last executing test programs:

10m20.684909625s ago: executing program 1 (id=43):
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'erspan0\x00', &(0x7f0000000380)={'gre0\x00', 0x0, 0x7, 0x1, 0x7, 0xa5, {{0xb, 0x4, 0x2, 0x3f, 0x2c, 0x69, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x6}, @loopback, {[@timestamp_addr={0x44, 0xc, 0x4f, 0x1, 0x0, [{@rand_addr=0x64010102, 0x3b}]}, @cipso={0x86, 0xa, 0x0, [{0x0, 0x2}, {0x1, 0x2}]}]}}}}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548fc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee364dad078fc88d17cbde37a2270f90a60afe8548f4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd1045a5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b2877b485d9d4ae2fcd3e757b84319879d0337785773c940af6e57d162f4606d101def01199325c8676a32e26303560271b720216d95e0013265a45b02bd2414bebda89b7b5e71e7"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632f77fbac14140be934a0a662079f4b4d2f87e5feca6aab845013f288a81a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x4}, 0x4c)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r5, &(0x7f0000001d80)='.\x00', 0x9100, &(0x7f0000000080)={0x81, 0x7a, 0x40000, {r5}}, 0x20)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f800020050f001000000003e00000004bb00000000000000000000000000000000003b00400000000000000200"/55, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000040000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000010000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa000000000400"/176], 0xf8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r8, 0x0)
connect$unix(r7, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r8, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept4$unix(r8, 0x0, 0x0, 0x80000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x94}}, 0x0)

10m18.711136534s ago: executing program 1 (id=48):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000005c0)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0)
recvmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}, 0x1c000}], 0x1, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="b4000000000000ec94000000040000000b28cb45291efd419719f41b5ae85a493d0485abedb0bafa134b0ff8700f474a034549fdac0082c3e12d7f3722879de276b5df3799f0eb86b3f27b70e83ddb59d5fb07cbece9b51a717cb3b9ef4cfd71fd9fb45a253d"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r6}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r5, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000600)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
write(r11, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
ioctl$TUNSETIFF(r11, 0x400454ca, 0x0)
r12 = socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r13=>0xffffffffffffffff, <r14=>0xffffffffffffffff})
splice(r13, 0x0, r11, 0x0, 0xffffffffffff8000, 0x0)
close(r14)
socket$nl_route(0x10, 0x3, 0x0)
splice(r10, 0x0, r12, 0x0, 0x1100000000f336, 0x0)

10m17.209469458s ago: executing program 1 (id=52):
r0 = socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0xa, 0x80, 0x14, 0x0, 0x7, 0x0, 0x0, 0x3, 0x10017}, [@FRA_SRC={0x14, 0x2, @mcast1}]}, 0x30}}, 0x40000)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'team_slave_0\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x2, 0x818, 0x0, 0x0, 0x0, 0x2, 0x7, 0xd, 0x0, 0x0, 0x0, 0x3, 0x9, 0x0, 0x3}})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x100})
ioctl$SNDCTL_SYNTH_INFO(r1, 0xc08c5102, &(0x7f0000000300)={"839a03df7c1f327087001636c9a849bed72cfe9dd235a3d5a43da0c49cce", 0x2, 0x2, 0x1, 0x7, 0x0, 0x4, 0xfffffffd, 0x1, [0x5, 0xfffffffd, 0x7144ae76, 0x80, 0xfffff801, 0xce, 0x8, 0x4, 0x3, 0x2e, 0x2, 0x84, 0x3, 0x5, 0x7fffffff, 0x0, 0x2, 0x1fd, 0x800]})
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r0)
r4 = socket(0x29, 0x80003, 0x400000)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd74)
ioctl$HIDIOCSREPORT(r8, 0x400c4808, &(0x7f0000000180)={0x3, 0xffffffff, 0x5})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r10, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xe3c})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x1, 0x6000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r11, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x101ff, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil})
sendmsg$ETHTOOL_MSG_EEE_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fbdbdf25170000000c00018008000100", @ANYRES32=r6, @ANYBLOB="0c00018008000300010000001507c9192a3e5c285befb8b9ee1d3d713d9da980d5b1cb3c2606e0fb1ee7e05639871facd8ce873ac43004d2920c7a92f1f1ef9626fa78"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x40804)

10m15.534382545s ago: executing program 1 (id=55):
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$inet6_buf(r0, 0x29, 0x2f, 0x0, &(0x7f0000000000))
timer_create(0x9, &(0x7f0000002c00)={0x0, 0x25, 0x1}, &(0x7f0000002c40)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000180)={{0x77359400}, {0x77359400}}, 0x0)
timer_settime(r2, 0x0, &(0x7f0000000000), &(0x7f0000000080))
splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
syz_pidfd_open(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
setpgid(r3, 0x0)
setpgid(0x0, r3)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
mkdir(0x0, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000003c0)=@generic={&(0x7f0000000440)='./file1\x00', 0x0, 0x8}, 0x18)
r4 = socket(0x10, 0x3, 0x0)
recvmmsg$unix(r4, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000003700)=[{0x0}, {&(0x7f00000025c0)=""/4096, 0x1000}, {&(0x7f00000035c0)=""/139, 0x8b}], 0x3}}], 0x1, 0x2, 0x0)
mount$afs(0x0, &(0x7f0000000200)='./file1\x00', 0x0, 0x88, 0x0)
r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x800000000000001)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000150001032ae20000004507e2fa5bbdec4e2a0000000c0000000800040001000000df00db71c8ca7a8633ee39c0fa3134631b07567405950947a46a75f2aaca887b1b6384b32cdd988c"], 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)
name_to_handle_at(r1, &(0x7f0000000180)='./file1\x00', &(0x7f0000000240)=@isofs={0x14, 0x1, {0x5, 0x5, 0x7, 0x10000, 0x0, 0x6}}, &(0x7f0000000280), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

10m14.341959994s ago: executing program 1 (id=59):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x0, 0x20000000}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20004011}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="000100dc04b3e2ff0000040000000000", @ANYRES32=0x0, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRESHEX=r3, @ANYRESHEX=r0], 0x50)
mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000340)=0xffffffffffff0001, 0xd, 0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r4, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @mcast1, 0x3}, r4, 0x7}}, 0x48)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r6=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000100)=0x1, r6, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f0000000140)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x6, @loopback, 0x3}, r6}}, 0x30)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000240)={0x13, 0x10, 0xfa00, {&(0x7f0000000580), r6}}, 0x18)

10m12.968190778s ago: executing program 1 (id=64):
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'erspan0\x00', &(0x7f0000000380)={'gre0\x00', 0x0, 0x7, 0x1, 0x7, 0xa5, {{0xb, 0x4, 0x2, 0x3f, 0x2c, 0x69, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x6}, @loopback, {[@timestamp_addr={0x44, 0xc, 0x4f, 0x1, 0x0, [{@rand_addr=0x64010102, 0x3b}]}, @cipso={0x86, 0xa, 0x0, [{0x0, 0x2}, {0x1, 0x2}]}]}}}}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548fc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee364dad078fc88d17cbde37a2270f90a60afe8548f4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd1045a5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b287"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632f77fbac14140be934a0a662079f4b4d2f87e5feca6aab845013f288a81a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x4}, 0x4c)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r5, &(0x7f0000001d80)='.\x00', 0x9100, &(0x7f0000000080)={0x81, 0x7a, 0x40000, {r5}}, 0x20)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f800020050f001000000003e00000004bb00000000000000000000000000000000003b00400000000000000200"/55, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000040000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000010000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa000000000400"/176], 0xf8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r8, 0x0)
connect$unix(r7, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r8, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept4$unix(r8, 0x0, 0x0, 0x80000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x94}}, 0x0)

10m12.74237015s ago: executing program 32 (id=64):
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'erspan0\x00', &(0x7f0000000380)={'gre0\x00', 0x0, 0x7, 0x1, 0x7, 0xa5, {{0xb, 0x4, 0x2, 0x3f, 0x2c, 0x69, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x6}, @loopback, {[@timestamp_addr={0x44, 0xc, 0x4f, 0x1, 0x0, [{@rand_addr=0x64010102, 0x3b}]}, @cipso={0x86, 0xa, 0x0, [{0x0, 0x2}, {0x1, 0x2}]}]}}}}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548fc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee364dad078fc88d17cbde37a2270f90a60afe8548f4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd1045a5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b287"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632f77fbac14140be934a0a662079f4b4d2f87e5feca6aab845013f288a81a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x4}, 0x4c)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r5, &(0x7f0000001d80)='.\x00', 0x9100, &(0x7f0000000080)={0x81, 0x7a, 0x40000, {r5}}, 0x20)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="f800020050f001000000003e00000004bb00000000000000000000000000000000003b00400000000000000200"/55, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000040000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000010000004400050000000000000000000000000000000000000000022b0000000a000000fe8000000000000000000000000000aa000000000400"/176], 0xf8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r8, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r8, 0x0)
connect$unix(r7, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r8, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
accept4$unix(r8, 0x0, 0x0, 0x80000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x94}}, 0x0)

7m48.878059324s ago: executing program 3 (id=828):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r1, &(0x7f0000000340)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2)
r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r3 = timerfd_create(0x9, 0x0)
timerfd_settime(r3, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
timerfd_gettime(r3, &(0x7f0000000040))
r4 = io_uring_setup(0x194e, &(0x7f0000000780)={0x0, 0xca8a, 0x1000})
close_range(r4, 0xffffffffffffffff, 0x0)
r5 = openat$tun(0xffffff9c, &(0x7f0000000000), 0x80f40, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'ip6erspan0\x00', 0x4000})
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
recvmmsg(r0, &(0x7f00000052c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000006080)=""/4074, 0xfea}, {&(0x7f0000000240)=""/103, 0x67}, {&(0x7f0000000040)=""/113, 0x71}, {&(0x7f0000000140)=""/55, 0x37}, {&(0x7f0000000340)=""/107, 0x6b}, {&(0x7f00000003c0)=""/85, 0x55}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f00000001c0)=""/54, 0x36}], 0x9}, 0x4db}, {{0x0, 0x0, 0x0}, 0x20008}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000780)=""/146, 0x92}, {&(0x7f0000000840)=""/158, 0x9e}, {&(0x7f0000000900)=""/220, 0xdc}, {&(0x7f0000000a00)=""/11, 0xb}, {&(0x7f0000000a40)=""/80, 0x50}, {&(0x7f0000000b40)=""/97, 0x61}, {&(0x7f0000000bc0)=""/123, 0x7b}, {&(0x7f0000002e00)=""/4096, 0x1000}, {&(0x7f0000000c40)=""/171, 0xab}], 0x9}, 0x9}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0xb68d}], 0xa, 0x40002000, 0x0)

7m47.965863884s ago: executing program 3 (id=832):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4)
r1 = syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x14b082)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000580)={0x53, 0x0, 0x6, 0x4, @buffer={0x0, 0x1004, &(0x7f00000018c0)=""/4100}, &(0x7f0000000440)="1518a7a093f1", 0x0, 0x84, 0x0, 0x0, 0x0})
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0)

7m46.306628631s ago: executing program 3 (id=849):
prlimit64(0x0, 0x0, &(0x7f0000000000)={0x0, 0x2002}, 0x0)
r0 = openat$userio(0xffffff9c, &(0x7f00000000c0), 0x601, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000100)={0x1, 0x2}, 0x2)
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001600)=ANY=[@ANYBLOB="5c000000fa1e01080000000000000000000000000c0007800500150007000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574000000005fccd4e6a7233782768d498f80ef80bbcdba192d2923db2dd8ff353296d4d37606a10c6cbee5f26c597ce08bca8d6fb8238d04302ec7154abf137be3b47b54611a568f8ed04de78f557d8d418e9baf88bf19cc23747c0ae8f5247d26e19fb8b0f84b1fc1e414032febb12bf413a2130f79f7b23e5d51dfa6068274a3c6fe40fa"], 0x5c}}, 0x0)
sendto(r3, &(0x7f0000000580)="e2f0edb4a09de4eb8b568b1945dedf3065915ea6ba9b3a6636d037f112f6eeb4ba55fa217f56d18047027c8a2c1fce13d675bf4e659dc3b599a318bda8aa62ee96fa3def9d8cbbe008c0935f882def74cf9f8b3ad2c8a95648384ba2e6f4e13781ad844eaa2eec04d37cb63de0da0a0f9d0d1046996edadb44a93a4789c6bb303d1d3eb7e8d12d5ab9b186705bef99cd461b6d66109145d9983ce9b35986e0fb1a8008abdf58f6663ec0daaf42b8b51ca37a6d993519ba2770e2c40cc4bcba6ee9d8bf1a734fee4921cedc905b94e40b6b33d107bb9b41419cbb5226e1d5cf71593b1e4a40b13d3cb929441f6862a59d9f4c9b51d55ce7e7828cf7fa2a983d1bec60be3f12cebaba0f3d0b9221780d29f3ee849d59b5f35739c45c5b20c2fd1c83d73e4f0ff3b64fcba584a880a8e42dee9ae3a64c8dfd4b8c47ef1c4fdeb0ba4500c88492ec10f0c1a2361f9f9b98ee70eeda3f3faad05a69798d8aa1921ceaa504c7e3bf05575bf9bb4bb87041185441cdf9945e979432bda67a56eb6275d5ff14f1c3457732537d0b73a660e3c2af361ad02c01cf296565a5ef847192cf9861a7743523e70852eb5e051f62566bb1d239b2fdbf462d69e053aa275b39002c5e922314206ab6fd10da81fb2748220bfdee87e4825aac65963166a163a3e3d43de0f7ae1b91e92854861069ffdda70775099b379a0073e39f23d343827aa3b2963f6b0e195c8b55dc0f9373bffc627d0706e0e331170505c0f3e53e37d42af0ecd2d9423fa5068fc07184e66631f326518f7ade3ae7338a13379705f5aa3638ff3c490be8b5ee96817d3ed4295c5094e25387ab6b417c66c92c6a687bb4f57adf5ea27adc23965cb0f592d26880c2827b03aa817ef96b8e2b31ad5eae5ef5d3a93bee78ea3017dc343a30a775b9754c4bbe625760082cccf696c91b50c3d258a973096db9bdb03125f90577b260079f38ece247fecd3e518a3700eb13438eec5e57885d2bab4a01e597918b0165499e396ed8bd82fa46faa64b210bc2e3795f293ca66fb5b0b465171ca2c290fc702aefab470740616a82653e3a6af0dfd8c1877eb47a8f9066b2a379d216fb3797462c04d8a128d384fb37a01c5730796a4c56c62154321f6127d39c8341d21bdf9523bdd994dd80e6a24b129866bb36a34c6170dabb907723edb45756ff679a47d5849b8d1f68d09d71237978696d67773cf4a092997a25fc8ba3d4be8be189dee96963fbfc30cf7bd0210d50b395669d4559ba53ba7534483734b0d92d06928be36d8de23b06e87ba423245780852674bb4c1343f44370f8ed6e2cb668b7e8b1434784b34818891719abb283a709ce4aada4ffd0a14c5628380dd5ef702c2c97d0ba57ebe7f5c0de07a760ed7ced773b49b22a311e35b54ec3061af181ef8492af79f968a73fde151a0b06a113546095d2d264e06aef48b356e16a5d9cc15b90abfb3a7b74c0bdfa46054ea02e4ffb63f5d85018f80bdfd095d5b99c449f5284683addaba3afde85f7593a3ee7e4b6f01d761a6bf526c7a83a285c7c9743633d1956fca774bb045bc211879bd87a0b4dde14f0a9a77bf3257981b6ec3765d0e47f43d583c4b07f2abd7e8912f65f0b79cabb42a53aa1365f3b42a5f3b7e4888cefd5d4998da1a9bf5b6ecbb5ced73cca8b1fb798caf0f57efd2261f980dcd6ba560ed3bfae36bfd7c21ad995311dad6390a2eafe8f6cafe6c80f3d85ec28cc51c6b04f814e9ab8e45469ba339dcf22ff410ca8d0d6180d9d1342d807633562c38608148292276182455acf354144c1dd3c2383662164f0103b14107e53745c00cdbfb4acde372d9a3e8de15671df4f48ef038498a7200abfdfde96daa29399999d63b10e9bf352d977e1f6c45e2719b2ada5e14d615363449c14fbfccee355e0e0c8bd22ab56914a0e7963c76d771c24c5970a77370521b6fe3be49d9610115179e2ed91d27b00ee5c1a9d0d1db1d01c3b46642ab6e311a7fe5a02cae5113fa09d8895d783bb88d8ab4eda0bafee88d5ed5faf902904c59674b3c4cb1d681f124f26add6019a8e67a2769acb66e75413aff6a16d39d3334a7a96d96476bbfc96ccf49de62f5fe77f07d560f11b53c511ab800409f683e3ef180442e83a305b056dcfeee3d7be93b1c03799588d8aaa1d109a4b09c5031f4ff0721038ed2af60524c0d7cc7fab7c0abbee97b88822bf09a4cd8f56f9346065a7137c52839d77200347ef6b8e68fe12663fcb13c719cee24cc895cf43514215e091d278b3e3b9c92ca70d888d40697e4fa3b50f512f7927b244a82711f40ae72b78d6ff88c908c82000137f38f5ff68bc4ddc12ed9274062acafbe59db14c96c415b7e1ad7036395719f108d9956909003998e9af9b025c17b8f48bfd4b63c30108ca724e122ca12bea07244b2d6087a8fc4e9d4528b5fe2740d05552f4bf07e85863d23137ccd456857a651eb9fef0c903a9cfc48235c6520f9ad88865be22c2acc917d5a3dfb5e7801991ab9f423f5ee4ba10c077fbe7252468b8d4cc3d91d422301a356444002ce45af93f84dae16aca0741569a8d86a70ebf66382e914419f97484e0547485baf34eddf1b119b4ce62471a22a59db92cab18c5849b0511553e472f492add55eb604a27f6a5d3876fb0c714bc75c1f5ecaf0d2fed7e50a49260220984ae2f46e667f1875f3e8f48740dcf47dfd812f7cba498bb9f43b4de4652277fa6872c116adbd897d9ef8bc477bbda1609c622e4de3867525c3dd9051dfc3567cc047ce224d4daa0e18f96713c64cf38e96a37f23936623e296ce35fc38c9ae5ad577a2fe014d1a3d153e21c22866580830154071abbb030483060fc4bcbce8ee10322d34fe8e61e93103e69719cb878065e79cd14971042967136b7f322afd779df894b0ed3fa69536233df076fed97018a77f4f7cd5193cc72cf5578432f7efd52305a7b45f5eec620ae981a79ea8fd7a6661f05befd4560d4a132b9114a824a7dab0a891a8fef83174dc649ef97d5b9f348edf0366a0f2b16f5c4f980e8b43eb27ae6b5c47c8dda69880c922a18aa2c43b8d41375bdeabcbfa4375cf16052e557f8153fbb1026249e561a1e1266ef99756a78d9ffab1be81b056c554a338df9c28f4f8bebc1f492c5bc28a9d20c8796462c2e27cdfceb94ec76c2ea12645801f13258f24db59b3328d49fac9f9e8777225da4f9dcfa6e541de9a732d96813f0b93bac210cc489c5b2396136e3b47e2ae360398b4373e46af7d340713b0f068b33ffa4b81bbb5b70f6f9deb341c0f5002fddb18bde294d5d126a1c376b411fcece5ece7971326f4dcb6399592113f30032198369151e7d5384437045e391c032b75b4e9f1e50a9e4a314ff1773210af94665d12ef1d263bbc1a821e87909cd39fef474d14a2fa99405f85f8e01c13e4ecc3922f4742bb4bb6baea20507aff8ffa0c872c86253af9cd6747299a40b83f8821025c0578094c229b0ab596541af1976cb55d92327a1c1bca3751c1d5ef003bab87cfe991baf73e36a4f88cbdc9035c68c139518545b2a2434ead0ba5a433013e9fefc8b0855dee7071af2d41f450fa333c880d273d35ee0e160620cef71d9139e19e4885e20c79fb7565e6c4b8183a6c6840e65e3557300690fa44173f871c32539db1b5ae5c85455bc6a4d276e4c7a5ebec55c81faa0402f8ca29debc52023d6788a29a27b9faec7ae6428b0f4f72305686b5033b28e92eeb40dfd5c981eac856fe5af61e71b1b5a0722c64b9bea839173a5295a26c6efa0b090d6110b57b1f2ec4222defc1c645a70a2bd7fbf907f26b467ea63f1d56904c81cf096869e66bfcd31c6a7b4833d082d84e4265600a48d993f4f4704ac0ff0f99bf13bfba26264bb8b433352b7b6819cf504d29da37da06d407a26f519fbf0fd79a07609d3ee9aa0895303111ace5b90dc310d409a292829b90db12cf33402252c58c3b8ba791c0dc72bee5cef634c37aa959ae93469622905a67df1e584c861296af3e1c7afd5ed520a517841e9c25422089975eaa41b178690b68d0e9cf4025c09d59f90aa1f589abfcbd61789e761660bb0dc7f5ccff7844eb3682dd90ffd9219a6dad8575d90abdf349da962d260f01c04e7cb1e503d8ba10ad2de14f90e49e2bc4ccac8341c52ce76b838310bd71bd2f5dfd9b57f6c5d74922bc780fdb492b5b180f1a90390ca8568b67518da4aacaeb1c83ef9b45fec82708c58983d1fa1a5ef209c6676bc8b12b303c55531d872a4be75f997d63506bbedc757b015109eb743206adda095e26b2fe261c79ef604289976a99c616303dc029fe78f41f534e7b406c3ab4ee8813aa17456a3e05c8b6e08dd2e85cef531eecdaf1992d9685409869da4ece661c22056f0d550d3512c06fa29a854c26b05a7657b9c76d4930e7d4cca88d4a318a28ee6947516b7e6d67b4fe442c472a02a0e932ab6f9ea496d557d8af01d75b47fe36e7b07e52f6e6add9b29819edc6bf68e35a89e137177a1641576abf1572b58e586d22634d0645b705009c72887fa79d3c817f868bdae7507971603af2e099500ef32d98f2e62dc42aaa8a3f7126ee0fe37f64964cde7470846cf74c369990e4d6a8ba7b39f5fe6ec40d9a32dd91be5e6387af26605c2ae84b01626ec831858e4b7092bb220b8ce1d76d4a091920780455d054c6590bae69aaf37dc69699229aa9186ddefbcc5da5b3eb5aa50458e38c83e4d84469c7b4ec76aab3f92415a39644185659a2fce6d27a6291b455a27dce9156fecc54d4cf2a30fce1743f54cbe09b8804af806b0c41cbde6f3b0fd5d2554bbd9c9783ce43f9a33095d5fd13acb186b838d033095df073eb1f453467b5afcd554ffd04659d85dbf62d9568b2e7648067692616894803ad9001bc709ddbc0f73946f1a362d6e300fe1b4e68121ba45aadfa0e0c923b925e41672d2a7b35749681c0be98dc17b821d82ff0188bd4e159ce1591bc4bd044cf012edc500f53b191f489fa1c1e842a3380aa2d84a2be95c9e71abfe3e2194a36489cca558e18deb0f7f892966b36e7f9e687ea3215c8ce8fcd21e26b03c699763ed3191c855159936e91f1a0f5d6bc97bdb1b200cd0a0eccc04a3b51f0f200d3c634216c84715262c98357baacd85b0471006bbda3d920ccb77368abb51758b19b86a78a6f828c1a89f0f8bee3b987822809142997e97c7c8127da9d4c7534778628f2c55022998c88515676b859f65a5e29edab5099bb1ecaaa4d221725fd38768b79cc191d5dbc4a3ec67f47711cc0461d4bedfac6ca2a3e8ab27010da8bd1452a52686ab304d6f61d88b2a377936b0d533e7862697c6c470013b57f79f16ac9f21db6d7f4c83be3af5cb9265221ac29b0344f159dac1ec467c70061c5892ac003329d2c3ffb17397d968acb3292cba6739fbafeee17c1de90fb88b43f61927425f9012025bc4df4536eb0ef744af67d8b09b2bd7a37f25de9cbe79f64aaca31f08f43cf2b6d966be6aa878cd93d0236250c52f202bcd2f584b563479ebfc85e8a298c25b83f01118ddc745a2eb24c3f622d40bcfa2b948858fcc51c896d72dccd1d6d0d247d6144d591925228ebdf2b7f5d0868e676a1d2e1f4435d9ac458fc027f80191f2b120d86ff21e14166ea19eabace8809a8e5c0e9bf318b893ceb3f812d21b0501287c6d60e70c41a8dcc772b1766152c49cd0fd640921093fb7e8a4287a62e1236c1bc340489530555e7985f5ac09e3c752fa509c5d5f12a0fb1ade630d21ae684d565b60b39d744d687460e6b44b8c08", 0x1000, 0x240000d1, &(0x7f0000001580)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'ccm_base(cbc-blowfish-asm,sha224-generic)\x00'}, 0x80)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040))
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448e1, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202})
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0xa7, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4e, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

7m46.006306214s ago: executing program 3 (id=850):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='./file1\x00', &(0x7f0000000140), 0x400, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, 0x0, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000000000000000000000000800000006000000"], 0x1c}}, 0x0)
recvmmsg(r3, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0)
r4 = io_uring_setup(0x652, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r7, &(0x7f0000000140)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r4, @ANYBLOB="01d9c60000000000fdff128008000100677265001400028008000700ac141400060003003fde0000"], 0x40}}, 0x0)
sendto$packet(r5, &(0x7f0000000000)='1', 0x1, 0x40081, &(0x7f0000000200)={0x11, 0x0, r8, 0x1, 0x4, 0x6, @local}, 0x14)
r9 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_IO(r9, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f00000000c0)="a10b7633ecb5", 0x0, 0x0, 0x0, 0x0, 0x0})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$kcm(0x2, 0x200000000000001, 0x106)
r10 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
writev(r10, &(0x7f0000000340)=[{&(0x7f0000000300)='0', 0x1}], 0x1)

