last executing test programs:

1m58.703635514s ago: executing program 2 (id=2731):
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) (async)
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69)
close(r0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
r2 = signalfd(r0, &(0x7f0000000300)={[0x6aa, 0x9]}, 0xffffff66)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000740)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
r3 = gettid()
timer_create(0x2, &(0x7f000049efa0)={0x0, 0xb, 0x4, @tid=r3}, &(0x7f0000044000)=<r4=>0x0)
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_settime(r4, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0) (async)
r5 = openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095", @ANYRES16=r5, @ANYRES16=0x0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
read$FUSE(r1, &(0x7f0000000f40)={0x2020}, 0x2020) (async)
read$FUSE(r1, &(0x7f0000000f40)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000380)={0x50, 0xb, r7, {0x7, 0x2b, 0xfff7ffff, 0x1000, 0x292, 0x2, 0x9, 0x6, 0x0, 0x0, 0x40, 0x1}}, 0x50) (async)
write$FUSE_INIT(r1, &(0x7f0000000380)={0x50, 0xb, r7, {0x7, 0x2b, 0xfff7ffff, 0x1000, 0x292, 0x2, 0x9, 0x6, 0x0, 0x0, 0x40, 0x1}}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r6}, 0x18)
socket$caif_stream(0x25, 0x1, 0x1) (async)
r8 = socket$caif_stream(0x25, 0x1, 0x1)
sendmsg$inet(r8, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000240)="80ece3274e9b9fe1f365d64aa02bd6d5845d7b31f01690eb2d5970ecd29715649175711c75240bfdfc1ae4393c298383095b315d1974da8b1466d72cd539deff66cae9a2bebe97d1c63be89e73fac72a15b770c66e3793b3b8a441fa93f54601e9983a826ad0e0525594ba65752f3c71914329d2c96c0af55ddd85db071568e3a0b628b1f2a82984bb6a3265", 0x8c}], 0x1}, 0x2000c010)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r11 = dup(r9)
write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c) (async)
write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffff9, 0x80, 0x0, 0xd3, 0x0, r11}, &(0x7f0000000080), &(0x7f00000001c0)) (async)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffff9, 0x80, 0x0, 0xd3, 0x0, r11}, &(0x7f0000000080), &(0x7f00000001c0))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x2, 0x0)

1m58.496366625s ago: executing program 2 (id=2732):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x1c001, 0x0)
syz_open_procfs(r0, &(0x7f00000003c0)='numa_maps\x00')
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x70, 0x0)

1m58.490506931s ago: executing program 2 (id=2733):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000000000000000bf000000ffffffe6000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@deltfilter={0x3c, 0x2d, 0x10, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0xffe0}, {0x8, 0xb}, {0x3, 0x10}}, [@f_tcindex={{0xc}, {0xc, 0x2, [@TCA_TCINDEX_CLASSID={0x8, 0x5, {0x7, 0x2}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040001}, 0x20000010) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{r0, <r3=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000400)='%-5lx  \x00'}, 0x1c) (async)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) (async)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x40, 0x0, 0x0, 'queue0\x00'}) (async)
r6 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r7=>0x0})
bind$packet(r6, &(0x7f0000000080)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) (async)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x4, [@var={0x6, 0x0, 0x0, 0xe, 0x2, 0x1}, @float={0x10, 0x0, 0x0, 0x10, 0x10}, @float={0x3, 0x0, 0x0, 0x10, 0x2}, @var={0x4, 0x0, 0x0, 0xe, 0x3, 0x1}, @const={0x8, 0x0, 0x0, 0xa, 0x3}]}, {0x0, [0x5f, 0x5f]}}, &(0x7f0000000580)=""/80, 0x60, 0x50, 0x0, 0xcc1}, 0x28)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r3, <r9=>0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)='%pi6   \x00'}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x6, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x7}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x78}]}, &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x8, '\x00', r7, 0x0, r8, 0x8, &(0x7f0000000640)={0x6, 0x5}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x5, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r0, r9, r0], &(0x7f00000007c0), 0x10, 0x10000}, 0x94) (async)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000140)={0x176, @tick=0x7, 0x0, {}, 0x0, 0x0, 0xfe}) (async)
socketpair(0x3, 0x5, 0x9, &(0x7f00000007c0)) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000080)={0x0, 0x2f, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500004008000b"], 0x40}, 0x1, 0x0, 0x0, 0x94ced4add106a01f}, 0x4040) (async)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b000000000000000000000000000400000000001e513a31cdeb639c418762c67829e239c25c22d916108086a5afc37b5113c1cf328201f48128e9bb82e33c702f5e9d4c5fc734ec778ec58a745b68055e0c54ea71902a1d4af99385edaae5197ba8f60c89ad3f8d072bf3d206606824e8289df7a3222a91c34004b3c5e6cab723951ad8371e38e4d0be4271ca1727bb0cdfed452f065a", @ANYRES32=0x0, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m58.404951182s ago: executing program 2 (id=2734):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x400000000080803, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x3b0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800180001"], 0x48)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)

1m57.134403022s ago: executing program 2 (id=2740):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x101f})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000009c0)={0x44, 0x7000000, &(0x7f0000000800)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3c, 0x0, &(0x7f0000000300)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

1m56.784975252s ago: executing program 2 (id=2744):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffc97}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
membarrier(0x40, 0x0)

1m56.66290699s ago: executing program 32 (id=2744):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffc97}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
membarrier(0x40, 0x0)

1m47.821209066s ago: executing program 0 (id=2791):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) (async)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async, rerun: 32)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') (async, rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 32)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (rerun: 32)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async, rerun: 32)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) (rerun: 32)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000000)=0x5872a4d6c3edc95e, 0x4)
ftruncate(r1, 0x8800000) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r3, r1, 0x0, 0x578410eb) (async)
r5 = socket$kcm(0x10, 0x2, 0x0) (async)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
r6 = socket$kcm(0x29, 0x5, 0x0) (async)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0xf3e, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={&(0x7f0000000300), &(0x7f0000000380)="c75f16175bb69c4013d0479f629c0ba46ff8ac8dc98098b878545ed70bb5bc1bacf36b28b91a23b1365fa8e67059f7c1fc1ade5eb855207f7066f96bdafb14234e8d9afeee1f3fd22e4b4fe5a61f4afde21805ae5206b87bb22d882df14583a3e6616fce86827ba486d004155a4450ce7bc978b14dadd17103787da46b699548021f41884a83569757da03e5194f8d83c3638886d844e7bed2e0440b393bdd4ec45238b77d"}}, &(0x7f0000000100))
fsetxattr$trusted_overlay_opaque(r5, &(0x7f00000000c0), &(0x7f0000000280), 0x2, 0x3) (async)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000400000000000000080003851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e}, 0x94) (async, rerun: 32)
syz_open_dev$hiddev(&(0x7f0000000040), 0x7, 0x20000) (rerun: 32)

1m45.40418445s ago: executing program 0 (id=2802):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000440)={0xffff, 0x1, 0x6})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r5})
dup(r2)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(r0, 0xffffffffffffffff, 0xffdd)

1m45.313653956s ago: executing program 0 (id=2803):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
io_setup(0x8, &(0x7f0000000000)=<r1=>0x0)
eventfd2(0x0, 0x80001)
sendmmsg$inet6(r0, &(0x7f0000000e00)=[{{&(0x7f0000000000)={0xa, 0x2, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000200)='b', 0x1}], 0x1}}, {{&(0x7f00000000c0)={0xa, 0x4e22, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x13a1}, 0x1c, &(0x7f00000001c0)}}], 0x2, 0x240040c4)
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
io_pgetevents(r1, 0x1, 0x2, &(0x7f0000000040)=[{}, {}], &(0x7f0000000100)={r2, r3+10000000}, &(0x7f0000000180)={&(0x7f0000000140)={[0x8, 0x3]}, 0x8})
shutdown(r0, 0x1)

1m44.224752553s ago: executing program 0 (id=2806):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x400000000080803, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x3b0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800180001"], 0x48)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa5c0a, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)

1m42.720549363s ago: executing program 0 (id=2815):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r0 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$F2FS_IOC_RESIZE_FS(r0, 0x4008f510, &(0x7f0000000080)=0x7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x20, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0xd0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55)
r5 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$netlink(r5, 0x10e, 0x4, 0x0, &(0x7f0000000100))
r6 = gettid()
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x250c80, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"])
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))

1m42.471969847s ago: executing program 0 (id=2817):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) (async)
r3 = socket$netlink(0x10, 0x3, 0xa)
r4 = dup(r3)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80141, 0x0)
ftruncate(r5, 0x200004)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe0000000000007bae020000c0bd0000000000000000060000000000000000001f00c204", @ANYRESOCT=0x0], 0x0) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x8, 0x0, &(0x7f0000000300)="b800000500000000", &(0x7f0000000300), 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
ioctl$BLKRAGET(r5, 0x1263, &(0x7f0000000180)) (async)
write$apparmor_exec(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000000000"], 0x8)
sendfile(r4, r5, 0x0, 0x80001d00c0d1) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r8)
sendmsg$NLBL_MGMT_C_ADD(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x100, r9, 0xe701ac47a3d23ccd, 0x0, 0x2, {}, [@NLBL_MGMT_A_DOMAIN={0xda, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3i\xb0Z\xbf_\xfe~gJ\x13\xfc\x15om~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\a\x00\x00\x00\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x28}]}, 0x100}, 0x1, 0x0, 0x0, 0x20084880}, 0x0) (async)
socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

1m42.43467912s ago: executing program 33 (id=2817):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) (async)
r3 = socket$netlink(0x10, 0x3, 0xa)
r4 = dup(r3)
r5 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80141, 0x0)
ftruncate(r5, 0x200004)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe0000000000007bae020000c0bd0000000000000000060000000000000000001f00c204", @ANYRESOCT=0x0], 0x0) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x8, 0x0, &(0x7f0000000300)="b800000500000000", &(0x7f0000000300), 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
ioctl$BLKRAGET(r5, 0x1263, &(0x7f0000000180)) (async)
write$apparmor_exec(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000000000000"], 0x8)
sendfile(r4, r5, 0x0, 0x80001d00c0d1) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r8)
sendmsg$NLBL_MGMT_C_ADD(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x100, r9, 0xe701ac47a3d23ccd, 0x0, 0x2, {}, [@NLBL_MGMT_A_DOMAIN={0xda, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3i\xb0Z\xbf_\xfe~gJ\x13\xfc\x15om~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\a\x00\x00\x00\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x28}]}, 0x100}, 0x1, 0x0, 0x0, 0x20084880}, 0x0) (async)
socket(0x400000000010, 0x3, 0x0)
r10 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

1m14.820865536s ago: executing program 4 (id=2967):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
mknod(&(0x7f0000000080)='./bus\x00', 0x8000, 0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xa00965, 0x2})
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
listen(0xffffffffffffffff, 0x3)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
setrlimit(0xc, &(0x7f0000000300)={0x0, 0x9})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000280)={@my=0x1})
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x400080, &(0x7f00000001c0)='discard')

1m13.883779506s ago: executing program 4 (id=2970):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc}) (async)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0xfffffffc, 0x0, r2}, &(0x7f0000000600)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = syz_io_uring_setup(0x57a0, &(0x7f0000000080)={0x0, 0xd498, 0x1000, 0x1, 0xee}, &(0x7f0000000100), &(0x7f0000000140))
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r7, 0xa, 0x0, r8) (async)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r7, 0xa, 0x0, r8)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r6, r6, r6], 0x3, 0x0, 0x0, {0x0, r8}}) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r6, r6, r6], 0x3, 0x0, 0x0, {0x0, r8}})
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x14, 0x0, 0x2, 0x0, &(0x7f0000000140)="40887792d64b5dcbaf5d7230ce5cdbffb14ee796d4f8e92d7fd104ac8620d47337b601d477298cf0abb1c44ba2565ea43ac27f6fd2b60d14d53ce1b6ff261ec418f52fdd34061cfd32c6e9859b1d2a1b0fce2847e8130f78e7229a19f49071abcdb96cee690866ba22", 0x8, 0x0, 0x0, {0x0, r8}})
io_uring_enter(r3, 0x2ded, 0x4000, 0x8, 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) (async)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r9, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) (async)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48) (async)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000040000000c"], 0x48)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r13}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r13}, 0x10)
sendmsg$NFT_BATCH(r11, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f000000c300)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r14, 0x8933, &(0x7f0000001240)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r14, 0x8933, &(0x7f0000001240)={'wlan1\x00', <r15=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r14, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000080)={0x24, r10, 0x1, 0x71bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r14, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000080)={0x24, r10, 0x1, 0x71bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x8, 0x11d, 0x0, 0x1, [{0x4}]}]}, 0x24}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0xf6f, &(0x7f0000000680)={0x0, 0x4b46, 0x2, 0x0, 0x2ea}, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x84301)

1m13.704848576s ago: executing program 4 (id=2971):
open_by_handle_at(0xffffffffffffffff, 0x0, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='task\x00')
lseek(r0, 0x400000000000000, 0x2)
getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000080)={@empty, @dev}, &(0x7f0000000100)=0x8)
r1 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r2, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r2, 0x1)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r3, 0x40084504, &(0x7f0000000440)=[0x6, 0xf0])
r4 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x30e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x40, 0x8, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x3, 0x1, 0x2, 0x7, {0x9, 0x21, 0x16, 0x5, 0x1, {0x22, 0xf51}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xe, 0x5, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x80, 0x2, 0x13}}]}}}]}}]}}, &(0x7f0000000300)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x111, 0x80, 0x8, 0x4, 0x8, 0x1}, 0x8, &(0x7f0000000200)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x1, [{0x8c, &(0x7f0000000240)=@string={0x8c, 0x3, "1643dcc5800bc276747063409495cde66bea04ad9ff9f9c7e306069aba7471e9143e49ffb7d797f75fd5f0b7ba8504e18853d2aa2f837d1d99d8c65bbb2cc7149f9ea80092d565a4bfcd24d5f60284a3a1a6ddca740e6ea04e8aa8ee9797322d3aa7a8061010720f50aab427ee81b03ed516e08a1a574c58491b31513dea8abea948f058ca7b1015c0ad"}}]})
syz_usb_control_io(r4, &(0x7f0000000600)={0x18, &(0x7f0000000340)={0x0, 0x22, 0x49, {0x49, 0x23, "b6f616542a11841d590f20ec192a233a7a19d1f9a71ac131a1435adac38100676c4d4123ac8a9c2462523f174e66f9889e3cde3be3734812a58673254241d6cc21e4b32e09ebc7"}}, &(0x7f0000000480)={0x0, 0x3, 0x102, @string={0x102, 0x3, "8f1bb6d8decdadd51169f610815f80ee5d2e640dd4d1cd0aee69299d2fe5e495f33bfba4c411c11281e8ba334c709e4e7d57de30e730a289eebc22cf40c32bee1c91bba42f3ed5ac55ef3c7701030528d0ddda7eb746c98b3021c201cd8128ec57dbe00f334aa98b51d4db1327a5dd05e7a0ce3533fdc981d2cb3005041c2f296743cdc65f1f04a9c6b571475edf1bbe0c3f5620c8f1ddd3badf26469e1c20555ad10756a4ab8c4f859772755344be13e5671b377732a4376391b4321a9a74d185e5b8e95372b297d0ec52edade7c9b6a1d2a2f36ce2bd8dbcb32b5f8ac053b27b950f772f98ff8217807e213f9a3682f1ced1ed64fba883da21b97f23aabf86"}}, &(0x7f00000003c0)={0x0, 0xf, 0x30, {0x5, 0xf, 0x30, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x3, 0x5, 0x5, 0x4b6, 0x6}, @ssp_cap={0x20, 0x10, 0xa, 0x5, 0x5, 0x9, 0xf00f, 0x4ce0, [0xf, 0xc0c0, 0xc0c0, 0x3f00, 0x0]}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x18, 0xc, 0xa3, "02010001", "10a6ccd2"}}, &(0x7f00000005c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x3, 0xe0, 0x4, 0x5, 0x7, 0x4}}}, &(0x7f0000000a40)={0x44, &(0x7f0000000640)={0x40, 0x13, 0x14, "859fec3e79f263fd20f71a6156f991741d2192a4"}, &(0x7f0000000680)={0x0, 0xa, 0x1, 0x47}, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000700)={0x20, 0x0, 0x4, {0x3}}, &(0x7f0000000740)={0x20, 0x0, 0x4, {0x100, 0x20}}, &(0x7f0000000ac0)={0x40, 0x7, 0x2, 0x7ff}, &(0x7f00000007c0)={0x40, 0x9, 0x1, 0xf}, &(0x7f0000000800)={0x40, 0xb, 0x2, "88c8"}, &(0x7f0000000840)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000880)={0x40, 0x13, 0x6, @random="c9e625c966cc"}, &(0x7f00000008c0)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, &(0x7f0000000900)={0x40, 0x19, 0x2, "deaa"}, &(0x7f0000000940)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000000980)={0x40, 0x1c, 0x1}, &(0x7f00000009c0)={0x40, 0x1e, 0x1, 0xc}, &(0x7f0000000a00)={0x40, 0x21, 0x1, 0x3}})

1m12.280752325s ago: executing program 4 (id=2979):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
socket$inet6(0xa, 0x3, 0x8000000003c)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$inet6(0x2d, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x8080, &(0x7f0000000100)={0x2d, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x5}, 0x1c)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=@bridge_getvlan={0x20, 0x72, 0x333, 0x6, 0x4, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x7ffffffe}]}, 0x20}}, 0x20000010)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000340))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000040)={0xfffffffffffff001, 0x2000})
r5 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x40682, 0x9c)
fspick(r5, &(0x7f0000000100)='./file0\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9b}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r6, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x1, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c)

1m11.957884009s ago: executing program 4 (id=2981):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x1, 0x8000)
ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000400)=0x9)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002280)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
pivot_root(&(0x7f0000002240)='./file0/file0\x00', 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

1m10.697997781s ago: executing program 4 (id=2986):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0xc8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20}, 0x80)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='bridge0\x00', 0x10)
sendto$inet(r0, &(0x7f0000000040)="255f5a03204f8e0b", 0x8, 0x24008914, &(0x7f0000000080)={0x2, 0x4e22, @multicast1=0xe000006a}, 0x10)
utimensat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x0)

55.89045253s ago: executing program 34 (id=2986):
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0xc8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20}, 0x80)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='bridge0\x00', 0x10)
sendto$inet(r0, &(0x7f0000000040)="255f5a03204f8e0b", 0x8, 0x24008914, &(0x7f0000000080)={0x2, 0x4e22, @multicast1=0xe000006a}, 0x10)
utimensat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x0)

7.053234469s ago: executing program 6 (id=3357):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000000)=0x1000)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r5, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
sendmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x80)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$evdev(&(0x7f0000000000), 0x16e51fe0, 0x0)

3.103889932s ago: executing program 6 (id=3383):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[], 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r2, &(0x7f00000057c0)=[{{0x0, 0x4000, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0, 0x94}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0)
r5 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r5, 0x5})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)=ANY=[])
write$eventfd(r5, &(0x7f00000000c0)=0x33482a8d, 0x8)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x8080, 0x0)
poll(&(0x7f0000000380)=[{r7, 0x214c}, {r0, 0x1402}], 0x2, 0xf0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000427000004000000300000014000200fc0200000000090149e60000000000010c00018005002f80bc0000000000000000"], 0x34}}, 0x4040080)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000003c0))
r9 = syz_io_uring_setup(0x113, &(0x7f00000002c0), &(0x7f0000000200)=<r10=>0x0, &(0x7f0000000040)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r12=>0xffffffffffffffff})
syz_io_uring_submit(r10, r11, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x40, 0x0, r12, 0x0, 0x0, 0x0, 0x102, 0x1, {0x3}})
io_uring_enter(r9, 0x8aa, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000002ea0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b000100697036746e6c00001000028004001300050009002900000008000400"], 0x48}}, 0x0)
syz_emit_ethernet(0x93, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffff56b6378053d188a8460081002400884800000000000000000000000000000000000f0f00235541d1b47003e8d6714a45d3c38b81c3c16e48497ee3509706e6ae7194906679d74b27189052b495d25a83d817075d5aa14ba4b38823019f3188ecf13b738b638477a472fbf305264fdc47db8c5ce942618a8dab2123b0ec0375ead3f43598623838"], &(0x7f0000000340)={0x1, 0x3, [0xa71, 0xba, 0xf03, 0x3bf]})
close_range(r6, 0xffffffffffffffff, 0x0)

2.886299007s ago: executing program 1 (id=3385):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000009c0)={0x54, r2, 0x1, 0x70bd22, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @mgmt_frame=@probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x1}, @device_a, @device_a, @from_mac=@device_b, {0x9, 0xff9}, @value=@ver_80211n={0x0, 0x4, 0x3, 0x2, 0x0, 0x2, 0x1, 0x0, 0x1}}, @void, @val, @void, @void, @val={0x72, 0x6}}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x54}, 0x1, 0x0, 0x0, 0x40001}, 0x8040) (fail_nth: 10)

2.795269682s ago: executing program 1 (id=3386):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x0, 0x0)
preadv2(r1, &(0x7f0000000180)=[{&(0x7f0000000340)=""/205, 0xcd}], 0x1, 0x400, 0x0, 0x0)
r2 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b7050000000b00006110200000000000d40500002000000095000000000000009abb1723bf2c203831c9545b21c751ee4024f479cbe4b89f9807836ea5847c95ffc926c2e182c7a3221481f5009edaf5f542a715b99fb3d2a73dd02584a54ee68c70dbfbcdcea76ee541e318cbe84cd4f5381f522e258a4d9aeb9b16feb66bf40fdf73be95633dc5de907f2ffdcc18494f09c327abd3a76fee11357181f05f7ac06d6a9078df8bc21f00cd8ac4109850ce4aa147beacafecd5c7ccdeecb146ca1e7611f8b3adb41b39029c1b9b59fbf1b4a80167ca6b113a1600000000000000000000cdb7fe6d684423596ee2bdad7787936c24c84d4721327a695ed24946de35ff5e000091e0610ac2d72b9b6f453f98e7b5a25941905bd564aac36dbe7d1db9f5561ad6f7c2e79fb80b6949d626024b5fb96e3da0d7113b1c826f49a2cbc18001d315aaf280a8a762689f8c6fee958836002f48815ad19ee99d81c9e3cda430cef4a75e5c4dd14c3cbb6af58e3f3b3f8cbd858532b02995d79ca5dac0fd49aa150f6e212e3f46e4f37f372ee43f136e4d3af6cc4a0ce2379cc1010d8483b82e54feeefa1e89d6a3b74fbb4b619c43984223674b40fbe29ea5752c76a5e6a44d95382a9e04f9a51881aedb6d6242d0fe2e7dcf1f8b22f46c37fb010f8e86c62a4c72327c7eaaf720aff72529429aed45219cb1b6476e53b650927d193b4062c4640de2781643edc5e59280c59332e92b52675a02009db11b3829d8424fdf33ccdb7f89bfa14f9c2a17f9183cb48222e685f49340891845efdac175d90c116eaa013315165865f9a3785e21b41fd4b5eda7eb5a7462307fe72a3fe53eb02c75867e6eeebfc3037683f66d407fc28c4735a221bb5b78a6f966474a98ceceb20f0d4757b8e81ab14d29bad2b19aa5aff53ee333009688b401064898f58f88226f0e675cc74f0adaf4b97315e12e88b5eabd519e523a7f0e839fe91774f85a65068de244a78687c12e4e6dffb556c8d30b8ee73faaac455701569da7ae1a4e44fdd2cf28965a9f5e09acf476e07e5ea768c558a5622601742b27b91724dde6a0f96d3e53e67db57bbd0d3f2dd8439192dfc71f9e5f289c7f519e8b794fb09b64fb3c1bcd46731051de09510ebd717eb57655d447753fd2ff052a9d6889ddb5a5f68564bd00a5ff58a75805eadb00000000000000006a9af2471aada1ad164502199e0a668ad4daa53e5658f82733b3c7f36fcf3146adf7025dfd79c5a67c27395f5ca5a90d45402e58b42946b5a977a56385f31083a4b65d61ec4991cd6c91a02bd788825a"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)

