T26387] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1273.296116][T26400] wlan0 speed is unknown, defaulting to 1000
[ 1273.375553][T26395] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4889'.
[ 1274.324190][T26412] wlan0 speed is unknown, defaulting to 1000
[ 1274.953365][T26428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4894'.
[ 1275.381548][T26442] fuse: Bad value for 'group_id'
[ 1275.384088][T26442] fuse: Bad value for 'group_id'
[ 1275.836856][T26449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4901'.
[ 1275.841290][T26449] netlink: 312 bytes leftover after parsing attributes in process `syz.2.4901'.
[ 1275.845834][T26449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4901'.
[ 1276.441597][T26458] dvmrp0: entered allmulticast mode
[ 1277.112417][T26476] wlan0 speed is unknown, defaulting to 1000
[ 1277.566626][T26474] veth1_to_batadv: entered promiscuous mode
[ 1277.601900][T26474] macsec1: entered promiscuous mode
[ 1278.311167][T26496] wlan0 speed is unknown, defaulting to 1000
[ 1278.747036][T26504] netlink: 100 bytes leftover after parsing attributes in process `syz.2.4915'.
[ 1280.255996][T15204] usb 10-1: new high-speed USB device number 49 using dummy_hcd
[ 1280.432961][T26526] wlan0 speed is unknown, defaulting to 1000
[ 1280.436100][T15204] usb 10-1: device descriptor read/64, error -71
[ 1280.676001][T15204] usb 10-1: new high-speed USB device number 50 using dummy_hcd
[ 1280.846205][T15204] usb 10-1: device descriptor read/64, error -71
[ 1280.962899][T15204] usb usb10-port1: attempt power cycle
[ 1281.312948][T15204] usb 10-1: new high-speed USB device number 51 using dummy_hcd
[ 1281.337124][T15204] usb 10-1: device descriptor read/8, error -71
[ 1281.459695][T26541] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1281.528206][T26544] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4921'.
[ 1281.725322][T15204] usb 10-1: new high-speed USB device number 52 using dummy_hcd
[ 1281.753398][T15204] usb 10-1: device descriptor read/8, error -71
[ 1281.868872][T15204] usb usb10-port1: unable to enumerate USB device
[ 1283.461373][T26550] could not allocate digest TFM handle sha1-ssse3
[ 1284.155952][ T5333] Bluetooth: hci3: unexpected event for opcode 0x0c7b
[ 1285.337894][T26580] wlan0 speed is unknown, defaulting to 1000
[ 1286.763337][T26611] wlan0 speed is unknown, defaulting to 1000
[ 1287.285952][T26613] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4938'.
[ 1287.640098][T26625] wlan0 speed is unknown, defaulting to 1000
[ 1287.969863][T26624] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.238614][T26624] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.470026][T26632] could not allocate digest TFM handle sha1-ssse3
[ 1289.343845][T26624] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1289.761105][T26624] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1289.981627][T11295] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.015731][ T1152] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.072453][T11295] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.103965][T26656] wlan0 speed is unknown, defaulting to 1000
[ 1290.270388][T11295] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.384265][T26661] wlan0 speed is unknown, defaulting to 1000
[ 1292.924226][T26702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4954'.
[ 1293.337249][T11306] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1293.917256][T26706] mac80211_hwsim hwsim25 wlan0: left promiscuous mode
[ 1293.922110][T26706] mac80211_hwsim hwsim25 wlan0: entered allmulticast mode
[ 1293.932320][T26706] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[ 1294.199806][T26710] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1294.446631][T26718] wlan0 speed is unknown, defaulting to 1000
[ 1294.641317][T26710] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1294.827881][T26710] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.072649][T26724] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4959'.
[ 1295.202118][T26727] could not allocate digest TFM handle sha1-ssse3
[ 1295.217318][T26710] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1296.651585][T26747] wlan0 speed is unknown, defaulting to 1000
[ 1296.651770][ T1187] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1296.717931][ T1187] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1296.721717][ T1187] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1296.822071][   T56] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1299.217371][T11878] usb 10-1: new high-speed USB device number 53 using dummy_hcd
[ 1299.364402][T26783] syz.2.4971 (26783): /proc/26782/oom_adj is deprecated, please use /proc/26782/oom_score_adj instead.
[ 1299.385177][T11878] usb 10-1: Using ep0 maxpacket: 16
[ 1299.444553][T11878] usb 10-1: unable to read config index 0 descriptor/start: -61
[ 1299.448758][T11878] usb 10-1: can't read configurations, error -61
[ 1299.664871][T11878] usb 10-1: new high-speed USB device number 54 using dummy_hcd
[ 1299.834882][T11878] usb 10-1: Using ep0 maxpacket: 16
[ 1299.839825][T11878] usb 10-1: unable to read config index 0 descriptor/start: -61
[ 1299.847263][T11878] usb 10-1: can't read configurations, error -61
[ 1299.862459][T11878] usb usb10-port1: attempt power cycle
[ 1300.077213][T26793] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1300.275068][T11878] usb 10-1: new high-speed USB device number 55 using dummy_hcd
[ 1300.356314][T11878] usb 10-1: Using ep0 maxpacket: 16
[ 1300.360883][T11878] usb 10-1: unable to read config index 0 descriptor/start: -61
[ 1300.364370][T11878] usb 10-1: can't read configurations, error -61
[ 1300.504870][T11878] usb 10-1: new high-speed USB device number 56 using dummy_hcd
[ 1300.525919][T11878] usb 10-1: Using ep0 maxpacket: 16
[ 1300.660355][T11878] usb 10-1: unable to read config index 0 descriptor/start: -61
[ 1300.663810][T11878] usb 10-1: can't read configurations, error -61
[ 1300.667647][T11878] usb usb10-port1: unable to enumerate USB device
[ 1301.033869][T26800] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4975'.
[ 1301.640249][T26808] wlan0 speed is unknown, defaulting to 1000
[ 1302.689201][T26831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4983'.
[ 1302.981459][T26840] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4993'.
[ 1304.028703][T26844] could not allocate digest TFM handle sha1-ssse3
[ 1305.542215][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1305.544619][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1307.096344][T26881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5001'.
[ 1308.039654][T26897] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4995'.
[ 1308.471867][T26904] wlan0 speed is unknown, defaulting to 1000
[ 1309.051575][T26907] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1310.819086][T11295] gretap0 (unregistering): left promiscuous mode
[ 1311.359016][T11295] Ã (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1311.366266][T11295] Ã (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1311.373767][T11295] Ã (unregistering): Released all slaves
[ 1311.487501][T11295] tipc: Left network mode
[ 1311.716169][T11295] batadv_slave_1: left promiscuous mode
[ 1311.731616][T11295] hsr_slave_0: left promiscuous mode
[ 1311.735379][T11295] hsr_slave_1: left promiscuous mode
[ 1311.738732][T11295] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1311.741840][T11295] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1311.747102][T11295] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1311.751786][T11295] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1311.786160][T11295] veth1_macvtap: left promiscuous mode
[ 1311.788781][T11295] veth0_macvtap: left promiscuous mode
[ 1311.790958][T11295] veth1_vlan: left promiscuous mode
[ 1311.792981][T11295] veth0_vlan: left promiscuous mode
[ 1312.433365][T26953] could not allocate digest TFM handle sha1-ssse3
[ 1312.665921][T26965] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5012'.
[ 1314.227099][T11295] team0 (unregistering): Port device team_slave_1 removed
[ 1314.459572][T11295] team0 (unregistering): Port device team_slave_0 removed
[ 1315.927628][T26955] wlan0 speed is unknown, defaulting to 1000
[ 1315.969437][T26972] wlan0 speed is unknown, defaulting to 1000
[ 1316.388598][T11295] IPVS: stop unused estimator thread 0...
[ 1318.009345][T27007] wlan0 speed is unknown, defaulting to 1000
[ 1320.047878][T27031] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5023'.
[ 1322.217261][T27056] wlan0 speed is unknown, defaulting to 1000
[ 1322.338728][T27067] wlan0 speed is unknown, defaulting to 1000
[ 1322.990233][T27070] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1324.295839][T27090] wlan0 speed is unknown, defaulting to 1000
[ 1324.887502][T27091] wlan0 speed is unknown, defaulting to 1000
[ 1325.415830][T27093] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1326.839144][T27124] wlan0 speed is unknown, defaulting to 1000
[ 1327.352663][T27131] could not allocate digest TFM handle sha1-ssse3
[ 1328.979148][T27157] wlan0 speed is unknown, defaulting to 1000
[ 1329.473963][T27164] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5052'.
[ 1329.540776][T27166] wlan0 speed is unknown, defaulting to 1000
[ 1330.616905][T27194] wlan0 speed is unknown, defaulting to 1000
[ 1331.632775][T27206] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1332.353167][T27218] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5062'.
[ 1333.179319][T22505] Bluetooth: hci4: command 0x0406 tx timeout
[ 1333.500472][T27237] wlan0 speed is unknown, defaulting to 1000
[ 1333.813941][T27227] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5065'.
[ 1333.984403][T27227] bridge_slave_1: left allmulticast mode
[ 1333.987774][T27227] bridge_slave_1: left promiscuous mode
[ 1334.013475][T27227] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1334.038985][T27227] bridge_slave_0: left allmulticast mode
[ 1334.041448][T27227] bridge_slave_0: left promiscuous mode
[ 1334.045168][T27227] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1335.101628][T27262] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1335.762418][T27264] could not allocate digest TFM handle sha1-ssse3
[ 1336.985124][T27291] wlan0 speed is unknown, defaulting to 1000
[ 1338.310111][T27322] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1339.024437][T27328] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5092'.
[ 1339.563516][T27347] could not allocate digest TFM handle sha1-ssse3
[ 1340.266094][T27356] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1340.430875][T27358] netlink: 100 bytes leftover after parsing attributes in process `syz.5.5101'.
[ 1341.868964][T27374] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1343.393752][T27389] wlan0 speed is unknown, defaulting to 1000
[ 1344.197545][T27402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5114'.