7m45.901692383s ago: executing program 3 (id=852):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000440)={0x3b, @multicast2, 0x4e24, 0x3, 'dh\x00', 0x4, 0x2576, 0x5a}, 0x2c)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f0000000100))
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$cec(&(0x7f00000004c0), 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000480), &(0x7f0000000500)=0x4)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f00000001c0)=0x4, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r5=>0x0})
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r5, 0x0, {0x0, 0x0, 0x4}}, 0x18)
sendmsg$can_j1939(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x80000000000, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x8000000000000001, 0x0, 0xc3ad, 0x0, 0x3}, 0x0, 0x0)
r7 = accept4(r1, &(0x7f0000000200)=@vsock={0x28, 0x0, 0x0, @local}, &(0x7f0000000000)=0x80, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000380)={r7, r0, 0xe, 0xf0, &(0x7f0000000280)="c1636f187f318c3f9830cf2d154fb01c4473ba0550cc66916c4b187ea9319284c6be5afb3ca499ae22dd69883b1bc8649e3a279398b8f3b9db96f0f6c13003e20800f1fd0c9ac687d5e7b5781ac48151e85d3241daece42b61c678494dc4257c9c185dfe4736106faeae45a7e2f042c0830a2a7a94b6d3b4fef9874ab8fe5bc2379b97351fc482ec1f160cfdeb243dd7505a3d01645af63ba9b1ad8eecd96c65cdef7ea854c324fc7c9cc57333a815dee2c3c542f39c488654755324db7e309b34d19f2324d9c9da953c803894ab8d75dd45a7e9efbd7d1654fbecc8b75e731dcb24a27cf7bf8946cab84741c0db4952", 0x43, 0x5, 0x8, 0x5, 0x6, 0x0, 0x0, 'syz1\x00'})

7m45.745473723s ago: executing program 3 (id=857):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0xc)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000000c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000200)={0x1, [0x0]}, &(0x7f0000000080)=0x8)
syz_usb_connect(0x2, 0x9a2, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x28, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xefffffff]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0)

7m45.646629817s ago: executing program 33 (id=857):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000700)='source', &(0x7f0000000780)='c:::/\x83\xc1\xcfD\xc4AO\x06)\xb03\xfcI\x95w\x96\x9b\xe9\xa6\x1a\x96\xael\x11\xa6\x06\xe3G\xb1\x1d$\xc2;\x8f\xf3\x13\xebB\x93\x94\x01\x8b\x88\xeb\xa3\x01\rx\x86bK&\x13a~\x04/\x18\x14ZM\xcb\xad\x92>\xe5\x01V\xdc\x05#\x13\xe9F\xa0\x1b\xf8\xe12\xe9\x80\x988\xd8?\x86\xe9i\x7f\xa8\xe0c\x94\xc1\xae\x9c\xba\x1c\xfa\xbc\xa8\xbf\xff\xfe\xfe!\x7f2\xf1\xc7P\x80A\x1c2k\xf6}P\x19\xee:i|0\x1c\x13u\xb0I\xaa\xe3\x14\x9a\x1f\x9f(\xd1$\x06\xa8&t&A0\xa7\xef\x9cL\x8e1K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0xc)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000000c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000200)={0x1, [0x0]}, &(0x7f0000000080)=0x8)
syz_usb_connect(0x2, 0x9a2, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x28, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xefffffff]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0)

8.152822008s ago: executing program 0 (id=3199):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x5)
ioctl$TIOCSTI(r2, 0x5412, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x402800)
syz_emit_ethernet(0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6000cd0400383a00fc010000000000000000000000000000ff0200000000000000000000000000010300907800000000600bae2b00002f0000000000000000000000000000000000fe88000000000000000000000000000186ffffffe6000000"], 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, 0x0, 0x50)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x12c, 0x6, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_RULE_USERDATA={0xde, 0x7, 0x1, 0x0, "817c2e7c9b3b1e1d40e2dbdcec89b8c7b05eb6c3dad8ad4d2cc0c358a7ec320a9625b486d3193498c5a87e139e5211139e9786f04106e527e6e6531fd70fb2f7fc384f71ccd81851ff1d504026c6810829d37bcbcaae78a83b5cbc2b34d7d880ea84a922b7f69981b0331d0209f14ed2e2d6c3becaee5ddc9ec97dca824ee72268999e9d916859f29d729251a461b6913956a89f9001de19624273fd15e5b0bf8ed0c432ffbbf952e5088c4cd49741c433b1c89fd375129772ea63be288aea4b5adeaee92907e23cc90c57fc6dc337001d7c4594704e1b196db8"}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}]}], {0x14}}, 0x154}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r4 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r4, 0x0, 0x4, &(0x7f0000000000)="89070404ff", 0x5)

6.666951494s ago: executing program 5 (id=3205):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x52, 0x1, 0x0, 0x25dfdbfd, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @fd}]}, 0x1c}}, 0x4)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {0x36}, 0x0, 0x0, 0x0, &(0x7f0000001200)=[0x0], 0x1}, 0x9c)

6.662046975s ago: executing program 5 (id=3206):
openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x141440, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x101000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x54, 0x30, 0xffff, 0x0, 0x0, {}, [{0x40, 0x1, [@m_police={0x3c, 0x1, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE64={0xc, 0x8, 0xb}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x54}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x9000000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x9c)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000540)={{@host, 0x20000002}, @hyper, 0x0, 0x2, 0x5e})

6.024881196s ago: executing program 0 (id=3208):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000003c0))
syz_open_dev$dri(0x0, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000000)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0e0000ea0300000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r3, 0x18000000000002a0, 0xb, 0x0, &(0x7f0000000040)="76ea090000000000009ba5", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000b00)={0x8, {"4a1c8686bcfee5208f0167953a62825b02ea50f67f1823f7773c3bc3212c1edd6c1949f236e43d41fc2fd343c04c4e6d954f66533aa0868cc7f34bb8996000634ce6c30deef2d8643aaa60b953146c94ac2c37b4d179db199ea84b5d351ad7972fbe5e0c5444323bdd85ec91359d206210064b54a9397831346aab546a2dfc7ff5bcf090a67f7e08458c6bac3c85d3d25f8c87cbad060cfc28e7bbc31a9236b2f06fb9da184a0a5894477d35de8df7fe672f47c260e28c3cb6444f0de8579253baacec249e1cafb6ad04a1f02bb74ae1e64bf3b4c848b4b69b36d15aa292fe2ad7c4988b86b7d1e7a4232b23465eb6240ac1e567761759c00d145b6edb5f041fd5eca6d94862233aa57093bbead8ced6643e4e482b151fa687bef6a7fd049df564ea97fcf61c8a2efa8708d17fae9c4b6fd66e12c8c451825f0239862afa7676a53c912b4c44d4ce76f5f2d234b648391bf1dce26d665b79646604d38d93c66a3a48fe8bae57e19d418674ddc60c20ff01f21baffeaa2d68be0b4e74657918f1fa48119cb84b9659acbe84b0bb43a8df61f200221f3b7a633ddc01b4611cb4d769cbc14254dcd64133501ee293b0aed25377ac81406df222137caca6c04849dfd8353d6067c878aa9b6b04fc827a8077b5c44f6b662195b43a8888b3ba3e61622e0081a8392e0a55c0f92d8b917589205071829c851ddc28a6f39b4e338205849753ef1db6950f59fa0c52c5f51722891d0ab3266f4e69b8fbead1bfe1d0eb10e304f494366950e336d7146926b73353da31c156a629dc34632eb92756e1584f024a07761facf2f8983cd41dfc4777561b373144ccbf450b87aa8c64ce759c9256a27798e05286ea7bccfc3e3510efc9558b3f7ea4d24e59d97d4a9609e4ea8c194ae551933bec2a97914e0ec1b4e7ad40609c4b3c3fd85d4df8761e10bca6f4c525ffee14f79fb40d9d9555c8ceb16004a17f92bc2ff675e97eae53fc6a47dd91b18401c672a9cfa7ff0ee243e0ab59e52389e799e0faad1446c06e297ffa7633a654f5eae529db41a535c4398e10c1eeb6cc2eaf462b323c7cbc471dc828798f094b9be68f76706f232979db2a806db3de1650ff42d1c69d491a3a1d876bdd35092e52421f0517bd9cdbfc772bb2d15bd7b8bdddea20eb1a0831b7fc25e20a1873bc480e781081588f5100860c056211e8b27d8e786c000cf4abb07c01674d42c21179a6f0f9eb7b1b66773c9c4b00d1a5eba3ad00f80ea97174f943d30653b3ed87369b2e0048e1e14eca44a6305963875dad15e5be4b2cd0177908382a8ce9d28ce890100e4e533fcbaad459f6c2e5a1076d547071041b117023e88f38eca9032c2eea9ecd37fc5e5b75601c6a48d0ad6082acf4da67dbf574735b5bd1a6a2f6c042322f39a76b99f67cb2d25e5b6834c87330644866b7435a96e1ed657a8cb0f9210b85875f835a5e50f7cb9a7bf03c8b8b08d9b289ec1bcae9c2240959a2f13f7d1978ec6c31a2459db59dff20a185749573d8d33fa04650953bd98ee0d2dc7ff2ece740e0e44794c32c8545327c9b0f4165eaa0b774f3dd84828c919cb6010569129ed1660d5ebaa0c79f8a8457f6e881c710a8f5d54dda474727ad2f04c639210cfee42fe5bedb9ab07627e08475442d5f776364779b09a5ab9df633a46afe7c5a08dd568800ee14c1808e46c41b1658a8d51c95f9e0a3992070eb4c645d3ae8bfda5aecd11750a634d7588d77e881d10038f7a6b446f465594ba98393b6fef4be981e71f92a033628420812063e42fc820b8d87a0e2b7073858c624806822dd6bd01855044d982365924d691b0c43b55101fb71de32ae5bba3ea92c2c753d51feb2a85989fafd0dc96e7eef7c2cd8d85d132501b3f2106f1caf1332c6f67a5f7a9db315e5d50a89244b9a7d979f0b2e3817197c5da18fb18b54fed53cc836f6d1dc5b0fdb9d6db8af03f9447bcd5105abe4646fb02799d728337cc08d86492ba0cc276691b0495173faf90806bc83160c2de9ff381675d7c092813f5441bd52a570f9bbf3c89b90b2b100071c57e88cf4c609e94b33b16b1528cdd108d594bd49a2c198b05f57e0366c71bdf24f00e8e9b8e8045d451093793a2a0c7bfe1f1cff0181d8880310390b8aa40d0bf06314d97ce34b4211a30b6e52cef2e59327d20d9059e0c66b8d8c602f1bacc688d5764ddcd53467757180b29d7ef66c483a2d541e38f7cf3aa70e7825877ad98df7ea45d819834ffe6e58699b1420e53d6e0b0897bb919baa6ec2417a0b7b678f69abc3c2036b583f6ceb7689c5262d90c016b4c0779dd7bbf1867d26cfef12c7543fcf8366482aa58630ddb95c9b35bb4a6b7e98519611f5c44f7527541d45021bbc04730cc7ace246842a01dacce586ae6ffe4c0ece46ccd9a15c06c5fdda6383233d46286dafd14c1d1c434eb60821c0fa2ac62d164806d4790aa0ac25c8f1565ccdf19796e58ba69f08e39b75832b710de6cee8cdc239e0c10aa01baf81bf2b7f946366f87392a8bcd601be4977096cbe1db6d36b4c3125658cfc98920dfceccfa82a2552c16a04adfd4c7b800900719550a8c9a64bb71ba5580a2bf5dfee193b664bc4ed3ec49f015921a91a30d882b582634a13ae5334969b72ae1b5f2839f116961e5b7352b1a61b079e8ce3896dd57bdc1807b8f062d17ec4f3e13370461117af3155cf8516acc52752fc64501852f178ddef4228b3509e5ca8d9c70e94a87ea49904882265e0fe895a1b13c062955ab889f29cb66c6ad0c57e726bf0b5e78717c96b70d57e64f65bdb01c5105a54ff9855030b1c8afc211588c9835a276bdf8e35dd3de2defcac86603aab111df629f55729472edc199901eca23206427d3ad0cd20e33710a0538be06ff03f12d1ef8d1f59c10f225a6dd609daa05f95618426a01e9ffd9c3a8d59cda168a2b9357269c2d6b1194a3b196e096ecf0ae85b4d39ad26eb5b4b95df8217a7f3fe0b193de8244df14ffdab8bfe2eb40a94ec5b3166ae8c24525fa2e86a6493ae86fa47816f77e4c601df12d636b46415b9ffbbb250107f7d2a71156efcbb60296d9e9a3050a7018f76948ed24ca12c8a5c3a5d2b0afc2cedb1801cecb27d8e1636199c3f393535aef6e5a65b0a05c1aa7d6b25585d23e13108a2e3f496ebab022b0769a7feb5a026625cfc8ac64bedc9194f29d865e080a8924d67b57db1bd85cec5a504302547d30231532400a4a63dc6ce226a36bc030b8eb3071b74cdd228e07640c9489f14ecbdd96da61989bad374634f1818fbce2b0e2d3f9dbb8d11fb605ac027b23ce8257376a6da3a7e9593beff87270900a76158b8521eb5e48d9a4018cf2935066f60cb1c5636fb3299661f7e9f7ca3e098df990bd3ac4948a6bd77520a1204d2fabd4ab7eb9e81fc72909a56a371a7c2384fcbaedc5e52b6be65864e50647bf75b3798cfc91f9af29b4e42a904e6f43ee5c52f78eeb07b67d2040d11bcc1751eaa8022471c8f9acddcb650272f325e95a988609d00aefa96e94a1852e7027065dcd294da21a7e8771f1c493d1f19d85484263d0f2123ddc3b03de16c40a2b55523a85ce2ebc45d5778cb1976444a9e34ad6938e32fdd7e1bb8679f5c28dbf32859ba77f983cc99e639c3dec7fd5892b40fe96a21cfc9821a4fcb2dc862e86d1b07ebb50a4e542585116c23cc394f5d907aca0370222d3b742aa6b1b5297c7f3248d63e7252540b571694dcbe529ff655eaa6706b70e1166a23d878f16d2d9bfda2a702f379aab623e80653d8d730b22371f85a8544446c2365154ad0c80c337d74519906c84b68c086c84ee19b8a11a2e2b7832eaf4c3741e69a5a5be6ec0a422f35c2da03edde307266f1684323700242fcdfc43086f32e7c63b198a99fa9435caa67727337635faba24ad3053712f0e20644a9491e6348a08dbae36d6fc0d9e3fbbacce16ec5094e0c783f974b9ee243d52979ce9e41ec6eafe5b5b67e7fd3e3a44edf3e3ae240c635d2c5b486ffd55a625d5aed19b845e965ca476ffc0d33db724666ac96156fe4691b57a1c8c9eec499381dbfcc05e30ae031c9d06a74a4637cfb579423d2e2b2f075d4205f38833ed689468dc722dd80f60a1d879b3e0a42a77fde128a6bd13e973bc80985296a28b0d441913538c81f48601400896c9b48e56e015f7fc301b62415d1f7d20ddbdecd0aec257e2ff55ac7e01d0ad1908002aed4d964aa7fd0a80518fad889cda222c84095874d3585ede9b9fb7b48f56bc08db3cb62b28366be16ba54095061e292275944d1c5ee21c432f09b37802f6e287bd60ec9e310fe97e236bec962aea59f1373a97c5dd5970d5b1e34010d694863651d4508696c1ea2bed714e81413295b44414f8e38d0cb8ade88b9c724ecdba7ee3c7e02d690d76132a2e960485092591881678a8959c5adc5d55cf9571dec96207b24e11d237eaf235775136e9f220d9c5f2b34133f8a49514c9daf1488923db6d00c1227ae5ba05ebe07761a4f4df4adc94fa894a5bb9c6c609eb077a13055ddba2296b7ba493442159a635d1ae7654b56912f9bf3eda868da3e4d760555b11d3f5d4030d54589378533bc01277b27731a44bb7b15a2a921f7862874866f4924bcba403d711d8b41c2902b2d6b67631b12f810ced5e87c08e683613dcdd6332b2e2290398675ea12138c2549221226abaa865b0025f698f13e1dabd4a4dddb61ed77965b8d47feffc461587210ac4543294eccfc97e882535680b392576fd4c3b6b587f1987c6dd5b28df1da14cfe2ec98859c651e30641c1610592122348e14e563d54f93a8d125056da7983960c2bf9a4ac22209912e94d90df4934282c65c7b9e65165305c01b160124aee9e2f59b11be25cb6c97c06aa62e04844d2bbf3a1476e6bd048924b7c30166796565c98efa7aef9c9ac52a650be504d8027d6361a2ebb4017da6de1d3cfa9e86fa442c3a63cd24630d563c93540dcffa0c6923a6512ccf274c533ae5e9000c51deaf1f1d664def78059066ec55c31a98c8b44dd11c7277d3d08c0c91d9de556e18aca33e1853a0bf2ee03dcb2f1e5eb6c925c0fa850f31dad0cefcb0eb17a67876c7a61bf775c5cbe07b31b7fa3fa94eddd13af90e8c004f6356ff3ca860d01575e9972e07877b76125cae5e71e90e20493d4ab9fa6169ad64b6139bdbdf7207c7c14702bd61c0aae6a003f05a077b11e09dc5df05a2b32f41ab5005a8c22207bc9dc608ab0ad736e2dee449d5de25108a91d1311a1494b6a3ceca635407765417a74441a19e004082b14efa13bd588366fb8645b3dc97121b4ae981db1f54a3fb101ac38cd7fff38cc7f72bbbeb0e271837fafc4676f4d3beaeb5fb9bcb271f480017edf6fac074e2e9bf9a839a78ad82348cda40fc05aac23ad37c87b921347f2e00a4624b0d6bc179f5e7d027555bc4c9c9e29b59847605b717c2feec208532f098da3f418a467d7aeff336138c2de8c0eb62d637b336e96cbdf448266d15b541ec4cf11e5bd638df5fe5c0099d9eeba815c65098c101ebfc6fc2eb963331326fe9f53f55628fa4fca752b886b317e4a222357a53bd4ef2e59fc751b3798bbe25e0ef2dd19e4b17c3ffa6865c557a7791617dbd33fb6fb250b496d7c7b83adf6c7d69b7b679b2e708eae073ad289988a6bb29a477ee93e854d75468bb5692e429bb209076ffa0a449dec38fd0b29626c16c9661f1ed52f94ce30e2cdf9af8090dd30cba6c41616b7f185b299f4f754a083b2b63dcb7c4fd06a1839ce914dd134cc387552f989f6feda0", 0x1000}}, 0x1006)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r4, 0x5408, &(0x7f0000000080)={0x49dd, 0xffff, 0x0, 0xc003, 0x0, "fa3d76170000001b"})
write$binfmt_aout(r4, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)={0x0, 0x4, 0x1000000b, 0x9, 0x4, "00000000000000000000c2041a02003d00"})
r5 = syz_open_pts(r4, 0x0)
r6 = dup3(r5, r4, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x17)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0)={r7}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x11, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x50}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1316}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.826703428s ago: executing program 0 (id=3211):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x0, 0x20000000}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20004011}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRESHEX=r3, @ANYRESHEX=r0], 0x50)
mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000340)=0xffffffffffff0001, 0xd, 0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r4, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @mcast1, 0x3}, r4, 0x7}}, 0x48)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r6=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000100)=0x1, r6, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f0000000140)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x6, @loopback, 0x3}, r6}}, 0x30)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000240)={0x13, 0x10, 0xfa00, {&(0x7f0000000580), r6}}, 0x18)

4.664311467s ago: executing program 2 (id=3212):
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, 0x0, 0x20000056)
io_setup(0x3, &(0x7f0000000180)=<r0=>0x0)
io_submit(r0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b34366d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="50000000000101040000000000000000020000001800018014000180080001000000000008000200ac141400240002800c0002800500010000000000140001"], 0x50}}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_TEST(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000500)={0x15c, 0xb, 0x6, 0x401, 0x0, 0x0, {0xf}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x9}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_ADT={0x7c, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0xc9c}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xc4}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x8}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}}]}, @IPSET_ATTR_ADT={0x54, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x59, 0x1, 0x1, 0x0, @empty}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x81}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x40}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xdc2}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0xc}}]}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xc}]}, @IPSET_ATTR_LINENO={0x8}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_ETHER={0xa, 0x11, @remote}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0xffffffff}, @IPSET_ATTR_ETHER={0xa, 0x11, @random="44b4852153b3"}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x5}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x4}]}]}, 0x15c}, 0x1, 0x0, 0x0, 0x20000010}, 0x40000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x9c, 0x30, 0x51b, 0x0, 0x0, {}, [{0x88, 0x1, [@m_skbmod={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x20, 0x2, {{0x3, 0xfffffffe, 0x20000000}, 0x100000000}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x84}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x9c}}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r3, 0x4b52, &(0x7f00000001c0)='g')

4.527410013s ago: executing program 2 (id=3214):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000200)=""/227, 0xe3}], 0x1)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003f80)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001e0001eb25bd70000800000001"], 0x114}], 0x1}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prlimit64(0x0, 0x11, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x1d, 0x2, 0x6)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',gro{~\x00jd=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
write$FUSE_DIRENTPLUS(r5, &(0x7f00000003c0)=ANY=[@ANYRES64=r1, @ANYRES64, @ANYRES8], 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
dup3(r3, r6, 0x80000)
syz_open_pts(0xffffffffffffffff, 0x40c980)
close_range(r0, 0xffffffffffffffff, 0x0)

4.470807983s ago: executing program 4 (id=3215):
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fchdir(0xffffffffffffffff)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) (fail_nth: 21)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_int(r4, 0x29, 0x1a, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)

4.463862338s ago: executing program 5 (id=3216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
statx(0xffffffffffffffff, 0x0, 0x400, 0x400, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f"]}]}, 0x114}], 0x1}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@ipmr_newroute={0x34, 0x18, 0x400, 0x70bd26, 0x25dfdbfd, {0x80, 0x20, 0x20, 0x8, 0xff, 0x1, 0xff, 0x1, 0x1000}, [@RTA_NH_ID={0x8, 0x1e, 0xfffffffa}, @RTA_NH_ID={0x8, 0x1e, 0x2}, @RTA_PRIORITY={0x8, 0x6, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c015}, 0x0)
bind(r0, &(0x7f0000000080)=@in6={0xa, 0x4e20, 0x9, @mcast2, 0x25}, 0x80)
socket$nl_route(0x10, 0x3, 0x0) (async)
statx(0xffffffffffffffff, 0x0, 0x400, 0x400, 0x0) (async)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f"]}]}, 0x114}], 0x1}, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@ipmr_newroute={0x34, 0x18, 0x400, 0x70bd26, 0x25dfdbfd, {0x80, 0x20, 0x20, 0x8, 0xff, 0x1, 0xff, 0x1, 0x1000}, [@RTA_NH_ID={0x8, 0x1e, 0xfffffffa}, @RTA_NH_ID={0x8, 0x1e, 0x2}, @RTA_PRIORITY={0x8, 0x6, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c015}, 0x0) (async)
bind(r0, &(0x7f0000000080)=@in6={0xa, 0x4e20, 0x9, @mcast2, 0x25}, 0x80) (async)

4.291764487s ago: executing program 5 (id=3217):
r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x2, 0x2, 0x0, "8baadc68379dd10000419d09000000000000000000161c00"})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000007, 0x13, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

4.082076615s ago: executing program 4 (id=3218):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
r4 = socket$kcm(0x10, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x42, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r5, 0x891c, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r9, 0x4048aecb, &(0x7f00000001c0)=ANY=[@ANYBLOB="0400000000000000020000000000000000000000050000000000000000000000000000000000000000000000000000004ce52632050000000e00000000000000dd0c00000200000000000100000000000000000000000000000000c00000000004000000000000000000000001000000000000000000000000000000000000000d00000003000000060000000c000000000000000a000000fe070000000000000000000000000000eb332808"])
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
unshare(0x6a040000)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f00000002800000121f", 0x11}], 0x1}, 0x2000)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0xf8, r3, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0xe4, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0xe0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x1b, 0x1, 0x18, 0xc, 0x12, 0x24, 0x36, 0x30, 0x6c, 0x2, 0x4, 0x9, 0x6, 0xce24f37741590a26, 0x24, 0x0, 0x6c, 0x3f32c8a39364982f, 0x1]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x0, 0x1}, {0x1, 0x4}, {0x5, 0x3}, {0x6, 0x2}, {0x0, 0x3}, {0x0, 0x1}, {0x0, 0x7}, {0x6, 0x1}, {0x4, 0x9}, {0x4}, {0x4, 0x5}, {0x4, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8f80, 0x80a0, 0x7, 0x4, 0x9, 0xffff, 0x8]}}, @NL80211_TXRATE_HT={0x32, 0x2, [{0x3, 0x3}, {0x5, 0x2}, {0x6, 0x5}, {0x2, 0xa}, {0x0, 0x2}, {0x7, 0x3}, {0x0, 0x2}, {0x1, 0x7}, {0x6, 0x3}, {0x6, 0x6}, {0x4, 0x8}, {0x1}, {0x7, 0x2}, {0x7, 0x4}, {0x0, 0xa}, {0x3}, {0x4, 0x7}, {0x1, 0x8}, {0x2, 0xa}, {0x4, 0x9}, {0x3, 0x3}, {0x7}, {0x5, 0x6}, {0x5}, {0x5, 0x2}, {0x7, 0x3}, {0x6, 0x6}, {0x3, 0x6}, {0x0, 0x8}, {0x4, 0xa}, {0x6}, {0x4, 0x6}, {0x1, 0x9}, {0x5, 0x3}, {0x1, 0x2}, {0x5, 0x7}, {0x1, 0x4}, {0x5, 0x8}, {0x3, 0x4}, {0x1, 0x3}, {0x5}, {0x7, 0x8}, {0x0, 0x3}, {0x5, 0x3}, {0x1, 0x5}, {0x5}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe7e, 0x7fff, 0x1000, 0x61c2, 0x8001, 0xd, 0x1, 0x4]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x1, 0x4}, {0x1, 0x8}, {0x1, 0x3}, {0x0, 0x2}, {0x7, 0x9}, {0x4, 0xa}, {0x0, 0x8}, {0x1, 0x9}, {0x3}, {0x2, 0x7}, {0x7, 0x3}, {0x7, 0x9}, {0x1, 0x2}, {0x7, 0x1}, {0x5, 0x9}, {0x4}, {0x0, 0x1}, {0x7}, {0x3, 0x5}, {0x0, 0x2}, {0x0, 0x7}, {0x5, 0x9}, {0x6, 0x5}, {0x3, 0x3}, {0x7, 0x1}, {0x3, 0x9}, {0x3, 0x6}, {0x1, 0x8}, {0x3, 0xa}, {0x5, 0x7}, {0x5}, {0x4, 0x9}, {0x3, 0x7}, {0x0, 0x3}, {0x1, 0x7}, {0x6, 0x3}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x3}, {0x4, 0x4}, {0x6, 0x9}, {0x3, 0x1}, {0x1, 0xa}, {0x7, 0x4}, {0x3, 0x1}, {0x2, 0x9}, {0x6, 0x2}, {0x6, 0x4}, {0x4, 0x5}]}]}]}]}, 0xf8}}, 0x0)
ioctl$RTC_ALM_READ(r1, 0x40187014, &(0x7f00000003c0))