2.779484074s ago: executing program 3 (id=3387):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000000)='\x00', 0x1)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, &(0x7f0000000040)={{0x7, 0x6, 0x4, 0x30, 'syz1\x00', 0x7}, 0x1, [0x8, 0x5, 0x4, 0x100, 0x8, 0x6152, 0x1, 0x8, 0x4, 0x7, 0xe, 0x3b29, 0x6, 0x5, 0x3, 0x9, 0xe, 0x8001, 0x6, 0x55, 0xff, 0x6, 0x1, 0x6618, 0x8, 0x0, 0x1, 0x5, 0x7, 0x6, 0x1, 0x8, 0x7fffffff, 0xffff46d9, 0x3, 0x6, 0xe, 0x5, 0x1, 0x10, 0xc95, 0x8, 0x4, 0xe, 0x80000000, 0xfffffff9, 0x6, 0x3, 0x8, 0x7, 0x4, 0xffffffc0, 0x2, 0x1, 0x200, 0x3, 0x5, 0x7fffffff, 0x7fff, 0x3, 0x7b21, 0x1, 0xa4, 0xc, 0x2, 0xb548, 0x6, 0x0, 0x5, 0x9, 0xc, 0xfffffbab, 0x4, 0xfff, 0x8, 0x6, 0xff, 0x0, 0x8000, 0x5, 0xfffffffe, 0x0, 0x2, 0x5, 0x8, 0x1, 0x2c94, 0x200, 0x10001, 0x8001, 0x8, 0x1, 0xa, 0x125f10ad, 0x2, 0x6f, 0xb1f, 0x400, 0x3, 0x0, 0x1, 0x7, 0x7, 0x1a, 0x9, 0x0, 0x8, 0x6, 0x4d5, 0x80000001, 0x3, 0xffffffff, 0x3, 0x6, 0x9f, 0x4509, 0x6, 0x800, 0x0, 0x7, 0xe1, 0x2, 0xf0, 0x7ff, 0x4000000, 0x0, 0x1, 0x9]})
syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x3, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_cmd_rej_unk={{0x1, 0x5, 0x2}, {0x81}}}}, 0xf)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r1, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000004c0)={{0x1, 0x1, 0x18, <r2=>r0, {0xf4}}, './file0\x00'})
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1a)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004091}, 0x40000)
syz_emit_vhci(&(0x7f00000006c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x8, 0x4}, {0x2, 0x1}}}}, 0x11)
syz_emit_vhci(&(0x7f0000000700)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
syz_emit_vhci(&(0x7f0000001940)=@HCI_SCODATA_PKT={0x3, {0x10b5d6b5eb97cec5, 0xd5}, "9b459e8403b55dbb152b0d968a4a06320cfdbcdfe76fa41bf565aaee9810ff4f5b216be209a25581512a92aa97f2ea1d52cbe7f985f4f35dac84a28503ac8a5792ca3ff61da98e00e9d29acc65bd4ded9265a914f6bb1f6dd440b2250314cb4fb9087354e7d4412ac9627648881a9ea4066ff90d6c1a0386480ce8b8398552ee1afa7edd58b1e41a3fa1389926be80f45693d2010b0810dd6c7eb1bd643389ad5f19728f8e99a7e322cf69a600a60d96655ad91be75907276cbeb7a94a17fb2fbdf0563f6800386e5e352bf7a619243ca3fa0f8af6"}, 0xd9)
socket$key(0xf, 0x3, 0x2)

2.730427166s ago: executing program 1 (id=3388):
openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0xffffffffffffff65)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
socket$inet(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000440)={'ip6gre0\x00', 0x0, 0x4, 0x0, 0x6, 0x9, 0x60, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7800, 0x50, 0x1, 0xffffffff}})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/power/resume_offset', 0x149a82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12)
r8 = open_tree(r7, &(0x7f0000000340)='./file0\x00', 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r11}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x4c}}, 0x0)

2.72937838s ago: executing program 3 (id=3389):
r0 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_open_dev$sg(0x0, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0xc010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
tkill(r5, 0xb)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r7 = memfd_create(&(0x7f0000000180)='y\x105\xfb\xf7u\x83\xf67\xc0\xe4\xb5S%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01\x04\x00\x00\x00\x00\x00\x00\x00\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1\xd1\x11\xf0\xc2Gj+kV\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\xf2\x95\x19C\t?\b\x9cw\xe5\x97E\xf0AT\xe4\xd6\x8b\x8a\xbbbzO\xe8\xbed\xb8\xe2\xb7\xf9F\x81\xe9v\xf0\xb4\x85\x99\xa8Sdz\xf3\xdc\xfd\xae)\x89\xf38\xbe\xd1\x97$\xf1\xf4nH\xffVL\xa6\x11\xb9\xe4', 0x4)
ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000000)={r7, 0x0, 0x0, 0x8000})
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r8, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x1000080, 0x0)

2.475768121s ago: executing program 1 (id=3390):
r0 = socket(0xa, 0x3, 0x3a)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r2=>0x0})
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r2}, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1414}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r3, 0x0, 0x0}, 0x20)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@nr_inodes={'nr_inodes', 0x3d, [0x31]}}]})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9d0d276361ce1a11c297438477f8e69a3c00000010000100000078eb114d55d246236cb6", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a8018000a8014000700"/36], 0x3c}}, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000140)={0x0, 0x0, 0xd, r2}, 0xc)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0xa, 0x4)

2.418862956s ago: executing program 1 (id=3391):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000080)={0x200000, 0x200003, 0x3, 0xfffffffd, 0x7, 0x8})
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwritev(r1, &(0x7f0000000240)=[{&(0x7f0000000380)='[', 0x1}], 0x1, 0x800, 0x7f)
r2 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000005000000000800040001000000", 0x24)
dup(r2)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/mem_sleep', 0x101842, 0xcd)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002480), 0x0, &(0x7f00000024c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0xc000}})
fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x100)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1000)
close(r3)
io_setup(0x20, &(0x7f0000001140))
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, 0x0)

2.169362765s ago: executing program 6 (id=3392):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
writev(r0, &(0x7f0000000340), 0x0)
sendmsg$alg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="9699b0f7ec0fa65825615c204fcc8f46bffd5fd324187ccdad59d6a129eb82cf33d2103446115564437459d9479327fcb8ad989d4bcac549ffb77f7f61cf693405bb7851df07884cb4b55fa985d90c5ce583eab75a4d07bcd836fa1ed6101a8290ecbe50dab0ec1968d08736344507ceaa8db09c1c969ca9886251308203bf9dc5a401e699281ca99a8493db798000e69a3ed95922a35ffd969f16dd3a4ba8cf68cecc55a23e38874c59d4d82237ca304b1da40f16edbc95f2fff54bc322319d5c8cce45c95f532db59118f84c30ca68b730143b2a198e32be4088bff046588e7a562fb94185b792cfdea9a7413f33b4a8d98851c9", 0xf5}, {&(0x7f0000000000)="2e0dcfe2baa9eda892bfd3af93d68194ec9629a8003229415d60e63e3c70fc6812fc5a104b177aa32515fffe", 0x2c}, {&(0x7f0000000180)="fa5417ee7ed845ff9adba7aca46466b8ceccf9bdb7f7958be024205fd3ca45b02bb6ea05a601f85d61b162dbe88f0a7b1cc9c2041bb7a7c479ce1d19826f163e99815af9b5191a32630f82957a683f4cbfa5f8267af3ff656729a37995eacb0cbb41bcdc88e1ba54cf3a4580e2ede4a41b384ad0e46c5dbcdb699f8f51fd1e2ec43981990aed", 0x86}, {&(0x7f00000002c0)="0c338d1bb7a3a2b7a39fd1690ede708294281d842e94763702ca7902bb244a323c72a0d5a58f32cb9dfeb1a9c7fdb59ddbad8bcc06ac722fa492bf76be800e1aab9c2759b1fd58ffdbcea55ce6561b268544de4e", 0x54}, {&(0x7f0000000240)="32f1859d2d2229f62f29d4563fca035a3b249f76a09394ea614298aacedb704a550fd018", 0x24}, {&(0x7f0000000340)}], 0x6, &(0x7f0000000400)=[@op={0x10}, @op={0x10, 0x117, 0x3, 0x1}, @assoc={0x10, 0x117, 0x4, 0x7}, @op={0x10}, @iv={0x108, 0x117, 0x2, 0xf6, "35c3f4cbd88dead1c23745dfefe65194143406e5eef3fb6159c8f73662a17e25e354e847ed84772df03e9aebe4ecf358fb22a09ce965361fb7db8bbea39033ffd26d0d1bfc1d15c140c55fb0150c72c13b3e584aef5a8bb3975fea763058d097f456be79b9a25f5457ea9f05db07fa33a0701b077d9f41cb8467cca4bd0a882bd506af16ad1a0f44c43a1bcb3efe9a54fbfc067ac210d73e593afec238cd4f31da2a2ac7e350dcb506ae6f65a909ceba6ff9c1664f77e978f1c998ea84a459afa6c794b08766432953f43b81031732e7d1614f54c752bbf71a1f9e1e300fcc3d98c2d05dfca19257d3d4e86aa30995978f089c8b8e7c"}], 0x148, 0x4000004}, 0x8080)
r1 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000121400032bbd7000ffdbdf0508004f0000000000080015000500000008004f00010000004dfc01005f9610000000000100000008004b0013000000"], 0x38}, 0x1, 0x0, 0x0, 0x20004080}, 0x2404c044)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r5, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000005c0)=0x1)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r7)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/diskstats\x00', 0x0, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x2)
write$UHID_INPUT(r8, &(0x7f00000025c0)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f360068090890e0878f0e1ac6e7f89b334d959b4a9a24315b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000400000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617679314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec230911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918c91243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac5a4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4b333bd5bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3be3b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ce0700c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d486046b2c0e2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29c60acebdbe8ddbd75c2f998d8a57f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe290030000002414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95ff80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513007000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b41519539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d946a2daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810300000000000000a12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf000000800000000007b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae0e797e8bd1f4108b7807fb36207685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ad50dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b9048017848416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8e91516db587c2cb5fe36d7d3e5db21b013b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cf4b23329072e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06810002000000000000957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f3e90d5943dbc10360a1a49700d1dfbf66d69f6fbafe1e83cdde8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000100", 0x1000}}, 0x1006)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)

2.164971155s ago: executing program 5 (id=3393):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0xc9ca, 0xfeffffff]}, 0x8)

1.959623998s ago: executing program 5 (id=3394):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg$inet(r0, &(0x7f0000002c80)=[{{&(0x7f00000001c0)={0x2, 0x101, @empty}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000200)="fd963e1c2358f09505bf4df22a55f103d1dc71cc1b2c6db940530b13404082c1049d69f034ef874035fe76b4350ea23ec412774927ed7bae2a6ed44c7c8f36c737f9731a543a2dea727fec3f22858cab", 0x50}], 0x1, &(0x7f00000002c0)}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000300)="0bb0ef347adfb2eb693add5ee7bd5f55b9f8ff5aad3d9fe00321e9b5dc737dcfe6bc3ea348839500f144a7cd5115c9d62c9bce158e4360172ebfb15eb80b032c19cb62777e6e31122e507098babe452575c0a52f9716757754299e4407083f5b43971c88376b5791e262cea16b3890bd0f6c530f0e513ee434403422e972e9fe1081dcad6232505b8e8c4f0910d4ae4be0dd63475f18068c521786e7b32ca8aad864ba6e7949bbf1eeaae0b35c88e02b49c4", 0xb2}, {&(0x7f00000003c0)="3aaa5d79b7cb8bd45cf07332316b3c61a2aeaa16317ca62c2561d440ebfc7059ddacc51a80ea810c24d7c1ec9252682b0aea929eb5655fb3d128511cec4a136b4afb7d0bc942518d7374331da8413ce2704e5373fb16ea9044a4f9715cf69c41c57da426824ec2a4ac6541e768d712d839b81549b101a90436329810404bd96e1465bded4f7a622d0709992c030aef42e1c40d4fb709e281f1bfa1fd8eda91f1766f58d53a52042115ac24edb40b94edb51eb2a1da7d7854295a235878fcd5b3ac4642f85e87699601dc9b3a82d4dba7b0e370a645f9781b368eeeba78f520bfa3c52d7cd98b7bcc3a405aca051be1c8462df2d6b3b2f4e2d617", 0xfa}, {&(0x7f00000004c0)="368dbca5564b6433eb7ffcd72763d919170e376df871d4c1dddd0fe65bdc947076517a2ea05db9134bcda800f3dbb7417a7299af0166a778918a2e6b2fc7c345865067e2a5ede95310f9f4fdee79d55df154fbbb4792bb28ed9a41237834810fd2972ee6422bc43f1642584a85f704849c371e03ca1a0d16b63d49e4e263b89b9ee5b416feca8d92d9ee24b261a06c5cbdda10364c5e3008a3b58f187988856c268f7ced68f2bbe888404ef3a3ca51ecc35470a361d992b2993ac2816b651cec0eb9d18d9521d48b905aecd1f940df971b445948ac37869f2cd8", 0xda}, {&(0x7f00000005c0)="08370998621f07c7123058a4b1831f63a8ba1cf0748ff1b6f37eed714639125fb51a7034b2f73dbe821b74f8b9fc21315bccc1626ef9133739ae32d556b78d9437d02c28266076512db109e3c750f8e56b5d711ed984ca892ee9081d5ca2574bd3b91a88d98ba03c547e2e6044b7d615082c7db4ff9a22d39498ca066d82d428383e8ca6eb8ea619c14987b4c1f63297aa66ec4c343adc90585c41e64268b91fc6e201f5f615cbc8e49bf897c36221a5cef60b04c9f09fa99c7ff2f18cc04d037d8cb67028250bb4582873593128044c9630c7a80900ca40", 0xd8}, {&(0x7f00000006c0)="d31885f2ed14274888051aee47875be1743de627c352cef4ffe7f28aa3ded3d63494901e6a0a812b708a59be069a8701025adf88f9040c41f8da44e31516c9393a26a343c0613794ade1eafe4a8b2dd1f1935be5374d6a2604226715f05f5d99ec4ce3574489d4c896151b3f562f97359b6c589328cebaa408cfd644e7f872aa82fffedfe79fe45392dd7c4af806077584e996e2b216d8d4fb5020b99312073022431bcf0bbae2630b70a5f16e37c783490344a9370251569ade588717ed822765c4a8520e2c1bdc3ec663da394a6ca80f8e", 0xd2}, {&(0x7f00000007c0)="d6075d748fa517326f5d2d82c62e91e869147c5c6cac968d93ef8fece58aafc7d9da7d0b6ce36c9e6f80150d9b55a039cda6035ed7ef43f5051b04152b620aeaf199c37fa708e509559e121ebe22c88b7bee6cdab4fef0543070acc45946f1bed6673e0681c0a51d36a22bb6927259117f7133d175c8acd6d0ff527a8919460d124efae91e844bd8dc3ec60bb315c64b543a79e0", 0x94}], 0x6, &(0x7f0000000980)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x6f9f0872}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @broadcast, @multicast1}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0xe2cc}}, @ip_ttl={{0x10, 0x0, 0x2, 0x6}}, @ip_ttl={{0x10, 0x0, 0x2, 0x1}}, @ip_ttl={{0x10, 0x0, 0x2, 0x6}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x101}}], 0x90}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000a40)="8dd323623984a64a6e4a8dd7672b8c74fe45a9fb5ddf96bef042461a3cd23f0888c4a2d36a007b065b345ad7ff030dccd333bdb204f1dbd81819483960d36053da0b9b208184f787e7194f917a66ae6462ffddd21eeea2c635a9a1d02d4c0becb420518a3dff48dfc3be366ab6b12019be6b48e50d16a3334402f38c2fee087f3e9848734bce76a9d6fea1135aed44da0cc25306093194b9a79aac364a523e3ca326737965ec94", 0xa7}, {&(0x7f0000000b00)="bf3017330d8af31099d6739b9398a50721ece057b8c3f373e0c0018d09a8fe7c78f23821e8fdb7f2a8a7fa4118f2b4395bff5fc12129ebb00e5cf97f56dc19677cf9b99b73edca08fb569089d87958d82a671e5eaca54027d2d0fc0313c831abfee35ee260e03b7d631048c3336e2349c799434b972ae47e5bb797b280cf8c9645a5f12c15350ea4c9b8fecd0a66f8f5f8d97f07e916217145dc7027ba6654078522", 0xa2}, {&(0x7f0000000bc0)="b5834bb86079c875b65e4e5756123a0bcb9b042a94649147b445a6dc7345f5f8e1bcb473cc13574656f111b81f893afdf9f6fc32539922ddef887e7cd463dfea404429853c4c69ab0ecef7eeae03b9b5bcb6dc866120d662311a7fedb45e21f09553f33ecf7f844e1c46e9778652e6664a01e68a549470922b652d15a8df6f35f3717a73cbe066da34807ac14af7bdfe121b228f82a88b19f8fae3b4d8fab56cd5f2e217fd12b60d1447b7a032bc4b887c111d920007761907c7496861664e401755dee6", 0xc4}], 0x3, &(0x7f0000000d00)=[@ip_ttl={{0x10, 0x0, 0x2, 0x4}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x8}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x7}}], 0x30}}], 0x3, 0x80)

1.958246425s ago: executing program 5 (id=3395):
creat(&(0x7f0000000200)='./file0\x00', 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x80010, 0xffffffffffffffff, 0x7c9a4000)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, 0x0, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x31, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(0xffffffffffffffff, 0x26c8, 0x0, 0x1, 0x0, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000480)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x110}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.85313367s ago: executing program 6 (id=3396):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r1, &(0x7f0000002080), 0xe)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) (async)
bind$bt_l2cap(r1, &(0x7f0000002080), 0xe) (async)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0x0) (async)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) (async)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c) (async)

1.818256854s ago: executing program 3 (id=3397):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000000)='\x00', 0x1)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, &(0x7f0000000040)={{0x7, 0x6, 0x4, 0x30, 'syz1\x00', 0x7}, 0x1, [0x8, 0x5, 0x4, 0x100, 0x8, 0x6152, 0x1, 0x8, 0x4, 0x7, 0xe, 0x3b29, 0x6, 0x5, 0x3, 0x9, 0xe, 0x8001, 0x6, 0x55, 0xff, 0x6, 0x1, 0x6618, 0x8, 0x0, 0x1, 0x5, 0x7, 0x6, 0x1, 0x8, 0x7fffffff, 0xffff46d9, 0x3, 0x6, 0xe, 0x5, 0x1, 0x10, 0xc95, 0x8, 0x4, 0xe, 0x80000000, 0xfffffff9, 0x6, 0x3, 0x8, 0x7, 0x4, 0xffffffc0, 0x2, 0x1, 0x200, 0x3, 0x5, 0x7fffffff, 0x7fff, 0x3, 0x7b21, 0x1, 0xa4, 0xc, 0x2, 0xb548, 0x6, 0x0, 0x5, 0x9, 0xc, 0xfffffbab, 0x4, 0xfff, 0x8, 0x6, 0xff, 0x0, 0x8000, 0x5, 0xfffffffe, 0x0, 0x2, 0x5, 0x8, 0x1, 0x2c94, 0x200, 0x10001, 0x8001, 0x8, 0x1, 0xa, 0x125f10ad, 0x2, 0x6f, 0xb1f, 0x400, 0x3, 0x0, 0x1, 0x7, 0x7, 0x1a, 0x9, 0x0, 0x8, 0x6, 0x4d5, 0x80000001, 0x3, 0xffffffff, 0x3, 0x6, 0x9f, 0x4509, 0x6, 0x800, 0x0, 0x7, 0xe1, 0x2, 0xf0, 0x7ff, 0x4000000, 0x0, 0x1, 0x9]})
syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x3, 0xa}, @l2cap_cid_le_signaling={{0x6}, @l2cap_cmd_rej_unk={{0x1, 0x5, 0x2}, {0x81}}}}, 0xf)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r1, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000004c0)={{0x1, 0x1, 0x18, <r2=>r0, {0xf4}}, './file0\x00'})
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x1a)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004091}, 0x40000)
syz_emit_vhci(&(0x7f00000006c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x8, 0x4}, {0x2, 0x1}}}}, 0x11)
syz_emit_vhci(&(0x7f0000000700)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
syz_emit_vhci(&(0x7f0000001940)=@HCI_SCODATA_PKT={0x3, {0x10b5d6b5eb97cec5, 0xd5}, "9b459e8403b55dbb152b0d968a4a06320cfdbcdfe76fa41bf565aaee9810ff4f5b216be209a25581512a92aa97f2ea1d52cbe7f985f4f35dac84a28503ac8a5792ca3ff61da98e00e9d29acc65bd4ded9265a914f6bb1f6dd440b2250314cb4fb9087354e7d4412ac9627648881a9ea4066ff90d6c1a0386480ce8b8398552ee1afa7edd58b1e41a3fa1389926be80f45693d2010b0810dd6c7eb1bd643389ad5f19728f8e99a7e322cf69a600a60d96655ad91be75907276cbeb7a94a17fb2fbdf0563f6800386e5e352bf7a619243ca3fa0f8af6"}, 0xd9)
socket$key(0xf, 0x3, 0x2)

1.817089873s ago: executing program 6 (id=3398):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x80002, 0xfffffffd)
membarrier(0x40, 0x0)
membarrier(0x20, 0x0)

1.763720272s ago: executing program 3 (id=3399):
openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x18, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
socket$inet(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000440)={'ip6gre0\x00', 0x0, 0x4, 0x0, 0x6, 0x9, 0x60, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7800, 0x50, 0x1, 0xffffffff}})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/power/resume_offset', 0x149a82, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12)
r8 = open_tree(r7, &(0x7f0000000340)='./file0\x00', 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r11}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x4c}}, 0x0)

1.333586754s ago: executing program 3 (id=3400):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[], 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000340)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r2, &(0x7f00000057c0)=[{{0x0, 0x4000, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0, 0x94}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0)
r5 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r5, 0x5})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)=ANY=[])
write$eventfd(r5, &(0x7f00000000c0)=0x33482a8d, 0x8)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x8080, 0x0)
poll(&(0x7f0000000380)=[{r7, 0x214c}, {r0, 0x1402}], 0x2, 0xf0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34000000427000004000000300000014000200fc0200000000090149e60000000000010c00018005002f80bc0000000000000000"], 0x34}}, 0x4040080)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000003c0))
r9 = syz_io_uring_setup(0x113, &(0x7f00000002c0), &(0x7f0000000200)=<r10=>0x0, &(0x7f0000000040)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r12=>0xffffffffffffffff})
syz_io_uring_submit(r10, r11, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x40, 0x0, r12, 0x0, 0x0, 0x0, 0x102, 0x1, {0x3}})
io_uring_enter(r9, 0x8aa, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000002ea0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b000100697036746e6c00001000028004001300050009002900000008000400"], 0x48}}, 0x0)
syz_emit_ethernet(0x93, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffff56b6378053d188a8460081002400884800000000000000000000000000000000000f0f00235541d1b47003e8d6714a45d3c38b81c3c16e48497ee3509706e6ae7194906679d74b27189052b495d25a83d817075d5aa14ba4b38823019f3188ecf13b738b638477a472fbf305264fdc47db8c5ce942618a8dab2123b0ec0375ead3f43598623838"], &(0x7f0000000340)={0x1, 0x3, [0xa71, 0xba, 0xf03, 0x3bf]})
close_range(r6, 0xffffffffffffffff, 0x0)