[ 1344.397900][T22505] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1344.408586][T22505] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1344.415986][T22505] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1344.435449][T22505] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1344.439438][T22505] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1344.565020][T27408] wlan0 speed is unknown, defaulting to 1000
[ 1344.694749][T27413] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1344.766241][T27416] overlayfs: failed to clone upperpath
[ 1345.127648][T27408] chnl_net:caif_netlink_parms(): no params data found
[ 1345.371007][T27408] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1345.383246][T27408] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1345.386417][T27408] bridge_slave_0: entered allmulticast mode
[ 1345.397271][T27408] bridge_slave_0: entered promiscuous mode
[ 1345.409473][T27408] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1345.413655][T27408] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1345.417797][T27408] bridge_slave_1: entered allmulticast mode
[ 1345.429578][T27408] bridge_slave_1: entered promiscuous mode
[ 1345.596021][T27408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1345.609155][T27408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1345.801083][T27408] team0: Port device team_slave_0 added
[ 1345.809900][T27408] team0: Port device team_slave_1 added
[ 1345.918580][T27408] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1345.952805][T27408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1345.985664][T27408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1345.986673][T27438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5123'.
[ 1346.009832][T27408] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1346.017636][T27408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1346.052541][T27408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1346.381833][T27408] hsr_slave_0: entered promiscuous mode
[ 1346.384774][T27408] hsr_slave_1: entered promiscuous mode
[ 1346.387286][T27408] debugfs: 'hsr0' already exists in 'hsr'
[ 1346.389345][T27408] Cannot create hsr debugfs directory
[ 1346.523243][T22505] Bluetooth: hci2: command tx timeout
[ 1346.659404][T27408] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1346.666397][T27408] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1346.674087][T27408] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1346.685321][T27408] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1346.775705][T27408] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1346.796907][T27408] 8021q: adding VLAN 0 to HW filter on device team0
[ 1347.002695][T11310] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1347.005854][T11310] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1347.053930][T11310] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1347.056397][T11310] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1347.225547][T27408] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1347.580801][T27408] veth0_vlan: entered promiscuous mode
[ 1347.596925][T27408] veth1_vlan: entered promiscuous mode
[ 1347.651764][T27408] veth0_macvtap: entered promiscuous mode
[ 1347.658349][T27408] veth1_macvtap: entered promiscuous mode
[ 1347.669744][T27408] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1347.681543][T27408] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1347.695089][T11303] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.699700][T11303] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.726055][T11303] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.733884][T11303] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.840371][ T6676] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1347.856950][ T6676] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1347.887067][T11303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1347.899405][T11303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1348.416735][T27482] wlan0 speed is unknown, defaulting to 1000
[ 1348.606608][T22505] Bluetooth: hci2: command tx timeout
[ 1348.791758][T27492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5132'.
[ 1350.692145][T22505] Bluetooth: hci2: command tx timeout
[ 1351.303337][T27529] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5143'.
[ 1352.771980][T22505] Bluetooth: hci2: command tx timeout
[ 1353.019318][T27548] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1353.836791][T27563] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5152'.
[ 1353.889930][T27566] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1354.141994][T27568] overlayfs: failed to clone upperpath
[ 1354.145790][T27571] binder: 27569:27571 ioctl c0306201 80000080 returned -14
[ 1355.582144][T27593] wlan0 speed is unknown, defaulting to 1000
[ 1356.605325][T27602] wlan0 speed is unknown, defaulting to 1000
[ 1358.096146][T27633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5178'.
[ 1358.817450][T27637] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5169'.
[ 1358.821843][T27637] bridge_slave_1: left allmulticast mode
[ 1358.827955][T27637] bridge_slave_1: left promiscuous mode
[ 1358.832873][T27637] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1358.859651][T27637] bridge_slave_0: left allmulticast mode
[ 1358.861832][T27637] bridge_slave_0: left promiscuous mode
[ 1358.864387][T27637] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1359.474810][T27657] wlan0 speed is unknown, defaulting to 1000
[ 1361.175876][T27679] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1361.603870][T27683] overlayfs: failed to clone upperpath
[ 1362.140314][T27694] wlan0 speed is unknown, defaulting to 1000
[ 1362.471174][T27701] overlayfs: failed to clone upperpath
[ 1362.653736][T27703] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5187'.
[ 1363.287513][T27725] wlan0 speed is unknown, defaulting to 1000
[ 1363.835909][T27733] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1364.427990][T27738] could not allocate digest TFM handle sha1-ssse3
[ 1366.480931][T27768] could not allocate digest TFM handle sha1-ssse3
[ 1366.593122][T27777] wlan0 speed is unknown, defaulting to 1000
[ 1366.937288][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1366.940673][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1367.518505][T27787] overlayfs: failed to clone lowerpath
[ 1367.526596][T27787] netlink: 'syz.4.5205': attribute type 8 has an invalid length.
[ 1368.568438][T27804] wlan0 speed is unknown, defaulting to 1000
[ 1369.496565][T27822] wlan0 speed is unknown, defaulting to 1000
[ 1369.959955][T27830] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5215'.
[ 1370.227339][T27836] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1370.232464][T27833] netlink: 'syz.6.5216': attribute type 8 has an invalid length.
[ 1370.800457][T27846] wlan0 speed is unknown, defaulting to 1000
[ 1371.422293][T27854] wlan0 speed is unknown, defaulting to 1000
[ 1372.577817][T27874] wlan0 speed is unknown, defaulting to 1000
[ 1375.975455][T27925] wlan0 speed is unknown, defaulting to 1000
[ 1376.268338][T27929] wlan0 speed is unknown, defaulting to 1000
[ 1377.433089][T27950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5242'.
[ 1378.030624][T22354] usb 10-1: new high-speed USB device number 57 using dummy_hcd
[ 1378.200918][T22354] usb 10-1: Using ep0 maxpacket: 16
[ 1378.215509][T22354] usb 10-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[ 1378.221264][T22354] usb 10-1: New USB device found, idVendor=1fd2, idProduct=6006, bcdDevice= 0.00
[ 1378.225111][T22354] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1378.260027][T27957] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1378.594258][    T9] usb 10-1: USB disconnect, device number 57
[ 1379.241183][T27942] Bluetooth: hci5: command 0x0406 tx timeout
[ 1379.985968][T27993] wlan0 speed is unknown, defaulting to 1000
[ 1380.751816][T27999] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1381.485248][T28017] netlink: 128 bytes leftover after parsing attributes in process `syz.5.5262'.
[ 1381.894888][T28032] could not allocate digest TFM handle sha1-ssse3
[ 1382.218654][T28031] wlan0 speed is unknown, defaulting to 1000
[ 1382.847283][T28047] could not allocate digest TFM handle sha1-ssse3
[ 1383.940265][T28071] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1384.888688][T28085] wlan0 speed is unknown, defaulting to 1000
[ 1386.463057][T28113] could not allocate digest TFM handle sha1-ssse3
[ 1386.628911][T28101] mac80211_hwsim hwsim25 wlan0: entered promiscuous mode
[ 1386.650197][T28101] mac80211_hwsim hwsim25 wlan0: left allmulticast mode
[ 1387.708169][T28131] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1388.936880][T28150] wlan0 speed is unknown, defaulting to 1000
[ 1389.398428][T28155] wlan0 speed is unknown, defaulting to 1000
[ 1390.616124][T28166] wlan0 speed is unknown, defaulting to 1000
[ 1390.682163][T28170] wlan0 speed is unknown, defaulting to 1000
[ 1390.956908][T28175] binder: 28174:28175 ioctl c0306201 80000080 returned -14
[ 1390.964663][T28175] binder: BINDER_SET_CONTEXT_MGR already set
[ 1390.967590][T28175] binder: 28174:28175 ioctl 4018620d 80000040 returned -16
[ 1391.450889][T28169] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[ 1392.673032][T28200] wlan0 speed is unknown, defaulting to 1000
[ 1393.247649][T28207] could not allocate digest TFM handle sha1-ssse3
[ 1394.481323][T28230] wlan0 speed is unknown, defaulting to 1000
[ 1395.378248][T28235] mac80211_hwsim hwsim31 wlan0: entered promiscuous mode
[ 1397.292674][T28260] netlink: 100 bytes leftover after parsing attributes in process `syz.5.5322'.
[ 1397.445926][T28263] could not allocate digest TFM handle sha1-ssse3
[ 1398.768171][T28283] could not allocate digest TFM handle sha1-ssse3
[ 1401.696590][T28303] netlink: 100 bytes leftover after parsing attributes in process `syz.6.5332'.
[ 1401.985433][T28311] netlink: 100 bytes leftover after parsing attributes in process `syz.6.5336'.
[ 1402.438388][T28325] wlan0 speed is unknown, defaulting to 1000
[ 1403.058877][T28331] wlan0 speed is unknown, defaulting to 1000
[ 1404.406398][T28350] netlink: 100 bytes leftover after parsing attributes in process `syz.6.5346'.
[ 1404.959981][T28356] wlan0 speed is unknown, defaulting to 1000
[ 1406.228279][T28373] wlan0 speed is unknown, defaulting to 1000
[ 1406.901153][T28388] netlink: 100 bytes leftover after parsing attributes in process `syz.6.5355'.
[ 1407.234926][T28395] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1408.141223][T28413] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5362'.
[ 1408.879669][T28424] wlan0 speed is unknown, defaulting to 1000
[ 1409.667641][T28444] wlan0 speed is unknown, defaulting to 1000
[ 1409.899571][T28452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5373'.
[ 1410.345541][T28460] could not allocate digest TFM handle sha1-ssse3
[ 1410.769380][T28468] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1411.428443][T28477] binder: 28476:28477 ioctl c0306201 80000080 returned -14
[ 1413.080193][T28495] wlan0 speed is unknown, defaulting to 1000
[ 1413.639088][T28498] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5384'.
[ 1414.603293][T28516] wlan0 speed is unknown, defaulting to 1000
[ 1416.531412][T28545] could not allocate digest TFM handle sha1-ssse3
[ 1416.665829][T28556] overlayfs: failed to clone upperpath
[ 1417.398337][T22354] usb 10-1: new high-speed USB device number 58 using dummy_hcd
[ 1417.568451][T22354] usb 10-1: Using ep0 maxpacket: 16
[ 1417.572814][T22354] usb 10-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[ 1417.581940][T22354] usb 10-1: New USB device found, idVendor=1fd2, idProduct=6006, bcdDevice= 0.00
[ 1417.585896][T22354] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1419.070942][T28586] binder: 28584:28586 ioctl c0306201 80000080 returned -14
[ 1419.974345][T28597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5410'.