3.91909846s ago: executing program 5 (id=3219):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x38, 0x9, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x5}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0xcb58c9f2fa78421b}, 0x40c0080)
kexec_load(0xca, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="2d8bc7ffc40f7bbd34555a9bc9565bfa1876e07fe61e3fdd96c8dddde03cc3651e0f8e76ed5e8653cc7b1a7f328761713b688961425bc1c9e8b8abadb5ef6454ab93dd08661046e41d61886a0a4d9bb0dcbf4d1cf0baaed15e371103af549245329f55257ccbdb5be34dbeb22d482192d13341856ea4d869fc90bcd54d12ed6cd026b0f5ebaa3fdef900e7b5735e8d977e9bfdec625135560d0facb196cef8df2fcc15a7b6a4deec883dbf66f457839710051c75137c035ee91cc0c96a52995ab79f92199dfa46a77ef6f5aa68", 0xcd, 0x6, 0x8}], 0x3e0000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r5, &(0x7f0000002180)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000002140)={&(0x7f0000002100)={0x34, 0x0, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x40090}, 0x40020)
keyctl$read(0x2, 0x0, &(0x7f00000000c0)=""/4096, 0x1000)
r6 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000500), 0x2002, 0x0)
ioctl$IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r6, 0x40096100, 0x0)
keyctl$read(0xb, 0x0, &(0x7f00000010c0)=""/4096, 0x11f)

3.407379877s ago: executing program 0 (id=3220):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000a40)={0x30, r4, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc}]}]}, 0x30}}, 0x0)
sendmsg$TIPC_NL_NET_SET(r2, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0xdc, r4, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'team0\x00'}}]}, @TIPC_NLA_NODE={0x4c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "9d5f8e4d31b3f104a2c109fe6ce70ced8ffbf954a0a0151b0ab4"}}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x42ac}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfd1}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xb}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3203}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x80}, 0x4004)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="4400000010000104000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="8020005c00c92135dd240012800b00010065727370616e00001400028006000200300000000800040000000025adcfdc53af57838f395aa2f9d10db51a6ddc2fd9d03b6be6c69341c59120aa00fc8292c69c42d8d70a64a36867fb27e901527773ad79e1417c3df7f2923edbe085b2433a84f424aa8138f67d07922c1aed01834835e117be963e4a06866bfd40820c26a023cff1a4"], 0x44}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000001c0), 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='overlay\x00', 0x2, &(0x7f0000000200)='workdir')
ioctl$DRM_IOCTL_MODE_ADDFB(r6, 0xc01c64ae, &(0x7f0000000380)={0x0, 0x4, 0x0, 0x0, 0x10, 0xf})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r5, 0x6805, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000140)=@x86={0x0, 0x6, 0xff, 0x0, 0x3, 0x3, 0x7, 0xf, 0x13, 0x3, 0x0, 0x81, 0x0, 0x5, 0x7, 0x9, 0x9, 0x2b, 0xde, '\x00', 0x58, 0xc1ac})
ioctl$KVM_GET_VCPU_EVENTS(r9, 0x8040ae9f, &(0x7f0000000100))
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000002"], 0x7c}, 0x1, 0x0, 0x0, 0x24044010}, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x58, 0xd, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x40090)

3.137482905s ago: executing program 2 (id=3221):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = fsopen(&(0x7f00000001c0)='iso9660\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@initdev, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000000200)=0xe4)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe4)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000380)=<r4=>0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000003c0)={{{@in=@initdev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}}, &(0x7f00000004c0)=0xe4)
fstat(r1, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
fsetxattr$system_posix_acl(r1, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000580)={{}, {0x1, 0x1}, [{0x2, 0x1, r2}, {0x2, 0x6, r3}, {0x2, 0x0, r4}, {0x2, 0x3, r5}], {0x4, 0x2}, [{0x8, 0x4, r6}], {0x10, 0x4}, {0x20, 0x4}}, 0x4c, 0x0)

3.074446624s ago: executing program 2 (id=3222):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r1 = dup(0xffffffffffffffff)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r2, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
lsetxattr$system_posix_acl(0x0, &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f0000000540)={{}, {0x1, 0x3}, [], {}, [], {0x10, 0x5}}, 0x24, 0x0)
lchown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0)
io_setup(0x2279, &(0x7f0000000280)=<r3=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
io_submit(r3, 0x2, &(0x7f0000000140)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x3, 0x2, r4, 0x0, 0x0, 0x3, 0x0, 0x2}])
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_DST={0x8}]}, 0x24}}, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x1000000000000049}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

3.016132651s ago: executing program 0 (id=3223):
prlimit64(0x0, 0x0, &(0x7f0000000000)={0x0, 0x2002}, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x8, 0x8, 0x7, 0x800000000000009, 0x1, 0x2, 0x10000, 0x100, 0x8000000000000001, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0xb, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x8890, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x4, 0x8, 0x5c3e, 0x622, 0x1, 0x5, 0xfffffffffffffffa, 0x1, 0xe, 0x7, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x6, 0xfffffffeffffffff, 0x8, 0xd, 0x9, 0xe8, 0x80000000, 0xc62, 0x2, 0x10004, 0x2, 0xcdc, 0x7, 0x2, 0xa, 0x2, 0x5, 0xfff, 0x9, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x5, 0x53a, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf6, 0x7, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x2, 0x2293332f, 0x6, 0x34, 0x0, 0xd, 0x2, 0x0, 0x2, 0x2, 0x7, 0x8, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
r0 = openat$userio(0xffffff9c, &(0x7f00000000c0), 0x601, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000100)={0x1, 0x2}, 0x2)
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001600)=ANY=[@ANYBLOB="5c000000fa1e01080000000000000000000000000c0007800500150007000000050005000a000000050001000700000005000400000000000900020073797a310000000015000300686173683a69702c706f72742c6e6574000000005fccd4e6a7233782768d498f80ef80bbcdba192d2923db2dd8ff353296d4d37606a10c6cbee5f26c597ce08bca8d6fb8238d04302ec7154abf137be3b47b54611a568f8ed04de78f557d8d418e9baf88bf19cc23747c0ae8f5247d26e19fb8b0f84b1fc1e414032febb12bf413a2130f79f7b23e5d51dfa6068274a3c6fe40fa"], 0x5c}}, 0x0)
sendto(r3, &(0x7f0000000580)="e2f0edb4a09de4eb8b568b1945dedf3065915ea6ba9b3a6636d037f112f6eeb4ba55fa217f56d18047027c8a2c1fce13d675bf4e659dc3b599a318bda8aa62ee96fa3def9d8cbbe008c0935f882def74cf9f8b3ad2c8a95648384ba2e6f4e13781ad844eaa2eec04d37cb63de0da0a0f9d0d1046996edadb44a93a4789c6bb303d1d3eb7e8d12d5ab9b186705bef99cd461b6d66109145d9983ce9b35986e0fb1a8008abdf58f6663ec0daaf42b8b51ca37a6d993519ba2770e2c40cc4bcba6ee9d8bf1a734fee4921cedc905b94e40b6b33d107bb9b41419cbb5226e1d5cf71593b1e4a40b13d3cb929441f6862a59d9f4c9b51d55ce7e7828cf7fa2a983d1bec60be3f12cebaba0f3d0b9221780d29f3ee849d59b5f35739c45c5b20c2fd1c83d73e4f0ff3b64fcba584a880a8e42dee9ae3a64c8dfd4b8c47ef1c4fdeb0ba4500c88492ec10f0c1a2361f9f9b98ee70eeda3f3faad05a69798d8aa1921ceaa504c7e3bf05575bf9bb4bb87041185441cdf9945e979432bda67a56eb6275d5ff14f1c3457732537d0b73a660e3c2af361ad02c01cf296565a5ef847192cf9861a7743523e70852eb5e051f62566bb1d239b2fdbf462d69e053aa275b39002c5e922314206ab6fd10da81fb2748220bfdee87e4825aac65963166a163a3e3d43de0f7ae1b91e92854861069ffdda70775099b379a0073e39f23d343827aa3b2963f6b0e195c8b55dc0f9373bffc627d0706e0e331170505c0f3e53e37d42af0ecd2d9423fa5068fc07184e66631f326518f7ade3ae7338a13379705f5aa3638ff3c490be8b5ee96817d3ed4295c5094e25387ab6b417c66c92c6a687bb4f57adf5ea27adc23965cb0f592d26880c2827b03aa817ef96b8e2b31ad5eae5ef5d3a93bee78ea3017dc343a30a775b9754c4bbe625760082cccf696c91b50c3d258a973096db9bdb03125f90577b260079f38ece247fecd3e518a3700eb13438eec5e57885d2bab4a01e597918b0165499e396ed8bd82fa46faa64b210bc2e3795f293ca66fb5b0b465171ca2c290fc702aefab470740616a82653e3a6af0dfd8c1877eb47a8f9066b2a379d216fb3797462c04d8a128d384fb37a01c5730796a4c56c62154321f6127d39c8341d21bdf9523bdd994dd80e6a24b129866bb36a34c6170dabb907723edb45756ff679a47d5849b8d1f68d09d71237978696d67773cf4a092997a25fc8ba3d4be8be189dee96963fbfc30cf7bd0210d50b395669d4559ba53ba7534483734b0d92d06928be36d8de23b06e87ba423245780852674bb4c1343f44370f8ed6e2cb668b7e8b1434784b34818891719abb283a709ce4aada4ffd0a14c5628380dd5ef702c2c97d0ba57ebe7f5c0de07a760ed7ced773b49b22a311e35b54ec3061af181ef8492af79f968a73fde151a0b06a113546095d2d264e06aef48b356e16a5d9cc15b90abfb3a7b74c0bdfa46054ea02e4ffb63f5d85018f80bdfd095d5b99c449f5284683addaba3afde85f7593a3ee7e4b6f01d761a6bf526c7a83a285c7c9743633d1956fca774bb045bc211879bd87a0b4dde14f0a9a77bf3257981b6ec3765d0e47f43d583c4b07f2abd7e8912f65f0b79cabb42a53aa1365f3b42a5f3b7e4888cefd5d4998da1a9bf5b6ecbb5ced73cca8b1fb798caf0f57efd2261f980dcd6ba560ed3bfae36bfd7c21ad995311dad6390a2eafe8f6cafe6c80f3d85ec28cc51c6b04f814e9ab8e45469ba339dcf22ff410ca8d0d6180d9d1342d807633562c38608148292276182455acf354144c1dd3c2383662164f0103b14107e53745c00cdbfb4acde372d9a3e8de15671df4f48ef038498a7200abfdfde96daa29399999d63b10e9bf352d977e1f6c45e2719b2ada5e14d615363449c14fbfccee355e0e0c8bd22ab56914a0e7963c76d771c24c5970a77370521b6fe3be49d9610115179e2ed91d27b00ee5c1a9d0d1db1d01c3b46642ab6e311a7fe5a02cae5113fa09d8895d783bb88d8ab4eda0bafee88d5ed5faf902904c59674b3c4cb1d681f124f26add6019a8e67a2769acb66e75413aff6a16d39d3334a7a96d96476bbfc96ccf49de62f5fe77f07d560f11b53c511ab800409f683e3ef180442e83a305b056dcfeee3d7be93b1c03799588d8aaa1d109a4b09c5031f4ff0721038ed2af60524c0d7cc7fab7c0abbee97b88822bf09a4cd8f56f9346065a7137c52839d77200347ef6b8e68fe12663fcb13c719cee24cc895cf43514215e091d278b3e3b9c92ca70d888d40697e4fa3b50f512f7927b244a82711f40ae72b78d6ff88c908c82000137f38f5ff68bc4ddc12ed9274062acafbe59db14c96c415b7e1ad7036395719f108d9956909003998e9af9b025c17b8f48bfd4b63c30108ca724e122ca12bea07244b2d6087a8fc4e9d4528b5fe2740d05552f4bf07e85863d23137ccd456857a651eb9fef0c903a9cfc48235c6520f9ad88865be22c2acc917d5a3dfb5e7801991ab9f423f5ee4ba10c077fbe7252468b8d4cc3d91d422301a356444002ce45af93f84dae16aca0741569a8d86a70ebf66382e914419f97484e0547485baf34eddf1b119b4ce62471a22a59db92cab18c5849b0511553e472f492add55eb604a27f6a5d3876fb0c714bc75c1f5ecaf0d2fed7e50a49260220984ae2f46e667f1875f3e8f48740dcf47dfd812f7cba498bb9f43b4de4652277fa6872c116adbd897d9ef8bc477bbda1609c622e4de3867525c3dd9051dfc3567cc047ce224d4daa0e18f96713c64cf38e96a37f23936623e296ce35fc38c9ae5ad577a2fe014d1a3d153e21c22866580830154071abbb030483060fc4bcbce8ee10322d34fe8e61e93103e69719cb878065e79cd14971042967136b7f322afd779df894b0ed3fa69536233df076fed97018a77f4f7cd5193cc72cf5578432f7efd52305a7b45f5eec620ae981a79ea8fd7a6661f05befd4560d4a132b9114a824a7dab0a891a8fef83174dc649ef97d5b9f348edf0366a0f2b16f5c4f980e8b43eb27ae6b5c47c8dda69880c922a18aa2c43b8d41375bdeabcbfa4375cf16052e557f8153fbb1026249e561a1e1266ef99756a78d9ffab1be81b056c554a338df9c28f4f8bebc1f492c5bc28a9d20c8796462c2e27cdfceb94ec76c2ea12645801f13258f24db59b3328d49fac9f9e8777225da4f9dcfa6e541de9a732d96813f0b93bac210cc489c5b2396136e3b47e2ae360398b4373e46af7d340713b0f068b33ffa4b81bbb5b70f6f9deb341c0f5002fddb18bde294d5d126a1c376b411fcece5ece7971326f4dcb6399592113f30032198369151e7d5384437045e391c032b75b4e9f1e50a9e4a314ff1773210af94665d12ef1d263bbc1a821e87909cd39fef474d14a2fa99405f85f8e01c13e4ecc3922f4742bb4bb6baea20507aff8ffa0c872c86253af9cd6747299a40b83f8821025c0578094c229b0ab596541af1976cb55d92327a1c1bca3751c1d5ef003bab87cfe991baf73e36a4f88cbdc9035c68c139518545b2a2434ead0ba5a433013e9fefc8b0855dee7071af2d41f450fa333c880d273d35ee0e160620cef71d9139e19e4885e20c79fb7565e6c4b8183a6c6840e65e3557300690fa44173f871c32539db1b5ae5c85455bc6a4d276e4c7a5ebec55c81faa0402f8ca29debc52023d6788a29a27b9faec7ae6428b0f4f72305686b5033b28e92eeb40dfd5c981eac856fe5af61e71b1b5a0722c64b9bea839173a5295a26c6efa0b090d6110b57b1f2ec4222defc1c645a70a2bd7fbf907f26b467ea63f1d56904c81cf096869e66bfcd31c6a7b4833d082d84e4265600a48d993f4f4704ac0ff0f99bf13bfba26264bb8b433352b7b6819cf504d29da37da06d407a26f519fbf0fd79a07609d3ee9aa0895303111ace5b90dc310d409a292829b90db12cf33402252c58c3b8ba791c0dc72bee5cef634c37aa959ae93469622905a67df1e584c861296af3e1c7afd5ed520a517841e9c25422089975eaa41b178690b68d0e9cf4025c09d59f90aa1f589abfcbd61789e761660bb0dc7f5ccff7844eb3682dd90ffd9219a6dad8575d90abdf349da962d260f01c04e7cb1e503d8ba10ad2de14f90e49e2bc4ccac8341c52ce76b838310bd71bd2f5dfd9b57f6c5d74922bc780fdb492b5b180f1a90390ca8568b67518da4aacaeb1c83ef9b45fec82708c58983d1fa1a5ef209c6676bc8b12b303c55531d872a4be75f997d63506bbedc757b015109eb743206adda095e26b2fe261c79ef604289976a99c616303dc029fe78f41f534e7b406c3ab4ee8813aa17456a3e05c8b6e08dd2e85cef531eecdaf1992d9685409869da4ece661c22056f0d550d3512c06fa29a854c26b05a7657b9c76d4930e7d4cca88d4a318a28ee6947516b7e6d67b4fe442c472a02a0e932ab6f9ea496d557d8af01d75b47fe36e7b07e52f6e6add9b29819edc6bf68e35a89e137177a1641576abf1572b58e586d22634d0645b705009c72887fa79d3c817f868bdae7507971603af2e099500ef32d98f2e62dc42aaa8a3f7126ee0fe37f64964cde7470846cf74c369990e4d6a8ba7b39f5fe6ec40d9a32dd91be5e6387af26605c2ae84b01626ec831858e4b7092bb220b8ce1d76d4a091920780455d054c6590bae69aaf37dc69699229aa9186ddefbcc5da5b3eb5aa50458e38c83e4d84469c7b4ec76aab3f92415a39644185659a2fce6d27a6291b455a27dce9156fecc54d4cf2a30fce1743f54cbe09b8804af806b0c41cbde6f3b0fd5d2554bbd9c9783ce43f9a33095d5fd13acb186b838d033095df073eb1f453467b5afcd554ffd04659d85dbf62d9568b2e7648067692616894803ad9001bc709ddbc0f73946f1a362d6e300fe1b4e68121ba45aadfa0e0c923b925e41672d2a7b35749681c0be98dc17b821d82ff0188bd4e159ce1591bc4bd044cf012edc500f53b191f489fa1c1e842a3380aa2d84a2be95c9e71abfe3e2194a36489cca558e18deb0f7f892966b36e7f9e687ea3215c8ce8fcd21e26b03c699763ed3191c855159936e91f1a0f5d6bc97bdb1b200cd0a0eccc04a3b51f0f200d3c634216c84715262c98357baacd85b0471006bbda3d920ccb77368abb51758b19b86a78a6f828c1a89f0f8bee3b987822809142997e97c7c8127da9d4c7534778628f2c55022998c88515676b859f65a5e29edab5099bb1ecaaa4d221725fd38768b79cc191d5dbc4a3ec67f47711cc0461d4bedfac6ca2a3e8ab27010da8bd1452a52686ab304d6f61d88b2a377936b0d533e7862697c6c470013b57f79f16ac9f21db6d7f4c83be3af5cb9265221ac29b0344f159dac1ec467c70061c5892ac003329d2c3ffb17397d968acb3292cba6739fbafeee17c1de90fb88b43f61927425f9012025bc4df4536eb0ef744af67d8b09b2bd7a37f25de9cbe79f64aaca31f08f43cf2b6d966be6aa878cd93d0236250c52f202bcd2f584b563479ebfc85e8a298c25b83f01118ddc745a2eb24c3f622d40bcfa2b948858fcc51c896d72dccd1d6d0d247d6144d591925228ebdf2b7f5d0868e676a1d2e1f4435d9ac458fc027f80191f2b120d86ff21e14166ea19eabace8809a8e5c0e9bf318b893ceb3f812d21b0501287c6d60e70c41a8dcc772b1766152c49cd0fd640921093fb7e8a4287a62e1236c1bc340489530555e7985f5ac09e3c752fa509c5d5f12a0fb1ade630d21ae684d565b60b39d744d687460e6b44b8c08", 0x1000, 0x240000d1, &(0x7f0000001580)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'ccm_base(cbc-blowfish-asm,sha224-generic)\x00'}, 0x80)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040))
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r4, 0x400448e1, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x3, 0x8000000000005, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x6, 0x100000000000bdb], 0xffff1001, 0x124182})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202})
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0xa7, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4e, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
eventfd(0x7)
syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = getpgid(0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x80000)
recvmmsg(r8, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x10}], 0x2, 0x10002, 0x0)
r9 = syz_pidfd_open(r6, 0x0)
pidfd_send_signal(r9, 0x21, 0x0, 0x4)

2.948089834s ago: executing program 4 (id=3224):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x1}}]}, 0x38}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newtfilter={0x138, 0x28, 0xd27, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xfff1, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x108, 0x2, [@TCA_CGROUP_ACT={0x104, 0x1, [@m_mirred={0x100, 0x18, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x15, 0xe, 0x20000000, 0x6, 0xb077}, 0x2, r3}}]}, {0xb1, 0x6, "a01b3626d64927936bbc5647617de6836ddf5fa1ca509c24860a8ebef5c3a8d6d59f5a1761b778bb1a5ff7194069833315f2476c7c71adbf54878fc1e0e4dc8445202829af17665600a45089f95e0bbbc59bc9aa4056f4a2dc34fc54b07bb534112606feb6c77935b0c10212121218370abb055312b1a068573493e1fdd0e3a2aa01b232b5a113b053e0d765d035231959b1c33fd37ff71a989af2134d8016dd6feaca07f060b544a0e576ee93"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4810}, 0x814)

2.880347735s ago: executing program 4 (id=3225):
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000001c0)={{@my=0x1, 0x1}, @hyper, 0x8, 0x5, 0x80000001, 0x5, 0x8000000000a3, 0x5, 0xf0})
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r1)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[], 0x48)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x3)
sendmmsg$inet(r0, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da", 0xf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000a80)="353a35d6094e4ee7d764b6", 0xb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000640)="252caf3a209539dd4482324da34840047e322d094abd47ba796c5909ccd4e0046bb1cecbad790873c1e322ec988526e2dde59e7ff8a900c525297eea9df0d0bf652b6c78f435436a6ea7fef2d9effe14ba9d43db9cc558c50b7957a51d7e5bdec3a04a8df3113927462bd002", 0x6c}], 0x1}, 0x4002}], 0x3, 0x0)

2.878647366s ago: executing program 4 (id=3226):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000003c0)=[<r2=>0x0], 0x40000000000000c8})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000400)={0x0, 0x1, &(0x7f0000000300)=[r2], &(0x7f0000000340)=[0x4], 0xfffffffffffffffe, 0x0})
r3 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[])
read$FUSE(r3, &(0x7f000000ddc0)={0x2020}, 0x2020)
mkdir(0x0, 0x1f4)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0/../file0/file0\x00', 0x40000, 0xe0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xed14, 0x10100, 0x2, 0x0, 0x0, r5}, &(0x7f0000000080)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1})
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x7fff, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(0xffffffffffffffff, 0x227b, &(0x7f00000000c0)=0x1)
readv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)=""/54, 0x36}], 0x1)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xc3, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
geteuid()
stat(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100))

2.16853393s ago: executing program 5 (id=3227):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@newtaction={0x18, 0x30, 0x301, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$kcm(0x10, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000080)=0x4000000b, 0x4)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000a80)=ANY=[], 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x7, 0x1)
socket(0xa, 0x3, 0x3a)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x40000007)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x80000, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2c6163636573733d757365722c706f73697861636c2c00000000002c00000000000000000000000000006c2d2267d70c98a8c38fbf64a2076ee1dd46254979470843c2cf54c3fea9817ad5db9915a96898b3b1c6a3f0b6733ee7"])

2.095941693s ago: executing program 2 (id=3228):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs2/binder1\x00', 0x800, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
readv(r5, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1)
memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x28}}, 0xc000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c011}, 0xc000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000)
sysinfo(&(0x7f0000000240)=""/60)
r7 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r7, &(0x7f0000000280)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @broadcast}}, 0x24)
sendmmsg(r7, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="10000000100100000100000076633e159d28a98234bd5ae6a62a42c33f64ecf0deb50c8b5b0768ff3ed96472a93ce8cc3def97bf14696eb4ac1991627146bb572661af063fb548002e9fdc033a3acba0ffe2082c17dd144b20bb90b143ea2974f0551b3183399834"], 0x10, 0x7000000}, 0xf401}], 0x1, 0x0)

2.049436138s ago: executing program 0 (id=3229):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x5e, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4090}, 0xc6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sysinfo(&(0x7f0000000080)=""/125)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x10001}, 0x8)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket(0x6, 0x2, 0xfffffff2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000100)=0x9, 0x4)
sendto$packet(r0, &(0x7f00000001c0)="0b9bc793dfb23479cb032200e0ff25000200475400f6a13bb16a78b6000000080086", 0x22, 0x0, 0x0, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x20)
dup(r0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x40600, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$I2C(0x0, 0x1, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040), &(0x7f0000000080))
syz_usb_connect(0x5, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e1020087334cf57388d190a4f6ec8dfcb9556ecb8bfa39f7a71f1f48c3ddc44c6a943cf5c12bf7cf171e8552502423aed91ff1562005bc355d3f60de35210d11afd6d61d3226"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000380), 0x28000)