1.067689461s ago: executing program 5 (id=3401):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f0000005800)=[{{&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f00000007c0)=[{&(0x7f00000004c0)="0cff97b9c0cc8c09927cd5244b005bbad5c97b9f9105071519a5e730f1853f159378976519d52a9e52e2518249be5f57ee48768b200917fd67281ce84a8b27fd4368dae00646791bd9e433e7c82abc0dc40c54501e3df882d97aae3fb2431115bb3c4e", 0x63}, {&(0x7f0000000680)="01a619b4caed2f919891d49981b2a0cea073e6d9608d1b344ded2bf8729a006f1782c8f8fa1c39086462e7d36af39f4f474bff6f07ef07c2baab17658917181aaf016a3cd1619e3963f84abc47dc7dbb42bd6a31e24f069ee5cd459966cd7e31410cd31656b56936c895f1c680bdfa8ff7f517acc5c8fc690ccc62ca6bf70e57df41753045bdf78b9cb0fe97dc4af75d6b1d49c258af793499e1e4b0f91a31e33aa0c093b89272058aea78f67c2afada5d7923154c373bd402e42ecd32a16f60d5831221ca0dede3fb5877943f249e9a841150aebcaa2136d672782f76b8237884de6dca932fef14501bfd942084c5b0ca0d1693b3d08f1bb06e47f4104d3e", 0xff}, {&(0x7f0000000a80)="b967c1e8885bc2e67c51ae46392573360ef361c73a74c0935db849fecf88951bea560886a3ffae807e04e4d866a46f62958233fcf268ba37bf70994d55d06a1a399fafabe77f53180f49cd6afb07d8f9a421cf3b7bb39da5d222d54160180543b462ce7238b363ca48113f48d49362257fc7e23604557f81750b06549adf7fe54925cf131e789baed6aaae8dc3d3b821e8b9560452f7c87f266512d5385cdd3da5b8cf17e8542e847dd6a7800455132db10ad847ab18379749fa3bd76de30f71394ceab0cb4ae27ffb3e5309ca777414985d1add7464f43db03ad3cf28a5fc9f8e1d0a4a1e47991b88e6b0b09ab434b670468efa2c7ff48770ec4973d1e3dcb3704eebc6cae840c1695d988e58f04dd12e5eb6d371e739e2fe5a973bee82e026a96e6dcb1b74f2a92dc7696d2e24e3528bf01b0f05ca26d68657fa5ff4e4db363054852e87993462ec6ce91391d84d734e1a6ef994373a9e1686df2a5c13916e9a87", 0x162}, {&(0x7f0000000780)="4292c063c9c928c1bc0a602e2ae20379399fc0a00e36529802185f011bb739b15b2e718836e9239f9e3feafdf0ac347f85755e02ae3fa2", 0x37}, {&(0x7f0000000980)="bb45e861484bad9f18df1e36a21fc640e55d8f734250d1785c1a954de15151ba5c89ebb7fed0ead68537c294a152455c3948a097b36dc871565f13b7c81b64c4c6185f75aa869accaedbd3436907e685fc44073e5311cafcf2e858e4ea1fdfc04946c869fb26af757e4413c0b78b4e524395e8de61eff8950e555e8c896afdaef2ae6f0effcc1344723e53d4760f018bec1d14efeaa785a08e7ae7a507c3b16147de4441081b82db8382409e4edc0a1eb791f0a95ec70ca3dfe5af7c2befe85d4779761adf3c542b697dc908e8e31bb983f065667ff71c0fd75aca97475a03c8dd7684", 0xe3}], 0x5, &(0x7f00000021c0)=ANY=[@ANYBLOB="1c0000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYBLOB="180000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="180000000100000002000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="18000008000000000000f42456461eab6581e80623a11ce73c047be90d366f5b4be0453fb654d37116652244525e6eb112a932e4181540e880488f3678cb427bd1773c35ad68cbd990f52feedfe5737d8677e8f2562dba92be972dfdb5360c3fd76531c6209ba6f2fce7ed88526c617ed98354e5dbf929e5a0e4d4ba76ccbe19b4301cadb22f64c0e416dfe279e55f6c34053850e1fc7ba5c0876c005a01951e56ef768cdf", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x64, 0x10}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000003400)="0428e29f30b5eab729554ab049826e748f5901d484f8f08be00be4634889804c3905751315b8ad1dc24278fdfca28400f6d5be5cfe61623db4d1aac7ce71b4077d8075cc68dcd59f129253f823878cdd7538c48100273adfc67fc430b9b3323080d3667e31bd6e01888984f1beed1597b9a9e1b56df5e81df061ae1860d7e7d83415e0dd6f869fb2eb146d1acfe869c395500be832ffe1865c318f9f59fc9d3ea7810c6d5a54b96d9ea92378ad1daa0a817c4cb0af2bcfc11c230a45769f2fbdeb1c2d30099d68e4fec50149d46660f73e3909f30b05d107d3109e3bc2359947e13968055adc2ec8193a113cd08c628fc15d883a84a8585824a7a34000a67fd8ea7269aa397f08cf7170eb1e90c39898d9358e8890ff8e42d2549934f390bc5fc65a341d3adea6dfeacfb487d73cc4051406936e5b282fa0136ddf000136ec0acc9ec72265711d4d8e4cdf2f00e921a4effc30091607742aa8aca9b73cca51c1eb7b7b8cec5b773b5db1a88d3baa8f6b471ccb817a855843612bb9a62df7695b9420b272cd116a9f850762d2c933848c22bb407a8db4a9f42a4304cac47b0fc0352319951f363e52d49efe4c1b6498748630df57ffbcee83adfa65a1aa0a4c8d1b3bd464eb42e2b1c453fc185649f7bc4dc213df0bacd3c90c2507ac85a3f5649b68c9c63354a4bee2ba93d03e0d5503f2578dd0b3c3e0621a0820c491197530051cc06367c70c19b6265be4877f3bee6694e46c63d6485dea34d3210d11fc99fecb4a2f0660234822f3946639bf7756c050690c21e77de0845a4528a3d9371b48df94fa1216f0d1bb6b2c212ac1bb83309932a665ad2c055c921301d45e4c26cdd19b60be01bf9d80f35cf339ab3ee11aec4f0085dde758474114f116bbf7c971bc2fe13a27a31b85d928b548b1f85f30527cb0d4304e1f702fcf30437d3b010c9887a8576354bc877d3c2752515985f9f9a41abc591504d299ceb7ff4d951848edaf11146dbd770c31eb248ec0a10637fdf1425ad460d312736c5def3d212bd12d9f8365ab5ebfdd7940d695ee678bb4a651fbc514da00f0725aedccdc4cfd85fec4e8256d317e0c3d81cde13c23f6ad52cc6f8e3789283cc16cd183b73c260a93c4ee09cbbb4722eb7da8886d083bd308be5635d768f758c12f569bd20758902856c4e950b0961a959615b40669f978d11a19a26b6e15795fab2cc8aa99a5f599436b266d7d9d7547b0a3c46cf6265c5b5a2c604d4491f219285083f50a043b4f0a8ade2bbdd227fcc8ec2ddac10bcf042b8a0a6ac8b78865da29ec35bbc4fdf774e121f17ddd6c505fd01965222afe3da19db0cc8dfd68303578f1a313440075869176349573b57a260a628fb9dc34146e29976db11fa2c6d7191cf71b3526e970be54c573e5db7545359073ca44e611a82d370ea08903e1440551a5af9caece3c70320467af9eefbf75516451d22e6456c3a413f0de7872de2bd72ec93f3282b7b8b271e84d7c38d9c21a7a738ae91e72d09bdd95c86d2a98024c7dd2a3a39ccef2aad9964bb1ec916d63f1d6f9b01ef80987cab3ca9f3b5a272f2a376f15383481e0af84253cd44333ac0398ff39da06a7426fcb67d14969bdb5c106f5f1a78b608d84956685867f610ffb4ccb55a55c2c715b0b422c6c246cc565f509eb64fe3da1fa3b8323b48705eaa7b8eb5d309ed98f4df6da6f7f52332e668beffc9a9d5f9e6f690ef1c5246e2330852d314f750b6e5d8cdcb4ca6c3dc559582a9964f6a9513a8837f9ca7c20ca14574b87a29944eea3e5e415aaa688b3cc75d6dc6dba00908cca27073f089756ab2aa89652e8f9ca470839486da6bec3e67d99c0de766b31628bfc1064976dec7934003d23c4118c1345fbc0e895c9003ca645b789a1d77bf99c7241ad002ef1b308864af598940785d987be0bd95e49afef5bf874061e76b948c00720093c635320e4c1e2a8c3b869d8c1e7a8a5c7eae82aa393fec90f73feb6ee534ff1f12bbdfcd9fdb0fdc038f67bed28b4dd1b341753ddf3ab69457c21f226d7c282d8722e5f6edb057da1a81010b4e3cee14faf844dae85a19bc5470ceb6c22202317a0258de74b57c6feace2015c271915a8642e35c17d3bd954372c30b4d87db699188665272fc4ef001319f1119cd4f3685586d85543fc84bb356c805135747ac0eed5f774137d0b6acc1e8933583cb8fa3b69ef2a1d1ce45e2d5fbabeb46f77094e7cc3b2ae2f080dd8e3812dc3e87db36507af5be9ade219d600f92070051e263dca808c5660b6d8e61c839f5486b252d3a04fb7548665ca986e3478767d812ac39b821ec04e38ab326798c132e64ce06a2d935367789a5b35a1b755fac16bc0425d7313c106ce64ed08c62318eb523d6ffd61a076cca2a899cf422dd9ba22410d0b1104fbecb5f10f30eb926232eab202a99d74a70f875e512d364c8927018d53488487898b48de341274bdb58bded8d8a61a7e8ed6b75482414986e3a67b25a3b1f98a66d9674bb0436e5d21fcea7cff0e90508c2e0190fa4f9d15c624d9de100e723685e2d614082c46f0d087a8a92679c5f30eb1dda9da362c7af87cabdb2ac0972179932852bcba3b6f8920ad3d63a6a65c16a4d85947611a7bf83f0848c7bc5337fd83f1d1bcbbe40eca178ed1f2b3a05cf911604764b1438bdf5d1d09fefd49e6093d802f12a1a77de61d3c4411403542fc36ba6a0dbd64a826c953395a9f2dd0772c8a276e7a9c773d908a6bfce8a22a9c62dd4a5e8a7b08d1191943f17884ab950e60a92e73560039b3186cf1fc670978010a2caa58f0f3b36b6e4d05238e5f5750d33fc82aee1df52eeeec767eeb1785529bbcdceb01c70da77c0996d580182f8c96f04afe2f723bc0c2b03cf78eed36cf1fe46ca3694620a3d55caa5e7c6b560acfaaa10b0480e3a77489625ebdf8d721a71d21f4986810f39e48ceb361104bd5b08a8cdb9253940e24100a6081145c53e7607fec6e14ec3fbac5c3c8ced62106a5eb733972b74feba85ecfa0119733823e273d3d0d198345d77ca7e927b4da047b2c65eee49bc797575872ed276603ed9bad8fcd605ced5e268ac1d5f3e3720443924d8fea2791a37cb84009fa177d59456127679a0d7d5bb6c7357d74f98b533bc466e12acf8e836cece3412fd932fbd9f81863ebcd7dbadedc07731a2758b1ac3d93421a23d9004cd97b9877f5d8f1ab08e17f7fe8de60ef304ae991ad1d53b788c4a20f19b35fe5ec07f776f6e5d23530bf8c2b092c5e01cfbb4efb89d9ebc02f145835cc780a56d80648d3247bde6821d7d7578da7e535c7d1e6e5468320ffdc3095b14ef4efcc77efe932f0e6022932ccd66275fa0f33c7c103ebe8eec39f98a3ee4a9011d7bbb9d454195a042397a03b104e39db29cab96d42d6967909964754842ddda12ceffef66ddd3665b8ae56629269dd18737382190a0ea1fa2c405768cb3ce97c9b9b893068320a884a5d8bf4670ae2669aec44759440f89a6f2b021d0b7665240c2da97ad5da6e0aeb9aa076a96d092cac8c6ae92c273816b22beb9abfe0d2eab9ffef1d3cb6165e121bbafaf7eb40ec2d39a679a969ee21631819837df7bc7869cceb19ed142e0ffb9e15133fabe132cda2d6648ba30c05457b63a3168c64bc45cbf2cb2358748be4176b88054be937e7585bfc95a82a744f1e304bc6f44dbc96d2ab45bdfe6a991edcdcc8315dbff571f9624d7002617c7df27431fc489e36bcc070be50f021b80da80c3b0d346a33e634661851c07064d4cd38ab3f9132e050b32d172a3aaeb72127b83beced3ed14075beb2577d280b15423b31f5e5fdeb3c847de29a1e6bf4e18cc044d6df292937605f52ff3e53102d36d1c5661f5ace0ff8bbe4862b747bd997693f2a25f9abfc88d593a28ab4738617008f5b4535a08405ff5811932b26b260bab9fa1cce301143c0c51020281ba2a56849e51e7ce469e57ab073c0e74867c43f811d8b74182f3101688de69f824bc004f73d0f39649fb986179365d507de3e94c68fe3091e9a22d266e64ab1253821abaea22825e983c0d3f4738b811c1f58ffafcaaed3aeabc71c95d76a1bbe50a7a17ed84b111eda5d005ac366e733b2adb1015c0575fc378c7cbebad9ca0d793cbd6471d9ad758abf3aafeb753c4ecdf5a50f03cc391816178513fc71becfb7fe584eed3be12e9eb864a7e447642b35480f11946ae00d1f044680cd830c2f937a2fae8f66f000e5f034b36b594276a7cd71e2139ffb8399c865febb1da57d1220ecee6d08c7259afb7f4371d8ef6d21dd7a92f8385da814061e0966b28d576709c885f6e49869cb9b7428f71aa873792d99d054c78516d0ad5a0ff16c5b577369e14bf783b08146d8abd742fcf18b1dec36ae64473be6f109a3b33fcc7b8832c9d854a761cec31d8a3f0f1cfda9c341f21ba299e215522329397c5d62ade43439db7da687273d7a97e009a9067a175c66bbe129b97ddec0b1c18cfdcf6b2daf1550c78dc0c2bac72a579f172e65ae25e4c4c2b05a1095cde6bbd05715ea8b6cfd406b045088d0eac15d4212660addac93c789abac3053270005d4aa46c4e11ea9790b5a32a19dce8fc39671ef3b1ad79fb53ce3f99ad7344c098674dcbe1644e079b07446804b36c6df903869d5c6a5ca5cd9dbabd9079a58add6c09ae305b05d0e6f78f6249a2d91e9b928d2a66fe3284e9f651f0ecfca2aed73674a2bd6aa4af200f0ae96940f8c92e13a65e734eedda80b71f02eac091c6c4e61f76f78a21d7b91f499e8bfebf161b4466af32de9ec82d3707691df06de4f502f45184b69aa3c01c116c67f389edaad3d44aa14a874baf8081b9f566e7c006ef04988c5d7615df8f0631e1c9747c855f1d3d64a6b43dcdfab97df5ddc9a903ee9c8539dd0d09267ebd5449355a1da2f5bd9320ae36bad0b1ad8ff3397075635ad2e245a854d129fd4bccb0bb0285bc93b917a768fd0aad511cf2ed9294a4e7d703bfcb45694042616916e25966ffbf4fbb02a8b0be9ef7c7dad5e9663bbdadb01f7398cc5fd184a14bdda78c0ff00921e25c5184ebf6ea3da5904439f7311b63c35013ae913d7dd065620f3c0ffde59cda9c0d3a41b2c06a0ec322f5c758a4dfedfe3fa55dacb16143816c9a8895fdd26516491551db073ca5242fcc609fbc866d4c15a37b17278b809e05c7b7b07466ad8b99178037b90c8472d962d93adcb1a989b1e7e89c0b17cb89ce62f1a53436ae1d4a5b10e0fc23f2c4910263bfa07216d5b091344978440795afce71ca9ad3b938c958fec732c49012867bd8f1d389109bd6643bee85493411579ca7810003c274581c1402e3c59529a8bbc72b55898a7bf2a8ce0983896d38af60381e965acd5ea21981b57b58026263c0b5240530ae63c96894c55f4cd057e4958c1feec420bd4e5208c87c4f744100179c5d4abd9e207e3c2c8cac9d57bf6d2d3620983a5774fd8da9f50bad7a12d553fca8552358cc005b31dcca04d213768f63c05c3b7d3a688c4b2b3a6c1ee40b121555f20770a5614ee648c286aeeec6f8dafc2239a0d44a5838551d898c6d9aa8669ef6e9196af63dc6b046b3e5fdb3c23bf74e83102cd8afb279531a2aa65a6029b68b53ada5977c32d9f045b27eb350187f04072149a45f6961808fad15961db376cd9f354def53fcbed34420f806006973d5b7c3c1d65dbfeb7f16f339783f6cbe60049c4ed1de21e381ea0776f32d285c7a62b6ff12a6d68bf43cf7530679094bfd32e0073baf12b82428ac5ba7cdde5829c2c3cf0", 0x1000}, {&(0x7f0000004400)="586fcdcc391550aff7ab1a67665932322c5b81c24fc12ad48f0f3d535996b36c9edc9904541f1c21e07abea12ca66ddfc5664c46c6c4c53bbe81036018ccefa399494eacb89b24d01806baf0606b86ddfcc8649b6600b022e77e453d23a5d45d0766826e318ce39f66fe589b482eb85a63572eb9b999aa65c2bd185169547f0872a457708f38b1ad0d73c814fc2365c63daa69b8740d2f61798e069f6baf9473a16a569e23b23efc4f5615336fd2f6690fd011db2ed4dde27dd7b2ace657f9ba5cb67b6fa6adf3b46358f3185a9bef9bb033aa0c19c69e490e51e21d6a9f2bf2e1784ae987956ecc8de9138778056f05ed00bd2a7217833a41fb66ba9502a76457cc43b32d780cfb1d14a5e9a334dfeb8bebb0e346038d61af33d35fe82799606e85ae1c4d0b33df2c27b6fc7de5764ba534af23fb58a006878c4fa9c3c5c2c494468d7383d117058fc96740f7a1194497674fccf6105d22bc5a128fd580f80da1f30c749ddfc684cdc0604d20e56d9f26dde2784104efec220b76a87423cd08153bf85b0ff96430b8f849d8571c714ca9bfc68fd98575b771c4466e9dc1d5196dfe98a96995638f81f0995db45913219c0b59430db1610020ea645ad8f2584841a897ea85b43dcc500e6d6210c2c2fd269a1657acca6d689c945ac1a256c285cd52de0fb31b6206fe492b3c942dcccbf63c9f361f891d5e0dfffdaecc6f9c870de8d2168c4d4ff014355044b0d4ce94999adcc414330f4a569a50c24f7f3297dcfb1e48673cce7462f8f7c07ccb46d27f0efd1d4e2090fa855897a826eb4e368f75aadf8b8bec60dab68dc364b5f044071f0b47ef60b699a1bb065860f9d871b4653388e246c054ced6c279e807b3246922b55c35c7b355940a14bae3d4520b7bc0e137985e26cf66e1ada24ee202936e6181be1fd43522b1bb5962a446bf0b96f86c7e2bfe558dbe2cb5a7da239ed1e1d19afeaa1ab84b0dc62dbc0289b71a881e7a8bcff150c8ff7986ac88914cbb9f6f625084301a008a6860d6b68fcb35a27d0ba5905d777adb64a856e4081cff2f360b521de27cdb9504e896eb29a16d354cdbc3e85d866cb523336d80c3d8ac581fc300eb6930cdc7c7e1369baa8f2a4b1509837108e772a24ab2ab5e3e1be2cb8607380f0586ddc545166260a8bd274acaf885b3bded1de399e010ad96f13b364c9f1cf70fc62e5c407022c60b1a48114ad238bffc5cd4ad46a5aa8c40e5645d65487a8c70a86f87a136aba1826821a9173e036868a6e07d4b06919f5a20f73f2ae3dc8f3964ae5cb68a716810a697dafbd4048f37dac4ec19fc5004bd8a5772e5c5628f882012e7d0bb8a28d23140c5ed4538de709f850c6e134ea26f28def76a97bb90bedd73d37621fbcf569961f698ca714ae860d2f9d441b7f227db74f5680de52b0515e93f22d34618b92189fec7e075e88172fecc2e629df0fe4a3e798e8fe9754a5ea757197d0c5fd80c1954ef0948b5293681dc3429f2f85ea7b5c5616db54ddf708307fc0b550121c3e835a996ba53710b8426f081aa902c73b464ea00170ed01bfb1de148ad7f491dff2309632c6a47ffda63ac8521f794a0b3e2ed0ee76ccf46b36efe09f529bed7c15f7cadafb75be40b677f62b376e754e830a7358d24f8632c3814f32d7dee91b06ce90a6f687c993f64e97aee265955adb6e543c46546d07c80f3715d4add2f3fbca66da8a94fdcefe9aa4aa392dbf69a637a4a7bff91c6348f2029f723f47ba39ed9a12f1ab68e445481196fddd2ea07c37856ea467f0b128e5236e5feb233726d61e638e38192d315f4c9ae6ab78b025a99c68a90a0cc80c5f9ea6426a719d25df3195fdac5125d20ddc6069dac94ab88b7408d79cf29c0ea3c0adf81c4944933d106fe13c55a4be8b053f05e1e21f31e40fcb49dd04ca0890f866dd4329aa9013faee975943dd01e504ec87058f5761ee6094e959a14c6a145e221cb86bfebc9eb7080ef5342e8fd21aa683345a1a24766b4bcb43d38aa507de1c25b340f9eb2292ce84a121647c51824a0c36e29c8fc0c06027e2eaaf57fd50c40fa40a166f8891e02c0c21a7ec2259dfd9d2f418ca40421f91851be63902055eb25fafca0b1a27eb2e3a672437f96b2c85243ecbace82b631687f64eafbdff2817f8469c403977de6212043f72c8aa33aa38809a65732c476c004937aa4d07ff1809bf850f0a0d1a4fb2f26d8efd9488cd44f85103cf4afa91db839e6d442d8965d360d8b4353288a75daa123942bf4fd075d3889b240b6320328ae9a6dbcf66baa7fa720baffb6e53510ce18ceecac776c1e70133790292334d33c94ea9b5caea17d714a65272fbe78cc1bf0faca37db80733b854c36a1bd605fd749e50977ab8af72dd74cde21072dbfc25e9ad22872efcfe87388b2413ab8660d34290ec5a4eae16d4dd1603870497d090ea205f603d49af3835407708ad10675897dcc1bc7bc75f1a00851b3d855fd5d26e2f3d3ccd279e22d47e630a3ab47d2aa5873c32fb7e3f359a4d9f11ead01bec9d475ce18dad53120aa465ce22cf29dc4eb9de7ed17d2c7c54dc5da6dc59cf37d25ee7411cc77355bcb3a1bd136c163b6f818d06b814ff324eade23c960abfc8d68edb2b568473ed1049a3e6f0a80ec2f75cb11f3af3acfa5eb98789ab396fcc38e376a6023358202ba8189468501909312b850d31e85f0ce0751f003e947315c71b0a2f95a3628fa01a5b5a98ea28c052d05aab99f14bc6e565335b482baabbff938f9d5caabea4c184992bfd87a5f4c6d213ffca48978e9b3369cb6cff5372b8477d736fce0578c34daafce0b5d44ab548527c2899486bd6fc48760de14ef72aa27354e0c5e173907bc0e68168da7ada4c4b52f00e218955673cf7ab5c18f98c37d13879ee1abf066aadc704d58f73e9ee1b5c8587b3b2aa9c9491ca4467160ea889b851d585e6bca6ebff3bf8400849d7ad99a0cc918e6fd4aecff78a805e34cabe123af6e0ac2a6a0108b48c596f86d5b6f3239d20c4268818060904e7818b91805b47bb8e127d8af0f399f4611a0940e28ebfc1b8673a28b258576acda806c5b452523a4962dc2b6fb0dbb222e059e4a46ff3068c16c4d2a302a832fc521312202b117d89e6eaf0d8538dd3154187cf0a4a35571cca54bce2ec7d0a6932e381a98ab1b159daf7adc5ad0890b8a21c7e02678b36e2abcb36499279a274e3f768c60a735c419d2f41182e8bfb55dd47c22d3bf463935641728c43b27d8eb4280cd36a5fee955a04797ae88e1c2f6b8a78922fe680c2e7d509f1b25ed57679a4395e48a634cff8f311a531b231ad0ef2c055057fa0ff867bd7e4714f01cabe3787046ac14eff65fcd2ded97464b535e5610da9807a3c8af9b97bfbe8d068e6b6e3b7449076bf2b688c564ad522d1264b6a1061d86437e2eecb21dd4d693c3368e091ff563317651aebd5d5c47d962d2993dc7c77516c8800ce67f5bb9b8b096f35100af466e39c5078b9a3aab705f3bec4215b1ece67e8a0727a838cfd9f5e34fe750c7d9d8748627d515b4c9613aa5e789eeb7310be3a4016adf4318ba68fcd26ada80afdc682c62690d28c9272d7b44204500bcf2336f2629c605a26b75560d75f79d6a31854dada9e89cb687255964c0cadb2e76d309d7e44d7e7e18ee7a307ebf1edebf986358ff6d27833202bb1f6a576d1ee90a6f54b97a312f128c7a1761545cb612480024cbe65da198ca50a82d9f478e2c844dd39ca8a259d5e316db6a977979b3942e5a77070d1685442d4c2404cdc542959b7fd1e109f4c48dfcec51272476e5af499caca5dc59d61760b167a32bbe7b18749b9bbcd5044cbcaf7d7a61763580d86e201c71c82050b01df16283398152b1a24788eb2a8824891954f2f6916acd0e56391661477fe17a8af178d24de35f4b16124c5a8b60a3e1a7002caf115bc739a55afc789b6546c0074618690ae87149b557929491588e485e9e47d25cd95a61e27dab62a336f783f146b1194d0f37d7d11cdb71b84349b55d74fc6be5f0cc264de531b5d789083ab65b56f7738c097b4cc8f227084ed271784880128d3238bcfe80d6a139e78ce7099deb219a96eb775f29e8070e368ddb4a1ddfd39e30e3cdcbe582248a644f8e8a9ffd68ff85a830e5ce759df5647e1f88c231ae6819c5d2c7b5d3ec0523c4b4ba013da921336f4d6dc7e3c096f904b990d1f813b71ab5dbe5a28933032157aa12bf5813681afe2f7406e0daffcfafbc1f5965ab8aa574093967ab353e589a883fbb5a0f7dd5e9fbfb0957eb37da43180893116e357e5ab0f9d46fa9a164c2767ae5c8f424282447458bda58325315dcb35846c8b07922375041f1cd4001b7c935a0b3f9be4358e4690a25e4317d2cdbd3d89779f22584bdfea631903b197eee9de762b39df1d37027b8c574cd92f2040c2035d6a64ff535ddb5d61af02f7b4eb6998e81ce8066a7e32746dc44a45ce3f47e95898ccc1c3924091185bd965be63f0ae8ba021404eda5b03300a2a353cabe095f1c46bf1e0c88e53c9d2128673a3ff31a9fcd52243426802f051b18b03fcb1c559a5f347c6f7138ae40622ec35562bd7140a1e49e03ae824b2b8cd9046e867d57d28c1baf2d89ec0eedf18514dc09435e3271cc3b10890b49b42a03e5967590e27f8563843298a7af33450df2a4c970373d2cb097ce4c959145aded2172f4f5463e2aa400936862fda278830433ce15db804a032ac47ed82d1c55648bd11d279744638c52af1e806b6c6413f7b6cd4cabe45c51709acf4b00bcf0defb25efc996740f642a79cb243161da1352f94a258a40bf1799ab8d704967727f78d9ecfd6beb5a28e148258f89ea133b284e29a698e299c3a3ed55007bcac8064bb95b3b76cdaace3b52d2d6650a8aabdd09251500d2a9503a6bd47a0c44ebf399df82bf05a8d2050f22b5fd2269eca8ffb9dcb73def304babdc985a40bd76f00a0e7241910f7185b16ae830a7d590dc678f0e84e55757354b94fbff8904526fa49c9f3af2c64c369e02c65df84ed8eeb79f98b33a04b3f4b1f2fa7b68452d4ac78275c283ef58e28c7d71d6c89466059834314d08af5928d37599483dfd72283f238c34c16525be0c642c2a0e6b74f0edca8c783615194d884db8756ca347a72b0049debae163b6026a6f3ff4a121b355750bb7beba9c33ab7005a57c64b4eff0065291ee3abae14ee9ec7f3d89692a49ad7a9ff62a2eb20d4b524a73bb673f16fc27c11f8a071d80a2938790b6e347f5e8a0bdef13be7e3e620b984b329c7cafea2a5beca6229e851820aa94fd74674150781040d32838adf24afbd9660e498bf4387140c9bc4d84d0e5aadffd53d2d649195afb93247572571b1b304a78e3a726996da02c167641d479379caa2cb9aae390bad9c019706bc583f6621366882e83bced4d99382f63222aa9bccb74f19f2a40e70225d3f7e63affbc01556e6b741fb1891f94ca08555d61a8362e8286054867eb66323260ce966f75df396f5a87635b6ef8bc789e7f20f567a9b1b1394cf470801be792fa854fff0085a28f42254a6a52f6e85f9dc714d20248f5e7b923be1b2e11383de5a6ccc2199b93eef4fb67d411e45ab781612bcbbeb7d8cf5ff5e348d2a67cdc78b850ed94438195df6de5b23632ff78e9f70a863cf92546ef76fa0fb49cabbdbc4913896a12077cec412d4de4fb9bfc0980d381d4e6eda23798b59ad054d98c5f3bdad16174a8049f8b32859028a6615fc7452d8026bbf556edcc3b9940497c51e1154e", 0x1000}], 0x2, &(0x7f0000000d80)=ANY=[@ANYBLOB="240000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c0000000100000001000000", @ANYRES32=r0, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYBLOB="18040000010000000200000017c98e091bd91eb1b74599d937b4c04bc8ebef6d704ea997f745b75a1a61dbed0df0dbe72d586ba56759269cc8bab43eeb72da8840f45efe8f8ed070dfbd8c69814259fd88f9ad80cd9f47a700464fd91f58451f086942badb420b", @ANYRES32=0x0, @ANYRES8=r0, @ANYRES32=0x0, @ANYBLOB="140000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x84, 0x4000000}}, {{&(0x7f0000000e80)=@file={0x1, './file0/../file0\x00'}, 0x6e, &(0x7f0000005700)=[{&(0x7f0000000f00)="d125ea29466c5c63db705720c4134fe62e3a04daf756178e77b06be58fcabce5be02edfd2ec377d7170303cc0d992538aeff8c5919ad84cd59b6bdaa29cef558379757dd9cf9c9f3dd3c8100e7fcb9a789609ed608ad2b2168a386ff0c570af9448695338635d1732f618d74adfd76f78c402320a2a8a4e90989570514422143ac014f1db70811b34d3b04f41351a6b52ea72bbb0c4c318e05f3cb529b370d8a00213ccb1fd53edbf7cc66e982d26e7507351f4c69142bf9226969ed8d54c9cdb39ae4609382f6be21580ed831c3e548f5f74a8c484897635863466d05ddbfbf6b803534", 0xe4}, {&(0x7f0000002000)="e52135b214586f178c9d6ed879d288590176c6727169666b", 0x18}, {&(0x7f0000005400)="d4edd117f5e537e5b4cdf1d10d453ee7487bffcfa6bd38c47a38accda4065a66ba792920058ed3ee2ca6176f678147feffab37b6b32d10e37016a044be765ffe63d2721db47fd3221cc02d4d4ada003ebb27570453c14c3d604a940775e559b9f19b9e835225a6de48b35db217bb0ad363eb341045f2ddf042778b6d14fc2a243f995da87dfaab8de7de8a4a728f511df0dfd12ab447f75e80093e96f1e614fa89c2a31a4a3d0877c12e3ec764b8da0a714f5214f110180f480811a44c881ed331fc4a9d42ebaabb229d0a27ec5ec0e4abade68cda69a390cc32b8f22f2fc69816bb9859abe55e935909456e231952b3db4a78800c4822a67122b0b0d1e173", 0xff}, {&(0x7f0000002040)="82a7f3c696c74e15d740e0d9f70695882c6e7b737a480cf5d919cc68", 0x1c}, {&(0x7f0000005500)="05104c933d24db8e9cef6845e794f3ef9f016e6a3a32d7e8f78ea2bcd9ce96024387e5112bd834461f8a28433705a05b0463fc6ecede9cbca11bde321b00eb680193b4682e32a35d255de3eea31f5e93e9f2b512cad511c3d77d1a97d6bdf7d192aface75cf6e0bc5010b1a6c2fcb67e5847e176d6b0683711ac80a3aa27a8fb8dd89a1e9283785e6706f83e7b47b2d0926fce3bb3e18f77cd8648c0a93f6f3df78524872072a584f606879bd9c841f3d3a4ee864c7401c137df2b6a98600f0263b6f74027a5a885df845ea85ed7f1542307c9e7b0d82ae5f54153f9233b8f7ffb20b65c0314898ff3f51e25d9", 0xed}, {&(0x7f0000002140)="a131ada1162f00b5db6aa10d9374dc67280b222d9ccc89213eb8be62c25f6bc9354ea7afeba16b489479ae27b168c9280ccc1a538c70e4ec4167a62f5948a70fd4cbe0e788f14ba5af86f5815936da8e2d1b58e2a6b3926aad7229247002496668d13972a0f3addb0af202ea490ad9d7bd09f744e5b901b7db", 0x79}, {&(0x7f0000005600)="dfd5bda2094863d9f83f67f75d95ce2705c15f89f076fc6149f9cd29655ef65aa4e8e3cf53912c5c6ad0e4c2f36f7bde9734394e6e15c2f4e2912942d57f9e03cb7da25b7208ca176410b51d10641a84c5fe07db517c21e832d95bdf4b8252babcb650eed38d6a3e388625b2c3767545bc5861b4f73d5206ef28995924bca50cd32eacded20f12c774135d91a19741a644ac478fc43f73984bd252", 0x9b}, {&(0x7f00000056c0)='V\x00', 0x2}], 0x8, &(0x7f0000005780)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18, 0x1, 0x2, {0x0, 0xffffffffffffffff}}}], 0x48, 0x4040000}}], 0x3, 0x0) (async)
recvmmsg(r0, &(0x7f0000000380), 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) (async)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1a}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000600)=<r5=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1) (async)
r6 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f00000000c0), 0x0) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FSYNC={0x3, 0x28, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, 0x1}) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB])
ioctl$KVM_KVMCLOCK_CTRL(r10, 0xaead)
ioctl$KVM_RUN(r10, 0xae80, 0x0) (async)
r11 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000480), r7) (async)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x15, 0x6, &(0x7f0000000280)=ANY=[@ANYRESOCT=r5], &(0x7f0000000200)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x14}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r12, 0x27, 0xe, 0x0, &(0x7f0000000640)="ed7e17526b2d6f70ac1ae867fd2a", 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x4c)
sendmsg$NET_DM_CMD_START(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000006a80)={&(0x7f0000000540)={0x14, r11, 0x401, 0x70bd2b, 0x10008, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
sendmsg$NLBL_CIPSOV4_C_LIST(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000800)=ANY=[@ANYRESDEC=r9, @ANYRES8=r6, @ANYBLOB="000426bd7000fedbdf25030000006b7a02000200000044000480050003000100000005000300000000000500030002000000050003000200000005000300050000000500030002000000050003000100000005000300060000002c000480050003000600000005000300060000000500030000000000050003000700000005000300010000000800010001000000a0000c801c000b80080009009d95440d08000900d6dbaa0108000a0023c4000044000b8008000a000f4c000008000900651c450308000900d5b78e1408f9ffffffffffffff0009005a2f990d08000a00b26c000008000a002752000008000a008603000024000b8008000a00252315ac551f4b50b0e30aff0ba186ae426b000008000900a9d5190f08000a00c4b2000008000900de38370f04000b8014000b8008000a00dffe000008000900216ca735"], 0x134}, 0x1, 0x0, 0x0, 0x8000}, 0x4880)
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) (async)
mknod$loop(&(0x7f0000000300)='./file0/../file0\x00', 0x10, 0x1) (async)
execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
semget$private(0x7d000000000000, 0x4000, 0x555)