[ 1420.022885][  T949] usb 10-1: USB disconnect, device number 58
[ 1420.459015][   T29] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[ 1420.859291][   T29] usb 11-1: Using ep0 maxpacket: 16
[ 1420.863421][   T29] usb 11-1: config 33 has 0 interfaces, different from the descriptor's value: 9
[ 1420.867420][   T29] usb 11-1: New USB device found, idVendor=1fd2, idProduct=6006, bcdDevice= 0.00
[ 1420.872243][   T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1421.151466][T28627] wlan0 speed is unknown, defaulting to 1000
[ 1423.139060][   T29] usb 11-1: USB disconnect, device number 2
[ 1423.505347][T28658] could not allocate digest TFM handle sha1-ssse3
[ 1424.144928][T28685] wlan0 speed is unknown, defaulting to 1000
[ 1425.985702][T28703] could not allocate digest TFM handle sha1-ssse3
[ 1426.031251][T28709] wlan0 speed is unknown, defaulting to 1000
[ 1428.362237][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1428.365424][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1428.423842][   T56] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1428.534547][   T56] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1428.660316][   T56] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1428.751238][   T56] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1430.277841][T28755] binder: 28754:28755 ioctl c0306201 80000080 returned -14
[ 1430.785309][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1430.817591][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1430.840292][   T56] bond0 (unregistering): Released all slaves
[ 1430.953696][T28762] wlan0 speed is unknown, defaulting to 1000
[ 1431.689144][T28778] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1432.079628][T28780] could not allocate digest TFM handle sha1-ssse3
[ 1432.618360][   T56] hsr_slave_0: left promiscuous mode
[ 1432.622802][   T56] hsr_slave_1: left promiscuous mode
[ 1432.626664][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1432.638046][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1432.669836][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1432.673577][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1432.894120][   T56] veth1_macvtap: left promiscuous mode
[ 1432.896526][   T56] veth0_macvtap: left promiscuous mode
[ 1432.932092][   T56] veth1_vlan: left promiscuous mode
[ 1432.935615][   T56] veth0_vlan: left promiscuous mode
[ 1433.003566][T28792] overlayfs: failed to resolve './file0': -2
[ 1436.945467][T28831] overlayfs: failed to resolve './file0': -2
[ 1437.196334][T28837] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1437.880199][   T56] team0 (unregistering): Port device team_slave_1 removed
[ 1438.146934][   T56] team0 (unregistering): Port device team_slave_0 removed
[ 1439.617905][T28849] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1440.393509][T28836] mac80211_hwsim hwsim29 wlan0: entered promiscuous mode
[ 1440.410268][T28820] wlan0 speed is unknown, defaulting to 1000
[ 1440.871752][T28860] overlayfs: failed to resolve './file0': -2
[ 1442.033370][T28883] could not allocate digest TFM handle sha1-ssse3
[ 1442.415665][T28894] overlayfs: failed to resolve './file0': -2
[ 1442.950935][T28912] wlan0 speed is unknown, defaulting to 1000
[ 1443.035779][T28913] wlan0 speed is unknown, defaulting to 1000
[ 1445.749711][T28954] wlan0 speed is unknown, defaulting to 1000
[ 1446.009228][T28961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5504'.
[ 1448.147820][T28991] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5513'.
[ 1448.244566][T28993] overlayfs: failed to resolve './file1': -2
[ 1449.887695][T29014] could not allocate digest TFM handle sha1-ssse3
[ 1450.919740][T29031] overlayfs: failed to resolve './file1': -2
[ 1453.122828][T29060] overlayfs: failed to clone upperpath
[ 1455.429337][T29091] overlayfs: failed to clone upperpath
[ 1456.667756][T29116] overlayfs: failed to clone upperpath
[ 1459.729044][T29161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5562'.
[ 1461.614398][T29205] wlan0 speed is unknown, defaulting to 1000
[ 1462.003577][T29198] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5574'.
[ 1462.653156][T29216] wlan0 speed is unknown, defaulting to 1000
[ 1463.424712][T29242] overlayfs: failed to clone upperpath
[ 1463.610540][T29251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5589'.
[ 1464.335059][T29255] overlayfs: failed to clone upperpath
[ 1465.140411][T29273] wlan0 speed is unknown, defaulting to 1000
[ 1465.799673][T29286] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5599'.
[ 1465.947839][T29294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5600'.
[ 1466.027539][T29298] wlan0 speed is unknown, defaulting to 1000
[ 1466.361032][T29314] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5605'.
[ 1467.139970][T29326] wlan0 speed is unknown, defaulting to 1000
[ 1468.799701][T29347] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5610'.
[ 1469.019293][T29360] netlink: 140 bytes leftover after parsing attributes in process `syz.6.5615'.
[ 1469.795111][T29370] could not allocate digest TFM handle sha1-ssse3
[ 1470.574627][T29387] wlan0 speed is unknown, defaulting to 1000
[ 1471.121021][T29399] netlink: 140 bytes leftover after parsing attributes in process `syz.5.5626'.
[ 1471.239872][T29398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5625'.
[ 1471.395410][T27942] Bluetooth: hci2: command 0x0406 tx timeout
[ 1471.452783][T29405] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5627'.
[ 1472.479352][T29425] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5632'.
[ 1472.672932][T29429] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5634'.
[ 1473.504678][T29449] wlan0 speed is unknown, defaulting to 1000
[ 1473.670004][T29456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5638'.
[ 1473.838992][T29459] could not allocate digest TFM handle sha1-ssse3
[ 1474.111220][T29472] wlan0 speed is unknown, defaulting to 1000
[ 1474.515372][T29479] wlan0 speed is unknown, defaulting to 1000
[ 1474.796985][T29485] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5644'.
[ 1477.171434][T29520] wlan0 speed is unknown, defaulting to 1000
[ 1477.426554][T29528] wlan0 speed is unknown, defaulting to 1000
[ 1477.595646][T29532] binder: 29531:29532 ioctl c0306201 80000080 returned -14
[ 1477.602287][T29532] binder: 29531:29532 ioctl 4018620d 0 returned -22
[ 1478.401381][T29547] wlan0 speed is unknown, defaulting to 1000
[ 1478.677106][T29554] could not allocate digest TFM handle sha1-ssse3
[ 1479.364244][T29569] wlan0 speed is unknown, defaulting to 1000
[ 1480.541758][T29590] wlan0 speed is unknown, defaulting to 1000
[ 1480.660878][T29594] wlan0 speed is unknown, defaulting to 1000
[ 1480.872123][T29601] wlan0 speed is unknown, defaulting to 1000
[ 1481.160082][T29606] wlan0 speed is unknown, defaulting to 1000
[ 1481.999847][T29618] could not allocate digest TFM handle sha1-ssse3
[ 1482.147390][T29630] wlan0 speed is unknown, defaulting to 1000
[ 1483.294227][T29650] wlan0 speed is unknown, defaulting to 1000
[ 1484.147172][T29669] wlan0 speed is unknown, defaulting to 1000
[ 1484.191931][T29668] wlan0 speed is unknown, defaulting to 1000
[ 1484.509270][T29681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5687'.
[ 1486.095744][T29703] wlan0 speed is unknown, defaulting to 1000
[ 1486.140173][T29706] overlayfs: missing 'lowerdir'
[ 1486.714899][T29717] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5696'.
[ 1487.623200][T29740] overlayfs: missing 'lowerdir'
[ 1488.124729][T29746] wlan0 speed is unknown, defaulting to 1000
[ 1488.677579][T29757] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5706'.
[ 1489.456229][T29774] overlayfs: missing 'lowerdir'
[ 1489.799020][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1489.804763][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1491.091663][T29802] wlan0 speed is unknown, defaulting to 1000
[ 1491.586161][T29809] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5720'.
[ 1491.788911][T29817] overlayfs: missing 'lowerdir'
[ 1492.122386][T29826] could not allocate digest TFM handle sha1-ssse3
[ 1492.588876][T29844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5729'.
[ 1493.367386][T29855] overlayfs: missing 'lowerdir'
[ 1494.011425][T29866] wlan0 speed is unknown, defaulting to 1000
[ 1494.663742][T29876] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5738'.
[ 1494.753610][T29883] could not allocate digest TFM handle sha1-ssse3
[ 1495.556710][T29901] wlan0 speed is unknown, defaulting to 1000
[ 1495.732227][T29905] wlan0 speed is unknown, defaulting to 1000
[ 1496.125734][T29914] wlan0 speed is unknown, defaulting to 1000
[ 1496.413314][T29920] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1496.417324][T29920] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1497.465181][T29931] binder: 29930:29931 ioctl c0306201 80000080 returned -14
[ 1497.582735][T29933] could not allocate digest TFM handle sha1-ssse3
[ 1498.798001][T29959] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1498.801230][T29959] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1499.363222][T29975] wlan0 speed is unknown, defaulting to 1000
[ 1500.076741][T29986] could not allocate digest TFM handle sha1-ssse3
[ 1500.607048][T29997] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1500.610845][T29997] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1500.737821][T30002] binder: 30001:30002 ioctl c0306201 80000080 returned -14
[ 1500.744455][T30002] binder: 30001:30002 ioctl c0306201 0 returned -14
[ 1501.313938][T30014] wlan0 speed is unknown, defaulting to 1000
[ 1502.057656][T30023] wlan0 speed is unknown, defaulting to 1000
[ 1502.863207][T30036] overlayfs: missing 'lowerdir'
[ 1503.933098][T30061] could not allocate digest TFM handle sha1-ssse3
[ 1504.738699][T30075] overlayfs: missing 'lowerdir'
[ 1505.556457][T30088] could not allocate digest TFM handle sha1-ssse3
[ 1507.071695][T30110] overlayfs: missing 'lowerdir'
[ 1507.138593][T30112] binder: 30111:30112 ioctl c0306201 80000080 returned -14
[ 1507.392158][T30124] wlan0 speed is unknown, defaulting to 1000
[ 1508.922351][T30148] could not allocate digest TFM handle sha1-ssse3
[ 1509.071314][T30156] binder: 30155:30156 ioctl c0306201 80000080 returned -14
[ 1510.190313][T30177] wlan0 speed is unknown, defaulting to 1000
[ 1511.192831][T30197] wlan0 speed is unknown, defaulting to 1000
[ 1511.241419][T30196] wlan0 speed is unknown, defaulting to 1000
[ 1512.483494][T30223] wlan0 speed is unknown, defaulting to 1000
[ 1513.540879][T30240] binder: 30239:30240 ioctl c0306201 80000080 returned -14
[ 1513.963961][T30243] wlan0 speed is unknown, defaulting to 1000
[ 1514.484776][T30260] wlan0 speed is unknown, defaulting to 1000
[ 1516.311044][T30295] wlan0 speed is unknown, defaulting to 1000
[ 1516.445047][T30300] wlan0 speed is unknown, defaulting to 1000
[ 1517.268383][T30311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5846'.