1.702466279s ago: executing program 4 (id=3230):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x5e, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4090}, 0xc6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sysinfo(&(0x7f0000000080)=""/125)
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x10001}, 0x8)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket(0x6, 0x2, 0xfffffff2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x11, &(0x7f0000000100)=0x9, 0x4)
sendto$packet(r0, &(0x7f00000001c0)="0b9bc793dfb23479cb032200e0ff25000200475400f6a13bb16a78b6000000080086", 0x22, 0x0, 0x0, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x20)
dup(r0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x40600, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$I2C(0x0, 0x1, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040), &(0x7f0000000080))
syz_usb_connect(0x5, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e1020087334cf57388d190a4f6ec8dfcb9556ecb8bfa39f7a71f1f48c3ddc44c6a943cf5c12bf7cf171e8552502423aed91ff1562005bc355d3f60de35210d11afd6d61d3226"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000380), 0x28000)

0s ago: executing program 2 (id=3231):
r0 = gettid()
kcmp(r0, r0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x3, 0x169, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000ae000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r6}, 0x90)
signalfd(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x708, 0x41e3, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000200)={<r7=>0xffffffffffffffff})
connect$netlink(r6, &(0x7f00000000c0)=@unspec, 0xc)
r8 = memfd_create(&(0x7f0000000080), 0x0)
splice(r7, 0x0, r8, 0x0, 0x408cd, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000000000010d21f066000000000000109020000092100000001220500090581039f00"], 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r9, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