891.682806ms ago: executing program 5 (id=3402):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffc97}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
membarrier(0x40, 0x0)

791.880964ms ago: executing program 6 (id=3403):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0xc000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
clock_nanosleep(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)={0x20, 0x140d, 0x1, 0x70bd28, 0x4, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x3, 0x6, 0x801, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x44084)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4049000)

396.523375ms ago: executing program 3 (id=3404):
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x20}, {{}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0xffffff1f}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x2}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYRES8], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x56aaa7a79eba33be, 0x2b}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_cache\x00')
pread64(r4, &(0x7f0000000040)=""/102400, 0x19000, 0x9)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000001b80)={&(0x7f0000001a00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001b40)={&(0x7f0000001a40)={0x100, 0x1403, 0x800, 0x70bd27, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'hsr0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'nr0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}]}, 0x100}, 0x1, 0x0, 0x0, 0x804}, 0x10)
syz_emit_ethernet(0xb6, &(0x7f0000000e00)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd60f7d8ff00403c0020010000000000000000000000000002ff0200000000000000000000000000010004000000000000c910ff010000000000000000000000000001c910fc00000000000000000000000000000000977c0000000000001090780200000000000000a8df1c6eab6ed26af73b86e656d49d42223414d005ca29c8e51814f914da5a09a263080269371cc7a3fcfe485611f2dcd126f75e24539fdc094e5fa11ddb0897ec8a486cf01bba8544dfa6c49e0bd1b3ff6660914bf8458f1afc6a5a0b8e0242b8bd8ecf78ff193debba5dde1842c36f2e7bd727088e8d679d4f3048a3328ed59869278b0057649ab0e02e90e60a08f11ca5b8e06d12d94be9610577083169d7b3feaf"], 0x0)
getgid()
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a4fc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b87f7c40a1702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f600e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10f9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80729fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a85430600f1e49db5a5517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a00000000000000000000000047e628cd57cde4268f47c9aaec3a3dfe43e032b88ea53656a8740c1a4e0a99be5c97ba451d8b2b0f4e12ba96082e0f6b2dabe716699090058e61a38ce85611945106dd1309087d3a2cf3aaef6216ff3720c3917170544a509071166565eaa3c9285b5227f520cd47"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00'})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000480)="b9ffb2ed6844268cb89e14f08864", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000005340))
r5 = openat$vim2m(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0x8, 0x3, 0x7, "00ddee4f9100000000996606420000ffe31e94000000000000ff0300", 0x30314752})

18.431496ms ago: executing program 1 (id=3405):
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80, 0x23456})
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r2 = syz_io_uring_setup(0x48be, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000000), &(0x7f0000001180))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100)
r3 = syz_io_uring_setup(0x2a31, &(0x7f0000000000)={0x0, 0x2f33, 0x2, 0x0, 0x16d}, 0x0, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r3, 0xb, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000001300)=ANY=[@ANYBLOB="40010000100001000000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000bb0000fff720000001000000003b000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x140}, 0x1, 0x0, 0x0, 0x4004000}, 0x4810)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
chdir(&(0x7f00000000c0)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB="190000000400000004000000ff0f000000000000", @ANYRES32, @ANYBLOB="ffff0000c66f9a740000000000000000000000000029e9", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000100"/28], 0x50)
syz_open_dev$tty1(0xc, 0x4, 0x1)
pread64(r4, &(0x7f0000000080)=""/237, 0xed, 0x0) (fail_nth: 4)
epoll_create1(0x80000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})

0s ago: executing program 5 (id=3406):
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000740)={0x53, 0x0, 0xa, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="28f8a81b133d", 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x30, 0x107, 0x70bd26, 0x25dfdbfd, {0x3, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0x2000c080)
r3 = syz_open_dev$sndpcmc(&(0x7f00000001c0), 0x6, 0x797802)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r3, 0xc25c4111, &(0x7f00000002c0)={0x955, [[0x2e0, 0x0, 0x9, 0x6, 0x3, 0x6, 0x4, 0x2], [0x0, 0x3ff80, 0xffffffff, 0x7, 0x1, 0xc0, 0x932, 0x6], [0x4, 0x4, 0x10000, 0x4, 0x6, 0x9, 0x9, 0xa1]], '\x00', [{0x0, 0x8, 0x0, 0x1, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}, {0x7, 0x1, 0x0, 0x0, 0x1}, {0x5, 0x7}, {0x7af4, 0x86, 0x1, 0x1}, {0x2, 0x127e, 0x0, 0x0, 0x1}, {0x7, 0x6, 0x0, 0x1, 0x0, 0x1}, {0x8, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x6865, 0xcc3, 0x1, 0x0, 0x0, 0x1}, {0x10001, 0x6, 0x1, 0x0, 0x0, 0x1}, {0x6, 0xe5, 0x0, 0x0, 0x1, 0x1}, {0x3, 0x1}], '\x00', 0x6})
r4 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0xd)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000100)={0x0, 0x0, 0x4, 0x1})
ioprio_set$pid(0x3, 0x0, 0x2003)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f0000001600)={{0x0, 0x0, 0x80}})
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$sock_cred(r8, 0x1, 0x11, 0x0, &(0x7f0000000280)=0x3f)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x581, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x8}]}}}]}, 0x3c}}, 0x0)
ioctl$TCFLSH(r4, 0x540b, 0x2)
write(0xffffffffffffffff, &(0x7f00000000c0)="510003000000", 0x6)

kernel console output (not intermixed with test programs):