[ 1518.105907][T30323] overlayfs: failed to clone upperpath
[ 1518.178311][T30326] binder: 30325:30326 ioctl c0306201 80000080 returned -14
[ 1518.572684][T30333] wlan0 speed is unknown, defaulting to 1000
[ 1518.648299][T30339] wlan0 speed is unknown, defaulting to 1000
[ 1518.791547][T30346] could not allocate digest TFM handle sha1-ssse3
[ 1520.014999][T30369] overlayfs: failed to clone upperpath
[ 1520.919738][T30385] wlan0 speed is unknown, defaulting to 1000
[ 1521.610303][T30400] wlan0 speed is unknown, defaulting to 1000
[ 1522.883525][T30426] netlink: 'syz.3.5878': attribute type 6 has an invalid length.
[ 1522.896245][T30426] xt_policy: too many policy elements
[ 1522.939622][T30427] wlan0 speed is unknown, defaulting to 1000
[ 1523.111895][T30439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5880'.
[ 1524.792450][T30480] input: syz1 as /devices/virtual/input/input35
[ 1525.469987][T30495] wlan0 speed is unknown, defaulting to 1000
[ 1525.933361][T30509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5900'.
[ 1527.456339][T30558] wlan0 speed is unknown, defaulting to 1000
[ 1528.020591][T30572] could not allocate digest TFM handle sha1-ssse3
[ 1528.389220][T30587] binder: 30586:30587 ioctl c0306201 80000080 returned -14
[ 1528.781759][T30595] wlan0 speed is unknown, defaulting to 1000
[ 1529.630329][T30610] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5925'.
[ 1531.244436][T30639] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1531.477534][T30645] wlan0 speed is unknown, defaulting to 1000
[ 1531.592819][T30651] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5939'.
[ 1531.800997][T30658] binder: 30657:30658 ioctl c0306201 80000080 returned -14
[ 1532.044725][T30667] could not allocate digest TFM handle sha1-ssse3
[ 1532.170792][T30679] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5945'.
[ 1532.301091][T30684] overlayfs: failed to clone upperpath
[ 1532.399762][T30691] comedi comedi2: driver 'ni_daq_700' does not support attach using comedi_config
[ 1532.760121][T30694] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5951'.
[ 1533.010678][T30705] netlink: 'syz.6.5955': attribute type 2 has an invalid length.
[ 1533.018984][T30705] kAFS: unable to lookup cell 'mS²jQ€·”œ­=È A4Z1Ë¡8'
[ 1533.031394][T30705] netlink: 532 bytes leftover after parsing attributes in process `syz.6.5955'.
[ 1533.400306][T30715] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1533.466077][T30718] dummy0: entered promiscuous mode
[ 1533.469030][T30718] bond0: entered promiscuous mode
[ 1533.470674][T30718] bond_slave_0: entered promiscuous mode
[ 1533.473445][T30718] bond_slave_1: entered promiscuous mode
[ 1533.477410][T30718] hsr1: entered allmulticast mode
[ 1533.479228][T30718] dummy0: entered allmulticast mode
[ 1533.481335][T30718] bond0: entered allmulticast mode
[ 1533.485140][T30718] bond_slave_0: entered allmulticast mode
[ 1533.487346][T30718] bond_slave_1: entered allmulticast mode
[ 1534.996784][ T6676] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1534.999930][ T6676] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1535.531511][T30747] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5966'.
[ 1536.237733][T30758] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5970'.
[ 1537.113771][T22505] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1537.119206][T22505] CPU: 2 UID: 0 PID: 22505 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) 
[ 1537.119249][T22505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1537.119261][T22505] Workqueue: hci2 hci_rx_work
[ 1537.119306][T22505] Call Trace:
[ 1537.119313][T22505]  <TASK>
[ 1537.119320][T22505]  dump_stack_lvl+0x16c/0x1f0
[ 1537.119341][T22505]  sysfs_warn_dup+0x7f/0xa0
[ 1537.119365][T22505]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1537.119398][T22505]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1537.119414][T22505]  ? find_held_lock+0x2b/0x80
[ 1537.119434][T22505]  ? do_raw_spin_unlock+0x172/0x230
[ 1537.119455][T22505]  kobject_add_internal+0x2c4/0x9b0
[ 1537.119481][T22505]  kobject_add+0x16e/0x240
[ 1537.119500][T22505]  ? __pfx_kobject_add+0x10/0x10
[ 1537.119519][T22505]  ? do_raw_spin_unlock+0x172/0x230
[ 1537.119539][T22505]  ? kobject_put+0xab/0x5a0
[ 1537.119561][T22505]  device_add+0x288/0x1aa0
[ 1537.119575][T22505]  ? __pfx_dev_set_name+0x10/0x10
[ 1537.119588][T22505]  ? __pfx_device_add+0x10/0x10
[ 1537.119600][T22505]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1537.119620][T22505]  hci_conn_add_sysfs+0x17e/0x230
[ 1537.119637][T22505]  le_conn_complete_evt+0x1075/0x1d70
[ 1537.119651][T22505]  ? preempt_count_sub+0x160/0x160
[ 1537.119668][T22505]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1537.119682][T22505]  ? hci_event_packet+0x459/0x11c0
[ 1537.119703][T22505]  hci_le_conn_complete_evt+0x23c/0x370
[ 1537.119722][T22505]  hci_le_meta_evt+0x354/0x5e0
[ 1537.119738][T22505]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1537.119754][T22505]  hci_event_packet+0x685/0x11c0
[ 1537.119768][T22505]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1537.119784][T22505]  ? __pfx_hci_event_packet+0x10/0x10
[ 1537.119800][T22505]  ? kcov_remote_start+0x3c9/0x6d0
[ 1537.119819][T22505]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1537.119839][T22505]  hci_rx_work+0x2c5/0x16b0
[ 1537.119855][T22505]  ? rcu_is_watching+0x12/0xc0
[ 1537.119871][T22505]  process_one_work+0x9cf/0x1b70
[ 1537.119898][T22505]  ? __pfx_process_one_work+0x10/0x10
[ 1537.119922][T22505]  ? assign_work+0x1a0/0x250
[ 1537.119943][T22505]  worker_thread+0x6c8/0xf10
[ 1537.119959][T22505]  ? __kthread_parkme+0x19e/0x250
[ 1537.119975][T22505]  ? __pfx_worker_thread+0x10/0x10
[ 1537.119994][T22505]  kthread+0x3c5/0x780
[ 1537.120013][T22505]  ? __pfx_kthread+0x10/0x10
[ 1537.120032][T22505]  ? rcu_is_watching+0x12/0xc0
[ 1537.120045][T22505]  ? __pfx_kthread+0x10/0x10
[ 1537.120063][T22505]  ret_from_fork+0x5d4/0x6f0
[ 1537.120082][T22505]  ? __pfx_kthread+0x10/0x10
[ 1537.120100][T22505]  ret_from_fork_asm+0x1a/0x30
[ 1537.120125][T22505]  </TASK>
[ 1537.120341][T22505] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1537.237514][T22505] Bluetooth: hci2: failed to register connection device
[ 1537.342292][T30777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5977'.
[ 1538.059516][T30790] wlan0 speed is unknown, defaulting to 1000
[ 1538.177700][T30795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5981'.
[ 1539.138156][T30816] overlayfs: failed to clone upperpath
[ 1539.971697][T30834] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5991'.
[ 1540.487119][T30843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5994'.
[ 1540.566876][T30841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5993'.
[ 1540.811069][T30850] could not allocate digest TFM handle sha1-ssse3
[ 1541.744346][T30881] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6003'.
[ 1542.404617][T30895] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6009'.
[ 1542.754419][T30906] overlayfs: failed to clone upperpath
[ 1543.146276][T30918] wlan0 speed is unknown, defaulting to 1000
[ 1543.390623][T27942] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1543.395945][T27942] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1543.400024][T27942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1543.406817][T27942] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1543.415699][T27942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1543.435919][T30921] wlan0 speed is unknown, defaulting to 1000
[ 1543.547916][T30921] chnl_net:caif_netlink_parms(): no params data found
[ 1543.775236][T30921] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1543.778636][T30921] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1543.785702][T30921] bridge_slave_0: entered allmulticast mode
[ 1543.790374][T30921] bridge_slave_0: entered promiscuous mode
[ 1543.827849][T30921] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1543.831638][T30921] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1543.834819][T30921] bridge_slave_1: entered allmulticast mode
[ 1543.838752][T30921] bridge_slave_1: entered promiscuous mode
[ 1543.948494][T30921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1543.963401][T30932] netlink: 200 bytes leftover after parsing attributes in process `syz.6.6019'.
[ 1543.983372][T30921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1544.089617][T30921] team0: Port device team_slave_0 added
[ 1544.104161][T30921] team0: Port device team_slave_1 added
[ 1544.336330][T30921] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1544.339287][T30921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1544.348517][T30921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1544.353486][T30921] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1544.391103][T30921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1544.400587][T30921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1544.576770][T30921] hsr_slave_0: entered promiscuous mode
[ 1544.580057][T30921] hsr_slave_1: entered promiscuous mode
[ 1545.452433][T30921] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1545.483434][T27942] Bluetooth: hci1: command tx timeout
[ 1545.858187][T30921] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1545.957639][T30921] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1546.010432][T30968] overlayfs: failed to clone upperpath
[ 1546.054292][T30921] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1546.223225][T30921] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1546.233555][T30921] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1546.244752][T30921] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1546.253588][T30921] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1546.323956][T30921] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1546.343228][T30921] 8021q: adding VLAN 0 to HW filter on device team0
[ 1546.349180][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1546.351545][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1546.385209][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1546.389099][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1546.413966][T30983] block device autoloading is deprecated and will be removed.
[ 1546.734104][T30921] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1546.928389][T30921] veth0_vlan: entered promiscuous mode
[ 1546.955135][T30921] veth1_vlan: entered promiscuous mode
[ 1547.005697][T30921] veth0_macvtap: entered promiscuous mode
[ 1547.013085][T30921] veth1_macvtap: entered promiscuous mode
[ 1547.025246][T30921] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1547.047395][T30921] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1547.062782][ T1142] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1547.071162][ T1142] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1547.087067][ T1142] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1547.097439][ T1142] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1547.189332][T11303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1547.195129][T11303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1547.220543][ T1187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1547.230677][ T1187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1547.377642][T31006] netlink: 'syz.4.6017': attribute type 1 has an invalid length.
[ 1547.545724][T31015] wlan0 speed is unknown, defaulting to 1000
[ 1547.551635][T27942] Bluetooth: hci1: command tx timeout
[ 1548.270331][T31028] wlan0 speed is unknown, defaulting to 1000
[ 1548.388990][T31021] sp0: Synchronizing with TNC
[ 1548.390655][T31021] [U] è
[ 1549.121770][T31045] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=35 (70 ns) > initial count (64 ns). Using initial count to start timer.