[  534.846946][T15560] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  534.846956][T15560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  534.846978][T15560]  </TASK>
[  535.318301][  T840] usb 10-1: USB disconnect, device number 16
[  535.528122][ T5988] Bluetooth: hci4: command tx timeout
[  536.506350][T15578] QAT: failed to copy from user cfg_data.
[  536.696747][T15589] openvswitch: netlink: Key type 2064 is out of range max 32
[  536.704234][T15589] openvswitch: netlink: IPv6 tunnel dst address is zero
[  536.877328][T15594] lo speed is unknown, defaulting to 1000
[  537.262060][T15596] lo speed is unknown, defaulting to 1000
[  537.848462][ T6790] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  538.029787][ T6790] usb 5-1: Using ep0 maxpacket: 16
[  538.059961][ T6790] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  538.083141][ T6790] usb 5-1: config 0 has no interface number 0
[  538.115682][ T6790] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  538.153650][ T6790] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.186781][ T6790] usb 5-1: Product: syz
[  538.203280][ T6790] usb 5-1: Manufacturer: syz
[  538.215980][ T6790] usb 5-1: SerialNumber: syz
[  538.252872][ T6790] usb 5-1: config 0 descriptor??
[  538.281575][ T6790] hub 5-1:0.132: bad descriptor, ignoring hub
[  538.295357][ T6790] hub 5-1:0.132: probe with driver hub failed with error -5
[  538.355806][ T6790] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input70
[  539.776830][T15638] FAULT_INJECTION: forcing a failure.
[  539.776830][T15638] name failslab, interval 1, probability 0, space 0, times 0
[  539.788153][T15638] CPU: 2 UID: 0 PID: 15638 Comm: syz.5.2405 Not tainted syzkaller #0 PREEMPT(full) 
[  539.788170][T15638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  539.788177][T15638] Call Trace:
[  539.788181][T15638]  <TASK>
[  539.788185][T15638]  dump_stack_lvl+0x16c/0x1f0
[  539.788209][T15638]  should_fail_ex+0x512/0x640
[  539.788225][T15638]  ? fs_reclaim_acquire+0xae/0x150
[  539.788242][T15638]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  539.788258][T15638]  should_failslab+0xc2/0x120
[  539.788272][T15638]  __kmalloc_noprof+0xd2/0x510
[  539.788288][T15638]  tomoyo_realpath_from_path+0xc2/0x6e0
[  539.788305][T15638]  ? tomoyo_profile+0x47/0x60
[  539.788315][T15638]  tomoyo_path_number_perm+0x245/0x580
[  539.788328][T15638]  ? tomoyo_path_number_perm+0x237/0x580
[  539.788342][T15638]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  539.788355][T15638]  ? register_lock_class+0x41/0x4c0
[  539.788373][T15638]  ? __lock_acquire+0xb97/0x1ce0
[  539.788395][T15638]  ? __pfx___might_resched+0x10/0x10
[  539.788408][T15638]  ? down_write_killable+0x154/0x250
[  539.788424][T15638]  ? __pfx_down_write_killable+0x10/0x10
[  539.788439][T15638]  ? mnt_get_write_access+0x20c/0x300
[  539.788464][T15638]  security_path_chmod+0x121/0x2c0
[  539.788478][T15638]  chmod_common+0x179/0x480
[  539.788495][T15638]  ? __pfx_chmod_common+0x10/0x10
[  539.788515][T15638]  ? putname+0x154/0x1a0
[  539.788531][T15638]  __ia32_sys_chmod+0x107/0x1c0
[  539.788547][T15638]  ? __pfx___ia32_sys_chmod+0x10/0x10
[  539.788631][T15638]  ? rcu_is_watching+0x12/0xc0
[  539.788650][T15638]  __do_fast_syscall_32+0x7c/0x3a0
[  539.788668][T15638]  do_fast_syscall_32+0x32/0x80
[  539.788683][T15638]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  539.788696][T15638] RIP: 0023:0xf704e579
[  539.788708][T15638] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  539.788719][T15638] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 000000000000000f
[  539.788730][T15638] RAX: ffffffffffffffda RBX: 0000000080000240 RCX: 00000000000001b0
[  539.788736][T15638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  539.788742][T15638] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  539.788748][T15638] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  539.788755][T15638] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  539.788768][T15638]  </TASK>
[  539.788773][T15638] ERROR: Out of memory at tomoyo_realpath_from_path.
[  539.798935][ T6073] usb 5-1: USB disconnect, device number 33
[  540.321869][T15649] openvswitch: netlink: Key type 2064 is out of range max 32
[  540.330751][T15649] openvswitch: netlink: IPv6 tunnel dst address is zero
[  540.459142][T15653] siw: device registration error -23
[  541.460984][T15673] syz.4.2413 (15673): drop_caches: 2
[  542.058138][   T29] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  542.098173][ T1328] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  542.210405][   T29] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  542.214177][   T29] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  542.218707][   T29] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  542.222590][   T29] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  542.230085][   T29] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  542.233871][   T29] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  542.237570][   T29] usb 10-1: Product: syz
[  542.240114][   T29] usb 10-1: Manufacturer: syz
[  542.246565][   T29] cdc_wdm 10-1:1.0: skipping garbage
[  542.248858][   T29] cdc_wdm 10-1:1.0: probe with driver cdc_wdm failed with error -22
[  542.258278][ T1328] usb 5-1: Using ep0 maxpacket: 16
[  542.262598][ T1328] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  542.266161][ T1328] usb 5-1: config 0 has no interface number 0
[  542.336987][ T1328] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  542.341359][ T1328] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.344973][ T1328] usb 5-1: Product: syz
[  542.347312][ T1328] usb 5-1: Manufacturer: syz
[  542.351525][ T1328] usb 5-1: SerialNumber: syz
[  542.357095][ T1328] usb 5-1: config 0 descriptor??
[  542.361485][ T1328] hub 5-1:0.132: bad descriptor, ignoring hub
[  542.364168][ T1328] hub 5-1:0.132: probe with driver hub failed with error -5
[  542.369586][ T1328] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input71
[  542.456689][T15679] GUP no longer grows the stack in syz.5.2417 (15679): 80004000-8000a000 (80002000)
[  542.459797][T15679] CPU: 1 UID: 0 PID: 15679 Comm: syz.5.2417 Not tainted syzkaller #0 PREEMPT(full) 
[  542.459814][T15679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  542.459822][T15679] Call Trace:
[  542.459827][T15679]  <TASK>
[  542.459831][T15679]  dump_stack_lvl+0x16c/0x1f0
[  542.459851][T15679]  gup_vma_lookup+0x1d2/0x220
[  542.459869][T15679]  __get_user_pages+0x243/0x34a0
[  542.459898][T15679]  ? find_held_lock+0x2b/0x80
[  542.459912][T15679]  ? __pfx___get_user_pages+0x10/0x10
[  542.459940][T15679]  get_user_pages_remote+0x243/0xab0
[  542.459960][T15679]  ? mas_parent_gap+0x6f0/0x7b0
[  542.459975][T15679]  ? __pfx_get_user_pages_remote+0x10/0x10
[  542.459994][T15679]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  542.460013][T15679]  __access_remote_vm+0x24d/0x850
[  542.460030][T15679]  ? do_raw_spin_lock+0x12c/0x2b0
[  542.460046][T15679]  ? __pfx___access_remote_vm+0x10/0x10
[  542.460064][T15679]  proc_pid_cmdline_read+0x4de/0x8e0
[  542.460077][T15679]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  542.460090][T15679]  ? rw_verify_area+0xcf/0x6c0
[  542.460103][T15679]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  542.460114][T15679]  vfs_readv+0x5c1/0x8b0
[  542.460128][T15679]  ? __pfx_vfs_readv+0x10/0x10
[  542.460148][T15679]  ? __fget_files+0x20e/0x3c0
[  542.460170][T15679]  ? do_preadv+0x1a6/0x270
[  542.460185][T15679]  do_preadv+0x1a6/0x270
[  542.460202][T15679]  ? __pfx_do_preadv+0x10/0x10
[  542.460216][T15679]  ? rcu_is_watching+0x12/0xc0
[  542.460229][T15679]  __do_fast_syscall_32+0x7c/0x3a0
[  542.460245][T15679]  do_fast_syscall_32+0x32/0x80
[  542.460261][T15679]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  542.460275][T15679] RIP: 0023:0xf704e579
[  542.460284][T15679] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  542.460295][T15679] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d
[  542.460306][T15679] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000040
[  542.460312][T15679] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000
[  542.460319][T15679] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  542.460325][T15679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  542.460331][T15679] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  542.460344][T15679]  </TASK>
[  542.622748][ T6790] usb 10-1: USB disconnect, device number 17
[  542.708603][ T1328] usb 5-1: USB disconnect, device number 34
[  543.518132][ T6072] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[  543.669966][ T6072] usb 10-1: Using ep0 maxpacket: 16
[  543.686316][ T6072] usb 10-1: config 0 has an invalid interface number: 132 but max is 0
[  543.699670][ T6072] usb 10-1: config 0 has no interface number 0
[  543.713912][ T6072] usb 10-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  543.728823][ T6072] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.735109][ T6072] usb 10-1: Product: syz
[  543.737008][ T6072] usb 10-1: Manufacturer: syz
[  543.747043][ T6072] usb 10-1: SerialNumber: syz
[  544.469016][ T6072] usb 10-1: config 0 descriptor??
[  544.637299][ T6072] hub 10-1:0.132: bad descriptor, ignoring hub
[  544.666297][ T6072] hub 10-1:0.132: probe with driver hub failed with error -5
[  544.702464][ T6072] input: bcm5974 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.132/input/input72
[  544.877757][ T6072] input: failed to attach handler mousedev to device input72, error: -2
[  545.124087][T15713] openvswitch: netlink: Key type 2064 is out of range max 32
[  545.206244][T15713] openvswitch: netlink: IPv6 tunnel dst address is zero
[  545.922629][T15724] 9pnet_fd: Insufficient options for proto=fd
[  545.931644][T15724] netlink: 'syz.0.2429': attribute type 2 has an invalid length.
[  546.188583][ T6072] usb 10-1: USB disconnect, device number 18
[  546.498314][T15737] openvswitch: netlink: Key type 2064 is out of range max 32
[  546.504375][T15737] openvswitch: netlink: IPv6 tunnel dst address is zero
[  546.650640][T15724] ceph: No mds server is up or the cluster is laggy
[  546.770086][T15745] bridge0: port 1(syz_tun) entered blocking state
[  546.772856][T15745] bridge0: port 1(syz_tun) entered disabled state
[  546.775224][T15745] syz_tun: entered allmulticast mode
[  546.779299][T15745] syz_tun: entered promiscuous mode
[  546.806102][T15745] bridge0: port 1(syz_tun) entered blocking state
[  546.809751][T15745] bridge0: port 1(syz_tun) entered forwarding state
[  547.142874][T15749] QAT: failed to copy from user cfg_data.
[  547.636630][T15756] openvswitch: netlink: Key type 2064 is out of range max 32
[  547.641691][T15756] openvswitch: netlink: IPv6 tunnel dst address is zero
[  547.711175][T15759] QAT: failed to copy from user cfg_data.
[  548.040058][T15765] dlm: no local IP address has been set
[  548.043150][T15765] dlm: cannot start dlm midcomms -107
[  548.278507][T15775] syzkaller0: entered promiscuous mode
[  548.280560][T15775] syzkaller0: entered allmulticast mode
[  549.230636][T15783] QAT: failed to copy from user cfg_data.
[  549.274702][T15785] openvswitch: netlink: Key type 2064 is out of range max 32
[  549.279817][T15785] openvswitch: netlink: IPv6 tunnel dst address is zero
[  549.435536][T15790] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2450'.
[  551.059604][T15809] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2456'.
[  551.252005][T15812] openvswitch: netlink: IPv6 tunnel dst address is zero
[  551.517440][T15819] netlink: 188 bytes leftover after parsing attributes in process `syz.5.2459'.
[  551.880298][T15833] netlink: 212388 bytes leftover after parsing attributes in process `syz.0.2465'.
[  551.884464][T15833] openvswitch: netlink: Message has 5 unknown bytes.
[  551.889502][T15833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2465'.
[  552.001117][T15836] QAT: failed to copy from user cfg_data.
[  552.050889][T15838] openvswitch: netlink: IPv6 tunnel dst address is zero
[  552.084642][T15840] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2467'.
[  552.095702][T15840] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  553.106266][T15859] lo speed is unknown, defaulting to 1000
[  553.244907][T15868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2472'.
[  553.293670][T15872] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2473'.
[  553.318799][T15872] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2473'.
[  553.336917][T15872] tmpfs: Bad value for 'mpol'
[  553.359221][T15877] openvswitch: netlink: IPv6 tunnel dst address is zero
[  553.615439][T15893] devtmpfs: Unknown parameter 'n^¤åâ/|o'
[  553.630516][T15894] bridge0: left allmulticast mode
[  553.639889][ T1021] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  553.692920][T15897] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2483'.
[  553.735764][T15897] 0ªX¹¦D: renamed from macvtap0 (while UP)
[  553.741582][T15897] 0ªX¹¦D: entered allmulticast mode
[  553.744133][T15897] veth0_macvtap: entered allmulticast mode
[  553.747276][T15897] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  553.754432][T15899] QAT: failed to copy from user cfg_data.
[  553.798140][ T1021] usb 5-1: Using ep0 maxpacket: 8
[  553.801178][ T1021] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  553.801313][T15901] openvswitch: netlink: IPv6 tunnel dst address is zero
[  553.805263][ T1021] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  553.814283][ T1021] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  553.820165][ T1021] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  553.824908][ T1021] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  553.830955][ T1021] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  553.834695][ T1021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.049200][ T1021] usb 5-1: GET_CAPABILITIES returned 0
[  554.051717][ T1021] usbtmc 5-1:16.0: can't read capabilities
[  554.251104][  T840] usb 5-1: USB disconnect, device number 35
[  555.032295][T15924] mkiss: ax0: crc mode is auto.
[  555.264192][T15924] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  555.415319][T15929] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  555.652936][T15942] lo speed is unknown, defaulting to 1000
[  556.238505][T15956] QAT: failed to copy from user cfg_data.
[  556.460623][T15958] lo speed is unknown, defaulting to 1000
[  556.887682][T15963] QAT: failed to copy from user cfg_data.
[  557.285555][T15980] IPVS: set_ctl: invalid protocol: 46 10.1.1.1:20004
[  557.616788][T15986] lo speed is unknown, defaulting to 1000
[  557.987904][T16000] netlink: 'syz.2.2511': attribute type 5 has an invalid length.
[  558.171255][T16006] tipc: Started in network mode
[  558.173510][T16006] tipc: Node identity b201023a702c, cluster identity 4711
[  558.176781][T16006] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  558.181435][T16006] syzkaller0: entered promiscuous mode
[  558.184006][T16006] syzkaller0: entered allmulticast mode
[  558.202016][T16006] tipc: Resetting bearer <eth:syzkaller0>
[  558.209196][T16005] tipc: Resetting bearer <eth:syzkaller0>
[  558.223631][T16005] tipc: Disabling bearer <eth:syzkaller0>
[  558.558822][T16014] wireguard0: entered promiscuous mode
[  558.560988][T16014] wireguard0: entered allmulticast mode
[  558.675214][T16020] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  558.972299][T16024] lo speed is unknown, defaulting to 1000
[  559.175348][T16032] overlayfs: missing 'lowerdir'
[  559.210003][   T40] audit: type=1804 audit(1756255225.517:1092): pid=16032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2518" name="/newroot/592/bus/bus" dev="tmpfs" ino=3195 res=1 errno=0
[  560.885999][T16066] QAT: failed to copy from user cfg_data.
[  561.053099][T16075] lo speed is unknown, defaulting to 1000
[  561.109422][T16079] FAULT_INJECTION: forcing a failure.
[  561.109422][T16079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  561.113601][T16079] CPU: 3 UID: 0 PID: 16079 Comm: syz.5.2530 Not tainted syzkaller #0 PREEMPT(full) 
[  561.113617][T16079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  561.113623][T16079] Call Trace:
[  561.113628][T16079]  <TASK>
[  561.113632][T16079]  dump_stack_lvl+0x16c/0x1f0
[  561.113650][T16079]  should_fail_ex+0x512/0x640
[  561.113668][T16079]  _copy_to_user+0x32/0xd0
[  561.113679][T16079]  simple_read_from_buffer+0xcb/0x170
[  561.113691][T16079]  proc_fail_nth_read+0x197/0x240
[  561.113704][T16079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  561.113716][T16079]  ? rw_verify_area+0xcf/0x6c0
[  561.113746][T16079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  561.113757][T16079]  vfs_read+0x1e4/0xcf0
[  561.113772][T16079]  ? __pfx_vfs_read+0x10/0x10
[  561.113782][T16079]  ? find_held_lock+0x2b/0x80
[  561.113796][T16079]  ? __fget_files+0x20e/0x3c0
[  561.113812][T16079]  ksys_read+0x12a/0x250
[  561.113824][T16079]  ? __pfx_ksys_read+0x10/0x10
[  561.113837][T16079]  ? rcu_is_watching+0x12/0xc0
[  561.113849][T16079]  __do_fast_syscall_32+0x7c/0x3a0
[  561.113865][T16079]  do_fast_syscall_32+0x32/0x80
[  561.113879][T16079]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  561.113892][T16079] RIP: 0023:0xf704e579
[  561.113902][T16079] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  561.113912][T16079] RSP: 002b:00000000f543e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  561.113923][T16079] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f543e620
[  561.113929][T16079] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000
[  561.113935][T16079] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  561.113941][T16079] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  561.113947][T16079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  561.113960][T16079]  </TASK>
[  561.270726][T16083] netlink: 'syz.5.2532': attribute type 1 has an invalid length.
[  561.273397][T16083] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2532'.
[  561.324518][T16088] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2533'.
[  563.108168][  T840] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  563.272199][  T840] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  563.276272][  T840] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  563.280147][  T840] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  563.283257][  T840] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.289966][T16112] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  563.297108][  T840] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[  563.637095][ T6073] usb 10-1: USB disconnect, device number 19
[  564.186195][T16127] QAT: failed to copy from user cfg_data.
[  564.341073][T16131] lo speed is unknown, defaulting to 1000
[  564.482172][T16133] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2545'.
[  564.618170][ T1021] usb 9-1: new high-speed USB device number 34 using dummy_hcd
[  564.898223][  T840] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  565.088881][  T840] usb 5-1: Using ep0 maxpacket: 16
[  565.161656][  T840] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  565.165390][  T840] usb 5-1: config 0 has no interface number 0
[  565.204184][  T840] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  565.215623][  T840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.228203][  T840] usb 5-1: Product: syz
[  565.235290][  T840] usb 5-1: Manufacturer: syz
[  565.257782][  T840] usb 5-1: SerialNumber: syz
[  565.265943][  T840] usb 5-1: config 0 descriptor??
[  565.269052][  T840] hub 5-1:0.132: bad descriptor, ignoring hub
[  565.270994][  T840] hub 5-1:0.132: probe with driver hub failed with error -5
[  565.275392][  T840] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input74
[  565.302144][ T1021] usb 9-1: config 0 has no interfaces?
[  565.306708][ T1021] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  565.309995][ T1021] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.313049][ T1021] usb 9-1: Product: syz
[  565.314745][ T1021] usb 9-1: Manufacturer: syz
[  565.316572][ T1021] usb 9-1: SerialNumber: syz
[  565.321557][ T1021] usb 9-1: config 0 descriptor??
[  565.668459][  T840] usb 5-1: USB disconnect, device number 36
[  565.676919][ T6076] usb 9-1: USB disconnect, device number 34
[  565.683630][T16149] QAT: failed to copy from user cfg_data.
[  566.042653][T16155] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[  566.045657][T16155] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  566.052929][T16155] vhci_hcd vhci_hcd.0: Device attached
[  566.107234][T16155] netdevsim netdevsim5: Direct firmware load for @ failed with error -2
[  566.110981][T16155] netdevsim netdevsim5: Falling back to sysfs fallback for: @
[  566.326490][T16165] netlink: 'syz.0.2556': attribute type 4 has an invalid length.
[  566.436666][T16165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2556'.
[  566.442956][T16165] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2556'.
[  566.446774][T16165] netlink: 'syz.0.2556': attribute type 13 has an invalid length.
[  566.451234][T16165] netlink: 'syz.0.2556': attribute type 11 has an invalid length.
[  566.658138][ T1328] usb 47-1: new low-speed USB device number 3 using vhci_hcd
[  566.680807][T16156] vhci_hcd: connection reset by peer
[  566.687470][T12282] vhci_hcd: stop threads
[  566.695820][T12282] vhci_hcd: release socket
[  566.708662][T12282] vhci_hcd: disconnect device
[  566.741693][T16176] QAT: failed to copy from user cfg_data.
[  566.755656][ T5991] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  566.762562][ T5991] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  566.768776][ T5991] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  566.778563][ T5991] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  566.787418][ T5991] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  567.264048][T16175] lo speed is unknown, defaulting to 1000
[  567.614131][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  567.616900][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  567.753913][T16190] netdevsim netdevsim0: Direct firmware load for ö×0”©ÛPq•ä…õD"€2ðNÿktT·Wj«³%¼Nµ§£, failed with error -2
[  567.757968][T16190] netdevsim netdevsim0: Falling back to sysfs fallback for: ö×0”©ÛPq•ä…õD"€2ðNÿktT·Wj«³%¼Nµ§£,
[  567.946750][T16199] netlink: 'syz.5.2566': attribute type 10 has an invalid length.
[  568.163429][T16199] team0: Port device netdevsim0 added
[  568.175566][T16204] ufs: You didn't specify the type of your ufs filesystem
[  568.175566][T16204] 
[  568.175566][T16204] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  568.175566][T16204] 
[  568.175566][T16204] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  568.201029][T16204] ufs: ufstype=old is supported read-only
[  568.209093][T16204] I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  568.803458][T12276] bond3 (unregistering): (slave ip6gretap1): Releasing active interface
[  568.806918][T12276] bond3 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 0a:d3:2c:aa:6a:6c - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  568.981019][T12276] bond2 (unregistering): (slave geneve3): Releasing active interface
[  569.061177][ T5991] Bluetooth: hci0: command tx timeout
[  569.092070][T16218] QAT: failed to copy from user cfg_data.
[  569.354143][T12276] bond0 (unregistering): left promiscuous mode
[  569.356821][T12276] bond_slave_0: left promiscuous mode
[  569.375636][T12276] bond_slave_1: left promiscuous mode
[  569.380926][T16220] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  569.392141][T12276] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  569.392231][T16220] CIFS mount error: No usable UNC path provided in device string!
[  569.392231][T16220] 
[  569.401121][T16220] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  569.434803][T12276] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  569.438445][T12276] bond0 (unregistering): Released all slaves
[  569.569164][T12276] bond1 (unregistering): (slave vlan2): Releasing active interface
[  569.574564][T12276] bond1 (unregistering): Released all slaves
[  569.585714][T12276] bond2 (unregistering): Released all slaves
[  569.709063][T12276] bond3 (unregistering): (slave veth3): Releasing active interface
[  569.713987][T12276] bond3 (unregistering): Released all slaves
[  569.724356][T16175] chnl_net:caif_netlink_parms(): no params data found
[  569.927000][T16175] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.930125][T16175] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.933138][T16175] bridge_slave_0: entered allmulticast mode
[  569.936974][T16175] bridge_slave_0: entered promiscuous mode
[  569.951388][T16175] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.954505][T16175] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.957504][T16175] bridge_slave_1: entered allmulticast mode
[  569.961660][T16175] bridge_slave_1: entered promiscuous mode
[  569.987724][T16245] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2575'.
[  570.044672][T16175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.052926][T16175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  570.300441][T16175] team0: Port device team_slave_0 added
[  570.350095][T16175] team0: Port device team_slave_1 added
[  570.501837][T16175] batman_adv: batadv0: Adding interface: batadv_slave_0
[  570.510707][    T9] usb 10-1: new full-speed USB device number 20 using dummy_hcd
[  570.513059][T16175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.523514][T16175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.528104][T16175] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.530317][T16175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.538622][T16175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.550525][T12276] dummy0: left promiscuous mode
[  570.559829][T12276] hsr_slave_0: left promiscuous mode
[  570.563550][T12276] hsr_slave_1: left promiscuous mode
[  570.566111][T12276] batman_adv: batadv0: Removing interface: batadv_slave_0
[  570.569771][T12276] batman_adv: batadv0: Removing interface: batadv_slave_1
[  570.659340][    T9] usb 10-1: config 0 has an invalid interface number: 8 but max is 0
[  570.663153][    T9] usb 10-1: config 0 has no interface number 0
[  570.672718][    T9] usb 10-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[  570.677073][    T9] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  570.681999][    T9] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  570.693979][    T9] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  570.697740][    T9] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  570.703109][    T9] usb 10-1: Product: syz
[  570.704830][    T9] usb 10-1: SerialNumber: syz
[  570.707804][    T9] usb 10-1: config 0 descriptor??
[  570.712034][    T9] cm109 10-1:0.8: invalid payload size 0, expected 4
[  570.723883][    T9] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input75
[  571.010292][T16252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  571.017594][T16252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  571.040295][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  571.045488][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  571.048314][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  571.051676][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  571.054285][    T9] usb 10-1: USB disconnect, device number 20
[  571.056240][    C0] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71
[  571.056253][    C0] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  571.095290][    T9] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  571.130840][ T5991] Bluetooth: hci0: command tx timeout
[  571.622975][T16263] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2582'.
[  571.827337][ T1328] vhci_hcd: vhci_device speed not set
[  571.912888][T12276] team0 (unregistering): Port device team_slave_1 removed
[  572.049000][T12276] team0 (unregistering): Port device team_slave_0 removed
[  573.023580][T16175] hsr_slave_0: entered promiscuous mode
[  573.027004][T16284] 9pnet_fd: Insufficient options for proto=fd
[  573.028380][T16175] hsr_slave_1: entered promiscuous mode
[  573.208133][ T5991] Bluetooth: hci0: command tx timeout
[  573.639293][T16294] netlink: 'syz.0.2591': attribute type 1 has an invalid length.
[  573.670945][T16294] gretap1: entered promiscuous mode
[  574.122787][T16175] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  574.132667][T16175] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  574.141319][T16175] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  574.155558][T16175] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  574.290305][T16175] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.331267][T16175] 8021q: adding VLAN 0 to HW filter on device team0
[  574.340882][T12314] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.344000][T12314] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.362741][T12311] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.366301][T12311] bridge0: port 2(bridge_slave_1) entered forwarding state
[  574.533331][T16316] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2594'.
[  574.536576][T16316] syz_tun: left allmulticast mode
[  574.540337][T16316] syz_tun: left promiscuous mode
[  574.542439][T16316] bridge0: port 1(syz_tun) entered disabled state
[  574.631039][T16175] 8021q: adding VLAN 0 to HW filter on device batadv0
[  574.792725][T16175] veth0_vlan: entered promiscuous mode
[  574.801507][T16175] veth1_vlan: entered promiscuous mode
[  574.823275][T16175] veth0_macvtap: entered promiscuous mode
[  574.827232][T16175] veth1_macvtap: entered promiscuous mode
[  574.837675][T16175] batman_adv: batadv0: Interface activated: batadv_slave_0
[  574.844417][T16175] batman_adv: batadv0: Interface activated: batadv_slave_1
[  574.855398][T12314] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  574.859691][T12314] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  574.862435][T12314] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  574.864387][T16331] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2597'.
[  574.865299][T12314] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  574.935019][T12264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  574.937374][T12264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  574.957793][T12314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  574.961833][T12314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  575.301759][ T5991] Bluetooth: hci0: command tx timeout
[  577.111954][ T5991] Bluetooth: hci4: adv larger than maximum supported
[  577.111995][ T5991] Bluetooth: hci4: Malformed LE Event: 0x0d
[  578.203851][T16365] netlink: 'syz.4.2607': attribute type 4 has an invalid length.
[  578.292035][T16370] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2609'.
[  578.295089][T16372] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2609'.
[  579.631965][T16370] bridge_slave_1: left allmulticast mode
[  579.634473][T16370] bridge_slave_1: left promiscuous mode
[  579.636992][T16370] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.647671][T16370] bridge_slave_0: left allmulticast mode
[  579.652043][T16370] bridge_slave_0: left promiscuous mode
[  579.655266][T16370] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.745071][T16385] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2612'.
[  579.813526][T16387] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2613'.
[  580.801896][T16393] lo speed is unknown, defaulting to 1000
[  581.065521][T16401] lo speed is unknown, defaulting to 1000
[  581.616419][T16428] sch_fq: defrate 53322 ignored.
[  581.631779][T16426] netlink: 'syz.2.2618': attribute type 4 has an invalid length.
[  582.458172][T15420] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  582.619701][T15420] usb 5-1: Using ep0 maxpacket: 16
[  582.624026][T15420] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  582.627498][T15420] usb 5-1: config 0 has no interface number 0
[  582.664233][T15420] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  582.668355][T15420] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.671763][T15420] usb 5-1: Product: syz
[  582.680234][T15420] usb 5-1: Manufacturer: syz
[  582.682985][T15420] usb 5-1: SerialNumber: syz
[  582.698779][T15420] usb 5-1: config 0 descriptor??
[  582.716762][T15420] hub 5-1:0.132: bad descriptor, ignoring hub
[  582.723719][T15420] hub 5-1:0.132: probe with driver hub failed with error -5
[  582.744685][T15420] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input76
[  583.068572][ T1021] usb 5-1: USB disconnect, device number 37
[  583.656295][T16457] lo speed is unknown, defaulting to 1000
[  583.950451][T16467] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2631'.
[  583.954381][T16467] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2631'.
[  584.019486][T16468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2631'.
[  584.498749][T16483] lo speed is unknown, defaulting to 1000
[  585.457109][T16501] FAULT_INJECTION: forcing a failure.
[  585.457109][T16501] name failslab, interval 1, probability 0, space 0, times 0
[  585.462338][T16501] CPU: 3 UID: 0 PID: 16501 Comm: syz.5.2640 Not tainted syzkaller #0 PREEMPT(full) 
[  585.462355][T16501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  585.462362][T16501] Call Trace:
[  585.462366][T16501]  <TASK>
[  585.462371][T16501]  dump_stack_lvl+0x16c/0x1f0
[  585.462409][T16501]  should_fail_ex+0x512/0x640
[  585.462432][T16501]  ? fs_reclaim_acquire+0xae/0x150
[  585.462450][T16501]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  585.462465][T16501]  should_failslab+0xc2/0x120
[  585.462480][T16501]  __kmalloc_noprof+0xd2/0x510
[  585.462497][T16501]  tomoyo_realpath_from_path+0xc2/0x6e0
[  585.462516][T16501]  tomoyo_check_open_permission+0x2ab/0x3c0
[  585.462529][T16501]  ? init_file+0x93/0x4c0
[  585.462544][T16501]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  585.462574][T16501]  ? ovl_dir_read_merged+0x175/0x5c0
[  585.462591][T16501]  ? iterate_dir+0x296/0xaf0
[  585.462600][T16501]  ? __ia32_compat_sys_getdents+0x13b/0x2b0
[  585.462623][T16501]  ? do_raw_spin_lock+0x12c/0x2b0
[  585.462644][T16501]  tomoyo_file_open+0x6b/0x90
[  585.462655][T16501]  security_file_open+0x84/0x1e0
[  585.462670][T16501]  do_dentry_open+0x596/0x1530
[  585.462684][T16501]  ? lockdep_init_map_type+0x5c/0x280
[  585.462701][T16501]  vfs_open+0x82/0x3f0
[  585.462723][T16501]  dentry_open+0x71/0xd0
[  585.462738][T16501]  ovl_path_open+0x198/0x1f0
[  585.462754][T16501]  ovl_dir_read_merged+0x175/0x5c0
[  585.462770][T16501]  ? __pfx_ovl_dir_read_merged+0x10/0x10
[  585.462788][T16501]  ? __pfx_ovl_fill_merge+0x10/0x10
[  585.462810][T16501]  ovl_iterate+0x86c/0xe40
[  585.462826][T16501]  ? __pfx_down_read_killable+0x10/0x10
[  585.462844][T16501]  ? __pfx_ovl_iterate+0x10/0x10
[  585.462859][T16501]  wrap_directory_iterator+0x9f/0xe0
[  585.462877][T16501]  iterate_dir+0x296/0xaf0
[  585.462889][T16501]  __ia32_compat_sys_getdents+0x13b/0x2b0
[  585.462900][T16501]  ? __pfx___ia32_compat_sys_getdents+0x10/0x10
[  585.462912][T16501]  ? __pfx_compat_filldir+0x10/0x10
[  585.462931][T16501]  ? rcu_is_watching+0x12/0xc0
[  585.462944][T16501]  __do_fast_syscall_32+0x7c/0x3a0
[  585.462960][T16501]  do_fast_syscall_32+0x32/0x80
[  585.462975][T16501]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  585.462988][T16501] RIP: 0023:0xf704e579
[  585.462998][T16501] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  585.463009][T16501] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 000000000000008d
[  585.463024][T16501] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000500
[  585.463031][T16501] RDX: 00000000000000f5 RSI: 0000000000000000 RDI: 0000000000000000
[  585.463038][T16501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  585.463044][T16501] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  585.463050][T16501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  585.463064][T16501]  </TASK>
[  585.463068][T16501] ERROR: Out of memory at tomoyo_realpath_from_path.
[  585.585946][T16508] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2641'.
[  585.592109][T16508] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2641'.
[  585.663698][T16513] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2643'.
[  585.680962][T16514] lo speed is unknown, defaulting to 1000
[  586.176116][T16524] befs: (nbd4): No write support. Marking filesystem read-only
[  586.178858][T16524] block nbd4: Attempted send on invalid socket
[  586.180972][T16524] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  586.184208][T16524] befs: (nbd4): unable to read superblock
[  586.282672][T16525] fuse: Bad value for 'source'
[  586.352701][T16521] QAT: failed to copy from user cfg_data.
[  586.918354][T16531] can: request_module (can-proto-0) failed.
[  587.823007][T16549] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2655'.
[  588.009912][T16553] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2656'.
[  589.532031][T16560] QAT: failed to copy from user cfg_data.
[  589.655002][T16565] lo speed is unknown, defaulting to 1000
[  590.957324][T16603] lo speed is unknown, defaulting to 1000
[  591.085745][T16611] QAT: failed to copy from user cfg_data.
[  591.156382][   T40] audit: type=1800 audit(1756255257.457:1093): pid=16617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2673" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  592.708216][T16641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2681'.
[  593.088942][T16645] lo speed is unknown, defaulting to 1000
[  594.179862][T16681] QAT: failed to copy from user cfg_data.
[  595.212750][T16693] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2693'.
[  595.334155][T16700] lo speed is unknown, defaulting to 1000
[  595.493555][T16715] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2700'.
[  595.498456][T16715] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  595.534200][T16717] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  595.539071][T16717] IPv6: NLM_F_CREATE should be set when creating new route
[  595.542123][T16717] IPv6: NLM_F_CREATE should be set when creating new route
[  595.545862][T16717] IPv6: NLM_F_CREATE should be set when creating new route
[  595.547230][T16719] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2701'.
[  595.812958][T16735] fuse: Bad value for 'rootmode'
[  595.857856][T16738] program syz.5.2708 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  595.897946][T16742] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2709'.
[  595.903437][T16742] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  595.918175][ T1021] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  596.068258][ T1021] usb 5-1: Using ep0 maxpacket: 8
[  596.074703][ T1021] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  596.079947][ T1021] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  596.082874][ T1021] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  596.085731][ T1021] usb 5-1: config 250 has no interface number 0
[  596.088831][ T1021] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  596.092683][ T1021] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  596.096427][ T1021] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  596.100594][ T1021] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  596.104801][ T1021] usb 5-1: config 250 interface 228 has no altsetting 0
[  596.111241][ T1021] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  596.114225][ T1021] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  596.116863][ T1021] usb 5-1: Product: syz
[  596.118431][ T1021] usb 5-1: SerialNumber: syz
[  596.122866][ T1021] hub 5-1:250.228: bad descriptor, ignoring hub
[  596.124875][ T1021] hub 5-1:250.228: probe with driver hub failed with error -5
[  596.140583][T16745] lo speed is unknown, defaulting to 1000
[  596.334842][ T1021] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 38 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  596.778382][T15420] usb 5-1: USB disconnect, device number 38
[  596.799466][T15420] usblp0: removed
[  597.071398][T16776] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2719'.
[  597.079067][T16776] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  597.128399][  T840] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  597.278382][  T840] usb 5-1: Using ep0 maxpacket: 8
[  597.283619][  T840] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  597.287396][  T840] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  597.287422][  T840] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  597.287445][  T840] usb 5-1: config 250 has no interface number 0
[  597.287485][  T840] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  597.287512][  T840] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  597.287537][  T840] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  597.287560][  T840] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  597.287588][  T840] usb 5-1: config 250 interface 228 has no altsetting 0
[  597.312314][  T840] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  597.317422][  T840] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  597.326891][  T840] usb 5-1: Product: syz
[  597.329595][  T840] usb 5-1: SerialNumber: syz
[  597.334694][  T840] hub 5-1:250.228: bad descriptor, ignoring hub
[  597.337119][  T840] hub 5-1:250.228: probe with driver hub failed with error -5
[  597.536285][  T840] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 39 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  597.560875][  T840] usb 5-1: USB disconnect, device number 39
[  597.564342][  T840] usblp0: removed
[  598.028479][T16804] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  598.067728][T16805] IPVS: Error joining to the multicast group
[  598.318116][ T1021] usb 9-1: new full-speed USB device number 35 using dummy_hcd
[  598.479448][ T1021] usb 9-1: config 0 has no interfaces?
[  598.481795][ T1021] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  598.486459][ T1021] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.495913][ T1021] usb 9-1: config 0 descriptor??
[  598.762744][T16816] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2730'.
[  599.113689][T16826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2736'.
[  599.118514][T16826] netlink: 'syz.2.2736': attribute type 1 has an invalid length.
[  599.130033][T16826] 8021q: adding VLAN 0 to HW filter on device bond1
[  599.143557][T16826] bond1: (slave geneve2): making interface the new active one
[  599.146892][T16826] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  599.159781][T16826] bond1: entered promiscuous mode
[  599.161442][T16826] geneve2: entered promiscuous mode
[  599.320683][T16836] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2739'.
[  599.844639][T16841] lo speed is unknown, defaulting to 1000
[  601.268872][ T6076] usb 9-1: USB disconnect, device number 35
[  601.727017][T16875] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2750'.