BP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  666.588691][T17394] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  666.588697][T17394] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  666.588710][T17394]  </TASK>
[  667.635169][T15436] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  667.639684][T15436] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  667.644601][T15436] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  667.651742][T15436] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  667.656020][T15436] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  667.799086][T11816] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.816349][T17410] chnl_net:caif_netlink_parms(): no params data found
[  667.949034][T11816] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.964450][T17410] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.973183][T17410] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.976289][T17410] bridge_slave_0: entered allmulticast mode
[  667.993660][T17410] bridge_slave_0: entered promiscuous mode
[  668.022653][T17410] bridge0: port 2(bridge_slave_1) entered blocking state
[  668.032075][T17410] bridge0: port 2(bridge_slave_1) entered disabled state
[  668.042005][T17410] bridge_slave_1: entered allmulticast mode
[  668.068425][T17410] bridge_slave_1: entered promiscuous mode
[  668.108526][T11816] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.151200][T17410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  668.156116][T17410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  668.196634][T11816] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.227092][T17410] team0: Port device team_slave_0 added
[  668.238818][T17410] team0: Port device team_slave_1 added
[  668.289686][T17410] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.292475][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.302645][T17410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.307325][T17410] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.311547][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.323440][T17410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  668.416737][T17410] hsr_slave_0: entered promiscuous mode
[  668.418994][T17410] hsr_slave_1: entered promiscuous mode
[  668.421031][T17410] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  668.423487][T17410] Cannot create hsr debugfs directory
[  668.569562][T11816] bond1 (unregistering): (slave gretap1): Releasing active interface
[  668.619495][T17433] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2823'.
[  668.865491][T11816] bond0 (unregistering): Released all slaves
[  668.872493][T11816] bond1 (unregistering): Released all slaves
[  668.878908][T11816] bond2 (unregistering): Released all slaves
[  668.885988][T11816] bond3 (unregistering): Released all slaves
[  668.962342][T11816] tipc: Left network mode
[  669.086729][T17410] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  669.096525][T17410] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  669.103393][T17410] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  669.109712][T17410] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  669.208064][T17449] Bluetooth: MGMT ver 1.23
[  669.293144][T11816] hsr_slave_0: left promiscuous mode
[  669.302789][T11816] hsr_slave_1: left promiscuous mode
[  669.332491][T11816] veth1_macvtap: left promiscuous mode
[  669.334297][T11816] veth0_macvtap: left promiscuous mode
[  669.336083][T11816] veth1_vlan: left promiscuous mode
[  669.337793][T11816] veth0_vlan: left promiscuous mode
[  669.682235][T15436] Bluetooth: hci0: command tx timeout
[  670.748305][T17469] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  670.753514][T17469] nfs4: Unknown parameter 'ÛuÖ-’‡Ï8Ÿå˜O1@­”ìQÂɳ“+\§Åå&Ø¢©”o®*FØÂÉš�þËñzLS�'
[  670.976565][T17410] 8021q: adding VLAN 0 to HW filter on device bond0
[  671.095268][T17410] 8021q: adding VLAN 0 to HW filter on device team0
[  671.110459][T11788] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.113717][T11788] bridge0: port 1(bridge_slave_0) entered forwarding state
[  671.122738][ T9250] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.125762][ T9250] bridge0: port 2(bridge_slave_1) entered forwarding state
[  671.350605][T17410] 8021q: adding VLAN 0 to HW filter on device batadv0
[  671.480863][T11816] IPVS: stop unused estimator thread 0...
[  671.557329][T17410] veth0_vlan: entered promiscuous mode
[  671.562424][T17410] veth1_vlan: entered promiscuous mode
[  671.580473][T17410] veth0_macvtap: entered promiscuous mode
[  671.584946][T17410] veth1_macvtap: entered promiscuous mode
[  671.593582][T17410] batman_adv: batadv0: Interface activated: batadv_slave_0
[  671.599306][T17410] batman_adv: batadv0: Interface activated: batadv_slave_1
[  671.604712][T17410] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  671.607469][T17410] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  671.610112][T17410] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  671.613191][T17410] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  671.650161][T11788] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.696995][T11788] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.719033][T11788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.721514][T11788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.761999][T15436] Bluetooth: hci0: command tx timeout
[  672.539424][T17517] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  672.542228][T17517] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  672.545733][T17517] vhci_hcd vhci_hcd.0: Device attached
[  672.802773][T17525] binder: 17524:17525 ioctl c018620c 80000000 returned -1
[  672.811912][   T61] usb 39-1: new high-speed USB device number 5 using vhci_hcd
[  673.278408][T17519] vhci_hcd: connection reset by peer
[  673.318545][T11803] vhci_hcd: stop threads
[  673.320318][T11803] vhci_hcd: release socket
[  673.384544][T11803] vhci_hcd: disconnect device
[  673.841936][T15436] Bluetooth: hci0: command tx timeout
[  673.958815][T17541] random: crng reseeded on system resumption
[  674.171885][T17543] netlink: 'syz.1.2846': attribute type 1 has an invalid length.
[  674.224017][T17543] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  674.233190][T17543] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  675.474170][T17572] netlink: 'syz.3.2854': attribute type 1 has an invalid length.
[  675.499465][T17572] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  675.503794][T17572] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  675.560024][T17578] macvlan2: entered promiscuous mode
[  675.561739][T17578] macvlan2: entered allmulticast mode
[  675.565168][T17578] bond5: entered promiscuous mode
[  675.567129][T17578] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  675.572383][T17578] bond5: left promiscuous mode
[  675.589602][T17579] netlink: 'syz.1.2855': attribute type 1 has an invalid length.
[  675.633505][T17579] bond4: entered promiscuous mode
[  675.635316][T17579] 8021q: adding VLAN 0 to HW filter on device bond4
[  675.676202][T17579] 8021q: adding VLAN 0 to HW filter on device bond4
[  675.678528][T17579] bond4: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  675.683509][T17579] bond4: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  675.689150][T17579] bond4: (slave ip6gre1): making interface the new active one
[  675.692336][T17579] ip6gre1: entered promiscuous mode
[  675.695042][T17579] bond4: (slave ip6gre1): Enslaving as an active interface with an up link
[  675.736200][   T40] kauditd_printk_skb: 75 callbacks suppressed
[  675.736215][   T40] audit: type=1326 audit(1753660584.261:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17589 comm="syz.4.2860" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  675.922222][T15436] Bluetooth: hci0: command tx timeout
[  676.724287][T17606] netlink: 'syz.4.2864': attribute type 1 has an invalid length.
[  676.757147][T17606] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  676.760939][T17606] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  676.828093][T17612] gretap1: entered promiscuous mode
[  676.834489][T17612] bond1: (slave gretap1): making interface the new active one
[  676.839143][T17612] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  676.860734][T17612] macvlan2: entered promiscuous mode
[  676.867112][T17612] macvlan2: entered allmulticast mode
[  676.870036][T17612] bond1: entered promiscuous mode
[  676.873748][T17612] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  676.879001][T17612] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  676.885407][T17612] bond1: left promiscuous mode
[  677.000765][T17618] netlink: 'syz.4.2868': attribute type 1 has an invalid length.
[  677.031949][T17618] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  677.039877][T17618] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  677.086978][T17621] macvlan2: entered promiscuous mode
[  677.089186][T17621] macvlan2: entered allmulticast mode
[  677.092200][T17621] bond2: entered promiscuous mode
[  677.094377][T17621] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  677.099127][T17621] bond2: left promiscuous mode
[  677.490194][T17633] JFS: discard option not supported on device
[  677.496443][T17633] Mount JFS Failure: -22
[  677.498359][T17633] jfs_mount failed w/return code = -22
[  677.695358][T17620] syz.1.2866 (17620) used greatest stack depth: 19144 bytes left
[  677.922736][   T61] vhci_hcd: vhci_device speed not set
[  678.002178][T15436] Bluetooth: hci0: command tx timeout
[  678.598224][T17652] netlink: 'syz.1.2877': attribute type 1 has an invalid length.
[  678.636329][T17652] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  678.640770][T17652] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  678.690001][T17654] macvlan2: entered promiscuous mode
[  678.692651][T17654] macvlan2: entered allmulticast mode
[  678.695670][T17654] bond5: entered promiscuous mode
[  678.698601][T17654] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  678.706048][T17654] bond5: left promiscuous mode
[  679.954055][T17682] input: syz0 as /devices/virtual/input/input23
[  680.221329][T17686] FAULT_INJECTION: forcing a failure.
[  680.221329][T17686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.227374][T17686] CPU: 0 UID: 0 PID: 17686 Comm: syz.5.2887 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  680.227399][T17686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  680.227410][T17686] Call Trace:
[  680.227416][T17686]  <TASK>
[  680.227424][T17686]  dump_stack_lvl+0x16c/0x1f0
[  680.227447][T17686]  should_fail_ex+0x512/0x640
[  680.227469][T17686]  _copy_to_user+0x32/0xd0
[  680.227491][T17686]  simple_read_from_buffer+0xcb/0x170
[  680.227520][T17686]  proc_fail_nth_read+0x197/0x270
[  680.227546][T17686]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  680.227577][T17686]  ? rw_verify_area+0xcf/0x680
[  680.227602][T17686]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  680.227625][T17686]  vfs_read+0x1e4/0xc60
[  680.227643][T17686]  ? fdget_pos+0x2a2/0x370
[  680.227663][T17686]  ? __pfx_vfs_read+0x10/0x10
[  680.227677][T17686]  ? find_held_lock+0x2b/0x80
[  680.227704][T17686]  ? __fget_files+0x20e/0x3c0
[  680.227729][T17686]  ? handle_mm_fault+0x250/0xd10
[  680.227762][T17686]  ksys_read+0x12a/0x250
[  680.227778][T17686]  ? __pfx_ksys_read+0x10/0x10
[  680.227797][T17686]  ? rcu_is_watching+0x12/0xc0
[  680.227818][T17686]  __do_fast_syscall_32+0x7c/0x3a0
[  680.227842][T17686]  do_fast_syscall_32+0x32/0x80
[  680.227861][T17686]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  680.227883][T17686] RIP: 0023:0xf7fb4579
[  680.227897][T17686] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  680.227914][T17686] RSP: 002b:00000000f50d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  680.227931][T17686] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50d6620
[  680.227942][T17686] RDX: 000000000000000f RSI: 00000000f7444ff4 RDI: 0000000000000000
[  680.227952][T17686] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  680.227962][T17686] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  680.227972][T17686] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  680.227996][T17686]  </TASK>
[  681.388620][T17707] netlink: 'syz.5.2892': attribute type 1 has an invalid length.
[  681.454384][T17708] gretap1: entered promiscuous mode
[  681.726087][T17713] FAULT_INJECTION: forcing a failure.
[  681.726087][T17713] name failslab, interval 1, probability 0, space 0, times 0
[  681.729986][T17713] CPU: 0 UID: 0 PID: 17713 Comm: syz.4.2894 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  681.730001][T17713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  681.730008][T17713] Call Trace:
[  681.730012][T17713]  <TASK>
[  681.730017][T17713]  dump_stack_lvl+0x16c/0x1f0
[  681.730031][T17713]  should_fail_ex+0x512/0x640
[  681.730042][T17713]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  681.730055][T17713]  should_failslab+0xc2/0x120
[  681.730068][T17713]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  681.730078][T17713]  ? io_submit_one+0x122/0x1df0
[  681.730097][T17713]  io_submit_one+0x122/0x1df0
[  681.730113][T17713]  ? __lock_acquire+0xb8a/0x1c90
[  681.730130][T17713]  ? __pfx_io_submit_one+0x10/0x10
[  681.730149][T17713]  ? __might_fault+0xe3/0x190
[  681.730159][T17713]  ? __might_fault+0x13b/0x190
[  681.730172][T17713]  ? __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  681.730187][T17713]  __ia32_compat_sys_io_submit+0x1ad/0x3a0
[  681.730205][T17713]  ? __pfx___ia32_compat_sys_io_submit+0x10/0x10
[  681.730225][T17713]  ? rcu_is_watching+0x12/0xc0
[  681.730236][T17713]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  681.730250][T17713]  __do_fast_syscall_32+0x7c/0x3a0
[  681.730262][T17713]  do_fast_syscall_32+0x32/0x80
[  681.730273][T17713]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  681.730287][T17713] RIP: 0023:0xf710e579
[  681.730296][T17713] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  681.730306][T17713] RSP: 002b:00000000f50fe55c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8
[  681.730316][T17713] RAX: ffffffffffffffda RBX: 00000000f7fde000 RCX: 0000000000000001
[  681.730323][T17713] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  681.730329][T17713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  681.730335][T17713] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  681.730341][T17713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  681.730354][T17713]  </TASK>
[  681.806545][   T40] audit: type=1326 audit(1753660590.331:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17716 comm="syz.1.2895" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x0
[  681.898921][T17720] netlink: 'syz.3.2897': attribute type 1 has an invalid length.
[  681.915450][T17722] netlink: 'syz.1.2895': attribute type 10 has an invalid length.
[  681.928304][T17720] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address
[  681.935201][T17720] bond6: (slave vxcan3): Error -95 calling set_mac_address
[  681.980232][T17725] macvlan2: entered promiscuous mode
[  681.983921][T17725] macvlan2: entered allmulticast mode
[  681.985971][T17725] bond6: entered promiscuous mode
[  681.987845][T17725] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  682.003941][T17725] bond6: left promiscuous mode
[  682.401950][T15436] Bluetooth: hci1: command 0x0406 tx timeout
[  682.470182][T17736] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2899'.
[  682.481043][T17736] Cannot find del_set index 3 as target
[  682.861711][T17741] netlink: 'syz.4.2902': attribute type 1 has an invalid length.
[  682.894185][T17741] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  682.898340][T17741] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  682.948278][T17744] macvlan2: entered promiscuous mode
[  682.950615][T17744] macvlan2: entered allmulticast mode
[  682.953659][T17744] bond3: entered promiscuous mode
[  682.956161][T17744] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  682.961469][T17744] bond3: left promiscuous mode
[  683.647323][T17754] loop6: detected capacity change from 0 to 524287999
[  683.649989][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.653647][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.656664][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.659321][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.661978][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.664612][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.667086][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.669731][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.672411][T17754] ldm_validate_partition_table(): Disk read failed.
[  683.674548][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.677145][T17754] Buffer I/O error on dev loop6, logical block 0, async page read
[  683.679764][T17754] Dev loop6: unable to read RDB block 0
[  683.681935][T17754]  loop6: unable to read partition table
[  683.683871][T17754] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  683.741497][T17755] No control pipe specified
[  683.773347][T17754] ldm_validate_partition_table(): Disk read failed.
[  683.776151][T17754] Dev loop6: unable to read RDB block 0
[  683.778626][T17754]  loop6: unable to read partition table
[  683.780984][T17754] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  684.052989][T17758] netlink: 'syz.4.2907': attribute type 1 has an invalid length.
[  684.078018][T17758] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  684.082972][T17758] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  684.130990][T17764] macvlan2: entered promiscuous mode
[  684.132883][T17764] macvlan2: entered allmulticast mode
[  684.135352][T17764] bond4: entered promiscuous mode
[  684.137291][T17764] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  684.142522][T17764] bond4: left promiscuous mode
[  685.453558][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  685.456169][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  685.826510][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  685.834264][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 101
[  685.838079][T15612] Bluetooth: hci1: SCO packet for unknown connection handle 3781
[  687.200868][T17829] tipc: Started in network mode
[  687.207117][T17829] tipc: Node identity e257de2499a8, cluster identity 4711
[  687.210447][T17829] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  687.295128][T17835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2925'.
[  687.722972][T17843] ceph: No mds server is up or the cluster is laggy
[  688.021185][T17828] tipc: Disabling bearer <eth:syzkaller0>
[  688.125582][T17849] netlink: 'syz.5.2929': attribute type 1 has an invalid length.
[  688.152352][T17849] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  688.157394][T17849] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  688.201791][T17851] gretap1: entered promiscuous mode
[  688.206371][T17851] bond1: (slave gretap1): making interface the new active one
[  688.209633][T17851] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  688.225155][T17849] macvlan2: entered promiscuous mode
[  688.226951][T17849] macvlan2: entered allmulticast mode
[  688.229405][T17849] bond1: entered promiscuous mode
[  688.231602][T17849] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  688.262379][T17849] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[  688.275112][T17849] bond1: left promiscuous mode
[  688.403361][T17858] Cannot find add_set index 16 as target
[  688.413076][T17858] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2931'.
[  689.401780][T17875] netlink: 'syz.5.2937': attribute type 1 has an invalid length.
[  689.435792][T17875] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  689.439635][T17875] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  689.493305][T17880] macvlan2: entered promiscuous mode
[  689.495540][T17880] macvlan2: entered allmulticast mode
[  689.498228][T17880] bond2: entered promiscuous mode
[  689.501161][T17880] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  689.507021][T17880] bond2: left promiscuous mode
[  689.762452][T17884] can: request_module (can-proto-0) failed.
[  690.031912][   T61] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  690.181905][   T61] usb 10-1: Using ep0 maxpacket: 32
[  690.186014][   T61] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  690.190715][   T61] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  690.194866][   T61] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  690.198669][   T61] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.204066][   T61] usb 10-1: config 0 descriptor??
[  690.378344][T17890] netlink: 'syz.4.2941': attribute type 1 has an invalid length.
[  690.410148][T17890] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  690.414106][T17890] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  690.468499][T17893] macvlan2: entered promiscuous mode
[  690.470853][T17893] macvlan2: entered allmulticast mode
[  690.472153][T17882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2938'.
[  690.478173][T17893] bond5: entered promiscuous mode
[  690.480855][T17893] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  690.486726][T17893] bond5: left promiscuous mode
[  690.505030][T17882] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  690.508755][T17882] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  690.512230][T17882] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  690.515487][T17882] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  690.524174][T17882] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  690.527594][T17882] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  690.531102][T17882] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  690.534861][T17882] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  690.647996][   T61] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  690.674159][T17897] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  690.906399][T17884] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2939'.
[  690.913068][   T61] usb 10-1: USB disconnect, device number 2
[  691.504452][T17910] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2946'.
[  691.508882][T17910] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2946'.
[  691.569792][T17911] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2946'.
[  691.574058][T17911] FAULT_INJECTION: forcing a failure.
[  691.574058][T17911] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.671994][T17911] CPU: 3 UID: 0 PID: 17911 Comm: syz.5.2946 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  691.672036][T17911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  691.672048][T17911] Call Trace:
[  691.672055][T17911]  <TASK>
[  691.672063][T17911]  dump_stack_lvl+0x16c/0x1f0
[  691.672087][T17911]  should_fail_ex+0x512/0x640
[  691.672111][T17911]  _copy_from_user+0x2e/0xd0
[  691.672133][T17911]  kstrtouint_from_user+0xd6/0x1d0
[  691.672174][T17911]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  691.672199][T17911]  ? __lock_acquire+0xb8a/0x1c90
[  691.672235][T17911]  proc_fail_nth_write+0x83/0x250
[  691.672261][T17911]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  691.672292][T17911]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  691.672316][T17911]  vfs_write+0x29d/0x1150
[  691.672339][T17911]  ? __pfx_vfs_write+0x10/0x10
[  691.672353][T17911]  ? find_held_lock+0x2b/0x80
[  691.672379][T17911]  ? __fget_files+0x20e/0x3c0
[  691.672414][T17911]  ksys_write+0x12a/0x250
[  691.672430][T17911]  ? __pfx_ksys_write+0x10/0x10
[  691.672449][T17911]  ? rcu_is_watching+0x12/0xc0
[  691.672472][T17911]  __do_fast_syscall_32+0x7c/0x3a0
[  691.672494][T17911]  do_fast_syscall_32+0x32/0x80
[  691.672513][T17911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  691.672536][T17911] RIP: 0023:0xf7fb4579
[  691.672550][T17911] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  691.672567][T17911] RSP: 002b:00000000f50b5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  691.672585][T17911] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00000000f50b5620
[  691.672597][T17911] RDX: 0000000000000001 RSI: 00000000f7444ff4 RDI: 0000000000000000
[  691.672607][T17911] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  691.672617][T17911] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  691.672628][T17911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  691.672653][T17911]  </TASK>
[  691.758494][    C3] vkms_vblank_simulate: vblank timer overrun
[  692.877400][T17939] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  693.154416][T17946] binder: 17944:17946 ioctl c0306201 800003c0 returned -14
[  693.159628][T17946] binder: 17944:17946 ioctl c0306201 800001c0 returned -14
[  693.214469][T17958] overlayfs: failed to resolve './file1': -2
[  693.709489][T17971] input: syz1 as /devices/virtual/input/input24
[  693.921939][   T10] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  694.074914][   T10] usb 10-1: config index 0 descriptor too short (expected 23569, got 27)
[  694.079108][   T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  694.087547][   T10] usb 10-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  694.091416][   T10] usb 10-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  694.098374][   T10] usb 10-1: Manufacturer: syz
[  694.102522][   T10] usb 10-1: config 0 descriptor??
[  694.161927][   T10] rc_core: IR keymap rc-hauppauge not found
[  694.164352][   T10] Registered IR keymap rc-empty
[  694.167228][   T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  694.183144][   T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input25
[  694.362383][T12975] usb 10-1: USB disconnect, device number 3
[  695.201078][T17997] JFS: discard option not supported on device
[  695.204155][T17997] Mount JFS Failure: -22
[  695.205974][T17997] jfs_mount failed w/return code = -22
[  695.386141][T18002] JFS: discard option not supported on device
[  695.388598][T18002] Mount JFS Failure: -22
[  695.389971][T18002] jfs_mount failed w/return code = -22
[  696.275321][T18016] tipc: Enabled bearer <udp:syz2>, priority 10
[  696.281754][T18016] tipc: Enabled bearer <eth:team0>, priority 0
[  696.351931][T12975] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  696.503260][T12975] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  696.506750][T12975] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  696.510608][T12975] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  696.514591][T12975] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  696.520524][T12975] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  696.524192][T12975] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  696.526690][T12975] usb 9-1: Manufacturer: syz
[  696.529612][T12975] usb 9-1: config 0 descriptor??
[  696.815884][T18021] netlink: 'syz.5.2973': attribute type 1 has an invalid length.
[  696.837923][T18021] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  696.841897][T18021] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  696.862078][T12975] rc_core: IR keymap rc-hauppauge not found
[  696.864145][T12975] Registered IR keymap rc-empty
[  696.865824][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  696.881938][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  696.900669][T18021] macvlan2: entered promiscuous mode
[  696.902582][T18021] macvlan2: entered allmulticast mode
[  696.904713][T18021] bond3: entered promiscuous mode
[  696.906597][T18021] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  696.912532][T12975] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0
[  696.918301][T18021] bond3: left promiscuous mode
[  696.919466][T12975] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/rc/rc0/input26
[  696.925125][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  696.952194][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  696.972830][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  696.991944][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.002448][T18013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.005939][T18013] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.012815][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.041965][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.071937][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.092069][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.111990][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.133968][T12975] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[  697.152680][T12975] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  697.155491][T12975] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  697.163887][T12975] usb 9-1: USB disconnect, device number 2
[  697.184525][T18031] netlink: 'syz.3.2976': attribute type 14 has an invalid length.
[  697.391931][  T838] tipc: Node number set to 2080366116
[  699.032738][T18059] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(11)
[  699.035486][T18059] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  699.039003][T18059] vhci_hcd vhci_hcd.0: Device attached
[  699.237914][T18064] ipt_REJECT: TCP_RESET invalid for non-tcp
[  699.372064][  T838] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[  699.621713][T18060] vhci_hcd: connection reset by peer
[  699.623895][T11826] vhci_hcd: stop threads