[ 1549.632650][T27942] Bluetooth: hci1: command tx timeout
[ 1551.235914][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1551.238407][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1551.803132][T27942] Bluetooth: hci1: command tx timeout
[ 1553.121182][T31081] wlan0 speed is unknown, defaulting to 1000
[ 1553.779204][T31092] wlan0 speed is unknown, defaulting to 1000
[ 1554.473908][T31100] wlan0 speed is unknown, defaulting to 1000
[ 1555.581040][T22279] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[ 1555.770698][T22279] usb 11-1: Using ep0 maxpacket: 16
[ 1555.834717][T22279] usb 11-1: config 0 has an invalid interface number: 132 but max is 0
[ 1555.867369][T22279] usb 11-1: config 0 has no interface number 0
[ 1555.914890][T22279] usb 11-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[ 1555.940921][T22279] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.970289][T22279] usb 11-1: Product: syz
[ 1555.992139][T22279] usb 11-1: Manufacturer: syz
[ 1555.995933][T31126] vxcan0: tx drop: invalid sa for name 0x0000001000000000
[ 1556.010445][T22279] usb 11-1: SerialNumber: syz
[ 1556.042128][T22279] usb 11-1: config 0 descriptor??
[ 1556.079877][T22279] hub 11-1:0.132: bad descriptor, ignoring hub
[ 1556.097591][T22279] hub 11-1:0.132: probe with driver hub failed with error -5
[ 1556.124683][T31128] overlayfs: failed to resolve './file0': -2
[ 1556.139703][T22279] input: bcm5974 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.132/input/input36
[ 1556.149247][T31128] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6066'.
[ 1556.153584][T31128] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6066'.
[ 1556.703529][T31133] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6067'.
[ 1556.929840][T31140] wlan0 speed is unknown, defaulting to 1000
[ 1557.452045][T31147] could not allocate digest TFM handle sha1-ssse3
[ 1558.345834][T13808] usb 11-1: USB disconnect, device number 3
[ 1559.016965][T31164] wlan0 speed is unknown, defaulting to 1000
[ 1559.340161][T31169] could not allocate digest TFM handle sha1-ssse3
[ 1561.270407][T22783] usb 9-1: new high-speed USB device number 57 using dummy_hcd
[ 1561.450482][T22783] usb 9-1: Using ep0 maxpacket: 16
[ 1561.469981][T22783] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[ 1561.486449][T22783] usb 9-1: config 0 has no interface number 0
[ 1561.508169][T22783] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[ 1561.523444][T22783] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1561.527298][T22783] usb 9-1: Product: syz
[ 1561.536654][T22783] usb 9-1: Manufacturer: syz
[ 1561.538315][T22783] usb 9-1: SerialNumber: syz
[ 1561.569114][T22783] usb 9-1: config 0 descriptor??
[ 1561.594788][T22783] hub 9-1:0.132: bad descriptor, ignoring hub
[ 1561.602377][T22783] hub 9-1:0.132: probe with driver hub failed with error -5
[ 1561.661830][T22783] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.132/input/input37
[ 1562.759234][T31199] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6081'.
[ 1563.010686][T27881] usb 9-1: USB disconnect, device number 57
[ 1564.177760][T31230] netlink: 'syz.4.6090': attribute type 1 has an invalid length.
[ 1564.283918][T31236] could not allocate digest TFM handle sha1-ssse3
[ 1564.702657][T31249] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6092'.
[ 1565.058331][T31252] wlan0 speed is unknown, defaulting to 1000
[ 1567.157885][T31282] wlan0 speed is unknown, defaulting to 1000
[ 1567.555610][T31288] wlan0 speed is unknown, defaulting to 1000
[ 1568.492368][T31300] wlan0 speed is unknown, defaulting to 1000
[ 1568.873381][T31311] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1571.614079][T31356] wlan0 speed is unknown, defaulting to 1000
[ 1572.094667][T31362] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(11)
[ 1572.097085][T31362] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1572.101953][T31362] vhci_hcd vhci_hcd.0: Device attached
[ 1572.140027][T31363] vhci_hcd: connection closed
[ 1572.140358][T11303] vhci_hcd: stop threads
[ 1572.144203][T11303] vhci_hcd: release socket
[ 1572.146140][T11303] vhci_hcd: disconnect device
[ 1573.166634][T31382] wlan0 speed is unknown, defaulting to 1000
[ 1574.187567][T31396] pimreg: entered allmulticast mode
[ 1574.211480][T31398] tipc: Started in network mode
[ 1574.214631][T31398] tipc: Node identity 2aec5412195c, cluster identity 4711
[ 1574.218712][T31398] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1574.224536][T31398] syzkaller0: entered promiscuous mode
[ 1574.226428][T31398] syzkaller0: entered allmulticast mode
[ 1574.266508][T31398] tipc: Resetting bearer <eth:syzkaller0>
[ 1574.276503][T31397] tipc: Resetting bearer <eth:syzkaller0>
[ 1574.290505][T31397] tipc: Disabling bearer <eth:syzkaller0>
[ 1574.813191][T31415] wlan0 speed is unknown, defaulting to 1000
[ 1576.395287][T31444] could not allocate digest TFM handle sha1-ssse3
[ 1576.843483][T31451] tipc: Started in network mode
[ 1576.845581][T31451] tipc: Node identity f2e6cbc668c7, cluster identity 4711
[ 1576.848270][T31451] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1576.852001][T31451] syzkaller0: entered promiscuous mode
[ 1576.854254][T31451] syzkaller0: entered allmulticast mode
[ 1576.880533][T31451] tipc: Resetting bearer <eth:syzkaller0>
[ 1576.887661][T31450] tipc: Resetting bearer <eth:syzkaller0>
[ 1576.902226][T31450] tipc: Disabling bearer <eth:syzkaller0>
[ 1577.242100][T31463] Bluetooth: MGMT ver 1.23
[ 1577.761777][T31476] wlan0 speed is unknown, defaulting to 1000
[ 1578.801441][T31492] wlan0 speed is unknown, defaulting to 1000
[ 1579.591489][T31505] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96
[ 1582.713050][T31539] wlan0 speed is unknown, defaulting to 1000
[ 1582.733091][T31546] could not allocate digest TFM handle sha1-ssse3
[ 1582.788297][T31544] wlan0 speed is unknown, defaulting to 1000
[ 1585.303717][T31598] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6174'.
[ 1585.324086][T31598] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6174'.
[ 1585.331801][T31598] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1585.340383][T31598] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6174'.
[ 1586.203335][T31611] overlayfs: failed to resolve './file1': -2
[ 1588.727844][T31652] mac80211_hwsim hwsim33 wlan0: entered promiscuous mode
[ 1590.464115][T31676] wlan0 speed is unknown, defaulting to 1000
[ 1591.550044][T31703] wlan0 speed is unknown, defaulting to 1000
[ 1591.783842][T31698] could not allocate digest TFM handle sha1-ssse3
[ 1593.204344][T31726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6206'.
[ 1593.532541][T31728] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1594.599981][T31745] wlan0 speed is unknown, defaulting to 1000
[ 1595.509884][T31781] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6223'.
[ 1595.542826][T31784] hsr0: entered promiscuous mode
[ 1596.320478][T31778] hsr0: left promiscuous mode
[ 1596.602555][T31802] wlan0 speed is unknown, defaulting to 1000
[ 1597.793948][T31819] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6233'.
[ 1597.919137][   T40] kauditd_printk_skb: 25 callbacks suppressed
[ 1597.919157][   T40] audit: type=1800 audit(1756489406.421:2953): pid=31821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6234" name="nullb0" dev="tmpfs" ino=487 res=0 errno=0
[ 1598.060836][T31829] fuse: Bad value for 'fd'
[ 1598.062714][T31829] fuse: Bad value for 'fd'
[ 1598.308742][T31832] misc userio: No port type given on /dev/userio
[ 1600.578217][T31892] wlan0 speed is unknown, defaulting to 1000
[ 1601.809690][T31920] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6259'.
[ 1603.351467][T31950] hugetlbfs: syz.3.6267 (31950): Using mlock ulimits for SHM_HUGETLB is obsolete
[ 1605.375098][T31993] could not allocate digest TFM handle sha1-ssse3
[ 1605.377084][   T40] audit: type=1326 audit(1756489413.852:2954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.046455][T32005] wlan0 speed is unknown, defaulting to 1000
[ 1606.198792][   T40] audit: type=1326 audit(1756489414.722:2955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.206597][   T40] audit: type=1326 audit(1756489414.722:2956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.247691][   T40] audit: type=1326 audit(1756489414.722:2957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.254884][   T40] audit: type=1326 audit(1756489414.722:2958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.263794][   T40] audit: type=1326 audit(1756489414.722:2959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.271400][   T40] audit: type=1326 audit(1756489414.722:2960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.279027][   T40] audit: type=1326 audit(1756489414.722:2961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.286545][   T40] audit: type=1326 audit(1756489414.722:2962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1606.294273][   T40] audit: type=1326 audit(1756489414.722:2963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31989 comm="syz.4.6279" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee579 code=0x7fc00000
[ 1607.545523][T32038] misc userio: No port type given on /dev/userio
[ 1607.881137][T32041] wlan0 speed is unknown, defaulting to 1000
[ 1608.152934][T32040] wlan0 speed is unknown, defaulting to 1000
[ 1609.056682][T32063] netlink: 68 bytes leftover after parsing attributes in process `syz.4.6295'.
[ 1609.103132][T32061] wlan0 speed is unknown, defaulting to 1000
[ 1609.132261][T32046] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6292'.
[ 1609.142075][T32063] wlan0 speed is unknown, defaulting to 1000
[ 1609.857072][T32079] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6298'.
[ 1610.244019][T32082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6300'.
[ 1610.524289][T32094] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6303'.
[ 1610.575759][T32094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6303'.
[ 1611.086361][T32110] overlayfs: failed to resolve './file2': -2
[ 1612.688311][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[ 1612.691595][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[ 1613.208316][T32134] wlan0 speed is unknown, defaulting to 1000
[ 1615.471664][T32186] wlan0 speed is unknown, defaulting to 1000
[ 1615.658732][T32200] FAULT_INJECTION: forcing a failure.