[  601.730043][    C2] vcan0: j1939_tp_rxtimer: 0xffff88805441c400: rx timeout, send abort
[  601.730147][    C2] vcan0: j1939_tp_rxtimer: 0xffff88805441c000: rx timeout, send abort
[  601.735302][    C2] vcan0: j1939_xtp_rx_abort_one: 0xffff88805441c400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  601.735390][    C2] vcan0: j1939_xtp_rx_abort_one: 0xffff88805441c000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  601.978831][T16879] QAT: failed to copy from user cfg_data.
[  602.418678][ T1021] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[  602.589675][ T1021] usb 10-1: config 0 has no interfaces?
[  602.591453][ T1021] usb 10-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  602.594289][ T1021] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.597888][ T1021] usb 10-1: config 0 descriptor??
[  602.692692][T16891] netlink: 'syz.0.2754': attribute type 1 has an invalid length.
[  602.695393][T16891] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2754'.
[  602.836092][ T1021] usb 10-1: USB disconnect, device number 21
[  603.412798][T16901] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2756'.
[  603.637955][T16907] syz.5.2758 (16907): drop_caches: 2
[  603.644839][T16907] syz.5.2758 (16907): drop_caches: 2
[  603.910394][T16909] openvswitch: netlink: Key 7 has unexpected len 20 expected 12
[  604.494761][T16919] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  604.496957][T16919] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  604.503337][T16919] vhci_hcd vhci_hcd.0: Device attached
[  604.758306][ T1328] usb 37-1: new low-speed USB device number 4 using vhci_hcd
[  604.972769][T16924] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2763'.
[  605.134596][T16920] vhci_hcd: connection reset by peer
[  605.137099][   T75] vhci_hcd: stop threads
[  605.141001][   T75] vhci_hcd: release socket
[  605.143058][   T75] vhci_hcd: disconnect device
[  605.236564][T16929] syz.5.2765 (16929): drop_caches: 2
[  605.240434][T16929] syz.5.2765 (16929): drop_caches: 2
[  605.778181][T16943] (unnamed net_device) (uninitialized): option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0)
[  605.862435][T16946] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2769'.
[  606.078168][T16951] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2772'.
[  606.822011][   T40] audit: type=1326 audit(1756255272.131:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16961 comm="syz.0.2774" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf707e579 code=0x0
[  607.552494][T16984] lo speed is unknown, defaulting to 1000
[  607.937186][T17002] QAT: failed to copy from user cfg_data.
[  608.464021][T17009] lo speed is unknown, defaulting to 1000
[  609.583594][T17037] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2792'.
[  609.857190][T17019] QAT: failed to copy from user cfg_data.
[  609.928464][ T1328] vhci_hcd: vhci_device speed not set
[  610.089328][T17037] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  610.104795][T17037] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  610.114725][T17037] bond0 (unregistering): Released all slaves
[  610.308333][T17055] lo speed is unknown, defaulting to 1000
[  610.310211][T17055] lo speed is unknown, defaulting to 1000
[  610.312312][T17055] lo speed is unknown, defaulting to 1000
[  610.331531][T17055] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  610.342576][T17055] lo speed is unknown, defaulting to 1000
[  610.345359][T17055] lo speed is unknown, defaulting to 1000
[  610.369980][T17055] lo speed is unknown, defaulting to 1000
[  610.378831][T17055] lo speed is unknown, defaulting to 1000
[  610.403096][T17055] lo speed is unknown, defaulting to 1000
[  610.640665][T17060] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2796'.
[  611.134680][T17086] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2805'.
[  611.245073][T17091] overlayfs: statfs failed on './file0'
[  612.080883][T17100] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2809'.
[  612.423863][T17120] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2816'.
[  613.332212][T17126] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2819'.
[  613.494052][T17129] QAT: failed to copy from user cfg_data.
[  613.732425][T17139] : entered promiscuous mode
[  614.400334][T17157] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2827'.
[  615.296450][T17165] could not allocate digest TFM handle sha1-ssse3
[  615.325665][   T40] audit: type=1804 audit(1756255280.631:1095): pid=17162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2829" name="/newroot/125/file0" dev="tmpfs" ino=675 res=1 errno=0
[  615.636983][T17195] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2837'.
[  616.453172][T17219] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2848'.
[  616.733426][T17222] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  617.865606][T17243] QAT: failed to copy from user cfg_data.
[  618.292657][T17255] lo speed is unknown, defaulting to 1000
[  618.295268][T17255] lo speed is unknown, defaulting to 1000
[  619.436620][T17269] netlink: 'syz.4.2861': attribute type 12 has an invalid length.
[  619.536053][T17274] loop2: detected capacity change from 0 to 7
[  619.553064][T15356] Dev loop2: unable to read RDB block 7
[  619.555609][T15356]  loop2: AHDI p1 p2 p3
[  619.557640][T15356] loop2: partition table partially beyond EOD, truncated
[  619.564837][T15356] loop2: p1 start 1601398130 is beyond EOD, truncated
[  619.567828][T15356] loop2: p2 start 1702059890 is beyond EOD, truncated
[  619.586724][T17274] Dev loop2: unable to read RDB block 7
[  619.595777][T17274]  loop2: AHDI p1 p2 p3
[  619.597641][T17274] loop2: partition table partially beyond EOD, truncated
[  619.600823][T17279] Failed to get privilege flags for destination (handle=0x2:0xfffffffc)
[  619.604359][T17274] loop2: p1 start 1601398130 is beyond EOD, truncated
[  619.606584][T17274] loop2: p2 start 1702059890 is beyond EOD, truncated
[  619.641150][T17282] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  619.646681][T17282] mac80211_hwsim hwsim25 syzkaller0: entered promiscuous mode
[  619.650584][T17282] mac80211_hwsim hwsim25 syzkaller0: entered allmulticast mode
[  620.112244][T17302] 9pnet_fd: Insufficient options for proto=fd
[  620.589350][T17317] FAULT_INJECTION: forcing a failure.
[  620.589350][T17317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  620.594719][T17317] CPU: 3 UID: 0 PID: 17317 Comm: syz.2.2873 Not tainted syzkaller #0 PREEMPT(full) 
[  620.594735][T17317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  620.594742][T17317] Call Trace:
[  620.594746][T17317]  <TASK>
[  620.594751][T17317]  dump_stack_lvl+0x16c/0x1f0
[  620.594771][T17317]  should_fail_ex+0x512/0x640
[  620.594789][T17317]  strncpy_from_user+0x3b/0x2e0
[  620.594818][T17317]  getname_flags.part.0+0x8f/0x550
[  620.594837][T17317]  getname_flags+0x93/0xf0
[  620.594849][T17317]  __ia32_sys_rename+0x64/0xa0
[  620.594864][T17317]  __do_fast_syscall_32+0x7c/0x3a0
[  620.594880][T17317]  do_fast_syscall_32+0x32/0x80
[  620.594895][T17317]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  620.594909][T17317] RIP: 0023:0xf7fe7579
[  620.594918][T17317] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  620.594929][T17317] RSP: 002b:00000000f550655c EFLAGS: 00000296 ORIG_RAX: 0000000000000026
[  620.594939][T17317] RAX: ffffffffffffffda RBX: 0000000080000500 RCX: 0000000080000f40
[  620.594946][T17317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  620.594953][T17317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  620.594959][T17317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  620.594965][T17317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  620.594979][T17317]  </TASK>
[  620.668980][T17318] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  620.671787][T17318] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  620.688357][T17318] vhci_hcd vhci_hcd.0: Device attached
[  620.760268][ T1328] tipc: Node number set to 3257729594
[  620.831365][T17325] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 63
[  620.998158][   T29] usb 37-1: new low-speed USB device number 5 using vhci_hcd
[  621.213689][T17321] vhci_hcd: connection reset by peer
[  621.219196][T12276] vhci_hcd: stop threads
[  621.220805][T12276] vhci_hcd: release socket
[  621.222767][T12276] vhci_hcd: disconnect device
[  621.481889][T17332] QAT: failed to copy from user cfg_data.
[  622.024621][T17349] FAULT_INJECTION: forcing a failure.
[  622.024621][T17349] name failslab, interval 1, probability 0, space 0, times 0
[  622.029198][T17349] CPU: 3 UID: 0 PID: 17349 Comm: syz.0.2882 Not tainted syzkaller #0 PREEMPT(full) 
[  622.029221][T17349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  622.029232][T17349] Call Trace:
[  622.029238][T17349]  <TASK>
[  622.029246][T17349]  dump_stack_lvl+0x16c/0x1f0
[  622.029273][T17349]  should_fail_ex+0x512/0x640
[  622.029295][T17349]  ? fs_reclaim_acquire+0xae/0x150
[  622.029320][T17349]  should_failslab+0xc2/0x120
[  622.029343][T17349]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  622.029363][T17349]  ? security_inode_alloc+0x3b/0x2b0
[  622.029385][T17349]  security_inode_alloc+0x3b/0x2b0
[  622.029403][T17349]  inode_init_always_gfp+0xce4/0x1030
[  622.029418][T17349]  ? __pfx_afs_iget5_pseudo_set+0x10/0x10
[  622.029435][T17349]  alloc_inode+0x86/0x240
[  622.029451][T17349]  iget5_locked+0x338/0x3d0
[  622.029465][T17349]  ? afs_lookup_cell+0x243/0x1680
[  622.029476][T17349]  ? __pfx_afs_iget5_pseudo_test+0x10/0x10
[  622.029493][T17349]  ? __pfx_afs_iget5_pseudo_set+0x10/0x10
[  622.029511][T17349]  ? __pfx_iget5_locked+0x10/0x10
[  622.029526][T17349]  ? find_held_lock+0x2b/0x80
[  622.029538][T17349]  ? net_generic+0xea/0x2a0
[  622.029557][T17349]  afs_dynroot_lookup+0x391/0xa90
[  622.029573][T17349]  ? __d_lookup_rcu+0x476/0x4c0
[  622.029589][T17349]  ? __pfx_afs_dynroot_lookup+0x10/0x10
[  622.029607][T17349]  ? lockdep_init_map_type+0x5c/0x280
[  622.029624][T17349]  __lookup_slow+0x24e/0x460
[  622.029640][T17349]  ? __pfx___lookup_slow+0x10/0x10
[  622.029666][T17349]  ? lookup_fast+0x156/0x610
[  622.029679][T17349]  walk_component+0x353/0x5b0
[  622.029691][T17349]  path_lookupat+0x142/0x6d0
[  622.029704][T17349]  filename_lookup+0x224/0x5f0
[  622.029717][T17349]  ? __pfx_filename_lookup+0x10/0x10
[  622.029744][T17349]  vfs_statx+0x101/0x3f0
[  622.029760][T17349]  ? __pfx_vfs_statx+0x10/0x10
[  622.029778][T17349]  do_statx+0xef/0x170
[  622.029788][T17349]  ? __pfx_do_statx+0x10/0x10
[  622.029806][T17349]  ? getname_flags.part.0+0x1c5/0x550
[  622.029822][T17349]  ? ksys_write+0x1ac/0x250
[  622.029836][T17349]  __ia32_sys_statx+0x140/0x1f0
[  622.029849][T17349]  __do_fast_syscall_32+0x7c/0x3a0
[  622.029865][T17349]  do_fast_syscall_32+0x32/0x80
[  622.029879][T17349]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  622.029893][T17349] RIP: 0023:0xf707e579
[  622.029902][T17349] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  622.029912][T17349] RSP: 002b:00000000f546e55c EFLAGS: 00000296 ORIG_RAX: 000000000000017f
[  622.029924][T17349] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000900
[  622.029931][T17349] RDX: 0000000000004000 RSI: 0000000000000200 RDI: 0000000000000000
[  622.029937][T17349] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  622.029943][T17349] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  622.029949][T17349] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  622.029969][T17349]  </TASK>
[  623.123023][T17387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2894'.
[  623.220961][   T40] audit: type=1326 audit(1756255288.534:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17388 comm="syz.4.2895" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45579 code=0x7fc00000
[  623.321784][T17397] QAT: failed to copy from user cfg_data.
[  623.742572][T17402] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2898'.
[  623.871743][T17413] netlink: 'syz.2.2902': attribute type 4 has an invalid length.
[  623.937896][T12274] bridge_slave_1: left allmulticast mode
[  623.950028][T12274] bridge_slave_1: left promiscuous mode
[  623.951954][T12274] bridge0: port 2(bridge_slave_1) entered disabled state
[  623.985654][T12274] bridge_slave_0: left allmulticast mode
[  623.988507][T12274] bridge_slave_0: left promiscuous mode
[  623.991224][T12274] bridge0: port 1(bridge_slave_0) entered disabled state
[  624.117901][T17423] overlayfs: missing 'lowerdir'
[  624.679328][ T1120] sr 2:0:0:0: [sr0] tag#13 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
[  624.698273][ T1120] sr 2:0:0:0: [sr0] tag#13 Sense Key : Illegal Request [current] 
[  624.712277][ T1120] sr 2:0:0:0: [sr0] tag#13 Add. Sense: Invalid command operation code
[  624.718757][ T1120] sr 2:0:0:0: [sr0] tag#13 CDB: Write(10) 2a 00 00 00 00 00 00 00 04 00
[  624.721417][ T1120] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 2
[  624.725225][ T1120] buffer_io_error: 25 callbacks suppressed
[  624.725235][ T1120] Buffer I/O error on dev sr0, logical block 0, lost async page write
[  624.731176][ T1120] Buffer I/O error on dev sr0, logical block 1, lost async page write
[  624.913545][T17434] input: syz0 as /devices/virtual/input/input78
[  624.931654][T17434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2906'.
[  624.934388][T17434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2906'.
[  624.945028][T12274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  624.953469][T12274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  624.962095][T12274] bond0 (unregistering): Released all slaves
[  625.042898][T17437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2906'.
[  625.128630][T12274] bond1 (unregistering): (slave veth5): Releasing backup interface
[  625.134457][T12274] bond1 (unregistering): Released all slaves
[  625.145182][T12274] bond2 (unregistering): Released all slaves
[  625.170247][T17441] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2906'.
[  625.739573][T12274] tipc: Left network mode
[  626.029100][T17448] FAULT_INJECTION: forcing a failure.
[  626.029100][T17448] name failslab, interval 1, probability 0, space 0, times 0
[  626.034615][T17448] CPU: 0 UID: 0 PID: 17448 Comm: syz.4.2909 Not tainted syzkaller #0 PREEMPT(full) 
[  626.034631][T17448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  626.034638][T17448] Call Trace:
[  626.034643][T17448]  <TASK>
[  626.034648][T17448]  dump_stack_lvl+0x16c/0x1f0
[  626.034667][T17448]  should_fail_ex+0x512/0x640
[  626.034685][T17448]  should_failslab+0xc2/0x120
[  626.034701][T17448]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  626.034715][T17448]  ? skb_clone+0x190/0x3f0
[  626.034732][T17448]  skb_clone+0x190/0x3f0
[  626.034747][T17448]  netlink_deliver_tap+0xabd/0xd30
[  626.034765][T17448]  netlink_unicast+0x71f/0x870
[  626.034783][T17448]  ? __pfx_netlink_unicast+0x10/0x10
[  626.034798][T17448]  ? genl_rcv_msg+0x4bb/0x800
[  626.034818][T17448]  netlink_ack+0x696/0xb80
[  626.034837][T17448]  netlink_rcv_skb+0x332/0x420
[  626.034852][T17448]  ? __pfx_genl_rcv_msg+0x10/0x10
[  626.034869][T17448]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  626.034889][T17448]  ? netlink_deliver_tap+0x1ae/0xd30
[  626.034906][T17448]  genl_rcv+0x28/0x40
[  626.034920][T17448]  netlink_unicast+0x5aa/0x870
[  626.034937][T17448]  ? __pfx_netlink_unicast+0x10/0x10
[  626.034966][T17448]  ? __pfx___might_resched+0x10/0x10
[  626.034983][T17448]  netlink_sendmsg+0x8d1/0xdd0
[  626.035000][T17448]  ? __pfx_netlink_sendmsg+0x10/0x10
[  626.035016][T17448]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  626.035031][T17448]  ____sys_sendmsg+0xa95/0xc70
[  626.035043][T17448]  ? __pfx_____sys_sendmsg+0x10/0x10
[  626.035053][T17448]  ? get_compat_msghdr+0x11a/0x170
[  626.035073][T17448]  ___sys_sendmsg+0x134/0x1d0
[  626.035088][T17448]  ? __pfx____sys_sendmsg+0x10/0x10
[  626.035109][T17448]  ? find_held_lock+0x2b/0x80
[  626.035129][T17448]  __sys_sendmsg+0x16d/0x220
[  626.035143][T17448]  ? __pfx___sys_sendmsg+0x10/0x10
[  626.035163][T17448]  ? rcu_is_watching+0x12/0xc0
[  626.035177][T17448]  __do_fast_syscall_32+0x7c/0x3a0
[  626.035193][T17448]  do_fast_syscall_32+0x32/0x80
[  626.035208][T17448]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  626.035221][T17448] RIP: 0023:0xf7f45579
[  626.035231][T17448] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  626.035242][T17448] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  626.035252][T17448] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400
[  626.035259][T17448] RDX: 0000000022044800 RSI: 0000000000000000 RDI: 0000000000000000
[  626.035266][T17448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  626.035272][T17448] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  626.035278][T17448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  626.035292][T17448]  </TASK>
[  626.170134][   T29] vhci_hcd: vhci_device speed not set
[  626.416525][T12274] hsr_slave_0: left promiscuous mode
[  626.419606][T12274] hsr_slave_1: left promiscuous mode
[  626.422056][T12274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  626.425299][T12274] batman_adv: batadv0: Removing interface: batadv_slave_0
[  626.428592][T12274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  626.431192][T12274] batman_adv: batadv0: Removing interface: batadv_slave_1
[  626.443172][T12274] veth1_macvtap: left promiscuous mode
[  626.445192][T12274] veth0_macvtap: left promiscuous mode
[  626.447320][T12274] veth1_vlan: left promiscuous mode
[  626.449466][T12274] veth0_vlan: left promiscuous mode
[  626.586476][T17468] QAT: failed to copy from user cfg_data.
[  627.453133][T17482] QAT: failed to copy from user cfg_data.
[  627.966094][T12274] team0 (unregistering): Port device team_slave_1 removed
[  628.095712][T12274] team0 (unregistering): Port device team_slave_0 removed
[  628.116688][T17495] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2920'.
[  628.998182][T12274] team0 (unregistering): Port device dummy0 removed
[  629.060053][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  629.114099][  T840] lo speed is unknown, defaulting to 1000
[  629.115985][  T840] syz2: Port: 1 Link DOWN
[  629.121551][T17490] tipc: Started in network mode
[  629.123551][T17490] tipc: Node identity eaec2ffd8b2f, cluster identity 4711
[  629.126278][T17490] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  629.127131][   T40] audit: type=1326 audit(1756255294.434:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  629.128892][T17487] syzkaller0: entered promiscuous mode
[  629.136449][   T40] audit: type=1326 audit(1756255294.434:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  629.138136][T17487] syzkaller0: entered allmulticast mode
[  629.143526][   T40] audit: type=1326 audit(1756255294.444:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  629.156106][   T40] audit: type=1326 audit(1756255294.444:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  629.163889][   T40] audit: type=1326 audit(1756255294.444:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7579 code=0x7ffc0000
[  629.172367][   T40] audit: type=1326 audit(1756255294.444:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe7598 code=0x7ffc0000
[  629.184874][   T40] audit: type=1326 audit(1756255294.444:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe7598 code=0x7ffc0000
[  629.197440][   T40] audit: type=1326 audit(1756255294.444:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe7598 code=0x7ffc0000
[  629.208841][   T40] audit: type=1326 audit(1756255294.444:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe7598 code=0x7ffc0000
[  629.215519][   T40] audit: type=1326 audit(1756255294.444:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17483 comm="syz.2.2918" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fe7598 code=0x7ffc0000
[  629.296497][T17495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  629.301888][T17495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  629.306017][T17495] bond0 (unregistering): Released all slaves
[  629.349513][T17502] vlan2: entered promiscuous mode
[  629.351137][T17502] bridge0: entered promiscuous mode
[  629.383860][T17486] tipc: Resetting bearer <eth:syzkaller0>
[  629.387057][T17504] netlink: 'syz.4.2923': attribute type 13 has an invalid length.
[  629.389923][T17483] tipc: Resetting bearer <eth:syzkaller0>
[  629.406591][T17483] tipc: Disabling bearer <eth:syzkaller0>
[  629.470762][T17504] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.473396][T17504] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.513304][T17506] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2924'.
[  629.520190][T17506] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2924'.
[  629.524255][T17506] netlink: 1076 bytes leftover after parsing attributes in process `syz.5.2924'.
[  629.557715][T17504] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  629.581614][T17504] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  629.958568][T12314] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  629.966079][T12314] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  629.982024][T12314] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  629.984980][T12314] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  630.545519][T12274] IPVS: stop unused estimator thread 0...
[  630.657641][T17528] lo speed is unknown, defaulting to 1000
[  631.757256][T17549] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2933'.
[  632.528167][T17561] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  632.532337][T17561] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  632.543300][T17561] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  632.546561][T17561] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  632.564976][T17561] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  632.567113][T17561] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  632.573794][T17561] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  632.575955][T17561] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  632.583471][T17561] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  632.585592][T17561] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  632.838136][T17570] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2938'.
[  633.928827][T17598] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  633.930940][T17598] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  633.937735][T17598] vhci_hcd vhci_hcd.0: Device attached
[  633.969425][T17601] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2946'.
[  635.065003][T17601] netlink: 'syz.4.2946': attribute type 10 has an invalid length.
[  635.069298][T17601] batman_adv: batadv0: Adding interface: team0
[  635.071493][T17601] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  635.079210][T17601] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  635.111430][T17620] netlink: 'syz.0.2950': attribute type 1 has an invalid length.
[  635.118133][ T1328] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  635.137140][T17599] vhci_hcd: connection reset by peer
[  635.139096][T12282] vhci_hcd: stop threads
[  635.140450][T12282] vhci_hcd: release socket
[  635.142454][T12282] vhci_hcd: disconnect device
[  635.143691][T17620] bond2: (slave geneve3): making interface the new active one
[  635.146990][T17620] bond2: (slave geneve3): Enslaving as an active interface with an up link
[  635.149998][T12264] netdevsim netdevsim0 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0
[  635.152942][T12264] netdevsim netdevsim0 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0
[  635.155706][T12264] netdevsim netdevsim0 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0
[  635.155922][T17620] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2950'.
[  635.158739][T12264] netdevsim netdevsim0 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0
[  635.165358][T17620] 8021q: adding VLAN 0 to HW filter on device bond2
[  635.274816][T17627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2951'.
[  635.889438][T17635] lo speed is unknown, defaulting to 1000
[  636.150810][T17653] lo speed is unknown, defaulting to 1000
[  636.164986][T17661] netlink: 'syz.2.2961': attribute type 12 has an invalid length.
[  636.167828][T17661] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.2961'.
[  636.198273][T17661] FAULT_INJECTION: forcing a failure.
[  636.198273][T17661] name failslab, interval 1, probability 0, space 0, times 0
[  636.202450][T17661] CPU: 0 UID: 0 PID: 17661 Comm: syz.2.2961 Not tainted syzkaller #0 PREEMPT(full) 
[  636.202468][T17661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  636.202474][T17661] Call Trace:
[  636.202479][T17661]  <TASK>
[  636.202483][T17661]  dump_stack_lvl+0x16c/0x1f0
[  636.202501][T17661]  should_fail_ex+0x512/0x640
[  636.202517][T17661]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  636.202530][T17661]  should_failslab+0xc2/0x120
[  636.202546][T17661]  __kmalloc_cache_noprof+0x6a/0x3e0
[  636.202558][T17661]  ? device_add+0xccc/0x1aa0
[  636.202571][T17661]  device_add+0xccc/0x1aa0
[  636.202581][T17661]  ? rcu_is_watching+0x12/0xc0
[  636.202593][T17661]  ? __pfx_device_add+0x10/0x10
[  636.202608][T17661]  device_create_groups_vargs+0x1f8/0x270
[  636.202621][T17661]  device_create+0xed/0x130
[  636.202633][T17661]  ? __pfx_device_create+0x10/0x10
[  636.202644][T17661]  ? do_init_timer+0xc9/0x110
[  636.202658][T17661]  ? ieee80211_roc_setup+0x136/0x270
[  636.202675][T17661]  ? ieee80211_alloc_hw_nm+0x231/0x2260
[  636.202755][T17661]  mac80211_hwsim_new_radio+0x369/0x54d0
[  636.202784][T17661]  ? __pfx____ratelimit+0x10/0x10
[  636.202800][T17661]  ? rcu_is_watching+0x12/0xc0
[  636.202813][T17661]  ? do_trace_netlink_extack+0x164/0x1e0
[  636.202830][T17661]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  636.202846][T17661]  hwsim_new_radio_nl+0xb51/0x12c0
[  636.202859][T17661]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  636.202875][T17661]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  636.202893][T17661]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  636.202913][T17661]  genl_family_rcv_msg_doit+0x206/0x2f0
[  636.202931][T17661]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  636.202953][T17661]  ? bpf_lsm_capable+0x9/0x10
[  636.202964][T17661]  ? security_capable+0x7e/0x260
[  636.202977][T17661]  ? ns_capable+0xd7/0x110
[  636.202991][T17661]  genl_rcv_msg+0x55c/0x800
[  636.203009][T17661]  ? __pfx_genl_rcv_msg+0x10/0x10
[  636.203026][T17661]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  636.203042][T17661]  netlink_rcv_skb+0x155/0x420
[  636.203057][T17661]  ? __pfx_genl_rcv_msg+0x10/0x10
[  636.203074][T17661]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  636.203095][T17661]  ? netlink_deliver_tap+0x1ae/0xd30
[  636.203111][T17661]  genl_rcv+0x28/0x40
[  636.203126][T17661]  netlink_unicast+0x5aa/0x870
[  636.203185][T17661]  ? __pfx_netlink_unicast+0x10/0x10
[  636.203210][T17661]  ? __asan_memset+0x23/0x50
[  636.203222][T17661]  ? __build_skb_around+0x278/0x3b0
[  636.203246][T17661]  ? is_vmalloc_addr+0x86/0xa0
[  636.203262][T17661]  netlink_sendmsg+0x8d1/0xdd0
[  636.203280][T17661]  ? __pfx_netlink_sendmsg+0x10/0x10
[  636.203299][T17661]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  636.203316][T17661]  ____sys_sendmsg+0xa95/0xc70
[  636.203329][T17661]  ? __pfx_____sys_sendmsg+0x10/0x10
[  636.203340][T17661]  ? get_compat_msghdr+0x11a/0x170
[  636.203361][T17661]  ___sys_sendmsg+0x134/0x1d0
[  636.203377][T17661]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.203399][T17661]  ? find_held_lock+0x2b/0x80
[  636.203420][T17661]  __sys_sendmsg+0x16d/0x220
[  636.203436][T17661]  ? __pfx___sys_sendmsg+0x10/0x10
[  636.203457][T17661]  ? rcu_is_watching+0x12/0xc0
[  636.203471][T17661]  __do_fast_syscall_32+0x7c/0x3a0
[  636.203492][T17661]  do_fast_syscall_32+0x32/0x80
[  636.203507][T17661]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  636.203522][T17661] RIP: 0023:0xf7fe7579
[  636.203532][T17661] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  636.203544][T17661] RSP: 002b:00000000f550655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  636.203555][T17661] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  636.203563][T17661] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  636.203570][T17661] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  636.203576][T17661] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  636.203583][T17661] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  636.203597][T17661]  </TASK>
[  636.450263][T17665] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2962'.
[  636.689528][T17677] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2965'.
[  637.591327][T17685] binder: BINDER_SET_CONTEXT_MGR already set
[  637.594407][T17685] binder: 17684:17685 ioctl 4018620d 80000040 returned -16
[  637.599956][T17685] binder: 17684:17685 ioctl c0306201 80000240 returned -11
[  638.207531][T17706] wireguard0: entered promiscuous mode
[  638.213013][T17706] wireguard0: entered allmulticast mode
[  640.091874][T17740] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  640.094259][T17740] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  640.116977][T17740] vhci_hcd vhci_hcd.0: Device attached
[  640.126188][T17740] batadv1: entered allmulticast mode
[  640.130154][T17740] 8021q: adding VLAN 0 to HW filter on device batadv1
[  640.328348][ T1328] vhci_hcd: vhci_device speed not set
[  640.497678][T17741] vhci_hcd: connection closed
[  640.497912][T12281] vhci_hcd: stop threads
[  640.503341][T12281] vhci_hcd: release socket
[  640.511218][T12281] vhci_hcd: disconnect device
[  640.538213][   T29] usb 37-1: new high-speed USB device number 6 using vhci_hcd
[  640.542575][   T29] usb 37-1: enqueue for inactive port 0
[  640.618216][   T29] vhci_hcd: vhci_device speed not set
[  640.677521][T17763] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2984'.
[  640.788838][T17763] bridge_slave_1: left allmulticast mode
[  640.790875][T17763] bridge_slave_1: left promiscuous mode
[  640.792856][T17763] bridge0: port 2(bridge_slave_1) entered disabled state
[  641.141692][T17763] bridge_slave_0: left allmulticast mode
[  641.143604][T17763] bridge_slave_0: left promiscuous mode
[  641.145635][T17763] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.285557][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.289971][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.294645][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.298588][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.301807][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.304873][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.307802][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.311414][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.314488][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.317606][   T34] hid-generic 0008:0006:0007.0006: unknown main item tag 0x0
[  641.325858][   T34] hid-generic 0008:0006:0007.0006: hidraw1: <UNKNOWN> HID v0.0b Device [syz1] on syz1
[  641.471096][T17764] lo speed is unknown, defaulting to 1000
[  641.768107][ T5988] Bluetooth: hci0: command 0x0405 tx timeout
[  642.705024][T17811] QAT: failed to copy from user cfg_data.
[  643.790299][T17827] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3003'.
[  644.084737][T17834] netlink: 'syz.0.3005': attribute type 10 has an invalid length.
[  644.567253][T17842] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  645.308142][   T34] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  645.478996][   T34] usb 10-1: Using ep0 maxpacket: 8
[  645.485651][   T34] usb 10-1: config 0 interface 0 has no altsetting 0
[  645.487778][   T34] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  645.490926][   T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.494837][   T34] usb 10-1: config 0 descriptor??
[  645.653507][T17864] lo speed is unknown, defaulting to 1000
[  645.685426][T17869] netlink: 'syz.2.3016': attribute type 12 has an invalid length.
[  645.725714][   T34] mcp2221 0003:04D8:00DD.0007: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  646.288134][   T34] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[  646.449665][   T34] usb 9-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0
[  646.455550][   T34] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  646.458751][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.461405][   T34] usb 9-1: Product: syz
[  646.462847][   T34] usb 9-1: Manufacturer: syz
[  646.464448][   T34] usb 9-1: SerialNumber: syz
[  646.468419][T17886] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  646.679143][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.686282][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.693233][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.699035][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.702340][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.709360][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.712445][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.715343][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.729037][T17886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.738488][T17886] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.781390][   T34] cdc_ether 9-1:1.0: probe with driver cdc_ether failed with error -22
[  646.788971][   T34] usb 9-1: USB disconnect, device number 36
[  647.762865][T17910] tipc: Resetting bearer <eth:syzkaller0>
[  648.188847][   T34] usb 10-1: USB disconnect, device number 22
[  648.606187][T17934] QAT: failed to copy from user cfg_data.
[  648.835671][T17939] FAULT_INJECTION: forcing a failure.
[  648.835671][T17939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.841326][T17939] CPU: 3 UID: 0 PID: 17939 Comm: syz.2.3035 Not tainted syzkaller #0 PREEMPT(full) 
[  648.841354][T17939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  648.841365][T17939] Call Trace:
[  648.841373][T17939]  <TASK>
[  648.841381][T17939]  dump_stack_lvl+0x16c/0x1f0
[  648.841410][T17939]  should_fail_ex+0x512/0x640
[  648.841437][T17939]  _copy_from_user+0x2e/0xd0
[  648.841467][T17939]  input_event_from_user+0x137/0x290
[  648.841489][T17939]  ? __pfx_input_event_from_user+0x10/0x10
[  648.841510][T17939]  ? input_inject_event+0x1c0/0x3b0
[  648.841532][T17939]  evdev_write+0x26b/0x440
[  648.841553][T17939]  ? __pfx_evdev_write+0x10/0x10
[  648.841569][T17939]  ? common_file_perm+0x1a9/0x340
[  648.841594][T17939]  ? bpf_lsm_file_permission+0x9/0x10
[  648.841621][T17939]  ? security_file_permission+0x71/0x210
[  648.841647][T17939]  ? rw_verify_area+0xcf/0x6c0
[  648.841667][T17939]  ? __pfx_evdev_write+0x10/0x10
[  648.841682][T17939]  vfs_write+0x2a0/0x11d0
[  648.841707][T17939]  ? __pfx_vfs_write+0x10/0x10
[  648.841724][T17939]  ? find_held_lock+0x2b/0x80
[  648.841742][T17939]  ? __fget_files+0x204/0x3c0
[  648.841765][T17939]  ? __fget_files+0x20e/0x3c0
[  648.841781][T17939]  ? handle_mm_fault+0x200/0xd10
[  648.841806][T17939]  ksys_write+0x1f8/0x250
[  648.841825][T17939]  ? __pfx_ksys_write+0x10/0x10
[  648.841847][T17939]  ? rcu_is_watching+0x12/0xc0
[  648.841868][T17939]  __do_fast_syscall_32+0x7c/0x3a0
[  648.841894][T17939]  do_fast_syscall_32+0x32/0x80
[  648.841917][T17939]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  648.841938][T17939] RIP: 0023:0xf7fe7579
[  648.841952][T17939] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  648.841968][T17939] RSP: 002b:00000000f550655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  648.841995][T17939] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  648.842006][T17939] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000
[  648.842015][T17939] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  648.842025][T17939] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  648.842035][T17939] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  648.842057][T17939]  </TASK>
[  649.134731][T17942] net_ratelimit: 66 callbacks suppressed
[  649.134749][T17942] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  650.488079][T17959] FAULT_INJECTION: forcing a failure.
[  650.488079][T17959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.492378][T17959] CPU: 2 UID: 0 PID: 17959 Comm: syz.5.3041 Not tainted syzkaller #0 PREEMPT(full) 
[  650.492397][T17959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  650.492403][T17959] Call Trace:
[  650.492408][T17959]  <TASK>
[  650.492414][T17959]  dump_stack_lvl+0x16c/0x1f0
[  650.492432][T17959]  should_fail_ex+0x512/0x640
[  650.492456][T17959]  strncpy_from_user+0x3b/0x2e0
[  650.492471][T17959]  getname_flags.part.0+0x8f/0x550
[  650.492491][T17959]  __ia32_sys_rmdir+0xaf/0x110
[  650.492505][T17959]  __do_fast_syscall_32+0x7c/0x3a0
[  650.492523][T17959]  do_fast_syscall_32+0x32/0x80
[  650.492537][T17959]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  650.492551][T17959] RIP: 0023:0xf704e579
[  650.492561][T17959] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  650.492571][T17959] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000028
[  650.492582][T17959] RAX: ffffffffffffffda RBX: 0000000080000080 RCX: 0000000000000000
[  650.492589][T17959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  650.492595][T17959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  650.492601][T17959] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  650.492607][T17959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  650.492620][T17959]  </TASK>
[  650.834209][T17963] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3043'.
[  651.078179][   T34] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[  651.078198][T17969] QAT: failed to copy from user cfg_data.
[  651.228244][   T34] usb 9-1: Using ep0 maxpacket: 8
[  651.235038][   T34] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  651.245319][   T34] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  651.249806][   T34] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  651.253291][   T34] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  651.257621][   T34] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  651.262398][   T34] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  651.265222][   T34] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.301011][T17976] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3047'.
[  651.331886][T17977] lo speed is unknown, defaulting to 1000
[  651.608179][T12468] Bluetooth: hci3: command 0x0406 tx timeout
[  651.611858][T12468] Bluetooth: hci4: command 0x0406 tx timeout
[  652.260213][   T34] usb 9-1: usb_control_msg returned -71
[  652.262183][   T34] usbtmc 9-1:16.0: can't read capabilities
[  652.626028][T17997] netlink: 'syz.5.3052': attribute type 12 has an invalid length.
[  652.633868][T17997] FAULT_INJECTION: forcing a failure.
[  652.633868][T17997] name failslab, interval 1, probability 0, space 0, times 0
[  652.645098][T17997] CPU: 0 UID: 0 PID: 17997 Comm: syz.5.3052 Not tainted syzkaller #0 PREEMPT(full) 
[  652.645123][T17997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  652.645134][T17997] Call Trace:
[  652.645142][T17997]  <TASK>
[  652.645150][T17997]  dump_stack_lvl+0x16c/0x1f0
[  652.645178][T17997]  should_fail_ex+0x512/0x640
[  652.645201][T17997]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  652.645224][T17997]  should_failslab+0xc2/0x120
[  652.645248][T17997]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  652.645266][T17997]  ? __pfx_idr_alloc_u32+0x10/0x10
[  652.645285][T17997]  ? __kernfs_new_node+0xd2/0x8e0
[  652.645311][T17997]  __kernfs_new_node+0xd2/0x8e0
[  652.645335][T17997]  ? __pfx___kernfs_new_node+0x10/0x10
[  652.645363][T17997]  ? find_held_lock+0x2b/0x80
[  652.645381][T17997]  ? kernfs_root+0xee/0x2a0
[  652.645407][T17997]  kernfs_new_node+0x13c/0x1e0
[  652.645435][T17997]  kernfs_create_dir_ns+0x4c/0x1a0
[  652.645463][T17997]  internal_create_group+0x34d/0xf30
[  652.645490][T17997]  ? kernfs_add_one+0x14e/0x840
[  652.645514][T17997]  ? __pfx_internal_create_group+0x10/0x10
[  652.645539][T17997]  ? __pfx_dev_add_physical_location+0x10/0x10
[  652.645565][T17997]  ? bus_to_subsys+0x131/0x160
[  652.645587][T17997]  dpm_sysfs_add+0x80/0x280
[  652.645612][T17997]  device_add+0x9a6/0x1aa0
[  652.645632][T17997]  ? __pfx_device_add+0x10/0x10
[  652.645656][T17997]  device_create_groups_vargs+0x1f8/0x270
[  652.645676][T17997]  device_create+0xed/0x130
[  652.645694][T17997]  ? __pfx_device_create+0x10/0x10
[  652.645713][T17997]  ? do_init_timer+0xc9/0x110
[  652.645733][T17997]  ? ieee80211_roc_setup+0x136/0x270
[  652.645753][T17997]  ? ieee80211_alloc_hw_nm+0x231/0x2260
[  652.645779][T17997]  mac80211_hwsim_new_radio+0x369/0x54d0
[  652.645805][T17997]  ? __pfx____ratelimit+0x10/0x10
[  652.645827][T17997]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  652.645854][T17997]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  652.645892][T17997]  hwsim_new_radio_nl+0xb51/0x12c0
[  652.645914][T17997]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  652.645940][T17997]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  652.645966][T17997]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  652.645997][T17997]  genl_family_rcv_msg_doit+0x206/0x2f0
[  652.646024][T17997]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  652.646058][T17997]  ? bpf_lsm_capable+0x9/0x10
[  652.646073][T17997]  ? security_capable+0x7e/0x260
[  652.646097][T17997]  ? ns_capable+0xd7/0x110
[  652.646119][T17997]  genl_rcv_msg+0x55c/0x800
[  652.646147][T17997]  ? __pfx_genl_rcv_msg+0x10/0x10
[  652.646174][T17997]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  652.646199][T17997]  netlink_rcv_skb+0x155/0x420
[  652.646222][T17997]  ? __pfx_genl_rcv_msg+0x10/0x10
[  652.646248][T17997]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  652.646281][T17997]  ? netlink_deliver_tap+0x1ae/0xd30
[  652.646307][T17997]  genl_rcv+0x28/0x40
[  652.646329][T17997]  netlink_unicast+0x5aa/0x870
[  652.646355][T17997]  ? __pfx_netlink_unicast+0x10/0x10
[  652.646377][T17997]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  652.646407][T17997]  netlink_sendmsg+0x8d1/0xdd0
[  652.646434][T17997]  ? __pfx_netlink_sendmsg+0x10/0x10
[  652.646460][T17997]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  652.646484][T17997]  ____sys_sendmsg+0xa95/0xc70
[  652.646499][T17997]  ? tree_mod_log_insert+0x1d4/0x370
[  652.646521][T17997]  ? __pfx_____sys_sendmsg+0x10/0x10
[  652.646537][T17997]  ? get_compat_msghdr+0x11a/0x170
[  652.646568][T17997]  ___sys_sendmsg+0x134/0x1d0
[  652.646593][T17997]  ? __pfx____sys_sendmsg+0x10/0x10
[  652.646626][T17997]  ? find_held_lock+0x2b/0x80
[  652.646658][T17997]  __sys_sendmsg+0x16d/0x220
[  652.646681][T17997]  ? __pfx___sys_sendmsg+0x10/0x10
[  652.646714][T17997]  ? rcu_is_watching+0x12/0xc0
[  652.646734][T17997]  __do_fast_syscall_32+0x7c/0x3a0
[  652.646760][T17997]  do_fast_syscall_32+0x32/0x80
[  652.646783][T17997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  652.646804][T17997] RIP: 0023:0xf704e579