[  699.625424][T11826] vhci_hcd: release socket
[  699.627369][T11826] vhci_hcd: disconnect device
[  700.394133][T18077] netlink: 'syz.5.2992': attribute type 1 has an invalid length.
[  700.411235][T18077] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  700.415630][T18077] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  700.520650][T18079] macvlan2: entered promiscuous mode
[  700.524375][T18079] macvlan2: entered allmulticast mode
[  700.527690][T18079] bond4: entered promiscuous mode
[  700.531583][T18079] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  700.541237][T18079] bond4: left promiscuous mode
[  701.863003][T18101] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2998'.
[  701.901995][T12975] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  702.054374][T12975] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  702.058534][T12975] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  702.061666][T12975] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  702.064668][T12975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.068239][T12975] usb 6-1: config 0 descriptor??
[  702.072382][T12975] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  702.074483][T12975] dvb-usb: bulk message failed: -22 (3/0)
[  702.078794][T12975] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  702.082754][T12975] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  702.085698][T12975] usb 6-1: media controller created
[  702.089454][T12975] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  702.096309][T12975] dvb-usb: bulk message failed: -22 (6/0)
[  702.098808][T12975] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  702.104075][T12975] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input27
[  702.110183][T12975] dvb-usb: schedule remote query interval to 150 msecs.
[  702.113465][T12975] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  702.121914][T15049] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  702.271971][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  702.274401][   T24] dvb-usb: error while querying for an remote control event.
[  702.282015][T15049] usb 10-1: device descriptor read/64, error -71
[  702.337634][   T10] usb 6-1: USB disconnect, device number 10
[  702.354345][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  702.465078][T18112] fuse: Bad value for 'fd'
[  702.471521][T18112] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  702.475289][T18112] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  702.477902][T18112] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  702.480556][T18112] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  702.484033][T18112] geneve0: entered promiscuous mode
[  702.486369][T18112] geneve0: entered allmulticast mode
[  702.521972][T15049] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  702.596999][T18114] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  702.599768][T18114] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  702.603103][T18114] vhci_hcd vhci_hcd.0: Device attached
[  702.651989][T15049] usb 10-1: device descriptor read/64, error -71
[  702.763793][T15049] usb usb10-port1: attempt power cycle
[  702.852061][   T68] usb 43-1: new high-speed USB device number 4 using vhci_hcd
[  703.101908][T15049] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  703.122870][T15049] usb 10-1: device descriptor read/8, error -71
[  703.372019][T15049] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  703.402328][T15049] usb 10-1: device descriptor read/8, error -71
[  703.513632][T15049] usb usb10-port1: unable to enumerate USB device
[  703.740689][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  703.745407][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 101
[  703.749744][T15612] Bluetooth: hci1: SCO packet for unknown connection handle 3781
[  704.122045][T18115] vhci_hcd: connection reset by peer
[  704.132047][T11788] vhci_hcd: stop threads
[  704.133858][T11788] vhci_hcd: release socket
[  704.137735][T11788] vhci_hcd: disconnect device
[  704.482048][  T838] vhci_hcd: vhci_device speed not set
[  704.981162][T18144] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3008'.
[  705.030176][T18145] FAULT_INJECTION: forcing a failure.
[  705.030176][T18145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  705.036973][T18145] CPU: 2 UID: 0 PID: 18145 Comm: syz.5.3009 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  705.036995][T18145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  705.037004][T18145] Call Trace:
[  705.037010][T18145]  <TASK>
[  705.037017][T18145]  dump_stack_lvl+0x16c/0x1f0
[  705.037036][T18145]  should_fail_ex+0x512/0x640
[  705.037054][T18145]  _copy_to_user+0x32/0xd0
[  705.037071][T18145]  simple_read_from_buffer+0xcb/0x170
[  705.037093][T18145]  proc_fail_nth_read+0x197/0x270
[  705.037113][T18145]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  705.037157][T18145]  ? rw_verify_area+0xcf/0x680
[  705.037176][T18145]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  705.037195][T18145]  vfs_read+0x1e4/0xc60
[  705.037208][T18145]  ? fdget_pos+0x2a2/0x370
[  705.037223][T18145]  ? __pfx_vfs_read+0x10/0x10
[  705.037234][T18145]  ? find_held_lock+0x2b/0x80
[  705.037255][T18145]  ? __fget_files+0x20e/0x3c0
[  705.037282][T18145]  ksys_read+0x12a/0x250
[  705.037296][T18145]  ? __pfx_ksys_read+0x10/0x10
[  705.037310][T18145]  ? rcu_is_watching+0x12/0xc0
[  705.037328][T18145]  __do_fast_syscall_32+0x7c/0x3a0
[  705.037346][T18145]  do_fast_syscall_32+0x32/0x80
[  705.037361][T18145]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  705.037384][T18145] RIP: 0023:0xf7fb4579
[  705.037396][T18145] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  705.037409][T18145] RSP: 002b:00000000f50b5590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  705.037422][T18145] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50b5620
[  705.037431][T18145] RDX: 000000000000000f RSI: 00000000f7444ff4 RDI: 0000000000000000
[  705.037439][T18145] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  705.037447][T18145] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  705.037455][T18145] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  705.037475][T18145]  </TASK>
[  705.156805][T18147] netlink: 'syz.5.3010': attribute type 1 has an invalid length.
[  705.183741][T18147] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  705.188548][T18147] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  705.236656][T18149] macvlan2: entered promiscuous mode
[  705.238877][T18149] macvlan2: entered allmulticast mode
[  705.241455][T18149] bond5: entered promiscuous mode
[  705.245847][T18149] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  705.250893][T18149] bond5: left promiscuous mode
[  705.632905][T18155] JFS: discard option not supported on device
[  705.636759][T18155] Mount JFS Failure: -22
[  705.638487][T18155] jfs_mount failed w/return code = -22
[  705.879902][T18157] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  705.886605][T18157] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  705.890245][T18157] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  705.894728][T18157] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  705.952298][T18157] netdevsim netdevsim3 eth0: unset [1, 1] type 2 family 0 port 20000 - 0
[  705.955857][T18157] netdevsim netdevsim3 eth1: unset [1, 1] type 2 family 0 port 20000 - 0
[  705.959384][T18157] netdevsim netdevsim3 eth2: unset [1, 1] type 2 family 0 port 20000 - 0
[  705.964415][T18157] netdevsim netdevsim3 eth3: unset [1, 1] type 2 family 0 port 20000 - 0
[  706.101891][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  706.153457][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 101
[  706.156447][T15612] Bluetooth: hci1: SCO packet for unknown connection handle 3781
[  706.195973][T18162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3014'.
[  706.604358][T18174] tipc: Started in network mode
[  706.606480][T18174] tipc: Node identity 2a1aa320e9ff, cluster identity 4711
[  706.609706][T18174] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  706.625730][T18174] tipc: Disabling bearer <eth:syzkaller0>
[  706.678490][T18175] sock: sock_set_timeout: `syz.3.3018' (pid 18175) tries to set negative timeout
[  706.796971][T18177] netlink: 'syz.3.3019': attribute type 1 has an invalid length.
[  706.822685][T18177] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address
[  706.828012][T18177] bond7: (slave vxcan3): Error -95 calling set_mac_address
[  706.879182][T18179] macvlan2: entered promiscuous mode
[  706.881533][T18179] macvlan2: entered allmulticast mode
[  706.885495][T18179] bond7: entered promiscuous mode
[  706.888095][T18179] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  706.896832][T18179] bond7: left promiscuous mode
[  707.497401][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  707.504128][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 101
[  707.507344][T15612] Bluetooth: hci1: SCO packet for unknown connection handle 3781
[  707.705303][T18191] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3021'.
[  708.002426][   T68] vhci_hcd: vhci_device speed not set
[  708.520588][T18207] netlink: 'syz.1.3028': attribute type 1 has an invalid length.
[  708.539162][T18207] macvlan2: entered promiscuous mode
[  708.541364][T18207] macvlan2: entered allmulticast mode
[  708.544460][T18207] bond6: entered promiscuous mode
[  708.546498][T18207] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  708.553229][T18207] bond6: left promiscuous mode
[  710.145534][T18231] binder: 18230:18231 ioctl c0306201 80000380 returned -14
[  710.329811][T15612] Bluetooth: hci3: ACL packet for unknown connection handle 101
[  710.338585][T15612] Bluetooth: hci3: SCO packet for unknown connection handle 3781
[  710.532900][T18251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3040'.
[  710.536631][T18252] xt_CT: You must specify a L4 protocol and not use inversions on it
[  710.546338][T18252] 9pnet_fd: Insufficient options for proto=fd
[  711.336772][T18256] vivid-007: =================  START STATUS  =================
[  711.339476][T18256] vivid-007: Enable Output Cropping: true
[  711.342974][T18256] vivid-007: Enable Output Composing: true
[  711.345340][T18256] vivid-007: Enable Output Scaler: true
[  711.347763][T18256] vivid-007: Tx RGB Quantization Range: Automatic
[  711.350301][T18256] vivid-007: Transmit Mode: HDMI
[  711.352819][T18256] vivid-007: Hotplug Present: 0x00000000
[  711.355349][T18256] vivid-007: RxSense Present: 0x00000000
[  711.357420][T18256] vivid-007: EDID Present: 0x00000000
[  711.391888][T18256] vivid-007: ==================  END STATUS  ==================
[  711.493397][T18256] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3041'.
[  712.757075][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  712.760642][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 101
[  712.765803][T15612] Bluetooth: hci1: SCO packet for unknown connection handle 3781
[  713.209544][T18304] ubi: mtd0 is already attached to ubi8
[  713.699444][T18306] program syz.1.3052 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  714.178282][T15436] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  714.186287][T15436] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  714.192682][T15436] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  714.201460][T15436] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  714.209742][T15436] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  714.409289][T18327] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3058'.
[  714.412880][T18327] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3058'.
[  714.529593][ T9250] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  714.654157][ T9250] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  714.679052][T18323] chnl_net:caif_netlink_parms(): no params data found
[  714.738923][ T9250] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  714.773279][T18323] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.775511][T18323] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.777686][T18323] bridge_slave_0: entered allmulticast mode
[  714.780220][T18323] bridge_slave_0: entered promiscuous mode
[  714.784996][T18323] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.787485][T18323] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.790024][T18323] bridge_slave_1: entered allmulticast mode
[  714.793251][T18323] bridge_slave_1: entered promiscuous mode
[  714.835689][ T9250] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  714.844282][T18323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  714.849252][T18323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  714.891644][T18323] team0: Port device team_slave_0 added
[  714.896148][T18323] team0: Port device team_slave_1 added
[  714.936208][T18323] batman_adv: batadv0: Adding interface: batadv_slave_0
[  714.938628][T18323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  714.947733][T18323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  714.953844][T18323] batman_adv: batadv0: Adding interface: batadv_slave_1
[  714.956348][T18323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  714.971934][T18323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  715.061434][T18323] hsr_slave_0: entered promiscuous mode
[  715.066218][T18323] hsr_slave_1: entered promiscuous mode
[  715.187432][ T9250] bridge_slave_1: left allmulticast mode
[  715.189866][ T9250] bridge_slave_1: left promiscuous mode
[  715.193729][ T9250] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.204691][ T9250] bridge_slave_0: left allmulticast mode
[  715.206341][ T9250] bridge_slave_0: left promiscuous mode
[  715.208176][ T9250] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.365460][ T9250] bond1 (unregistering): (slave gretap1): Releasing active interface
[  715.480479][T18349] vivid-007: =================  START STATUS  =================
[  715.483106][T18349] vivid-007: Enable Output Cropping: true
[  715.484930][T18349] vivid-007: Enable Output Composing: true
[  715.487055][T18349] vivid-007: Enable Output Scaler: true
[  715.488838][T18349] vivid-007: Tx RGB Quantization Range: Automatic
[  715.490913][T18349] vivid-007: Transmit Mode: HDMI
[  715.492691][T18349] vivid-007: Hotplug Present: 0x00000000
[  715.494734][T18349] vivid-007: RxSense Present: 0x00000000
[  715.496569][T18349] vivid-007: EDID Present: 0x00000000
[  715.498450][T18349] vivid-007: ==================  END STATUS  ==================
[  715.526533][T18349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3061'.
[  715.665469][ T9250] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  715.670843][ T9250] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  715.677164][ T9250] bond0 (unregistering): Released all slaves
[  715.684863][ T9250] bond1 (unregistering): Released all slaves
[  715.691622][ T9250] bond2 (unregistering): Released all slaves
[  715.702419][ T9250] bond3 (unregistering): Released all slaves
[  715.709433][ T9250] bond4 (unregistering): Released all slaves
[  715.721519][ T9250] bond5 (unregistering): Released all slaves
[  716.086109][T18323] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  716.090979][T18323] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  716.095571][T18323] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  716.099865][T18323] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  716.192700][T18323] 8021q: adding VLAN 0 to HW filter on device bond0
[  716.206136][T18323] 8021q: adding VLAN 0 to HW filter on device team0
[  716.215447][T11788] bridge0: port 1(bridge_slave_0) entered blocking state
[  716.218369][T11788] bridge0: port 1(bridge_slave_0) entered forwarding state
[  716.239679][T11788] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.242015][T15612] Bluetooth: hci2: command tx timeout
[  716.242693][T11788] bridge0: port 2(bridge_slave_1) entered forwarding state
[  716.268829][ T9250] hsr_slave_0: left promiscuous mode
[  716.271319][ T9250] hsr_slave_1: left promiscuous mode
[  716.274771][ T9250] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  716.277267][ T9250] batman_adv: batadv0: Removing interface: batadv_slave_0
[  716.282069][ T9250] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  716.284508][ T9250] batman_adv: batadv0: Removing interface: batadv_slave_1
[  716.329546][ T9250] veth1_macvtap: left promiscuous mode
[  716.331362][ T9250] veth0_macvtap: left promiscuous mode
[  716.333527][ T9250] veth1_vlan: left promiscuous mode
[  716.335189][ T9250] veth0_vlan: left promiscuous mode
[  717.355273][ T9250] team0 (unregistering): Port device team_slave_1 removed
[  717.501793][ T9250] team0 (unregistering): Port device team_slave_0 removed
[  717.694011][T18390] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input28
[  718.269444][T18388] FAULT_INJECTION: forcing a failure.
[  718.269444][T18388] name failslab, interval 1, probability 0, space 0, times 0
[  718.278410][T18388] CPU: 3 UID: 0 PID: 18388 Comm: syz.5.3068 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  718.278436][T18388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  718.278447][T18388] Call Trace:
[  718.278454][T18388]  <TASK>
[  718.278462][T18388]  dump_stack_lvl+0x16c/0x1f0
[  718.278491][T18388]  should_fail_ex+0x512/0x640
[  718.278509][T18388]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  718.278531][T18388]  should_failslab+0xc2/0x120
[  718.278552][T18388]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  718.278571][T18388]  ? __mutex_lock+0x1ca/0xb90
[  718.278587][T18388]  ? __alloc_skb+0x2b2/0x380
[  718.278611][T18388]  __alloc_skb+0x2b2/0x380
[  718.278629][T18388]  ? __pfx___alloc_skb+0x10/0x10
[  718.278659][T18388]  inet_netconf_notify_devconf+0x8b/0x1f0
[  718.278688][T18388]  mrtsock_destruct+0x1e7/0x290
[  718.278713][T18388]  ? __pfx_mrtsock_destruct+0x10/0x10
[  718.278734][T18388]  ip_ra_control+0x439/0x590
[  718.278765][T18388]  ip_mroute_setsockopt+0x98c/0x1040
[  718.278793][T18388]  ? __pfx_ip_mroute_setsockopt+0x10/0x10
[  718.278827][T18388]  ? find_held_lock+0x2b/0x80
[  718.278850][T18388]  do_ip_setsockopt+0x2ae/0x3130
[  718.278879][T18388]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  718.278910][T18388]  ? __lock_acquire+0x622/0x1c90
[  718.278934][T18388]  ? __pfx___might_resched+0x10/0x10
[  718.278959][T18388]  ip_setsockopt+0x59/0xf0
[  718.278987][T18388]  raw_setsockopt+0xb7/0x2a0
[  718.279015][T18388]  ? __pfx_raw_setsockopt+0x10/0x10
[  718.279044][T18388]  ? sock_common_setsockopt+0x2e/0xf0
[  718.279066][T18388]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  718.279090][T18388]  do_sock_setsockopt+0xf0/0x1d0
[  718.279117][T18388]  __sys_setsockopt+0x120/0x1a0
[  718.279139][T18388]  __ia32_sys_setsockopt+0xbc/0x160
[  718.279156][T18388]  ? lockdep_hardirqs_on+0x7c/0x110
[  718.279173][T18388]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  718.279192][T18388]  __do_fast_syscall_32+0x7c/0x3a0
[  718.279214][T18388]  do_fast_syscall_32+0x32/0x80
[  718.279233][T18388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  718.279255][T18388] RIP: 0023:0xf7fb4579
[  718.279269][T18388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  718.279286][T18388] RSP: 002b:00000000f50b555c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  718.279303][T18388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  718.279314][T18388] RDX: 00000000000000c9 RSI: 0000000000000000 RDI: 0000000000000000
[  718.279324][T18388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  718.279334][T18388] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  718.279344][T18388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  718.279366][T18388]  </TASK>
[  718.351917][T15612] Bluetooth: hci2: command tx timeout
[  718.505073][T18323] 8021q: adding VLAN 0 to HW filter on device batadv0
[  718.670226][T18415] /dev/nullb0: Can't open blockdev
[  718.912438][T18323] veth0_vlan: entered promiscuous mode
[  718.921128][T18323] veth1_vlan: entered promiscuous mode
[  718.950208][T18323] veth0_macvtap: entered promiscuous mode
[  718.959643][T18323] veth1_macvtap: entered promiscuous mode
[  718.975233][T18323] batman_adv: batadv0: Interface activated: batadv_slave_0
[  718.990174][T18323] batman_adv: batadv0: Interface activated: batadv_slave_1
[  718.995217][T18323] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  718.998571][T18323] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  719.001573][T18323] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  719.004738][T18323] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  719.055706][T11826] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  719.059051][T11826] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  719.077829][T11826] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  719.080266][T11826] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  719.316745][T18425] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3075'.
[  719.323876][T18425] vlan2: entered promiscuous mode
[  719.325538][T18425] batadv0: entered promiscuous mode
[  719.405106][T18427] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  719.428023][T18429] netlink: 'syz.6.3077': attribute type 1 has an invalid length.
[  719.489810][T18429] gretap1: entered promiscuous mode
[  719.907234][T18444] syzkaller0: entered promiscuous mode
[  719.909531][T18444] syzkaller0: entered allmulticast mode
[  720.033233][T18448] dns_resolver: Unsupported server list version (0)
[  720.057266][T18448] 9pnet_fd: Insufficient options for proto=fd
[  720.067764][T18453] atomic_op ffff888024c55198 conn xmit_atomic 0000000000000000
[  720.155733][T18461] input: syz1 as /devices/virtual/input/input29
[  720.203586][T15612] Bluetooth: hci2: ACL packet for unknown connection handle 101
[  720.206792][T15612] Bluetooth: hci2: SCO packet for unknown connection handle 3781
[  720.253980][T18470] No control pipe specified
[  720.296098][T18472] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3095'.
[  720.303426][   T40] audit: type=1326 audit(1753660628.831:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18459 comm="syz.1.3090" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f14579 code=0x0
[  720.346804][T18474] can: request_module (can-proto-0) failed.
[  720.349488][T18474] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3096'.
[  720.402631][T15612] Bluetooth: hci2: command tx timeout
[  720.456580][T18480] binder: 18473:18480 ioctl c0306201 80000640 returned -22
[  720.679158][T18483] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  722.247848][T18498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3103'.
[  722.252188][T15612] Bluetooth: hci2: ACL packet for unknown connection handle 101
[  722.261928][T15612] Bluetooth: hci2: SCO packet for unknown connection handle 3781
[  722.324075][T18501] 9pnet_fd: Insufficient options for proto=fd
[  722.481989][T15612] Bluetooth: hci2: command tx timeout
[  722.505674][T18508] blktrace: Concurrent blktraces are not allowed on sg0
[  722.511992][  T838] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  722.711943][  T838] usb 6-1: Using ep0 maxpacket: 8
[  722.715141][  T838] usb 6-1: config 16 has an invalid interface number: 22 but max is 0
[  722.718230][  T838] usb 6-1: config 16 has no interface number 0
[  722.720450][  T838] usb 6-1: config 16 interface 22 has no altsetting 0
[  722.724859][  T838] usb 6-1: New USB device found, idVendor=04bb, idProduct=094e, bcdDevice=4c.0b
[  722.727991][  T838] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  722.730564][  T838] usb 6-1: Product: 퓟ꆙ뷶��芑�벒蕒䇹ｔ薒髊૬̞�㤔滨ꄪ�槥ᣦ�刃✊穅◹뜯쓯䭠ꉔ湕볜翟螼盕쾈䜉Ʇ얔��孮ꓯ埌颤澶䲭곎ℸ�豢潜㺟䶼佺ᛸrᳪ攨땑ꎎ䔋�墳㢙顤䯞틴形�⌡�ͳ駞䩫牦lj晆ᚳ沜�濲�䫢䄭ﶢ�豤焖ᑙ憎뢬忂넂
[  722.739804][  T838] usb 6-1: Manufacturer: 堩摣逾�㕤烯䟊鑛梒⩥
[  722.744784][  T838] usb 6-1: SerialNumber: Л
[  723.271894][T18521] JFS: discard option not supported on device
[  723.275077][T18521] Mount JFS Failure: -22
[  723.276557][T18521] jfs_mount failed w/return code = -22
[  723.330572][T18523] 9pnet_fd: Insufficient options for proto=fd
[  723.387433][  T838] usb 6-1: USB disconnect, device number 11
[  723.468113][T18527] kvm: user requested TSC rate below hardware speed
[  723.474160][T18527] FAULT_INJECTION: forcing a failure.
[  723.474160][T18527] name failslab, interval 1, probability 0, space 0, times 0
[  723.479158][T18527] CPU: 3 UID: 0 PID: 18527 Comm: syz.6.3110 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  723.479173][T18527] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  723.479179][T18527] Call Trace:
[  723.479184][T18527]  <TASK>
[  723.479189][T18527]  dump_stack_lvl+0x16c/0x1f0
[  723.479203][T18527]  should_fail_ex+0x512/0x640
[  723.479214][T18527]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  723.479227][T18527]  should_failslab+0xc2/0x120
[  723.479239][T18527]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  723.479249][T18527]  ? __kvm_mmu_topup_memory_cache+0x450/0x600
[  723.479264][T18527]  ? kvm_hv_setup_tsc_page+0x29a/0x8d0
[  723.479277][T18527]  ? __kvm_mmu_topup_memory_cache+0x18f/0x600
[  723.479293][T18527]  __kvm_mmu_topup_memory_cache+0x18f/0x600
[  723.479311][T18527]  mmu_topup_memory_caches+0x25/0x170
[  723.479325][T18527]  kvm_mmu_load+0xd9/0x22a0
[  723.479337][T18527]  ? kvm_apic_has_interrupt+0x106/0x1f0
[  723.479348][T18527]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  723.479359][T18527]  ? __pfx_kvm_guest_time_update+0x10/0x10
[  723.479370][T18527]  ? __pfx_kvm_mmu_load+0x10/0x10
[  723.479382][T18527]  ? kvm_cpu_has_injectable_intr+0x9c/0x1a0
[  723.479397][T18527]  ? kvm_check_and_inject_events+0x71c/0x1310
[  723.479412][T18527]  vcpu_run+0x34eb/0x5500
[  723.479430][T18527]  ? __pfx_vcpu_run+0x10/0x10
[  723.479444][T18527]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  723.479460][T18527]  ? __local_bh_enable_ip+0xa4/0x120
[  723.479475][T18527]  ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  723.479487][T18527]  kvm_arch_vcpu_ioctl_run+0x51e/0x18c0
[  723.479503][T18527]  kvm_vcpu_ioctl+0x5eb/0x1690
[  723.479518][T18527]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  723.479531][T18527]  ? tomoyo_path_number_perm+0x18d/0x580
[  723.479547][T18527]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  723.479561][T18527]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  723.479577][T18527]  ? do_vfs_ioctl+0x523/0x1a60
[  723.479592][T18527]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  723.479617][T18527]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  723.479631][T18527]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  723.479644][T18527]  ? __fget_files+0x20e/0x3c0
[  723.479659][T18527]  ? __fput_deferred+0x480/0x480
[  723.479674][T18527]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  723.479688][T18527]  __ia32_compat_sys_ioctl+0x23f/0x370
[  723.479704][T18527]  __do_fast_syscall_32+0x7c/0x3a0
[  723.479717][T18527]  do_fast_syscall_32+0x32/0x80
[  723.479728][T18527]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  723.479741][T18527] RIP: 0023:0xf70ae579
[  723.479750][T18527] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  723.479761][T18527] RSP: 002b:00000000f509e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  723.479771][T18527] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  723.479778][T18527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  723.479784][T18527] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  723.479789][T18527] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  723.479795][T18527] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  723.479808][T18527]  </TASK>
[  723.749319][T18532] futex_wake_op: syz.6.3112 tries to shift op by -1; fix this program
[  723.796827][T18536] netlink: 'syz.6.3114': attribute type 1 has an invalid length.
[  724.010126][T18549] fuse: Bad value for 'fd'
[  724.102384][T18552] netlink: 148 bytes leftover after parsing attributes in process `syz.3.3120'.
[  724.162972][T18554] netlink: 'syz.1.3119': attribute type 10 has an invalid length.
[  724.168858][T18554] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  724.280638][T18561] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  724.487560][T18564] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3122'.
[  725.094926][T18566] netlink: 'syz.3.3123': attribute type 5 has an invalid length.
[  725.102969][T18566] netlink: 9308 bytes leftover after parsing attributes in process `syz.3.3123'.
[  725.485811][T18587] xt_hashlimit: overflow, try lower: 5/0
[  725.636845][T18589] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3129'.
[  725.984155][T18593] JFS: discard option not supported on device
[  725.988115][T18593] Mount JFS Failure: -22
[  725.989531][T18593] jfs_mount failed w/return code = -22
[  727.168801][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  727.174834][T15612] Bluetooth: hci1: ACL packet for unknown connection handle 101
[  727.178190][T15612] Bluetooth: hci1: SCO packet for unknown connection handle 3781
[  727.285260][T18619] FAULT_INJECTION: forcing a failure.
[  727.285260][T18619] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  727.293895][T18619] CPU: 3 UID: 0 PID: 18619 Comm: syz.5.3138 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  727.293920][T18619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  727.293932][T18619] Call Trace:
[  727.293939][T18619]  <TASK>
[  727.293947][T18619]  dump_stack_lvl+0x16c/0x1f0