[ 1615.658732][T32200] name failslab, interval 1, probability 0, space 0, times 0
[ 1615.662604][T32200] CPU: 0 UID: 0 PID: 32200 Comm: syz.6.6329 Not tainted syzkaller #0 PREEMPT(full) 
[ 1615.662621][T32200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1615.662629][T32200] Call Trace:
[ 1615.662646][T32200]  <TASK>
[ 1615.662653][T32200]  dump_stack_lvl+0x16c/0x1f0
[ 1615.662672][T32200]  should_fail_ex+0x512/0x640
[ 1615.662689][T32200]  ? __kmalloc_noprof+0xbf/0x510
[ 1615.662705][T32200]  ? alloc_pipe_info+0x1ec/0x590
[ 1615.662723][T32200]  should_failslab+0xc2/0x120
[ 1615.662743][T32200]  __kmalloc_noprof+0xd2/0x510
[ 1615.662769][T32200]  ? kasan_save_track+0x14/0x30
[ 1615.662788][T32200]  alloc_pipe_info+0x1ec/0x590
[ 1615.662812][T32200]  splice_direct_to_actor+0x77d/0xa30
[ 1615.662829][T32200]  ? __lock_acquire+0x62e/0x1ce0
[ 1615.662849][T32200]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1615.662868][T32200]  ? __pfx_aa_file_perm+0x10/0x10
[ 1615.662894][T32200]  ? find_held_lock+0x2b/0x80
[ 1615.662911][T32200]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1615.662928][T32200]  ? get_pid_task+0xfc/0x250
[ 1615.662959][T32200]  do_splice_direct+0x174/0x240
[ 1615.662978][T32200]  ? __pfx_do_splice_direct+0x10/0x10
[ 1615.662997][T32200]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1615.663019][T32200]  ? rw_verify_area+0xcf/0x6c0
[ 1615.663039][T32200]  do_sendfile+0xb06/0xe50
[ 1615.663064][T32200]  ? __pfx_do_sendfile+0x10/0x10
[ 1615.663084][T32200]  ? __fget_files+0x20e/0x3c0
[ 1615.663110][T32200]  __ia32_compat_sys_sendfile+0x1e5/0x220
[ 1615.663134][T32200]  ? ksys_write+0x1ac/0x250
[ 1615.663153][T32200]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[ 1615.663180][T32200]  ? rcu_is_watching+0x12/0xc0
[ 1615.663202][T32200]  __do_fast_syscall_32+0x7c/0x3a0
[ 1615.663229][T32200]  do_fast_syscall_32+0x32/0x80
[ 1615.663254][T32200]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1615.663278][T32200] RIP: 0023:0xf7f96579
[ 1615.663292][T32200] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1615.663310][T32200] RSP: 002b:00000000f547455c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[ 1615.663329][T32200] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000009
[ 1615.663340][T32200] RDX: 0000000000000000 RSI: 00000000001000a3 RDI: 0000000000000000
[ 1615.663352][T32200] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1615.663361][T32200] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1615.663370][T32200] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1615.663384][T32200]  </TASK>
[ 1615.860421][T32202] wlan0 speed is unknown, defaulting to 1000
[ 1617.797659][T32230] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6338'.
[ 1619.288996][T32263] netlink: 'syz.6.6345': attribute type 4 has an invalid length.
[ 1619.357840][T32266] netlink: 'syz.6.6345': attribute type 4 has an invalid length.
[ 1619.676995][   T29] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[ 1619.801302][T32271] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6347'.
[ 1620.616645][   T29] usb 11-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1620.620538][   T29] usb 11-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1620.623631][   T29] usb 11-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1620.626482][   T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1620.631048][T32263] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1620.635333][   T29] usb 11-1: Quirk or no altset; falling back to MIDI 1.0
[ 1621.219832][T26308] usb 11-1: USB disconnect, device number 4
[ 1623.079880][T32304] could not allocate digest TFM handle sha1-ssse3
[ 1623.581739][T32317] mkiss: ax0: crc mode is auto.
[ 1623.699774][T32320] openvswitch: netlink: Flow key attribute not present in set flow.
[ 1626.377655][T32340] mac80211_hwsim hwsim25 wlan0: left promiscuous mode
[ 1626.380732][T32340] bond1: left promiscuous mode
[ 1626.383037][T32340] macsec1: left promiscuous mode
[ 1627.191854][T32364] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6370'.
[ 1627.312745][T32366] wlan0 speed is unknown, defaulting to 1000
[ 1627.629528][T32372] netlink: 'syz.4.6371': attribute type 4 has an invalid length.
[ 1627.641824][T32372] netlink: 'syz.4.6371': attribute type 4 has an invalid length.
[ 1627.989255][T20204] usb 9-1: new high-speed USB device number 58 using dummy_hcd
[ 1628.152831][T20204] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1628.159359][T20204] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1628.168900][T20204] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1628.172503][T20204] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1628.180811][T32372] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1628.200657][T20204] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 1628.612766][T11873] usb 9-1: USB disconnect, device number 58
[ 1631.340307][   T40] kauditd_printk_skb: 60 callbacks suppressed
[ 1631.340320][   T40] audit: type=1800 audit(1756490355.861:3024): pid=32428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6384" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1632.640885][T32446] could not allocate digest TFM handle sha1-ssse3
[ 1634.391145][T32489] netlink: 'syz.6.6403': attribute type 4 has an invalid length.
[ 1634.404934][T32489] netlink: 'syz.6.6403': attribute type 4 has an invalid length.
[ 1634.541784][T32491] mac80211_hwsim hwsim25 wlan0: entered promiscuous mode
[ 1635.442050][T32498] overlay: ./file0 is not a directory
[ 1636.138428][T32518] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6410'.
[ 1636.141534][T32518] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6410'.
[ 1636.155731][T32518] syz_tun: entered promiscuous mode
[ 1636.159457][T32518] batadv_slave_1: entered promiscuous mode
[ 1636.163379][T32518] debugfs: 'hsr1' already exists in 'hsr'
[ 1636.165822][T32518] Cannot create hsr debugfs directory
[ 1636.367379][T32520] ubi: mtd0 is already attached to ubi8
[ 1636.543082][T32523] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6411'.
[ 1636.548644][T32523] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6411'.
[ 1636.919059][T32526] could not allocate digest TFM handle sha1-ssse3
[ 1637.958790][T32547] overlay: ./file0 is not a directory
[ 1638.138853][T32556] ata1.00: invalid multi_count 1 ignored
[ 1638.255696][T11873] hid-generic 00A0:0008:0003.0009: unknown main item tag 0x7
[ 1638.259015][T11873] hid-generic 00A0:0008:0003.0009: item fetching failed at offset 14/15
[ 1638.262739][T11873] hid-generic 00A0:0008:0003.0009: probe with driver hid-generic failed with error -22
[ 1638.647194][T32563] netlink: 'syz.6.6420': attribute type 4 has an invalid length.
[ 1638.656111][T32563] netlink: 'syz.6.6420': attribute type 4 has an invalid length.
[ 1639.159734][T32575] wlan0 speed is unknown, defaulting to 1000
[ 1640.233976][T32584] overlay: ./file0 is not a directory
[ 1640.310707][T32592] wlan0 speed is unknown, defaulting to 1000
[ 1641.282794][T32604] netlink: 72 bytes leftover after parsing attributes in process `syz.4.6430'.
[ 1641.291606][T32604] usb usb7: usbfs: process 32604 (syz.4.6430) did not claim interface 0 before use
[ 1641.295297][T32604] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1643.007335][T32637] wlan0 speed is unknown, defaulting to 1000
[ 1643.340983][T32641] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[ 1644.177282][T32668] wlan0 speed is unknown, defaulting to 1000
[ 1644.281986][T32672] netlink: 'syz.5.6447': attribute type 4 has an invalid length.
[ 1646.142496][T32708] could not allocate digest TFM handle sha1-ssse3
[ 1646.415546][T32716] could not allocate digest TFM handle sha1-ssse3
[ 1649.165589][T32752] netlink: 'syz.3.6470': attribute type 4 has an invalid length.
[ 1650.388983][  T318] could not allocate digest TFM handle sha1-ssse3
[ 1651.739018][  T333] could not allocate digest TFM handle sha1-ssse3
[ 1652.300868][  T345] : entered promiscuous mode
[ 1652.615217][  T354] wlan0 speed is unknown, defaulting to 1000
[ 1653.696271][  T376] wlan0 speed is unknown, defaulting to 1000
[ 1654.027577][  T386] syzkaller1: entered promiscuous mode
[ 1654.029454][  T386] syzkaller1: entered allmulticast mode
[ 1654.780591][  T403] could not allocate digest TFM handle sha1-ssse3
[ 1655.397117][  T414] netlink: 'syz.5.6505': attribute type 10 has an invalid length.
[ 1655.615634][  T416] ptm ptm0: ldisc open failed (-12), clearing slot 0
[ 1655.788669][  T424] FAULT_INJECTION: forcing a failure.
[ 1655.788669][  T424] name failslab, interval 1, probability 0, space 0, times 0
[ 1655.793038][  T424] CPU: 3 UID: 0 PID: 424 Comm: syz.5.6508 Not tainted syzkaller #0 PREEMPT(full) 
[ 1655.793054][  T424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1655.793061][  T424] Call Trace:
[ 1655.793066][  T424]  <TASK>
[ 1655.793073][  T424]  dump_stack_lvl+0x16c/0x1f0
[ 1655.793101][  T424]  should_fail_ex+0x512/0x640
[ 1655.793123][  T424]  ? fs_reclaim_acquire+0xae/0x150
[ 1655.793149][  T424]  ? tomoyo_encode2+0x100/0x3e0
[ 1655.793173][  T424]  should_failslab+0xc2/0x120
[ 1655.793197][  T424]  __kmalloc_noprof+0xd2/0x510
[ 1655.793225][  T424]  tomoyo_encode2+0x100/0x3e0
[ 1655.793250][  T424]  tomoyo_encode+0x29/0x50
[ 1655.793273][  T424]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1655.793300][  T424]  ? tomoyo_profile+0x47/0x60
[ 1655.793319][  T424]  tomoyo_path_number_perm+0x245/0x580
[ 1655.793341][  T424]  ? tomoyo_path_number_perm+0x237/0x580
[ 1655.793385][  T424]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1655.793443][  T424]  ? find_held_lock+0x2b/0x80
[ 1655.793464][  T424]  ? hook_file_ioctl_common+0x145/0x410
[ 1655.793497][  T424]  ? __fget_files+0x20e/0x3c0
[ 1655.793525][  T424]  security_file_ioctl_compat+0x9b/0x240
[ 1655.793552][  T424]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1655.793588][  T424]  __do_fast_syscall_32+0x7c/0x3a0
[ 1655.793618][  T424]  do_fast_syscall_32+0x32/0x80
[ 1655.793644][  T424]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1655.793668][  T424] RIP: 0023:0xf7fc5579
[ 1655.793685][  T424] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1655.793705][  T424] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1655.793724][  T424] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[ 1655.793736][  T424] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1655.793748][  T424] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1655.793760][  T424] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1655.793771][  T424] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1655.793797][  T424]  </TASK>
[ 1655.793958][  T424] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1655.813847][  T430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6509'.