[  652.646817][T17997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  652.646834][T17997] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  652.646850][T17997] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  652.646862][T17997] RDX: 0000000004000804 RSI: 0000000000000000 RDI: 0000000000000000
[  652.646871][T17997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  652.646883][T17997] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  652.646892][T17997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  652.646915][T17997]  </TASK>
[  653.005000][   T34] usb 9-1: USB disconnect, device number 37
[  653.834979][T18024] fuse: Unknown parameter 'gro{~'
[  654.582636][T18035] Bluetooth: MGMT ver 1.23
[  654.658776][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.589873][T18051] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3067'.
[  655.593419][T18050] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3067'.
[  655.598089][T18050] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3067'.
[  655.920903][T18063] C: renamed from team_slave_0
[  655.927843][T18063] netlink: 'syz.4.3069': attribute type 3 has an invalid length.
[  655.930842][T18063] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3069'.
[  655.934072][T18063] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  656.159172][T18071] tmpfs: Bad value for 'gid'
[  656.160754][T18071] tmpfs: Bad value for 'gid'
[  656.163743][T18071] tmpfs: Bad value for 'gid'
[  656.165331][T18071] tmpfs: Bad value for 'gid'
[  656.167904][T18071] tmpfs: Bad value for 'gid'
[  656.170022][T18071] tmpfs: Bad value for 'gid'
[  656.172474][T18071] tmpfs: Bad value for 'gid'
[  656.174065][T18071] tmpfs: Bad value for 'gid'
[  656.176770][T18071] tmpfs: Bad value for 'gid'
[  656.179324][T18071] tmpfs: Bad value for 'gid'
[  656.182036][T18071] tmpfs: Bad value for 'gid'
[  656.184055][T18071] tmpfs: Bad value for 'gid'
[  656.187140][T18071] tmpfs: Bad value for 'gid'
[  656.189071][T18071] tmpfs: Bad value for 'gid'
[  656.192452][T18071] tmpfs: Bad value for 'gid'
[  656.194035][T18071] tmpfs: Bad value for 'gid'
[  656.196483][T18071] tmpfs: Bad value for 'gid'
[  656.198118][T18071] tmpfs: Bad value for 'gid'
[  656.200952][T18071] tmpfs: Bad value for 'gid'
[  656.202613][T18071] tmpfs: Bad value for 'gid'
[  656.205108][T18071] tmpfs: Bad value for 'gid'
[  656.206726][T18071] tmpfs: Bad value for 'gid'
[  656.210707][T18071] tmpfs: Bad value for 'gid'
[  656.212371][T18071] tmpfs: Bad value for 'gid'
[  656.215958][T18071] tmpfs: Bad value for 'gid'
[  656.217642][T18071] tmpfs: Bad value for 'gid'
[  656.221056][T18071] tmpfs: Bad value for 'gid'
[  656.222808][T18071] tmpfs: Bad value for 'gid'
[  656.225849][T18071] tmpfs: Bad value for 'gid'
[  656.227642][T18071] tmpfs: Bad value for 'gid'
[  656.231449][T18071] tmpfs: Bad value for 'gid'
[  656.233097][T18071] tmpfs: Bad value for 'gid'
[  656.236217][T18071] tmpfs: Bad value for 'gid'
[  656.237796][T18071] tmpfs: Bad value for 'gid'
[  656.240199][T18071] tmpfs: Bad value for 'gid'
[  656.241893][T18071] tmpfs: Bad value for 'gid'
[  656.245985][T18071] tmpfs: Bad value for 'gid'
[  656.247664][T18071] tmpfs: Bad value for 'gid'
[  656.251764][T18071] tmpfs: Bad value for 'gid'
[  656.253361][T18071] tmpfs: Bad value for 'gid'
[  656.256227][T18071] tmpfs: Bad value for 'gid'
[  656.257818][T18071] tmpfs: Bad value for 'gid'
[  656.266251][T18071] tmpfs: Bad value for 'gid'
[  656.268149][T18071] tmpfs: Bad value for 'gid'
[  656.271297][T18071] tmpfs: Bad value for 'gid'
[  656.273210][T18071] tmpfs: Bad value for 'gid'
[  656.276419][T18071] tmpfs: Bad value for 'gid'
[  656.278196][T18071] tmpfs: Bad value for 'gid'
[  656.281254][T18071] tmpfs: Bad value for 'gid'
[  656.282901][T18071] tmpfs: Bad value for 'gid'
[  656.286455][T18071] tmpfs: Bad value for 'gid'
[  656.288063][T18071] tmpfs: Bad value for 'gid'
[  656.290780][T18071] tmpfs: Bad value for 'gid'
[  656.292560][T18071] tmpfs: Bad value for 'gid'
[  656.296511][T18071] tmpfs: Bad value for 'gid'
[  656.298806][T18071] tmpfs: Bad value for 'gid'
[  656.301390][T18071] tmpfs: Bad value for 'gid'
[  656.303014][T18071] tmpfs: Bad value for 'gid'
[  656.316880][T18071] tmpfs: Bad value for 'gid'
[  656.318747][T18071] tmpfs: Bad value for 'gid'
[  656.321761][T18071] tmpfs: Bad value for 'gid'
[  656.323541][T18071] tmpfs: Bad value for 'gid'
[  656.325928][T18071] tmpfs: Bad value for 'gid'
[  656.327563][T18071] tmpfs: Bad value for 'gid'
[  656.343388][T18071] tmpfs: Bad value for 'gid'
[  656.350924][T18071] tmpfs: Bad value for 'gid'
[  657.027033][T18084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3076'.
[  657.284810][T18094] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3079'.
[  657.299501][T18094] batadv1: entered allmulticast mode
[  657.350435][T18095] input: syz1 as /devices/virtual/input/input79
[  658.258932][ T6072] usb 9-1: new high-speed USB device number 38 using dummy_hcd
[  658.421530][ T6072] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  658.425802][ T6072] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.429717][ T6072] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.433206][ T6072] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  658.446199][ T6072] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  658.449546][ T6072] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  658.452038][ T6072] usb 9-1: Manufacturer: syz
[  658.454615][ T6072] usb 9-1: config 0 descriptor??
[  658.553646][T18116] fuse: Bad value for 'fd'
[  658.922575][ T6072] hid_parser_main: 43 callbacks suppressed
[  658.922588][ T6072] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  658.932703][ T6072] appleir 0003:05AC:8243.0008: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  659.479566][T18128] QAT: failed to copy from user cfg_data.
[  659.535104][T18130] FAULT_INJECTION: forcing a failure.
[  659.535104][T18130] name failslab, interval 1, probability 0, space 0, times 0
[  659.539280][T18130] CPU: 3 UID: 0 PID: 18130 Comm: syz.0.3090 Not tainted syzkaller #0 PREEMPT(full) 
[  659.539309][T18130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  659.539316][T18130] Call Trace:
[  659.539321][T18130]  <TASK>
[  659.539325][T18130]  dump_stack_lvl+0x16c/0x1f0
[  659.539344][T18130]  should_fail_ex+0x512/0x640
[  659.539360][T18130]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  659.539376][T18130]  should_failslab+0xc2/0x120
[  659.539390][T18130]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  659.539403][T18130]  ? getname_flags.part.0+0x4c/0x550
[  659.539420][T18130]  ? __lock_acquire+0x62e/0x1ce0
[  659.539436][T18130]  getname_flags.part.0+0x4c/0x550
[  659.539452][T18130]  ? css_rstat_updated+0x1c2/0x510
[  659.539466][T18130]  getname_flags+0x93/0xf0
[  659.539478][T18130]  do_sys_openat2+0xb8/0x1d0
[  659.539495][T18130]  ? __pfx_do_sys_openat2+0x10/0x10
[  659.539513][T18130]  ? handle_mm_fault+0x2ab/0xd10
[  659.539526][T18130]  __ia32_compat_sys_openat+0x16d/0x210
[  659.539538][T18130]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  659.539551][T18130]  ? rcu_is_watching+0x12/0xc0
[  659.539564][T18130]  __do_fast_syscall_32+0x7c/0x3a0
[  659.539581][T18130]  do_fast_syscall_32+0x32/0x80
[  659.539595][T18130]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.539610][T18130] RIP: 0023:0xf707e579
[  659.539619][T18130] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  659.539630][T18130] RSP: 002b:00000000f542c060 EFLAGS: 00000293 ORIG_RAX: 0000000000000127
[  659.539640][T18130] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f7243c44
[  659.539647][T18130] RDX: 0000000000080001 RSI: 0000000000000000 RDI: 00000000f73e4ff4
[  659.539654][T18130] RBP: 0000000000080001 R08: 0000000000000000 R09: 0000000000000000
[  659.539660][T18130] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[  659.539666][T18130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.539680][T18130]  </TASK>
[  659.612173][    C3] vkms_vblank_simulate: vblank timer overrun
[  661.039462][   T34] usb 9-1: USB disconnect, device number 38
[  661.561004][T18165] QAT: failed to copy from user cfg_data.
[  661.874551][T18167] netlink: 'syz.4.3101': attribute type 21 has an invalid length.
[  661.877490][T18167] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3101'.
[  662.212102][T18176] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3103'.
[  662.384759][T18176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  662.404012][T18176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  662.418735][T18176] bond0 (unregistering): Released all slaves
[  662.510926][T18183] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3106'.
[  662.842466][T18192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3108'.
[  662.846125][T18192] FAULT_INJECTION: forcing a failure.
[  662.846125][T18192] name failslab, interval 1, probability 0, space 0, times 0
[  662.850746][T18192] CPU: 1 UID: 0 PID: 18192 Comm: syz.2.3108 Not tainted syzkaller #0 PREEMPT(full) 
[  662.850774][T18192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  662.850781][T18192] Call Trace:
[  662.850785][T18192]  <TASK>
[  662.850790][T18192]  dump_stack_lvl+0x16c/0x1f0
[  662.850808][T18192]  should_fail_ex+0x512/0x640
[  662.850824][T18192]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  662.850839][T18192]  should_failslab+0xc2/0x120
[  662.850854][T18192]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  662.850866][T18192]  ? rcu_is_watching+0x12/0xc0
[  662.850878][T18192]  ? __d_alloc+0x32/0xae0
[  662.850893][T18192]  __d_alloc+0x32/0xae0
[  662.850907][T18192]  d_alloc_parallel+0x111/0x1480
[  662.850925][T18192]  ? __lock_acquire+0xb97/0x1ce0
[  662.850941][T18192]  ? __pfx___schedule+0x10/0x10
[  662.850955][T18192]  ? __pfx_d_alloc_parallel+0x10/0x10
[  662.850972][T18192]  ? lockdep_init_map_type+0x5c/0x280
[  662.850988][T18192]  ? lockdep_init_map_type+0x5c/0x280
[  662.851005][T18192]  __lookup_slow+0x193/0x460
[  662.851021][T18192]  ? __pfx___lookup_slow+0x10/0x10
[  662.851041][T18192]  ? __rcu_read_unlock+0x2bc/0x550
[  662.851060][T18192]  ? d_lookup+0xe7/0x190
[  662.851078][T18192]  lookup_noperm+0xe1/0x110
[  662.851095][T18192]  simple_start_creating+0xd1/0x1b0
[  662.851108][T18192]  start_creating.part.0+0x82/0x190
[  662.851122][T18192]  __debugfs_create_file+0xa7/0x6b0
[  662.851136][T18192]  debugfs_create_file_full+0x41/0x60
[  662.851150][T18192]  ? __pfx_veth_setup+0x10/0x10
[  662.851163][T18192]  ref_tracker_dir_debugfs+0x19d/0x290
[  662.851179][T18192]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  662.851207][T18192]  ? alloc_netdev_mqs+0xd2/0x1530
[  662.851221][T18192]  ? lockdep_init_map_type+0x5c/0x280
[  662.851243][T18192]  alloc_netdev_mqs+0x30f/0x1530
[  662.851258][T18192]  ? __pfx_stack_trace_save+0x10/0x10
[  662.851272][T18192]  rtnl_create_link+0xc08/0xf90
[  662.851290][T18192]  veth_newlink+0x611/0xa00
[  662.851303][T18192]  ? rtnl_newlink+0xb69/0x2000
[  662.851317][T18192]  ? rtnetlink_rcv_msg+0x95b/0xe90
[  662.851332][T18192]  ? __pfx_veth_newlink+0x10/0x10
[  662.851344][T18192]  ? ____sys_sendmsg+0xa95/0xc70
[  662.851377][T18192]  ? validate_linkmsg+0x57c/0xb60
[  662.851393][T18192]  ? __pfx_validate_linkmsg+0x10/0x10
[  662.851407][T18192]  ? alloc_netdev_mqs+0xe08/0x1530
[  662.851424][T18192]  ? rtnl_create_link+0xa4a/0xf90
[  662.851439][T18192]  ? __pfx_veth_newlink+0x10/0x10
[  662.851453][T18192]  rtnl_newlink+0xc45/0x2000
[  662.851473][T18192]  ? __pfx_rtnl_newlink+0x10/0x10
[  662.851487][T18192]  ? __pfx___schedule+0x10/0x10
[  662.851510][T18192]  ? rcu_is_watching+0x12/0xc0
[  662.851526][T18192]  ? find_held_lock+0x2b/0x80
[  662.851536][T18192]  ? __pfx_rtnl_newlink+0x10/0x10
[  662.851550][T18192]  ? __pfx_rtnl_newlink+0x10/0x10
[  662.851564][T18192]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  662.851579][T18192]  ? __pfx_rtnl_newlink+0x10/0x10
[  662.851595][T18192]  rtnetlink_rcv_msg+0x95b/0xe90
[  662.851611][T18192]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  662.851625][T18192]  ? __lock_acquire+0xb97/0x1ce0
[  662.851641][T18192]  ? irqentry_exit+0x3b/0x90
[  662.851658][T18192]  netlink_rcv_skb+0x155/0x420
[  662.851673][T18192]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  662.851689][T18192]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  662.851703][T18192]  ? rcu_is_watching+0x12/0xc0
[  662.851723][T18192]  netlink_unicast+0x5aa/0x870
[  662.851740][T18192]  ? __pfx_netlink_unicast+0x10/0x10
[  662.851755][T18192]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  662.851774][T18192]  netlink_sendmsg+0x8d1/0xdd0
[  662.851791][T18192]  ? __pfx_netlink_sendmsg+0x10/0x10
[  662.851807][T18192]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  662.851822][T18192]  ____sys_sendmsg+0xa95/0xc70
[  662.851833][T18192]  ? __pfx_____sys_sendmsg+0x10/0x10
[  662.851843][T18192]  ? get_compat_msghdr+0x11a/0x170
[  662.851863][T18192]  ___sys_sendmsg+0x134/0x1d0
[  662.851879][T18192]  ? __pfx____sys_sendmsg+0x10/0x10
[  662.851900][T18192]  ? find_held_lock+0x2b/0x80
[  662.851920][T18192]  __sys_sendmsg+0x16d/0x220
[  662.851934][T18192]  ? __pfx___sys_sendmsg+0x10/0x10
[  662.851955][T18192]  ? rcu_is_watching+0x12/0xc0
[  662.851967][T18192]  __do_fast_syscall_32+0x7c/0x3a0
[  662.851984][T18192]  do_fast_syscall_32+0x32/0x80
[  662.851998][T18192]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  662.852012][T18192] RIP: 0023:0xf7fe7579
[  662.852021][T18192] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  662.852032][T18192] RSP: 002b:00000000f54c455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  662.852043][T18192] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  662.852050][T18192] RDX: 000000000000c080 RSI: 0000000000000000 RDI: 0000000000000000
[  662.852056][T18192] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  662.852062][T18192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  662.852068][T18192] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  662.852081][T18192]  </TASK>
[  663.046454][T18192] veth3: entered promiscuous mode
[  663.250666][T18203] lo speed is unknown, defaulting to 1000
[  664.059202][T18214] lo speed is unknown, defaulting to 1000
[  664.143896][T18228] FAULT_INJECTION: forcing a failure.
[  664.143896][T18228] name failslab, interval 1, probability 0, space 0, times 0
[  664.147971][T18228] CPU: 0 UID: 0 PID: 18228 Comm: syz.5.3118 Not tainted syzkaller #0 PREEMPT(full) 
[  664.147986][T18228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  664.147994][T18228] Call Trace:
[  664.148010][T18228]  <TASK>
[  664.148016][T18228]  dump_stack_lvl+0x16c/0x1f0
[  664.148035][T18228]  should_fail_ex+0x512/0x640
[  664.148053][T18228]  should_failslab+0xc2/0x120
[  664.148069][T18228]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  664.148083][T18228]  ? skb_clone+0x190/0x3f0
[  664.148100][T18228]  skb_clone+0x190/0x3f0
[  664.148115][T18228]  netlink_deliver_tap+0xabd/0xd30
[  664.148133][T18228]  netlink_unicast+0x71f/0x870
[  664.148150][T18228]  ? __pfx_netlink_unicast+0x10/0x10
[  664.148166][T18228]  ? genl_rcv_msg+0x4bb/0x800
[  664.148185][T18228]  netlink_ack+0x696/0xb80
[  664.148204][T18228]  netlink_rcv_skb+0x332/0x420
[  664.148224][T18228]  ? __pfx_genl_rcv_msg+0x10/0x10
[  664.148241][T18228]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  664.148261][T18228]  ? netlink_deliver_tap+0x1ae/0xd30
[  664.148278][T18228]  genl_rcv+0x28/0x40
[  664.148292][T18228]  netlink_unicast+0x5aa/0x870
[  664.148309][T18228]  ? __pfx_netlink_unicast+0x10/0x10
[  664.148324][T18228]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  664.148342][T18228]  netlink_sendmsg+0x8d1/0xdd0
[  664.148359][T18228]  ? __pfx_netlink_sendmsg+0x10/0x10
[  664.148376][T18228]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  664.148390][T18228]  ____sys_sendmsg+0xa95/0xc70
[  664.148402][T18228]  ? __pfx_____sys_sendmsg+0x10/0x10
[  664.148412][T18228]  ? get_compat_msghdr+0x11a/0x170
[  664.148432][T18228]  ___sys_sendmsg+0x134/0x1d0
[  664.148448][T18228]  ? __pfx____sys_sendmsg+0x10/0x10
[  664.148469][T18228]  ? find_held_lock+0x2b/0x80
[  664.148490][T18228]  __sys_sendmsg+0x16d/0x220
[  664.148504][T18228]  ? __pfx___sys_sendmsg+0x10/0x10
[  664.148525][T18228]  ? rcu_is_watching+0x12/0xc0
[  664.148538][T18228]  __do_fast_syscall_32+0x7c/0x3a0
[  664.148555][T18228]  do_fast_syscall_32+0x32/0x80
[  664.148569][T18228]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  664.148583][T18228] RIP: 0023:0xf704e579
[  664.148592][T18228] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  664.148603][T18228] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  664.148614][T18228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080006000
[  664.148621][T18228] RDX: 0000000000028000 RSI: 0000000000000000 RDI: 0000000000000000
[  664.148627][T18228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  664.148633][T18228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  664.148640][T18228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  664.148653][T18228]  </TASK>
[  664.254671][T18230] lo speed is unknown, defaulting to 1000
[  664.461791][T18240] lo speed is unknown, defaulting to 1000
[  664.677063][T18254] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3122'.
[  664.713862][T18242] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  664.721701][T18242] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  664.761784][T18242] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  664.772016][T18242] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  664.806809][T18261] fuse: Bad value for 'fd'
[  664.835615][T18242] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  664.838166][T18242] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  664.912437][T18242] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  665.052139][T18254] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  665.398704][T18254] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  665.888284][T18254] bond0 (unregistering): Released all slaves
[  665.952400][T18270] lo speed is unknown, defaulting to 1000
[  666.072590][T18284] lo: entered promiscuous mode
[  666.075679][T18286] FAULT_INJECTION: forcing a failure.
[  666.075679][T18286] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  666.078703][T18284] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  666.082652][T18286] CPU: 0 UID: 0 PID: 18286 Comm: syz.4.3132 Not tainted syzkaller #0 PREEMPT(full) 
[  666.082670][T18286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  666.082678][T18286] Call Trace:
[  666.082683][T18286]  <TASK>
[  666.082687][T18286]  dump_stack_lvl+0x16c/0x1f0
[  666.082720][T18286]  should_fail_ex+0x512/0x640
[  666.082742][T18286]  should_fail_alloc_page+0xe7/0x130
[  666.082759][T18286]  prepare_alloc_pages+0x3c2/0x610
[  666.082793][T18286]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  666.082811][T18286]  ? rcu_is_watching+0x12/0xc0
[  666.082824][T18286]  ? trace_mm_page_alloc+0x11f/0x1a0
[  666.082841][T18286]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  666.082855][T18286]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  666.082872][T18286]  ? find_held_lock+0x2b/0x80
[  666.082887][T18286]  ? __lock_acquire+0x62e/0x1ce0
[  666.082903][T18286]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  666.082918][T18286]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  666.082937][T18286]  ? policy_nodemask+0xea/0x4e0
[  666.082954][T18286]  alloc_pages_mpol+0x1fb/0x550
[  666.082969][T18286]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  666.082983][T18286]  ? __lock_acquire+0xb97/0x1ce0
[  666.083002][T18286]  folio_alloc_mpol_noprof+0x36/0x2f0
[  666.083020][T18286]  vma_alloc_folio_noprof+0xed/0x1e0
[  666.083037][T18286]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  666.083060][T18286]  ? rcu_read_unlock+0x2d/0xb0
[  666.083076][T18286]  do_wp_page+0x1e5b/0x4f00
[  666.083097][T18286]  ? __pfx_do_wp_page+0x10/0x10
[  666.083116][T18286]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  666.083134][T18286]  ? ___pte_offset_map+0x2ad/0x4f0
[  666.083154][T18286]  __handle_mm_fault+0x1b2d/0x2a50
[  666.083171][T18286]  ? __pfx___handle_mm_fault+0x10/0x10
[  666.083185][T18286]  ? lock_vma_under_rcu+0x1eb/0x530
[  666.083203][T18286]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  666.083215][T18286]  ? __fget_files+0x20e/0x3c0
[  666.083231][T18286]  handle_mm_fault+0x589/0xd10
[  666.083244][T18286]  ? __bpf_trace_exceptions+0x1/0x40
[  666.083264][T18286]  do_user_addr_fault+0x60c/0x1370
[  666.083283][T18286]  ? rcu_is_watching+0x12/0xc0
[  666.083297][T18286]  exc_page_fault+0x5c/0xb0
[  666.083312][T18286]  asm_exc_page_fault+0x26/0x30
[  666.083324][T18286] RIP: 0023:0xf7198b22
[  666.083334][T18286] Code: c7 fd c4 23 00 56 53 83 ec 1c 8b 6c 24 30 8b 55 1c 65 a1 68 00 00 00 39 c2 0f 84 11 01 00 00 80 7d 18 02 74 2b b8 08 00 00 00 <f0> 0f c1 45 00 83 c0 08 85 c0 0f 88 0e 01 00 00 a8 01 75 7a 31 d2
[  666.083346][T18286] RSP: 002b:00000000f5465350 EFLAGS: 00010293
[  666.083356][T18286] RAX: 0000000000000008 RBX: 00000000f73d4ff4 RCX: 00000000ffffffff
[  666.083363][T18286] RDX: 0000000000000000 RSI: 00000000f7294655 RDI: 00000000f73d4ff4
[  666.083370][T18286] RBP: 00000000f7f36e40 R08: 0000000000000000 R09: 0000000000000000
[  666.083377][T18286] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  666.083385][T18286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  666.083400][T18286]  </TASK>
[  666.083723][T18286] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  666.471040][T18298] bridge3: the hash_elasticity option has been deprecated and is always 16
[  666.473938][T18298] bridge3: entered allmulticast mode
[  666.738520][ T5988] Bluetooth: hci3: command 0x0406 tx timeout
[  666.808165][ T5988] Bluetooth: hci4: command 0x0406 tx timeout
[  666.888373][ T5988] Bluetooth: hci0: command 0x0405 tx timeout
[  667.351625][T18311] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3139'.
[  667.691872][T18321] lo speed is unknown, defaulting to 1000
[  667.945742][    C0] sr 2:0:0:0: [sr0] tag#8 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  667.949260][    C0] sr 2:0:0:0: [sr0] tag#8 CDB: opcode=0xe4 (vendor)
[  667.951423][    C0] sr 2:0:0:0: [sr0] tag#8 CDB[00]: e4 50 ab 8b ca 3c c5 d0 de 67 e2 fc 69 8c 8f 18
[  667.954564][    C0] sr 2:0:0:0: [sr0] tag#8 CDB[10]: 08 0a
[  668.297709][T18340] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  668.630279][   T40] kauditd_printk_skb: 905 callbacks suppressed
[  668.630290][   T40] audit: type=1326 audit(1756255333.937:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45579 code=0x7ffc0000
[  668.645650][   T40] audit: type=1326 audit(1756255333.937:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45579 code=0x7ffc0000
[  668.656273][   T40] audit: type=1326 audit(1756255333.947:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f45579 code=0x7ffc0000
[  668.664793][   T40] audit: type=1326 audit(1756255333.947:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.674445][   T40] audit: type=1326 audit(1756255333.947:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.681714][   T40] audit: type=1326 audit(1756255333.947:2017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.689919][   T40] audit: type=1326 audit(1756255333.947:2018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.704717][   T40] audit: type=1326 audit(1756255333.947:2019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.712625][   T40] audit: type=1326 audit(1756255333.947:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.725178][   T40] audit: type=1326 audit(1756255333.947:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18345 comm="syz.4.3147" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f45598 code=0x7ffc0000
[  668.818144][ T5988] Bluetooth: hci3: command 0x0406 tx timeout
[  668.888122][ T5988] Bluetooth: hci4: command 0x0406 tx timeout
[  668.968355][ T5988] Bluetooth: hci0: command 0x0405 tx timeout
[  670.821967][T18385] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  670.827768][T18385] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3154'.
[  671.058165][ T5988] Bluetooth: hci0: command 0x0405 tx timeout
[  671.154886][T18400] lo speed is unknown, defaulting to 1000
[  671.471528][T18415] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3161'.
[  672.846860][T18436] sd 0:0:0:0: PR command failed: 1026
[  672.848853][T18436] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  672.851351][T18436] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  674.054971][T18452] lo speed is unknown, defaulting to 1000
[  674.223613][T18464] QAT: failed to copy from user cfg_data.
[  674.594234][T18472] fuse: Bad value for 'fd'
[  675.203349][T18483] fuse: Unknown parameter 'gro{~'
[  676.107382][T18492] lo speed is unknown, defaulting to 1000
[  676.496274][T18507] lo speed is unknown, defaulting to 1000
[  676.511428][T18510] QAT: failed to copy from user cfg_data.
[  676.834850][ T5988] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  677.133842][T18518] fuse: Bad value for 'fd'
[  678.192587][T18540] lo speed is unknown, defaulting to 1000
[  678.524685][T18553] lo speed is unknown, defaulting to 1000
[  678.843072][T18561] QAT: failed to copy from user cfg_data.
[  679.563529][T18571] lo speed is unknown, defaulting to 1000
[  680.065188][T18579] lo speed is unknown, defaulting to 1000
[  681.258117][T18596] mkiss: ax0: crc mode is auto.
[  682.304690][T18608] lo speed is unknown, defaulting to 1000
[  682.707577][T18610] fuse: Unknown parameter 'gro{~'
[  683.166644][T18627] binder: 18622:18627 ioctl 40044591 0 returned -22
[  683.222677][T18627] binder: 18622:18627 ioctl c0306201 80000240 returned -14
[  685.242694][T18664] FAULT_INJECTION: forcing a failure.
[  685.242694][T18664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  685.248507][T18664] CPU: 2 UID: 0 PID: 18664 Comm: syz.4.3215 Not tainted syzkaller #0 PREEMPT(full) 
[  685.248534][T18664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  685.248547][T18664] Call Trace:
[  685.248553][T18664]  <TASK>
[  685.248559][T18664]  dump_stack_lvl+0x16c/0x1f0
[  685.248615][T18664]  should_fail_ex+0x512/0x640
[  685.248645][T18664]  save_fsave_header+0x14c/0x2f0
[  685.248670][T18664]  ? __pfx_save_fsave_header+0x10/0x10
[  685.248702][T18664]  ? copy_fpstate_to_sigframe+0x2c3/0xaf0
[  685.248721][T18664]  ? rcu_is_watching+0x12/0xc0
[  685.248739][T18664]  ? __local_bh_enable_ip+0xa4/0x120
[  685.248762][T18664]  copy_fpstate_to_sigframe+0x77c/0xaf0
[  685.248787][T18664]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  685.248808][T18664]  ? posixtimer_deliver_signal+0x105/0x6b0
[  685.248837][T18664]  ? posixtimer_deliver_signal+0x1c7/0x6b0
[  685.248856][T18664]  ? x86_task_fpu+0x5f/0x90
[  685.248877][T18664]  get_sigframe+0x4a8/0x9c0
[  685.248908][T18664]  ? __pfx_get_sigframe+0x10/0x10
[  685.248929][T18664]  ? _raw_spin_unlock_irq+0x23/0x50
[  685.248949][T18664]  ? siginfo_layout+0x177/0x290
[  685.248969][T18664]  ia32_setup_rt_frame+0xe3/0xb30
[  685.248996][T18664]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  685.249022][T18664]  ? do_futex+0x122/0x350
[  685.249042][T18664]  ? __pfx_do_futex+0x10/0x10
[  685.249063][T18664]  arch_do_signal_or_restart+0x480/0x790
[  685.249084][T18664]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  685.249110][T18664]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[  685.249137][T18664]  exit_to_user_mode_loop+0x84/0x110
[  685.249162][T18664]  do_int80_emulation+0x352/0x460
[  685.249187][T18664]  asm_int80_emulation+0x1a/0x20
[  685.249203][T18664] RIP: 0023:0xf7f45577
[  685.249217][T18664] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  685.249231][T18664] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[  685.249246][T18664] RAX: 00000000000000f0 RBX: 000000008000cffc RCX: 0000000000000086
[  685.249256][T18664] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  685.249266][T18664] RBP: 00000000fffffffc R08: 0000000000000000 R09: 0000000000000000
[  685.249275][T18664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  685.249283][T18664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  685.249299][T18664]  </TASK>
[  685.360936][T18668] netlink: 'syz.5.3216': attribute type 1 has an invalid length.
[  685.363626][T18668] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3216'.
[  685.366451][T18668] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3216'.
[  685.424538][T18665] fuse: Unknown parameter 'gro{~'
[  686.057555][T18683] QAT: failed to copy from user cfg_data.
[  686.310348][T18685] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3220'.
[  686.319585][T18685] overlay: Bad value for 'workdir'
[  686.507649][T18678] lo speed is unknown, defaulting to 1000
[  686.959578][T18705] lo speed is unknown, defaulting to 1000
[  687.005262][T18707] netlink: 14 bytes leftover after parsing attributes in process `syz.4.3226'.
[  688.449191][ T1328] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[  688.939284][ T1328] usb 9-1: Using ep0 maxpacket: 16
[  689.649496][ T1328] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[  689.653081][ T1328] usb 9-1: config 0 has no interface number 0
[  689.661829][ T1328] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  689.665567][ T1328] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.679196][ T1328] usb 9-1: Product: syz
[  689.681054][ T1328] usb 9-1: Manufacturer: syz
[  689.683410][ T1328] usb 9-1: SerialNumber: syz
[  689.709017][ T1328] usb 9-1: config 0 descriptor??
[  689.713018][ T1328] hub 9-1:0.132: bad descriptor, ignoring hub
[  689.715833][ T1328] hub 9-1:0.132: probe with driver hub failed with error -5
[  689.740627][ T1328] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.132/input/input81
[  689.801850][T18730] 
[  689.802667][T18730] ======================================================
[  689.805512][T18730] WARNING: possible circular locking dependency detected
[  689.807887][T18730] syzkaller #0 Not tainted
[  689.809626][T18730] ------------------------------------------------------
[  689.814150][T18730] syz.2.3231/18730 is trying to acquire lock:
[  689.815988][T18730] ffff888051bb3868 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  689.818564][T18730] 
[  689.818564][T18730] but task is already holding lock:
[  689.821510][T18730] ffff88801cab6428 (sb_writers#5){.+.+}-{0:0}, at: __do_splice+0x32a/0x360
[  689.824075][T18730] 
[  689.824075][T18730] which lock already depends on the new lock.
[  689.824075][T18730] 
[  689.827500][T18730] 
[  689.827500][T18730] the existing dependency chain (in reverse order) is:
[  689.831262][T18730] 
[  689.831262][T18730] -> #3 (sb_writers#5){.+.+}-{0:0}:
[  689.834019][T18730]        mnt_want_write+0x6f/0x450
[  689.836013][T18730]        ovl_create_object+0x12c/0x300
[  689.837869][T18730]        lookup_open.isra.0+0x11d0/0x1580
[  689.839667][T18730]        path_openat+0x893/0x2cb0
[  689.841288][T18730]        do_filp_open+0x20b/0x470
[  689.842926][T18730]        do_sys_openat2+0x11b/0x1d0
[  689.844669][T18730]        __ia32_compat_sys_openat+0x16d/0x210
[  689.846573][T18730]        __do_fast_syscall_32+0x7c/0x3a0
[  689.848118][T18730]        do_fast_syscall_32+0x32/0x80
[  689.849853][T18730]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  689.851984][T18730] 
[  689.851984][T18730] -> #2 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}:
[  689.854931][T18730]        down_read+0x9b/0x480
[  689.856415][T18730]        walk_component+0x345/0x5b0
[  689.858068][T18730]        path_lookupat+0x142/0x6d0
[  689.859683][T18730]        filename_lookup+0x224/0x5f0
[  689.861349][T18730]        kern_path+0x35/0x50
[  689.862844][T18730]        lookup_bdev+0xd8/0x280
[  689.864588][T18730]        resume_store+0x1d6/0x460
[  689.866216][T18730]        kobj_attr_store+0x55/0x80
[  689.867811][T18730]        sysfs_kf_write+0xf2/0x150
[  689.869583][T18730]        kernfs_fop_write_iter+0x354/0x510
[  689.871395][T18730]        vfs_write+0x7d0/0x11d0
[  689.872960][T18730]        ksys_write+0x12a/0x250
[  689.874489][T18730]        __do_fast_syscall_32+0x7c/0x3a0
[  689.876575][T18730]        do_fast_syscall_32+0x32/0x80
[  689.878431][T18730]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  689.880638][T18730] 
[  689.880638][T18730] -> #1 (&of->mutex){+.+.}-{4:4}:
[  689.883095][T18730]        __mutex_lock+0x193/0x1060
[  689.885362][T18730]        kernfs_fop_write_iter+0x28f/0x510
[  689.887440][T18730]        iter_file_splice_write+0xa24/0x12e0
[  689.889828][T18730]        do_splice+0x1478/0x1fc0
[  689.891402][T18730]        __do_splice+0x32a/0x360
[  689.893043][T18730]        __ia32_sys_splice+0x189/0x250
[  689.894906][T18730]        __do_fast_syscall_32+0x7c/0x3a0
[  689.896796][T18730]        do_fast_syscall_32+0x32/0x80
[  689.898482][T18730]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  689.900835][T18730] 
[  689.900835][T18730] -> #0 (&pipe->mutex){+.+.}-{4:4}:
[  689.903631][T18730]        __lock_acquire+0x12a6/0x1ce0
[  689.905897][T18730]        lock_acquire+0x179/0x350
[  689.907469][T18730]        __mutex_lock+0x193/0x1060
[  689.909092][T18730]        pipe_lock+0x64/0x80
[  689.910546][T18730]        iter_file_splice_write+0x1ea/0x12e0
[  689.912432][T18730]        do_splice+0x1478/0x1fc0
[  689.914312][T18730]        __do_splice+0x32a/0x360
[  689.915997][T18730]        __ia32_sys_splice+0x189/0x250
[  689.917898][T18730]        __do_fast_syscall_32+0x7c/0x3a0
[  689.919766][T18730]        do_fast_syscall_32+0x32/0x80
[  689.921542][T18730]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  689.923713][T18730] 
[  689.923713][T18730] other info that might help us debug this:
[  689.923713][T18730] 
[  689.927573][T18730] Chain exists of:
[  689.927573][T18730]   &pipe->mutex --> &ovl_i_mutex_dir_key[depth] --> sb_writers#5
[  689.927573][T18730] 
[  689.932658][T18730]  Possible unsafe locking scenario:
[  689.932658][T18730] 
[  689.935373][T18730]        CPU0                    CPU1
[  689.937191][T18730]        ----                    ----
[  689.938878][T18730]   rlock(sb_writers#5);
[  689.940229][T18730]                                lock(&ovl_i_mutex_dir_key[depth]);
[  689.942831][T18730]                                lock(sb_writers#5);
[  689.944958][T18730]   lock(&pipe->mutex);
[  689.946259][T18730] 
[  689.946259][T18730]  *** DEADLOCK ***
[  689.946259][T18730] 
[  689.948767][T18730] 1 lock held by syz.2.3231/18730:
[  689.950421][T18730]  #0: ffff88801cab6428 (sb_writers#5){.+.+}-{0:0}, at: __do_splice+0x32a/0x360
[  689.953285][T18730] 
[  689.953285][T18730] stack backtrace:
[  689.954992][T18730] CPU: 3 UID: 0 PID: 18730 Comm: syz.2.3231 Not tainted syzkaller #0 PREEMPT(full) 
[  689.955009][T18730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  689.955016][T18730] Call Trace:
[  689.955022][T18730]  <TASK>
[  689.955028][T18730]  dump_stack_lvl+0x116/0x1f0
[  689.955046][T18730]  print_circular_bug+0x275/0x350
[  689.955064][T18730]  check_noncircular+0x14c/0x170
[  689.955080][T18730]  __lock_acquire+0x12a6/0x1ce0
[  689.955098][T18730]  lock_acquire+0x179/0x350
[  689.955113][T18730]  ? pipe_lock+0x64/0x80
[  689.955127][T18730]  ? __pfx___might_resched+0x10/0x10
[  689.955140][T18730]  ? pipe_lock+0x64/0x80
[  689.955153][T18730]  __mutex_lock+0x193/0x1060
[  689.955168][T18730]  ? pipe_lock+0x64/0x80
[  689.955182][T18730]  ? __pfx___mutex_lock+0x10/0x10
[  689.955197][T18730]  ? rcu_is_watching+0x12/0xc0
[  689.955209][T18730]  ? trace_kmalloc+0x2b/0xd0
[  689.955223][T18730]  ? __kmalloc_noprof+0x242/0x510
[  689.955236][T18730]  ? pipe_lock+0x64/0x80
[  689.955248][T18730]  pipe_lock+0x64/0x80
[  689.955260][T18730]  iter_file_splice_write+0x1ea/0x12e0
[  689.955272][T18730]  ? aa_file_perm+0x29e/0x12e0
[  689.955290][T18730]  ? __pfx_aa_file_perm+0x10/0x10
[  689.955306][T18730]  ? __pfx_iter_file_splice_write+0x10/0x10
[  689.955317][T18730]  ? __lock_acquire+0xb97/0x1ce0
[  689.955336][T18730]  ? __pfx_iter_file_splice_write+0x10/0x10
[  689.955348][T18730]  do_splice+0x1478/0x1fc0
[  689.955360][T18730]  ? __lock_acquire+0x62e/0x1ce0
[  689.955375][T18730]  ? __pfx_do_splice+0x10/0x10
[  689.955386][T18730]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  689.955396][T18730]  ? find_held_lock+0x2b/0x80
[  689.955407][T18730]  __do_splice+0x32a/0x360
[  689.955419][T18730]  ? __pfx___do_splice+0x10/0x10
[  689.955430][T18730]  ? __might_fault+0x70/0x190
[  689.955444][T18730]  __ia32_sys_splice+0x189/0x250
[  689.955457][T18730]  __do_fast_syscall_32+0x7c/0x3a0
[  689.955472][T18730]  do_fast_syscall_32+0x32/0x80
[  689.955487][T18730]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  689.955501][T18730] RIP: 0023:0xf7fe7579
[  689.955510][T18730] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  689.955521][T18730] RSP: 002b:00000000f54e555c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  689.955532][T18730] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000000
[  689.955539][T18730] RDX: 000000000000000a RSI: 0000000000000000 RDI: 00000000000408cd
[  689.955545][T18730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  689.955552][T18730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  689.955558][T18730] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  689.955568][T18730]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  690.489427][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  690.860464][   T75] bridge_slave_1: left allmulticast mode
[  690.862939][   T75] bridge_slave_1: left promiscuous mode
[  690.865409][   T75] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.869921][   T75] bridge_slave_0: left allmulticast mode
[  690.872714][   T75] bridge_slave_0: left promiscuous mode
[  690.875536][   T75] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.531359][   T75] hsr_slave_0: left promiscuous mode
[  691.533558][   T75] hsr_slave_1: left promiscuous mode
[  691.535649][   T75] batman_adv: batadv0: Removing interface: batadv_slave_0
[  691.538788][   T75] batman_adv: batadv0: Removing interface: batadv_slave_1
[  691.541381][   T75] batman_adv: batadv0: Removing interface: team0
[  692.293795][   T75] team0 (unregistering): Port device team_slave_1 removed
[  692.376732][   T75] team0 (unregistering): Port device C removed
[  693.456260][   T75] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.511397][   T75] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.583101][   T75] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.670159][   T10] usb 9-1: USB disconnect, device number 39
[  693.697031][   T75] team0: Port device netdevsim0 removed
[  693.699832][   T75] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.787407][   T75] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.831730][   T75] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.871706][   T75] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.922852][   T75] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.990653][   T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.994496][   T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  693.997665][   T75] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  694.052700][   T75] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.056227][   T75] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  694.059567][   T75] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  694.142222][   T75] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.145855][   T75] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  694.149745][   T75] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  694.213174][   T75] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.216778][   T75] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  694.220689][   T75] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0
[  694.490972][   T75] bond1 (unregistering): Released all slaves
[  694.607333][   T75] bond2 (unregistering): Released all slaves
[  694.658421][   T75] bond1 (unregistering): (slave geneve2): Releasing active interface
[  694.661098][   T75] geneve2 (unregistering): left promiscuous mode
[  694.861657][   T75] bond1 (unregistering): Released all slaves
[  694.884373][   T75] bond2 (unregistering): (slave geneve3): Releasing active interface
[  695.060650][   T75] bond1 (unregistering): Released all slaves
[  695.068174][   T75] bond2 (unregistering): Released all slaves
[  695.192855][   T75] : left promiscuous mode
[  695.266133][   T75] tipc: Left network mode
[  695.280489][   T75] tipc: Left network mode
[  695.289391][   T75] tipc: Disabling bearer <eth:syzkaller0>
[  695.291923][   T75] tipc: Left network mode
[  695.981969][   T75] hsr_slave_0: left promiscuous mode
[  695.984565][   T75] hsr_slave_1: left promiscuous mode
[  695.986850][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  695.989355][   T75] batman_adv: batadv0: Removing interface: batadv_slave_0
[  695.992725][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  695.995083][   T75] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.000431][   T75] hsr_slave_0: left promiscuous mode
[  696.002845][   T75] hsr_slave_1: left promiscuous mode
[  696.005359][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.007810][   T75] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.011940][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.014297][   T75] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.019068][   T75] hsr_slave_0: left promiscuous mode
[  696.021319][   T75] hsr_slave_1: left promiscuous mode
[  696.023935][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.026901][   T75] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.030166][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.032572][   T75] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.041857][   T75] veth1_macvtap: left promiscuous mode
[  696.044424][   T75] veth0_macvtap: left promiscuous mode
[  696.046385][   T75] veth1_vlan: left promiscuous mode
[  696.049323][   T75] veth1_macvtap: left promiscuous mode
[  696.051321][   T75] veth0_macvtap: left allmulticast mode
[  696.053190][   T75] veth0_macvtap: left promiscuous mode
[  696.055154][   T75] veth1_vlan: left promiscuous mode
[  696.056855][   T75] veth0_vlan: left promiscuous mode
[  696.059779][   T75] veth1_macvtap: left promiscuous mode
[  696.061754][   T75] veth0_macvtap: left promiscuous mode
[  696.063807][   T75] veth1_vlan: left promiscuous mode
[  696.065853][   T75] veth0_vlan: left promiscuous mode
[  696.440592][   T75] team0 (unregistering): Port device team_slave_1 removed
[  696.506148][   T75] team0 (unregistering): Port device team_slave_0 removed
[  697.088120][   T75] team0 (unregistering): Port device team_slave_1 removed
[  697.153526][   T75] team0 (unregistering): Port device team_slave_0 removed
[  697.698594][   T75] team0 (unregistering): Port device team_slave_1 removed
[  697.749569][   T75] team0 (unregistering): Port device team_slave_0 removed