[  727.293970][T18619]  should_fail_ex+0x512/0x640
[  727.293993][T18619]  _copy_from_user+0x2e/0xd0
[  727.294014][T18619]  get_compat_msghdr+0xa7/0x170
[  727.294035][T18619]  ? __pfx_get_compat_msghdr+0x10/0x10
[  727.294065][T18619]  ___sys_sendmsg+0x1ae/0x1d0
[  727.294087][T18619]  ? __pfx____sys_sendmsg+0x10/0x10
[  727.294122][T18619]  ? find_held_lock+0x2b/0x80
[  727.294166][T18619]  __sys_sendmsg+0x16d/0x220
[  727.294187][T18619]  ? __pfx___sys_sendmsg+0x10/0x10
[  727.294219][T18619]  ? rcu_is_watching+0x12/0xc0
[  727.294243][T18619]  __do_fast_syscall_32+0x7c/0x3a0
[  727.294266][T18619]  do_fast_syscall_32+0x32/0x80
[  727.294285][T18619]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  727.294308][T18619] RIP: 0023:0xf7fb4579
[  727.294321][T18619] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  727.294338][T18619] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  727.294355][T18619] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  727.294366][T18619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  727.294376][T18619] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  727.294386][T18619] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  727.294397][T18619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  727.294419][T18619]  </TASK>
[  727.391089][T18624] xt_addrtype: ipv6 BLACKHOLE matching not supported
[  727.569207][T18631] bridge_slave_0: left allmulticast mode
[  727.571606][T18631] bridge_slave_0: left promiscuous mode
[  727.577811][T18631] bridge0: port 1(bridge_slave_0) entered disabled state
[  727.613633][T18632] netlink: 'syz.5.3141': attribute type 1 has an invalid length.
[  727.617261][T18632] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3141'.
[  727.742895][T18631] bridge_slave_1: left allmulticast mode
[  727.743005][T18633] netlink: 'syz.5.3141': attribute type 10 has an invalid length.
[  727.744714][T18631] bridge_slave_1: left promiscuous mode
[  727.750671][T18631] bridge0: port 2(bridge_slave_1) entered disabled state
[  727.859276][T18634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3141'.
[  728.005805][T15612] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  728.009400][T15612] Bluetooth: hci3: Injecting HCI hardware error event
[  728.013382][T18631] bond0: (slave bond_slave_0): Releasing backup interface
[  728.033533][T15612] Bluetooth: hci3: hardware error 0x00
[  728.221258][T18631] bond0: (slave bond_slave_1): Releasing backup interface
[  728.262491][T18631] team0: Port device team_slave_0 removed
[  728.277525][T18631] team0: Port device team_slave_1 removed
[  728.281470][T18631] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  728.284995][T18631] batman_adv: batadv0: Removing interface: batadv_slave_0
[  728.406788][T18631] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  728.409994][T18631] batman_adv: batadv0: Removing interface: batadv_slave_1
[  728.457488][T18631] bond1: (slave gretap1): Releasing active interface
[  728.517754][T18633] 8021q: adding VLAN 0 to HW filter on device bond0
[  728.524499][T18633] team0: Port device bond0 added
[  728.571554][T18648] FAULT_INJECTION: forcing a failure.
[  728.571554][T18648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  728.577112][T18648] CPU: 1 UID: 0 PID: 18648 Comm: syz.3.3142 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  728.577150][T18648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  728.577162][T18648] Call Trace:
[  728.577174][T18648]  <TASK>
[  728.577181][T18648]  dump_stack_lvl+0x16c/0x1f0
[  728.577206][T18648]  should_fail_ex+0x512/0x640
[  728.577228][T18648]  _copy_from_user+0x2e/0xd0
[  728.577249][T18648]  get_compat_msghdr+0xa7/0x170
[  728.577269][T18648]  ? __pfx_get_compat_msghdr+0x10/0x10
[  728.577291][T18648]  ? rcu_is_watching+0x12/0xc0
[  728.577310][T18648]  ? trace_sched_exit_tp+0xde/0x130
[  728.577334][T18648]  ___sys_sendmsg+0x1ae/0x1d0
[  728.577356][T18648]  ? __pfx____sys_sendmsg+0x10/0x10
[  728.577386][T18648]  ? find_held_lock+0x2b/0x80
[  728.577420][T18648]  __sys_sendmsg+0x16d/0x220
[  728.577441][T18648]  ? __pfx___sys_sendmsg+0x10/0x10
[  728.577457][T18648]  ? fput+0x70/0xf0
[  728.577488][T18648]  ? rcu_is_watching+0x12/0xc0
[  728.577510][T18648]  __do_fast_syscall_32+0x7c/0x3a0
[  728.577532][T18648]  do_fast_syscall_32+0x32/0x80
[  728.577552][T18648]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  728.577574][T18648] RIP: 0023:0xf7f91579
[  728.577588][T18648] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  728.577605][T18648] RSP: 002b:00000000f506755c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  728.577622][T18648] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000
[  728.577634][T18648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  728.577644][T18648] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  728.577655][T18648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  728.577664][T18648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  728.577688][T18648]  </TASK>
[  728.688772][T11786] tipc: Resetting bearer <eth:team0>
[  728.695816][T18634] tipc: Resetting bearer <eth:team0>
[  728.853660][T18634] tipc: Disabling bearer <eth:team0>
[  728.859271][T18634] team0 (unregistering): Port device bond0 removed
[  729.497039][T18661] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3148'.
[  729.801032][T18663] can: request_module (can-proto-0) failed.
[  729.803415][T18663] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3149'.
[  729.861222][T18667] binder: 18662:18667 ioctl c0306201 80000040 returned -22
[  729.914564][T18672] binder: 18662:18672 ioctl c0306201 80000640 returned -22
[  730.322124][T15612] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  730.534923][T18683] FAULT_INJECTION: forcing a failure.
[  730.534923][T18683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  730.538973][T18683] CPU: 2 UID: 0 PID: 18683 Comm: syz.1.3154 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  730.538987][T18683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  730.538995][T18683] Call Trace:
[  730.538999][T18683]  <TASK>
[  730.539004][T18683]  dump_stack_lvl+0x16c/0x1f0
[  730.539019][T18683]  should_fail_ex+0x512/0x640
[  730.539032][T18683]  _copy_from_user+0x2e/0xd0
[  730.539045][T18683]  get_compat_msghdr+0xa7/0x170
[  730.539058][T18683]  ? __pfx_get_compat_msghdr+0x10/0x10
[  730.539071][T18683]  ? __lock_acquire+0x622/0x1c90
[  730.539088][T18683]  ___sys_recvmsg+0x191/0x1a0
[  730.539100][T18683]  ? __pfx____sys_recvmsg+0x10/0x10
[  730.539119][T18683]  ? find_held_lock+0x2b/0x80
[  730.539156][T18683]  __sys_recvmsg+0x16a/0x220
[  730.539178][T18683]  ? __pfx___sys_recvmsg+0x10/0x10
[  730.539209][T18683]  ? rcu_is_watching+0x12/0xc0
[  730.539228][T18683]  __do_fast_syscall_32+0x7c/0x3a0
[  730.539241][T18683]  do_fast_syscall_32+0x32/0x80
[  730.539253][T18683]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  730.539266][T18683] RIP: 0023:0xf7f14579
[  730.539274][T18683] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  730.539285][T18683] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  730.539296][T18683] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001700
[  730.539303][T18683] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  730.539309][T18683] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  730.539315][T18683] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  730.539321][T18683] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  730.539334][T18683]  </TASK>
[  730.719831][T18688] FAULT_INJECTION: forcing a failure.
[  730.719831][T18688] name failslab, interval 1, probability 0, space 0, times 0
[  730.725888][T18688] CPU: 3 UID: 0 PID: 18688 Comm: syz.1.3156 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  730.725912][T18688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  730.725923][T18688] Call Trace:
[  730.725929][T18688]  <TASK>
[  730.725935][T18688]  dump_stack_lvl+0x16c/0x1f0
[  730.725958][T18688]  should_fail_ex+0x512/0x640
[  730.725975][T18688]  ? fs_reclaim_acquire+0xae/0x150
[  730.725999][T18688]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  730.726016][T18688]  should_failslab+0xc2/0x120
[  730.726035][T18688]  __kmalloc_noprof+0xd2/0x510
[  730.726057][T18688]  tomoyo_realpath_from_path+0xc2/0x6e0
[  730.726075][T18688]  ? tomoyo_profile+0x47/0x60
[  730.726095][T18688]  tomoyo_path_number_perm+0x245/0x580
[  730.726117][T18688]  ? tomoyo_path_number_perm+0x237/0x580
[  730.726142][T18688]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  730.726189][T18688]  ? find_held_lock+0x2b/0x80
[  730.726206][T18688]  ? hook_file_ioctl_common+0x145/0x410
[  730.726232][T18688]  ? __fget_files+0x20e/0x3c0
[  730.726256][T18688]  ? __fput_deferred+0x480/0x480
[  730.726280][T18688]  security_file_ioctl_compat+0x9b/0x240
[  730.726306][T18688]  __ia32_compat_sys_ioctl+0xc3/0x370
[  730.726337][T18688]  __do_fast_syscall_32+0x7c/0x3a0
[  730.726357][T18688]  do_fast_syscall_32+0x32/0x80
[  730.726375][T18688]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  730.726395][T18688] RIP: 0023:0xf7f14579
[  730.726422][T18688] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  730.726438][T18688] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  730.726453][T18688] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0105500
[  730.726463][T18688] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  730.726473][T18688] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  730.726483][T18688] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  730.726492][T18688] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  730.726514][T18688]  </TASK>
[  730.726562][T18688] ERROR: Out of memory at tomoyo_realpath_from_path.
[  730.990122][T18701] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3160'.
[  731.423021][T18715] netlink: 168 bytes leftover after parsing attributes in process `syz.6.3165'.
[  733.380557][T18745] macsec1: entered promiscuous mode
[  733.384761][T18745] bond0: entered promiscuous mode
[  733.386763][T18745] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode
[  733.393494][T18745] bond0: left promiscuous mode
[  733.395428][T18745] mac80211_hwsim hwsim13 wlan1: left promiscuous mode
[  733.486333][T18749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3177'.
[  733.489784][T18749] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3177'.
[  733.493774][T18749] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3177'.
[  733.702488][T12975] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  733.871936][T12975] usb 11-1: Using ep0 maxpacket: 8
[  733.879553][T12975] usb 11-1: config 0 has an invalid interface number: 1 but max is 0
[  733.887917][T12975] usb 11-1: config 0 has no interface number 0
[  733.891056][T12975] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  733.897902][T12975] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  733.916581][T12975] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.944234][T12975] usb 11-1: config 0 descriptor??
[  734.309436][T12975] iowarrior 11-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  734.340625][T12975] usb 11-1: USB disconnect, device number 2
[  734.421147][T18760] JFS: discard option not supported on device
[  734.424527][T18760] Mount JFS Failure: -22
[  734.426337][T18760] jfs_mount failed w/return code = -22
[  736.002422][T18796] netlink: 'syz.3.3189': attribute type 1 has an invalid length.
[  736.052458][T18796] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address
[  736.057501][T18796] bond8: (slave vxcan3): Error -95 calling set_mac_address
[  736.124723][T18799] macvlan3: entered promiscuous mode
[  736.127614][T18799] macvlan3: entered allmulticast mode
[  736.132341][T18799] bond8: entered promiscuous mode
[  736.134513][T18799] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  736.140226][T18799] bond8: left promiscuous mode
[  736.247323][T18802] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3190'.
[  736.397721][   T40] audit: type=1326 audit(1753660644.921:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.407153][   T40] audit: type=1326 audit(1753660644.921:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.416970][   T40] audit: type=1326 audit(1753660644.921:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.426529][   T40] audit: type=1326 audit(1753660644.921:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.436696][   T40] audit: type=1326 audit(1753660644.931:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.446907][   T40] audit: type=1326 audit(1753660644.941:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.458215][   T40] audit: type=1326 audit(1753660644.941:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.467323][   T40] audit: type=1326 audit(1753660644.941:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.481917][   T40] audit: type=1326 audit(1753660644.951:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  736.490123][   T40] audit: type=1326 audit(1753660644.951:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18803 comm="syz.3.3192" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f91579 code=0x7ffc0000
[  737.260147][T18820] tipc: Started in network mode
[  737.263063][T18820] tipc: Node identity b2d896f13346, cluster identity 4711
[  737.266076][T18820] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  737.269989][T18820] syzkaller0: entered promiscuous mode
[  737.276051][T18820] syzkaller0: entered allmulticast mode
[  737.293048][T18818] tipc: Resetting bearer <eth:syzkaller0>
[  737.312435][T18818] tipc: Disabling bearer <eth:syzkaller0>
[  738.585402][T18851] JFS: discard option not supported on device
[  738.590417][T18851] Mount JFS Failure: -22
[  738.592384][T18851] jfs_mount failed w/return code = -22
[  739.408220][T18858] netlink: 'syz.6.3207': attribute type 1 has an invalid length.
[  739.433013][T18858] bond2: (slave vxcan5): The slave device specified does not support setting the MAC address
[  739.437035][T18858] bond2: (slave vxcan5): Error -95 calling set_mac_address
[  739.489633][T18860] macvlan2: entered promiscuous mode
[  739.491476][T18860] macvlan2: entered allmulticast mode
[  739.493901][T18860] bond2: entered promiscuous mode
[  739.495815][T18860] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  739.504131][T18860] bond2: left promiscuous mode
[  740.064136][T18874] mmap: syz.5.3209 (18874) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  740.558560][T18879] fuse: Bad value for 'fd'
[  740.565659][T18879] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  740.568386][T18879] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  740.570985][T18879] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  740.575514][T18879] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  740.578290][T18879] geneve2: entered promiscuous mode
[  740.580049][T18879] geneve2: entered allmulticast mode
[  740.701327][T18881] netlink: 'syz.1.3214': attribute type 1 has an invalid length.
[  740.738895][T18881] bond7: (slave vxcan1): The slave device specified does not support setting the MAC address
[  740.747203][T18881] bond7: (slave vxcan1): Error -95 calling set_mac_address
[  740.810421][T18887] macvlan2: entered promiscuous mode
[  740.812870][T18887] macvlan2: entered allmulticast mode
[  740.822250][T18887] bond7: entered promiscuous mode
[  740.824146][T18887] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  740.829257][T18887] bond7: left promiscuous mode
[  740.893524][T15612] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  740.900747][T15612] Bluetooth: hci2: Injecting HCI hardware error event
[  740.913801][T15612] Bluetooth: hci2: hardware error 0x00
[  741.074533][T18901] AppArmor: change_hat: Invalid input '0x'
[  741.897250][T18911] fuse: Bad value for 'fd'
[  742.849762][T18931] netlink: 'syz.5.3228': attribute type 1 has an invalid length.
[  742.852396][T18931] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3228'.
[  743.042092][T15612] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  743.077172][T18945] fuse: Bad value for 'fd'
[  744.129852][T18971] JFS: discard option not supported on device
[  744.133026][T18971] Mount JFS Failure: -22
[  744.134881][T18971] jfs_mount failed w/return code = -22
[  744.825081][T18977] fuse: Bad value for 'fd'
[  745.228920][T18982] batadv_slave_1: entered promiscuous mode
[  745.861918][T18979] comedi comedi2: reset error (fatal)
[  745.939690][T19000] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3251'.
[  745.974968][T19000] FAULT_INJECTION: forcing a failure.
[  745.974968][T19000] name failslab, interval 1, probability 0, space 0, times 0
[  745.979780][T19000] CPU: 2 UID: 0 PID: 19000 Comm: syz.1.3251 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  745.979809][T19000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  745.979820][T19000] Call Trace:
[  745.979827][T19000]  <TASK>
[  745.979834][T19000]  dump_stack_lvl+0x16c/0x1f0
[  745.979856][T19000]  should_fail_ex+0x512/0x640
[  745.979873][T19000]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  745.979896][T19000]  should_failslab+0xc2/0x120
[  745.979917][T19000]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  745.979935][T19000]  ? __alloc_skb+0x2b2/0x380
[  745.979957][T19000]  __alloc_skb+0x2b2/0x380
[  745.979973][T19000]  ? __pfx___alloc_skb+0x10/0x10
[  745.979992][T19000]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  745.980021][T19000]  netlink_alloc_large_skb+0x69/0x130
[  745.980044][T19000]  netlink_sendmsg+0x6a1/0xdd0
[  745.980069][T19000]  ? __pfx_netlink_sendmsg+0x10/0x10
[  745.980092][T19000]  ? __import_iovec+0x1dd/0x650
[  745.980122][T19000]  ____sys_sendmsg+0xa95/0xc70
[  745.980151][T19000]  ? __pfx_____sys_sendmsg+0x10/0x10
[  745.980173][T19000]  ? get_compat_msghdr+0x11a/0x170
[  745.980203][T19000]  ___sys_sendmsg+0x134/0x1d0
[  745.980223][T19000]  ? __pfx____sys_sendmsg+0x10/0x10
[  745.980253][T19000]  ? find_held_lock+0x2b/0x80
[  745.980295][T19000]  __sys_sendmsg+0x16d/0x220
[  745.980313][T19000]  ? __pfx___sys_sendmsg+0x10/0x10
[  745.980342][T19000]  ? rcu_is_watching+0x12/0xc0
[  745.980364][T19000]  __do_fast_syscall_32+0x7c/0x3a0
[  745.980387][T19000]  do_fast_syscall_32+0x32/0x80
[  745.980405][T19000]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  745.980427][T19000] RIP: 0023:0xf7f14579
[  745.980448][T19000] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  745.980465][T19000] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  745.980482][T19000] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  745.980493][T19000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  745.980503][T19000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  745.980512][T19000] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  745.980523][T19000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  745.980545][T19000]  </TASK>
[  746.394919][T19010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3252'.
[  746.397714][T19010] netlink: 'syz.1.3252': attribute type 5 has an invalid length.
[  746.400607][T19010] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3252'.
[  746.414888][T19010] netdevsim netdevsim1 eth0: set [1, 2] type 2 family 0 port 256 - 0
[  746.417616][T19010] netdevsim netdevsim1 eth1: set [1, 2] type 2 family 0 port 256 - 0
[  746.420397][T19010] netdevsim netdevsim1 eth2: set [1, 2] type 2 family 0 port 256 - 0
[  746.423212][T19010] netdevsim netdevsim1 eth3: set [1, 2] type 2 family 0 port 256 - 0
[  746.426024][T19010] geneve3: entered promiscuous mode
[  746.427776][T19010] geneve3: entered allmulticast mode
[  746.602096][  T838] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  746.761870][  T838] usb 10-1: Using ep0 maxpacket: 8
[  746.764781][  T838] usb 10-1: config 0 interface 0 has no altsetting 0
[  746.766792][  T838] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  746.769607][  T838] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.773551][  T838] usb 10-1: config 0 descriptor??
[  746.884625][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  746.886867][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  747.229051][  T838] mcp2221 0003:04D8:00DD.0003: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  747.317919][T19016] FAULT_INJECTION: forcing a failure.
[  747.317919][T19016] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.325925][T19016] CPU: 3 UID: 0 PID: 19016 Comm: syz.6.3256 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  747.325946][T19016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  747.325954][T19016] Call Trace:
[  747.325959][T19016]  <TASK>
[  747.325964][T19016]  dump_stack_lvl+0x16c/0x1f0
[  747.325982][T19016]  should_fail_ex+0x512/0x640
[  747.325999][T19016]  _copy_from_user+0x2e/0xd0
[  747.326014][T19016]  get_compat_msghdr+0xa7/0x170
[  747.326030][T19016]  ? __pfx_get_compat_msghdr+0x10/0x10
[  747.326051][T19016]  ___sys_sendmsg+0x1ae/0x1d0
[  747.326067][T19016]  ? __pfx____sys_sendmsg+0x10/0x10
[  747.326089][T19016]  ? find_held_lock+0x2b/0x80
[  747.326115][T19016]  __sys_sendmsg+0x16d/0x220
[  747.326129][T19016]  ? __pfx___sys_sendmsg+0x10/0x10
[  747.326151][T19016]  ? rcu_is_watching+0x12/0xc0
[  747.326168][T19016]  __do_fast_syscall_32+0x7c/0x3a0
[  747.326184][T19016]  do_fast_syscall_32+0x32/0x80
[  747.326198][T19016]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  747.326218][T19016] RIP: 0023:0xf70ae579
[  747.326232][T19016] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  747.326248][T19016] RSP: 002b:00000000f509e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  747.326265][T19016] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  747.326282][T19016] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  747.326292][T19016] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  747.326301][T19016] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  747.326310][T19016] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  747.326336][T19016]  </TASK>
[  747.467626][T19021] i2c i2c-2: unsupported multi-msg i2c transaction
[  747.846549][T19025] netlink: 'syz.6.3259': attribute type 1 has an invalid length.
[  747.868811][T19025] 8021q: adding VLAN 0 to HW filter on device bond3
[  747.917864][T19025] veth3: entered promiscuous mode
[  748.333621][T19034] FAULT_INJECTION: forcing a failure.
[  748.333621][T19034] name failslab, interval 1, probability 0, space 0, times 0
[  748.337675][T19034] CPU: 1 UID: 0 PID: 19034 Comm: syz.6.3260 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  748.337702][T19034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  748.337709][T19034] Call Trace:
[  748.337714][T19034]  <TASK>
[  748.337719][T19034]  dump_stack_lvl+0x16c/0x1f0
[  748.337734][T19034]  should_fail_ex+0x512/0x640
[  748.337745][T19034]  ? __kvmalloc_node_noprof+0x124/0x620
[  748.337775][T19034]  should_failslab+0xc2/0x120
[  748.337789][T19034]  __kvmalloc_node_noprof+0x137/0x620
[  748.337806][T19034]  ? snd_info_text_entry_write+0x2e0/0x4f0
[  748.337823][T19034]  ? snd_info_text_entry_write+0x2e0/0x4f0
[  748.337835][T19034]  snd_info_text_entry_write+0x2e0/0x4f0
[  748.337850][T19034]  ? __pfx_snd_info_text_entry_write+0x10/0x10
[  748.337863][T19034]  proc_reg_write+0x23d/0x330
[  748.337875][T19034]  ? __pfx_proc_reg_write+0x10/0x10
[  748.337885][T19034]  vfs_write+0x29d/0x1150
[  748.337899][T19034]  ? __pfx_vfs_write+0x10/0x10
[  748.337907][T19034]  ? find_held_lock+0x2b/0x80
[  748.337923][T19034]  ? __fget_files+0x20e/0x3c0
[  748.337937][T19034]  ? handle_mm_fault+0x250/0xd10
[  748.337961][T19034]  ksys_write+0x12a/0x250
[  748.337970][T19034]  ? __pfx_ksys_write+0x10/0x10
[  748.337981][T19034]  ? rcu_is_watching+0x12/0xc0
[  748.337994][T19034]  __do_fast_syscall_32+0x7c/0x3a0
[  748.338007][T19034]  do_fast_syscall_32+0x32/0x80
[  748.338019][T19034]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  748.338032][T19034] RIP: 0023:0xf70ae579
[  748.338041][T19034] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  748.338051][T19034] RSP: 002b:00000000f505c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  748.338061][T19034] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000000
[  748.338068][T19034] RDX: 00000000000000b8 RSI: 0000000000000000 RDI: 0000000000000000
[  748.338074][T19034] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  748.338080][T19034] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  748.338086][T19034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  748.338099][T19034]  </TASK>
[  748.686832][   T40] kauditd_printk_skb: 93 callbacks suppressed
[  748.686891][   T40] audit: type=1800 audit(1753923057.208:1427): pid=19038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3262" name="/" dev="fuse" ino=1 res=0 errno=0
[  749.166847][   T40] audit: type=1326 audit(1753923057.688:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f14598 code=0x7ffc0000
[  749.176686][   T40] audit: type=1326 audit(1753923057.688:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f14598 code=0x7ffc0000
[  749.197323][   T40] audit: type=1326 audit(1753923057.688:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f14598 code=0x7ffc0000
[  749.206123][   T40] audit: type=1326 audit(1753923057.688:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f14598 code=0x7ffc0000
[  749.215482][   T40] audit: type=1326 audit(1753923057.688:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  749.223121][   T40] audit: type=1326 audit(1753923057.688:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  749.229730][   T40] audit: type=1326 audit(1753923057.688:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f14598 code=0x7ffc0000
[  749.237076][   T40] audit: type=1326 audit(1753923057.688:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  749.243809][T19049] fuse: Bad value for 'fd'
[  749.247505][   T40] audit: type=1326 audit(1753923057.688:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19047 comm="syz.1.3265" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f14579 code=0x7ffc0000
[  749.316686][T19055] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3264'.
[  749.321009][T12975] usb 10-1: USB disconnect, device number 8
[  749.362459][T19059] netlink: 'syz.5.3268': attribute type 1 has an invalid length.
[  749.382274][T19059] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address
[  749.386260][T19059] bond6: (slave vxcan3): Error -95 calling set_mac_address
[  749.438706][T19061] macvlan0: entered promiscuous mode
[  749.441201][T19061] macvlan0: entered allmulticast mode
[  749.453151][T19061] bond6: entered promiscuous mode
[  749.462691][T19061] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  749.469758][T19061] bond6: left promiscuous mode
[  749.718851][T19065] FAULT_INJECTION: forcing a failure.
[  749.718851][T19065] name failslab, interval 1, probability 0, space 0, times 0
[  749.723640][T19065] CPU: 1 UID: 0 PID: 19065 Comm: syz.1.3267 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  749.723677][T19065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  749.723688][T19065] Call Trace:
[  749.723696][T19065]  <TASK>
[  749.723703][T19065]  dump_stack_lvl+0x16c/0x1f0
[  749.723725][T19065]  should_fail_ex+0x512/0x640
[  749.723743][T19065]  ? fs_reclaim_acquire+0xae/0x150
[  749.723770][T19065]  ? tomoyo_encode2+0x100/0x3e0
[  749.723785][T19065]  should_failslab+0xc2/0x120
[  749.723806][T19065]  __kmalloc_noprof+0xd2/0x510
[  749.723823][T19065]  ? d_absolute_path+0x136/0x1a0
[  749.723850][T19065]  tomoyo_encode2+0x100/0x3e0
[  749.723870][T19065]  tomoyo_encode+0x29/0x50
[  749.723886][T19065]  tomoyo_realpath_from_path+0x18f/0x6e0
[  749.723911][T19065]  tomoyo_path_number_perm+0x245/0x580
[  749.723935][T19065]  ? tomoyo_path_number_perm+0x237/0x580
[  749.723969][T19065]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  749.723994][T19065]  ? finish_task_switch.isra.0+0x221/0xc10
[  749.724038][T19065]  ? find_held_lock+0x2b/0x80
[  749.724056][T19065]  ? hook_file_ioctl_common+0x145/0x410
[  749.724085][T19065]  ? __fget_files+0x20e/0x3c0
[  749.724110][T19065]  ? __fput_deferred+0x480/0x480
[  749.724135][T19065]  security_file_ioctl_compat+0x9b/0x240
[  749.724162][T19065]  __ia32_compat_sys_ioctl+0xc3/0x370
[  749.724189][T19065]  __do_fast_syscall_32+0x7c/0x3a0
[  749.724209][T19065]  do_fast_syscall_32+0x32/0x80
[  749.724228][T19065]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  749.724250][T19065] RIP: 0023:0xf7f14579
[  749.724264][T19065] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  749.724280][T19065] RSP: 002b:00000000f4ff455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  749.724297][T19065] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000004601
[  749.724308][T19065] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[  749.724318][T19065] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  749.724328][T19065] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  749.724337][T19065] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  749.724360][T19065]  </TASK>
[  749.724536][T19065] ERROR: Out of memory at tomoyo_realpath_from_path.
[  749.790555][T19067] netlink: 'syz.3.3270': attribute type 27 has an invalid length.
[  749.831135][T19067] gretap1: left promiscuous mode
[  749.831266][T19067] geneve0: left promiscuous mode
[  749.831280][T19067] geneve0: left allmulticast mode
[  749.922794][T12975] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  750.083033][T12975] usb 10-1: Using ep0 maxpacket: 16