[ 1655.819189][  T424] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1656.124133][  T436] could not allocate digest TFM handle sha1-ssse3
[ 1657.213410][  T453] wlan0 speed is unknown, defaulting to 1000
[ 1658.061723][  T462] : entered promiscuous mode
[ 1658.254728][  T463] vxcan1: tx address claim with dest, not broadcast
[ 1658.278182][  T463] : entered promiscuous mode
[ 1660.038338][  T493] could not allocate digest TFM handle sha1-ssse3
[ 1662.812845][  T545] could not allocate digest TFM handle sha1-ssse3
[ 1665.143280][  T584] could not allocate digest TFM handle sha1-ssse3
[ 1665.962998][T11295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1665.966254][T11295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1666.024398][T22505] Bluetooth: hci1: command 0x0405 tx timeout
[ 1666.047152][  T602] openvswitch: netlink: Missing key (keys=40, expected=80)
[ 1666.534479][  T613] wlan0 speed is unknown, defaulting to 1000
[ 1666.637974][  T612] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[ 1667.056053][T11303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1667.059818][T11303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1668.066309][  T635] kvm: pic: non byte read
[ 1668.073447][  T635] kvm: pic: level sensitive irq not supported
[ 1668.073899][  T635] kvm: pic: non byte read
[ 1668.082330][  T635] kvm: pic: level sensitive irq not supported
[ 1668.082582][  T635] kvm: pic: non byte read
[ 1668.092739][  T635] kvm: pic: level sensitive irq not supported
[ 1668.092982][  T635] kvm: pic: non byte read
[ 1668.098487][  T635] kvm: pic: level sensitive irq not supported
[ 1668.098728][  T635] kvm: pic: non byte read
[ 1668.103648][  T635] kvm: pic: level sensitive irq not supported
[ 1668.103982][  T635] kvm: pic: non byte read
[ 1668.109905][  T635] kvm: pic: level sensitive irq not supported
[ 1668.110290][  T635] kvm: pic: non byte read
[ 1668.116665][  T635] kvm: pic: level sensitive irq not supported
[ 1668.116911][  T635] kvm: pic: non byte read
[ 1668.121482][  T635] kvm: pic: level sensitive irq not supported
[ 1668.121719][  T635] kvm: pic: non byte read
[ 1669.071603][  T648] block nbd6: NBD_DISCONNECT
[ 1669.359966][  T650] vxcan1: tx address claim with dest, not broadcast
[ 1669.374798][  T650] openvswitch: : Dropping previously announced user features
[ 1670.098371][  T658] wlan0 speed is unknown, defaulting to 1000
[ 1670.680041][  T682] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6576'.
[ 1670.884646][  T682] hsr_slave_0 (unregistering): left promiscuous mode
[ 1671.025257][  T676] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1671.029535][  T676] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1671.037228][  T676] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1671.043059][  T676] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1671.075897][  T676] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1671.078840][  T676] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1671.087027][  T676] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1671.106456][  T676] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1671.109235][  T676] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1671.736495][  T708] ==================================================================
[ 1671.739253][  T708] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[ 1671.742288][  T708] Read of size 8 at addr ffff888070cc6630 by task syz.4.6579/708
[ 1671.745082][  T708] 
[ 1671.747191][  T708] CPU: 2 UID: 0 PID: 708 Comm: syz.4.6579 Not tainted syzkaller #0 PREEMPT(full) 
[ 1671.747211][  T708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1671.747219][  T708] Call Trace:
[ 1671.747226][  T708]  <TASK>
[ 1671.747231][  T708]  dump_stack_lvl+0x116/0x1f0
[ 1671.747253][  T708]  print_report+0xcd/0x630
[ 1671.747271][  T708]  ? __virt_addr_valid+0x81/0x610
[ 1671.747286][  T708]  ? __phys_addr+0xe8/0x180
[ 1671.747302][  T708]  ? sysfs_remove_file_ns+0x63/0x70
[ 1671.747314][  T708]  kasan_report+0xe0/0x110
[ 1671.747932][  T708]  ? sysfs_remove_file_ns+0x63/0x70
[ 1671.747950][  T708]  sysfs_remove_file_ns+0x63/0x70
[ 1671.748033][  T708]  driver_remove_file+0x4a/0x60
[ 1671.748059][  T708]  bus_remove_driver+0x224/0x2c0
[ 1671.748077][  T708]  driver_unregister+0x76/0xb0
[ 1671.748097][  T708]  comedi_device_detach_locked+0x12c/0xa50
[ 1671.748120][  T708]  do_devconfig_ioctl+0x555/0x710
[ 1671.748134][  T708]  ? __mutex_lock+0x1c5/0x1060
[ 1671.748153][  T708]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1671.748169][  T708]  ? kasan_save_stack+0x42/0x60
[ 1671.748183][  T708]  ? kasan_save_stack+0x33/0x60
[ 1671.748197][  T708]  ? kasan_save_track+0x14/0x30
[ 1671.748211][  T708]  ? kasan_save_free_info+0x3b/0x60
[ 1671.748232][  T708]  ? __kasan_slab_free+0x60/0x70
[ 1671.748247][  T708]  ? kfree+0x2b4/0x4d0
[ 1671.748258][  T708]  ? tomoyo_path_number_perm+0x470/0x580
[ 1671.748277][  T708]  comedi_unlocked_ioctl+0x165d/0x2f00
[ 1671.748294][  T708]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1671.748314][  T708]  ? kasan_quarantine_put+0x10a/0x240
[ 1671.748328][  T708]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1671.748346][  T708]  ? find_held_lock+0x2b/0x80
[ 1671.748359][  T708]  ? tomoyo_path_number_perm+0x295/0x580
[ 1671.748376][  T708]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1671.748392][  T708]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1671.748409][  T708]  comedi_compat_ioctl+0x1d0/0x990
[ 1671.748424][  T708]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[ 1671.748439][  T708]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1671.748461][  T708]  ? do_vfs_ioctl+0x128/0x14f0
[ 1671.748481][  T708]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1671.748502][  T708]  ? find_held_lock+0x2b/0x80
[ 1671.748514][  T708]  ? hook_file_ioctl_common+0x145/0x410
[ 1671.748533][  T708]  ? __fget_files+0x20e/0x3c0
[ 1671.748546][  T708]  ? __ia32_compat_sys_openat+0x160/0x210
[ 1671.748561][  T708]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[ 1671.748576][  T708]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1671.748597][  T708]  __do_fast_syscall_32+0x7c/0x3a0
[ 1671.748615][  T708]  do_fast_syscall_32+0x32/0x80
[ 1671.748632][  T708]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1671.748649][  T708] RIP: 0023:0xf70ee579
[ 1671.748661][  T708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1671.748674][  T708] RSP: 002b:00000000f549c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1671.748688][  T708] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000040946400
[ 1671.748697][  T708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1671.748704][  T708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1671.748712][  T708] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1671.748720][  T708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1671.748731][  T708]  </TASK>
[ 1671.748736][  T708] 
[ 1671.804400][  T709] wlan0 speed is unknown, defaulting to 1000
[ 1671.804574][  T708] Allocated by task 453:
[ 1671.804588][  T708]  kasan_save_stack+0x33/0x60
[ 1671.881314][  T708]  kasan_save_track+0x14/0x30
[ 1671.882851][  T708]  __kasan_kmalloc+0xaa/0xb0
[ 1671.884381][  T708]  csum_init_net+0x56/0x270
[ 1671.886028][  T708]  ops_init+0x1e2/0x5f0
[ 1671.887746][  T708]  setup_net+0x10f/0x380
[ 1671.889158][  T708]  copy_net_ns+0x2a6/0x5f0
[ 1671.890650][  T708]  create_new_namespaces+0x3ea/0xa90
[ 1671.892797][  T708]  unshare_nsproxy_namespaces+0xc0/0x1f0
[ 1671.895005][  T708]  ksys_unshare+0x45b/0xa40
[ 1671.896768][  T708]  __ia32_sys_unshare+0x30/0x40
[ 1671.898511][  T708]  __do_fast_syscall_32+0x7c/0x3a0
[ 1671.900287][  T708]  do_fast_syscall_32+0x32/0x80
[ 1671.902005][  T708]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1671.904361][  T708] 
[ 1671.905173][  T708] Freed by task 11295:
[ 1671.906999][  T708]  kasan_save_stack+0x33/0x60
[ 1671.909469][  T708]  kasan_save_track+0x14/0x30
[ 1671.911600][  T708]  kasan_save_free_info+0x3b/0x60
[ 1671.913867][  T708]  __kasan_slab_free+0x60/0x70
[ 1671.915920][  T708]  kfree+0x2b4/0x4d0
[ 1671.917869][  T708]  csum_exit_net+0x13e/0x3b0
[ 1671.919846][  T708]  ops_undo_list+0x360/0xab0
[ 1671.921434][  T708]  cleanup_net+0x408/0x890
[ 1671.923202][  T708]  process_one_work+0x9cf/0x1b70
[ 1671.924785][  T708]  worker_thread+0x6c8/0xf10
[ 1671.926778][  T708]  kthread+0x3c5/0x780
[ 1671.928548][  T708]  ret_from_fork+0x5d4/0x6f0
[ 1671.930512][  T708]  ret_from_fork_asm+0x1a/0x30
[ 1671.932314][  T708] 
[ 1671.933329][  T708] The buggy address belongs to the object at ffff888070cc6600
[ 1671.933329][  T708]  which belongs to the cache kmalloc-256 of size 256
[ 1671.939300][  T708] The buggy address is located 48 bytes inside of
[ 1671.939300][  T708]  freed 256-byte region [ffff888070cc6600, ffff888070cc6700)
[ 1671.944382][  T708] 
[ 1671.945166][  T708] The buggy address belongs to the physical page:
[ 1671.947189][  T708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888070cc6600 pfn:0x70cc6
[ 1671.950540][  T708] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1671.953519][  T708] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff)
[ 1671.956533][  T708] page_type: f5(slab)
[ 1671.958146][  T708] raw: 04fff00000000240 ffff88801b842b40 ffffea00017edd90 ffffea000103ec10