VM DIAGNOSIS:
00:42:36  Registers:
info registers vcpu 0

CPU#0
RAX=dffffc0000000000 RBX=ffff888024325290 RCX=0000000000000000 RDX=fffff5200063bf28
RSI=0000000000000000 RDI=ffff888024325294 RBP=1ffff9200063bf28 RSP=ffffc900031df938
R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff818a61b0 R11=0000000000000000
R12=ffff888024325290 R13=0000000000000003 R14=ffff888024324880 R15=0000000000000000
RIP=ffffffff8197a9b0 RFL=00000806 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080007000 CR3=0000000054394000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000118aba4 RBX=0000000000000001 RCX=ffffffff8b90abf9 RDX=ffffed1005666656
RSI=ffffffff8c162c80 RDI=ffffffff8190ccb1 RBP=ffffed1003bdb488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001
R12=0000000000000001 R13=ffff88801deda440 R14=ffffffff90ab8290 R15=0000000000000000
RIP=ffffffff8b90975f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000003471bff8 CR3=0000000060220000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000b467fc RBX=0000000000000002 RCX=ffffffff8b90abf9 RDX=ffffed1005686656
RSI=ffffffff8c162c80 RDI=ffffffff8190ccb1 RBP=ffffed1003bdb910 RSP=ffffc9000047fdf8
R8 =0000000000000000 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000001
R12=0000000000000002 R13=ffff88801dedc880 R14=ffffffff90ab8290 R15=0000000000000000
RIP=ffffffff8b90975f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880976c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055a89d2ce000 CR3=000000004c47e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 0000002c00000012 0004000000080024 0000000000280030
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000ca7 0000001400000000 0000000000000000 0000000000000015
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e69622f2e01ffff ffffffffffffd708 0880032c000005f1 0000001500000001
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c482080004080001 8002060075be0023 4423436964696d2f 646e732f7665642f
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 01ffffffffffffff ffdb080180030fff ffffff0204080000 08000208007c0800
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a014cd40fffffff ff02018084080000 08000fffffffff02 0108000a0156be00
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0400208008000880 0201c70800080148 d600317265646e69 622f327366726564
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 19acb46e6914bf97 ef3dcce83ca97264 d93eff68075b8b0c b5def0ec643fc342
ZMM25=02e70a3902e70a39 02e70a3902e70a39 02e70a3902e70a39 02e70a3902e70a39 02e70a3902e70a39 02e70a3902e70a39 02e70a3902e70a39 02e70a3902e70a39
ZMM26=422b1ced422b1ced 422b1ced422b1ced 422b1ced422b1ced 422b1ced422b1ced 422b1ced422b1ced 422b1ced422b1ced 422b1ced422b1ced 422b1ced422b1ced
ZMM27=edd2baf1edd2baf1 edd2baf1edd2baf1 edd2baf1edd2baf1 edd2baf1edd2baf1 edd2baf1edd2baf1 edd2baf1edd2baf1 edd2baf1edd2baf1 edd2baf1edd2baf1
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=b21e0000b21e0000 b21e0000b21e0000 b21e0000b21e0000 b21e0000b21e0000 b21e0000b21e0000 b21e0000b21e0000 b21e0000b21e0000 b21e0000b21e0000
info registers vcpu 3

CPU#3
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85617045 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc90003c47248
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff9b0f96c0 R15=ffffffff85616fe0
RIP=ffffffff8561706f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000034710ff8 CR3=0000000054394000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000