[ 1671.961907][  T708] raw: ffff888070cc6600 000000000010000e 00000000f5000000 0000000000000000
[ 1671.965346][  T708] head: 04fff00000000240 ffff88801b842b40 ffffea00017edd90 ffffea000103ec10
[ 1671.968509][  T708] head: ffff888070cc6600 000000000010000e 00000000f5000000 0000000000000000
[ 1671.971467][  T708] head: 04fff00000000001 ffffea0001c33181 00000000ffffffff 00000000ffffffff
[ 1671.974741][  T708] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1671.978393][  T708] page dumped because: kasan: bad access detected
[ 1671.981876][  T708] page_owner tracks the page as allocated
[ 1671.984544][  T708] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 13658, tgid 13657 (syz.2.1899), ts 407927932409, free_ts 371249982734
[ 1671.993019][  T708]  post_alloc_hook+0x1c0/0x230
[ 1671.995284][  T708]  get_page_from_freelist+0x132b/0x38e0
[ 1671.998519][  T708]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1672.001590][  T708]  new_slab+0x94/0x330
[ 1672.003398][  T708]  ___slab_alloc+0xcf2/0x1740
[ 1672.005441][  T708]  __slab_alloc.constprop.0+0x56/0xb0
[ 1672.008059][  T708]  __kmalloc_node_noprof+0x2ed/0x500
[ 1672.010591][  T708]  alloc_slab_obj_exts+0x41/0xa0
[ 1672.012810][  T708]  new_slab+0x27d/0x330
[ 1672.014691][  T708]  ___slab_alloc+0xcf2/0x1740
[ 1672.016658][  T708]  kmem_cache_alloc_bulk_noprof+0x24e/0xbc0
[ 1672.019532][  T708]  __io_alloc_req_refill+0x98/0x500
[ 1672.022211][  T708]  io_submit_sqes+0xe03/0x25c0
[ 1672.024477][  T708]  __do_sys_io_uring_enter+0xd6a/0x1630
[ 1672.026807][  T708]  __do_fast_syscall_32+0x7c/0x3a0
[ 1672.028975][  T708]  do_fast_syscall_32+0x32/0x80
[ 1672.030795][  T708] page last free pid 13 tgid 13 stack trace:
[ 1672.032765][  T708]  __free_frozen_pages+0x7d5/0x10f0
[ 1672.034618][  T708]  __put_partials+0x165/0x1c0
[ 1672.036295][  T708]  qlist_free_all+0x4d/0x120
[ 1672.037948][  T708]  kasan_quarantine_reduce+0x195/0x1e0
[ 1672.040069][  T708]  __kasan_slab_alloc+0x69/0x90
[ 1672.041833][  T708]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 1672.043743][  T708]  __alloc_skb+0x2b2/0x380
[ 1672.045189][  T708]  inet6_netconf_notify_devconf+0x87/0x180
[ 1672.047346][  T708]  addrconf_sysctl_unregister+0x134/0x1c0
[ 1672.049279][  T708]  addrconf_ifdown.isra.0+0x1498/0x1aa0
[ 1672.051125][  T708]  addrconf_notify+0x220/0x19e0
[ 1672.052866][  T708]  notifier_call_chain+0xbc/0x410
[ 1672.054922][  T708]  call_netdevice_notifiers_info+0xbe/0x140
[ 1672.056920][  T708]  unregister_netdevice_many_notify+0xf76/0x24c0
[ 1672.058908][  T708]  ops_undo_list+0x8fc/0xab0
[ 1672.060235][  T708]  cleanup_net+0x408/0x890
[ 1672.061527][  T708] 
[ 1672.062270][  T708] Memory state around the buggy address:
[ 1672.064047][  T708]  ffff888070cc6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1672.067927][  T708]  ffff888070cc6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1672.072346][  T708] >ffff888070cc6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1672.076219][  T708]                                      ^
[ 1672.078652][  T708]  ffff888070cc6680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1672.082165][  T708]  ffff888070cc6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1672.085232][  T708] ==================================================================
[ 1672.102818][  T708] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1672.105413][  T708] CPU: 2 UID: 0 PID: 708 Comm: syz.4.6579 Not tainted syzkaller #0 PREEMPT(full) 
[ 1672.108507][  T708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1672.112122][  T708] Call Trace:
[ 1672.113254][  T708]  <TASK>
[ 1672.114238][  T708]  dump_stack_lvl+0x3d/0x1f0
[ 1672.115738][  T708]  vpanic+0x6e8/0x7a0
[ 1672.117302][  T708]  ? __pfx_vpanic+0x10/0x10
[ 1672.118946][  T708]  ? __pfx_vprintk_emit+0x10/0x10
[ 1672.120588][  T708]  ? sysfs_remove_file_ns+0x63/0x70
[ 1672.122299][  T708]  panic+0xca/0xd0
[ 1672.123516][  T708]  ? __pfx_panic+0x10/0x10
[ 1672.124952][  T708]  ? sysfs_remove_file_ns+0x63/0x70
[ 1672.126623][  T708]  ? preempt_schedule_common+0x44/0xc0
[ 1672.128505][  T708]  ? preempt_schedule_thunk+0x16/0x30
[ 1672.130603][  T708]  check_panic_on_warn+0xab/0xb0
[ 1672.132665][  T708]  end_report+0x107/0x170
[ 1672.134301][  T708]  kasan_report+0xee/0x110
[ 1672.135776][  T708]  ? sysfs_remove_file_ns+0x63/0x70
[ 1672.137884][  T708]  sysfs_remove_file_ns+0x63/0x70
[ 1672.140128][  T708]  driver_remove_file+0x4a/0x60
[ 1672.142336][  T708]  bus_remove_driver+0x224/0x2c0
[ 1672.144776][  T708]  driver_unregister+0x76/0xb0
[ 1672.147092][  T708]  comedi_device_detach_locked+0x12c/0xa50
[ 1672.149894][  T708]  do_devconfig_ioctl+0x555/0x710
[ 1672.152388][  T708]  ? __mutex_lock+0x1c5/0x1060
[ 1672.154517][  T708]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1672.157032][  T708]  ? kasan_save_stack+0x42/0x60
[ 1672.159248][  T708]  ? kasan_save_stack+0x33/0x60
[ 1672.161787][  T708]  ? kasan_save_track+0x14/0x30
[ 1672.164438][  T708]  ? kasan_save_free_info+0x3b/0x60
[ 1672.166877][  T708]  ? __kasan_slab_free+0x60/0x70
[ 1672.169029][  T708]  ? kfree+0x2b4/0x4d0
[ 1672.170808][  T708]  ? tomoyo_path_number_perm+0x470/0x580
[ 1672.173550][  T708]  comedi_unlocked_ioctl+0x165d/0x2f00
[ 1672.175911][  T708]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1672.178557][  T708]  ? kasan_quarantine_put+0x10a/0x240
[ 1672.181283][  T708]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1672.184543][  T708]  ? find_held_lock+0x2b/0x80
[ 1672.187014][  T708]  ? tomoyo_path_number_perm+0x295/0x580
[ 1672.189698][  T708]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1672.192113][  T708]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1672.194843][  T708]  comedi_compat_ioctl+0x1d0/0x990
[ 1672.196853][  T708]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[ 1672.198833][  T708]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1672.200795][  T708]  ? do_vfs_ioctl+0x128/0x14f0
[ 1672.202483][  T708]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1672.204344][  T708]  ? find_held_lock+0x2b/0x80
[ 1672.206221][  T708]  ? hook_file_ioctl_common+0x145/0x410
[ 1672.208578][  T708]  ? __fget_files+0x20e/0x3c0
[ 1672.210231][  T708]  ? __ia32_compat_sys_openat+0x160/0x210
[ 1672.212127][  T708]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[ 1672.213915][  T708]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1672.215898][  T708]  __do_fast_syscall_32+0x7c/0x3a0
[ 1672.218143][  T708]  do_fast_syscall_32+0x32/0x80
[ 1672.220425][  T708]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1672.223838][  T708] RIP: 0023:0xf70ee579
[ 1672.226194][  T708] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1672.235216][  T708] RSP: 002b:00000000f549c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1672.238928][  T708] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000040946400
[ 1672.242455][  T708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1672.246318][  T708] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1672.250410][  T708] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1672.253941][  T708] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1672.257602][  T708]  </TASK>
[ 1672.259895][  T708] Kernel Offset: disabled
[ 1672.261718][  T708] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:21:50  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000001 RBX=ffff88802b23a440 RCX=0000000000000100 RDX=0000000000000001
RSI=0000000000000002 RDI=ffff88802b23a442 RBP=dffffc0000000000 RSP=ffffc9000313f498
R8 =0000000000000001 R9 =ffff88802b23b3d4 R10=ffff88802b23a443 R11=0000000000000000
R12=0000000000007fef R13=0000000000000000 R14=ffff88802b23b3c0 R15=ffffed1005647488
RIP=ffffffff8b936b1a RFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880974c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002ef0cff8 CR3=000000006c0ac000 CR4=00352ef0
DR0=0000000000000007 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000009 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc9002e2bb000 RBX=ffff88802320d400 RCX=ffffffff825f6ce7 RDX=ffffc9002e51a000
RSI=0000000000000004 RDI=ffffc9000348fdf8 RBP=ffff888028984880 RSP=ffffc9000348fe88
R8 =0000000000000001 R9 =ffffc9002e11a000 R10=0000000000000003 R11=0000000000000000
R12=0000000000000207 R13=ffff88802320d408 R14=0000000000000002 R15=0000000000080000
RIP=ffffffff81bb0ca8 RFL=00010087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f480bda4 CR3=000000006c0ac000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=ffffc900035eed46 RBX=dffffc0000000000 RCX=ffffc900035eed46 RDX=1ffff920006bdda8
RSI=ffffffff81af896b RDI=ffffc900035eed40 RBP=ffffc900035eed40 RSP=ffffc900035eeb80
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000012044
R12=ffffc900035eec20 R13=ffffc900035eec00 R14=ffffc900035eec60 R15=ffffc900035eec40
RIP=ffffffff8b8ca871 RFL=00000803 [-O----C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73a719c CR3=0000000066801000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b441d80 RCX=ffffffff81af11e1 RDX=ffff888042794880
RSI=ffffffff81af11bb RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90003f0f888
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=dffffc0000000000 R13=ffffed10056883b1 R14=0000000000000001 R15=0000000000000002
RIP=ffffffff81af11bd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080028000 CR3=000000000e380000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000