[  750.087955][T12975] usb 10-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  750.091102][T12975] usb 10-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  750.094507][T12975] usb 10-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  750.098584][T12975] usb 10-1: config 1 interface 0 has no altsetting 0
[  750.104556][T12975] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  750.107448][T12975] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.110118][T12975] usb 10-1: Product: syz
[  750.111509][T12975] usb 10-1: Manufacturer: syz
[  750.113357][T12975] usb 10-1: SerialNumber: syz
[  750.128134][T19080] binder: 19079:19080 ioctl c06864ce 80000600 returned -22
[  750.131985][T19080] binder: 19079:19080 ioctl c06864b8 800001c0 returned -22
[  750.134675][T19080] binder: 19079:19080 ioctl 8924 80000080 returned -22
[  750.352620][T12975] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  750.529664][   T61] usb 10-1: USB disconnect, device number 9
[  750.532899][   T61] usblp0: removed
[  750.972563][T19095] netlink: 'syz.6.3277': attribute type 1 has an invalid length.
[  750.978255][T19097] netlink: 'syz.1.3278': attribute type 1 has an invalid length.
[  751.005083][T19095] bond4: (slave vxcan9): The slave device specified does not support setting the MAC address
[  751.008964][T19095] bond4: (slave vxcan9): Error -95 calling set_mac_address
[  751.028194][T19097] bond8: (slave vxcan1): The slave device specified does not support setting the MAC address
[  751.032229][T19097] bond8: (slave vxcan1): Error -95 calling set_mac_address
[  751.064649][T19100] macvlan3: entered promiscuous mode
[  751.066353][T19100] macvlan3: entered allmulticast mode
[  751.068345][T19100] bond4: entered promiscuous mode
[  751.070285][T19100] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  751.076675][T19100] bond4: left promiscuous mode
[  751.097186][T19101] macvlan2: entered promiscuous mode
[  751.098917][T19101] macvlan2: entered allmulticast mode
[  751.100998][T19101] bond8: entered promiscuous mode
[  751.103012][T19101] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  751.107513][T19101] bond8: left promiscuous mode
[  751.357879][   T61] hid-generic 00A0:0008:0003.0004: unknown main item tag 0x7
[  751.360928][   T61] hid-generic 00A0:0008:0003.0004: item fetching failed at offset 14/15
[  751.393955][   T61] hid-generic 00A0:0008:0003.0004: probe with driver hid-generic failed with error -22
[  751.399976][T19113] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3279'.
[  751.704053][T19116] binder: 19115:19116 ioctl c06864ce 80000600 returned -22
[  751.706682][T19116] binder: 19115:19116 ioctl c06864b8 800001c0 returned -22
[  751.709411][T19116] binder: 19115:19116 ioctl 8924 80000080 returned -22
[  751.759989][T19118] fuse: Bad value for 'fd'
[  751.765158][T19118] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  751.767957][T19118] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  751.770754][T19118] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  751.773484][T19118] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  751.776880][T19118] geneve2: entered promiscuous mode
[  751.778884][T19118] geneve2: entered allmulticast mode
[  752.449904][T19136] netlink: 'syz.5.3289': attribute type 1 has an invalid length.
[  752.470518][T19136] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address
[  752.475451][T19136] bond7: (slave vxcan3): Error -95 calling set_mac_address
[  752.605539][T19136] macvlan0: entered promiscuous mode
[  752.607406][T19136] macvlan0: entered allmulticast mode
[  752.610521][T19136] bond7: entered promiscuous mode
[  752.616263][T19136] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  752.622946][T19136] bond7: left promiscuous mode
[  752.916418][  T838] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  752.936140][  T838] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  753.173634][T19148] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3293'.
[  753.424995][T19153] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3292'.
[  753.530552][T19157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3295'.
[  753.533664][T19157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3295'.
[  754.059879][T19171] befs: (nullb0): No write support. Marking filesystem read-only
[  754.067187][T19171] befs: (nullb0): invalid magic header
[  754.358318][T19180] fuse: Bad value for 'fd'
[  754.367212][T19180] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  754.370933][T19180] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  754.376066][T19180] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  754.379715][T19180] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  754.383853][T19180] geneve2: entered promiscuous mode
[  754.386027][T19180] geneve2: entered allmulticast mode
[  754.855096][T19192] tmpfs: Unknown parameter 'qu“C#É'
[  755.551301][T19207] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3309'.
[  755.902109][T13077] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  756.058969][T13077] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  756.063387][T13077] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  756.068849][T13077] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  756.073070][T13077] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.078314][T13077] usb 10-1: config 0 descriptor??
[  756.486692][T19204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  756.495980][T19204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  756.627524][T13077] usb 10-1: string descriptor 0 read error: -71
[  756.630727][T13077] usbhid 10-1:0.0: couldn't find an input interrupt endpoint
[  756.652630][T13077] usb 10-1: USB disconnect, device number 10
[  757.223841][T19225] fuse: Bad value for 'fd'
[  758.176767][T19239] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.180755][T19239] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  758.299736][T19239] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.303073][T19239] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  758.438358][T19239] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.441565][T19239] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  758.560271][T19239] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.564781][T19239] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  758.700847][T19239] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  758.703744][T19239] netdevsim netdevsim5 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  758.711189][T19239] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  758.715822][T19239] netdevsim netdevsim5 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  758.723359][T19239] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  758.725901][T19239] netdevsim netdevsim5 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  758.733214][T19239] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  758.735777][T19239] netdevsim netdevsim5 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  758.786543][T15612] Bluetooth: hci0: SCO packet for unknown connection handle 3781
[  759.244063][T19265] netlink: 'syz.5.3329': attribute type 1 has an invalid length.
[  759.282221][T19265] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address
[  759.286559][T19265] bond8: (slave vxcan3): Error -95 calling set_mac_address
[  759.342922][T19268] macvlan0: entered promiscuous mode
[  759.345234][T19268] macvlan0: entered allmulticast mode
[  759.348077][T19268] bond8: entered promiscuous mode
[  759.350738][T19268] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  759.356345][T19268] bond8: left promiscuous mode
[  759.467030][T19271] tipc: Failed to remove unknown binding: 66,1,1/0:2470533715/2470533717
[  759.471645][T19271] tipc: Failed to remove unknown binding: 66,1,1/0:2470533715/2470533717
[  759.474975][T19271] tipc: Failed to remove unknown binding: 66,1,1/0:2470533715/2470533717
[  759.619537][T19282] FAULT_INJECTION: forcing a failure.
[  759.619537][T19282] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  759.625662][T19282] CPU: 3 UID: 0 PID: 19282 Comm: syz.3.3335 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  759.625695][T19282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  759.625702][T19282] Call Trace:
[  759.625706][T19282]  <TASK>
[  759.625711][T19282]  dump_stack_lvl+0x16c/0x1f0
[  759.625726][T19282]  should_fail_ex+0x512/0x640
[  759.625738][T19282]  should_fail_alloc_page+0xe7/0x130
[  759.625752][T19282]  prepare_alloc_pages+0x3c2/0x610
[  759.625770][T19282]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  759.625783][T19282]  ? rcu_is_watching+0x12/0xc0
[  759.625795][T19282]  ? trace_mm_page_alloc+0x11f/0x1a0
[  759.625808][T19282]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  759.625820][T19282]  ? finish_task_switch.isra.0+0x21c/0xc10
[  759.625832][T19282]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  759.625843][T19282]  ? lockdep_hardirqs_on+0x7c/0x110
[  759.625854][T19282]  ? finish_task_switch.isra.0+0x221/0xc10
[  759.625872][T19282]  ? htab_map_alloc+0x44b/0x1570
[  759.625887][T19282]  ? map_create+0x58f/0x1db0
[  759.625901][T19282]  ? __sys_bpf+0x4d8d/0x4ea0
[  759.625909][T19282]  ? __ia32_sys_bpf+0x76/0xe0
[  759.625932][T19282]  alloc_pages_bulk_noprof+0x71c/0x1410
[  759.625948][T19282]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  759.625977][T19282]  ? policy_nodemask+0xea/0x4e0
[  759.625995][T19282]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  759.626006][T19282]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  759.626024][T19282]  kasan_populate_vmalloc+0xf1/0x1f0
[  759.626043][T19282]  alloc_vmap_area+0x959/0x29c0
[  759.626063][T19282]  ? __pfx_alloc_vmap_area+0x10/0x10
[  759.626080][T19282]  __get_vm_area_node+0x1ca/0x330
[  759.626096][T19282]  __vmalloc_node_range_noprof+0x271/0x14b0
[  759.626114][T19282]  ? htab_map_alloc+0x44b/0x1570
[  759.626128][T19282]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  759.626141][T19282]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  759.626154][T19282]  ? htab_map_alloc+0x44b/0x1570
[  759.626172][T19282]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  759.626187][T19282]  ? pcpu_alloc_noprof+0x1f5/0x1470
[  759.626201][T19282]  ? htab_map_alloc+0x44b/0x1570
[  759.626215][T19282]  __bpf_map_area_alloc+0x12e/0x200
[  759.626226][T19282]  ? htab_map_alloc+0x44b/0x1570
[  759.626243][T19282]  htab_map_alloc+0x44b/0x1570
[  759.626259][T19282]  ? security_capable+0x7e/0x260
[  759.626272][T19282]  ? ns_capable+0xd7/0x110
[  759.626288][T19282]  map_create+0x58f/0x1db0
[  759.626317][T19282]  ? __pfx_map_create+0x10/0x10
[  759.626339][T19282]  ? __might_fault+0xe3/0x190
[  759.626354][T19282]  ? __might_fault+0xe3/0x190
[  759.626368][T19282]  ? __might_fault+0x13b/0x190
[  759.626393][T19282]  __sys_bpf+0x4d8d/0x4ea0
[  759.626409][T19282]  ? __pfx___sys_bpf+0x10/0x10
[  759.626418][T19282]  ? ksys_write+0x190/0x250
[  759.626431][T19282]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  759.626450][T19282]  ? fput+0x70/0xf0
[  759.626461][T19282]  ? ksys_write+0x1ac/0x250
[  759.626470][T19282]  ? __pfx_ksys_write+0x10/0x10
[  759.626482][T19282]  __ia32_sys_bpf+0x76/0xe0
[  759.626493][T19282]  __do_fast_syscall_32+0x7c/0x3a0
[  759.626505][T19282]  do_fast_syscall_32+0x32/0x80
[  759.626517][T19282]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  759.626530][T19282] RIP: 0023:0xf7f91579
[  759.626538][T19282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  759.626548][T19282] RSP: 002b:00000000f50b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  759.626558][T19282] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000100
[  759.626565][T19282] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  759.626571][T19282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  759.626577][T19282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  759.626584][T19282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  759.626596][T19282]  </TASK>
[  760.187995][T19296] loop2: detected capacity change from 0 to 7
[  760.261078][T19296] Dev loop2: unable to read RDB block 7
[  760.263435][T19296]  loop2: unable to read partition table
[  760.266590][T19296] loop2: partition table beyond EOD, truncated
[  760.269351][T19296] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  760.566746][T19305] FAULT_INJECTION: forcing a failure.
[  760.566746][T19305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  760.574496][T19305] CPU: 0 UID: 0 PID: 19305 Comm: syz.1.3340 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  760.574521][T19305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  760.574533][T19305] Call Trace:
[  760.574540][T19305]  <TASK>
[  760.574547][T19305]  dump_stack_lvl+0x16c/0x1f0
[  760.574570][T19305]  should_fail_ex+0x512/0x640
[  760.574593][T19305]  _copy_to_user+0x32/0xd0
[  760.574615][T19305]  simple_read_from_buffer+0xcb/0x170
[  760.574644][T19305]  proc_fail_nth_read+0x197/0x270
[  760.574669][T19305]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  760.574695][T19305]  ? rw_verify_area+0xcf/0x680
[  760.574721][T19305]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  760.574745][T19305]  vfs_read+0x1e4/0xc60
[  760.574762][T19305]  ? fdget_pos+0x2a2/0x370
[  760.574782][T19305]  ? __pfx_vfs_read+0x10/0x10
[  760.574796][T19305]  ? find_held_lock+0x2b/0x80
[  760.574822][T19305]  ? __fget_files+0x20e/0x3c0
[  760.574855][T19305]  ksys_read+0x12a/0x250
[  760.574872][T19305]  ? __pfx_ksys_read+0x10/0x10
[  760.574890][T19305]  ? rcu_is_watching+0x12/0xc0
[  760.574912][T19305]  __do_fast_syscall_32+0x7c/0x3a0
[  760.574933][T19305]  do_fast_syscall_32+0x32/0x80
[  760.574952][T19305]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  760.574974][T19305] RIP: 0023:0xf7f14579
[  760.574988][T19305] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  760.575005][T19305] RSP: 002b:00000000f5036590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  760.575022][T19305] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5036620
[  760.575033][T19305] RDX: 000000000000000f RSI: 00000000f73a4ff4 RDI: 0000000000000000
[  760.575043][T19305] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  760.575053][T19305] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  760.575063][T19305] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  760.575087][T19305]  </TASK>
[  760.660753][    C0] vkms_vblank_simulate: vblank timer overrun
[  761.007432][T19317] macvtap0: entered allmulticast mode
[  761.009264][T19317] veth0_macvtap: entered allmulticast mode
[  761.141216][T19323] netlink: 'syz.3.3347': attribute type 1 has an invalid length.
[  761.219409][T19323] bond9: (slave vxcan3): The slave device specified does not support setting the MAC address
[  761.224923][T19323] bond9: (slave vxcan3): Error -95 calling set_mac_address
[  761.252765][T19327] macvlan3: entered promiscuous mode
[  761.254994][T19327] macvlan3: entered allmulticast mode
[  761.257865][T19327] bond9: entered promiscuous mode
[  761.260524][T19327] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  761.266835][T19327] bond9: left promiscuous mode
[  761.516486][T19333] vivid-002: disconnect
[  761.518653][T19332] vivid-002: reconnect
[  762.024249][T19340] netlink: 580 bytes leftover after parsing attributes in process `syz.1.3352'.
[  762.027353][T19340] netlink: 580 bytes leftover after parsing attributes in process `syz.1.3352'.
[  762.138623][T19343] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3353'.
[  762.445928][T19352] JFS: discard option not supported on device
[  762.449928][T19352] Mount JFS Failure: -22
[  762.451469][T19352] jfs_mount failed w/return code = -22
[  763.469745][T19374] netlink: 'syz.6.3357': attribute type 10 has an invalid length.
[  763.480991][T19374] batman_adv: batadv0: Adding interface: team0
[  763.483250][T19374] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  763.491486][T19374] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  763.500415][T19374] netlink: 'syz.6.3357': attribute type 10 has an invalid length.
[  763.503888][T19374] netlink: 2 bytes leftover after parsing attributes in process `syz.6.3357'.
[  763.507687][T19374] team0: entered promiscuous mode
[  763.509779][T19374] team_slave_0: entered promiscuous mode
[  763.514633][T19374] team_slave_1: entered promiscuous mode
[  763.522208][T19374] 8021q: adding VLAN 0 to HW filter on device team0
[  763.525166][T19374] batman_adv: batadv0: Interface activated: team0
[  763.527912][T19374] batman_adv: batadv0: Interface deactivated: team0
[  763.530070][T19374] batman_adv: batadv0: Removing interface: team0
[  763.535994][T19374] bridge0: port 3(team0) entered blocking state
[  763.538096][T19374] bridge0: port 3(team0) entered disabled state
[  763.540826][T19374] team0: entered allmulticast mode
[  763.623866][T19374] team_slave_0: entered allmulticast mode
[  763.629685][T19374] team_slave_1: entered allmulticast mode
[  763.637687][T19374] bridge0: port 3(team0) entered blocking state
[  763.639772][T19374] bridge0: port 3(team0) entered forwarding state
[  763.892085][  T838] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  764.063006][  T838] usb 11-1: config index 0 descriptor too short (expected 23569, got 27)
[  764.065975][  T838] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.070419][  T838] usb 11-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  764.074805][  T838] usb 11-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  764.078581][  T838] usb 11-1: Manufacturer: syz
[  764.083451][  T838] usb 11-1: config 0 descriptor??
[  764.152369][  T838] rc_core: IR keymap rc-hauppauge not found
[  764.154716][  T838] Registered IR keymap rc-empty
[  764.155410][T15612] Bluetooth: hci0: SCO packet for unknown connection handle 3781
[  764.157735][  T838] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0
[  764.171640][  T838] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/rc/rc0/input31
[  764.172625][T19389] ALSA: mixer_oss: invalid OSS volume ''
[  764.212203][T19394] netlink: 'syz.5.3365': attribute type 1 has an invalid length.
[  764.243881][T19394] bond9: (slave vxcan3): The slave device specified does not support setting the MAC address
[  764.248661][T19394] bond9: (slave vxcan3): Error -95 calling set_mac_address
[  764.275443][T19398] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3366'.
[  764.279370][T19398] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  764.300970][T19399] macvlan0: entered promiscuous mode
[  764.305188][T19399] macvlan0: entered allmulticast mode
[  764.309485][T19399] bond9: entered promiscuous mode
[  764.312472][T19399] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  764.320358][T19399] bond9: left promiscuous mode
[  765.537556][T19423] sd 0:0:0:0: PR command failed: 1026
[  765.539543][T19423] sd 0:0:0:0: Sense Key : Illegal Request [current] 
[  765.541876][T19423] sd 0:0:0:0: Add. Sense: Invalid command operation code
[  765.716445][T19435] netlink: 'syz.1.3376': attribute type 1 has an invalid length.
[  765.746702][T19435] bond9: (slave vxcan1): The slave device specified does not support setting the MAC address
[  765.751936][T19435] bond9: (slave vxcan1): Error -95 calling set_mac_address
[  765.792298][T19441] macvlan2: entered promiscuous mode
[  765.794086][T19441] macvlan2: entered allmulticast mode
[  765.796132][T19441] bond9: entered promiscuous mode
[  765.799304][T19441] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  765.808164][T19441] bond9: left promiscuous mode
[  765.993830][T19447] netlink: 'syz.1.3379': attribute type 1 has an invalid length.
[  765.996259][T19447] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3379'.
[  766.176881][T19444] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3378'.
[  766.591624][T15049] usb 11-1: USB disconnect, device number 3
[  766.649632][T19453] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3381'.
[  766.944315][T19469] FAULT_INJECTION: forcing a failure.
[  766.944315][T19469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  766.948913][T19469] CPU: 3 UID: 0 PID: 19469 Comm: syz.1.3385 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  766.948928][T19469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  766.948935][T19469] Call Trace:
[  766.948939][T19469]  <TASK>
[  766.948943][T19469]  dump_stack_lvl+0x16c/0x1f0
[  766.948973][T19469]  should_fail_ex+0x512/0x640
[  766.948990][T19469]  _copy_to_user+0x32/0xd0
[  766.949007][T19469]  simple_read_from_buffer+0xcb/0x170
[  766.949024][T19469]  proc_fail_nth_read+0x197/0x270
[  766.949039][T19469]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  766.949054][T19469]  ? rw_verify_area+0xcf/0x680
[  766.949068][T19469]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  766.949082][T19469]  vfs_read+0x1e4/0xc60
[  766.949092][T19469]  ? fdget_pos+0x2a2/0x370
[  766.949104][T19469]  ? __pfx_vfs_read+0x10/0x10
[  766.949112][T19469]  ? find_held_lock+0x2b/0x80
[  766.949127][T19469]  ? __fget_files+0x20e/0x3c0
[  766.949146][T19469]  ksys_read+0x12a/0x250
[  766.949155][T19469]  ? __pfx_ksys_read+0x10/0x10
[  766.949166][T19469]  ? rcu_is_watching+0x12/0xc0
[  766.949179][T19469]  __do_fast_syscall_32+0x7c/0x3a0
[  766.949193][T19469]  do_fast_syscall_32+0x32/0x80
[  766.949204][T19469]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  766.949217][T19469] RIP: 0023:0xf7f14579
[  766.949226][T19469] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  766.949236][T19469] RSP: 002b:00000000f5036590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  766.949246][T19469] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5036620
[  766.949253][T19469] RDX: 000000000000000f RSI: 00000000f73a4ff4 RDI: 0000000000000000
[  766.949259][T19469] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  766.949265][T19469] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  766.949271][T19469] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  766.949284][T19469]  </TASK>
[  767.085315][T19476] netlink: 'syz.1.3388': attribute type 1 has an invalid length.
[  767.139157][T19476] bond10: (slave vxcan1): The slave device specified does not support setting the MAC address
[  767.153258][T19476] bond10: (slave vxcan1): Error -95 calling set_mac_address
[  767.222947][T19480] macvlan2: entered promiscuous mode
[  767.225194][T19480] macvlan2: entered allmulticast mode
[  767.228104][T19480] bond10: entered promiscuous mode
[  767.231057][T19480] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  767.237143][T19480] bond10: left promiscuous mode
[  767.375288][T19483] bridge0: entered allmulticast mode
[  767.381396][T19483] bridge0: left allmulticast mode
[  767.443706][T15049] libceph: connect (1)[c::]:6789 error -101
[  767.446977][T15049] libceph: mon0 (1)[c::]:6789 connect error
[  767.488578][T19484] ceph: No mds server is up or the cluster is laggy
[  767.538005][T19489] vxfs: WRONG superblock magic 00000000 at 1
[  767.541070][T19489] vxfs: WRONG superblock magic 00000000 at 8
[  767.544080][T19489] vxfs: can't find superblock.
[  767.682165][T12975] usb 6-1: new low-speed USB device number 12 using dummy_hcd
[  767.851349][T15612] Bluetooth: hci0: link tx timeout
[  767.855226][T15612] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  767.859445][T15436] Bluetooth: hci0: link tx timeout
[  767.861146][T15436] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[  767.863698][T12975] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  767.867072][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  767.871453][T12975] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  767.878362][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  767.883239][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  767.889049][T12975] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  767.892443][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  767.895724][T12975] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  767.899271][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  767.908209][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  767.935030][T12975] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  767.937371][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  767.940580][T12975] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  768.060486][T19508] netlink: 'syz.3.3399': attribute type 1 has an invalid length.
[  768.083347][T19508] bond10: (slave vxcan3): The slave device specified does not support setting the MAC address
[  768.088353][T19508] bond10: (slave vxcan3): Error -95 calling set_mac_address
[  768.144095][T19508] macvlan3: entered promiscuous mode
[  768.146402][T19508] macvlan3: entered allmulticast mode
[  768.149280][T19508] bond10: entered promiscuous mode
[  768.152050][T19508] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  768.161004][T19508] bond10: left promiscuous mode
[  768.754342][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  768.770928][T12975] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  768.776691][T12975] usb 6-1: string descriptor 0 read error: -22
[  768.778793][T12975] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  768.782090][T12975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  768.788210][T12975] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  769.113428][T12975] usb 6-1: USB disconnect, device number 12
[  769.844054][T19542] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3405'.
[  769.908529][T19546] FAULT_INJECTION: forcing a failure.
[  769.908529][T19546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  769.910273][T19546] 
[  769.910280][T19546] ======================================================
[  769.910287][T19546] WARNING: possible circular locking dependency detected
[  769.910293][T19546] 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 Not tainted
[  769.910302][T19546] ------------------------------------------------------
[  769.910308][T19546] syz.1.3405/19546 is trying to acquire lock:
[  769.910317][T19546] ffffffff8e4d2200 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  769.910358][T19546] 
[  769.910358][T19546] but task is already holding lock:
[  769.910363][T19546] ffff88802b43a418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  769.910397][T19546] 
[  769.910397][T19546] which lock already depends on the new lock.
[  769.910397][T19546] 
[  769.910402][T19546] 
[  769.910402][T19546] the existing dependency chain (in reverse order) is:
[  769.910408][T19546] 
[  769.910408][T19546] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  769.910429][T19546]        _raw_spin_lock_nested+0x31/0x40
[  769.910454][T19546]        raw_spin_rq_lock_nested+0x29/0x130
[  769.910469][T19546]        task_rq_lock+0xcf/0x490
[  769.910484][T19546]        cgroup_move_task+0x81/0x2a0
[  769.910501][T19546]        css_set_move_task+0x288/0x5f0
[  769.910520][T19546]        cgroup_post_fork+0x201/0x9e0
[  769.910533][T19546]        copy_process+0x5c82/0x7650
[  769.910551][T19546]        kernel_clone+0xfc/0x960
[  769.910568][T19546]        user_mode_thread+0xc7/0x110
[  769.910586][T19546]        rest_init+0x23/0x2b0
[  769.910603][T19546]        start_kernel+0x3ee/0x4d0
[  769.910639][T19546]        x86_64_start_reservations+0x18/0x30
[  769.910661][T19546]        x86_64_start_kernel+0x130/0x190
[  769.910681][T19546]        common_startup_64+0x13e/0x148
[  769.910694][T19546] 
[  769.910694][T19546] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  769.910712][T19546]        _raw_spin_lock_irqsave+0x3a/0x60
[  769.910734][T19546]        try_to_wake_up+0xb2/0x1680
[  769.910748][T19546]        __wake_up_common+0x135/0x1f0
[  769.910768][T19546]        __wake_up+0x31/0x60
[  769.910785][T19546]        tty_port_default_wakeup+0x2a/0x40
[  769.910811][T19546]        serial8250_tx_chars+0x68e/0x860
[  769.910831][T19546]        serial8250_handle_irq+0x761/0xcb0
[  769.910850][T19546]        serial8250_default_handle_irq+0x9a/0x210
[  769.910869][T19546]        serial8250_interrupt+0x103/0x210
[  769.910889][T19546]        __handle_irq_event_percpu+0x22c/0x7d0
[  769.910906][T19546]        handle_irq_event+0xab/0x1e0
[  769.910920][T19546]        handle_edge_irq+0x28e/0xab0
[  769.910933][T19546]        __common_interrupt+0xdf/0x250
[  769.910952][T19546]        common_interrupt+0xba/0xe0
[  769.910970][T19546]        asm_common_interrupt+0x26/0x40
[  769.910985][T19546]        pv_native_safe_halt+0xf/0x20
[  769.910999][T19546]        default_idle+0x13/0x20
[  769.911014][T19546]        default_idle_call+0x6d/0xb0
[  769.911031][T19546]        do_idle+0x391/0x510
[  769.911045][T19546]        cpu_startup_entry+0x4f/0x60
[  769.911060][T19546]        start_secondary+0x21d/0x2b0
[  769.911079][T19546]        common_startup_64+0x13e/0x148
[  769.911093][T19546] 
[  769.911093][T19546] -> #2 (&tty->write_wait){-...}-{3:3}:
[  769.911112][T19546]        _raw_spin_lock_irqsave+0x3a/0x60
[  769.911130][T19546]        __wake_up+0x1c/0x60
[  769.911143][T19546]        tty_port_default_wakeup+0x2a/0x40
[  769.911157][T19546]        serial8250_tx_chars+0x68e/0x860
[  769.911171][T19546]        __start_tx+0x3e9/0x4a0
[  769.911185][T19546]        serial8250_start_tx+0x368/0x530
[  769.911199][T19546]        __uart_start+0x292/0x4c0
[  769.911217][T19546]        uart_write+0x218/0xb30
[  769.911229][T19546]        n_tty_write+0x412/0x1160
[  769.911244][T19546]        file_tty_write.constprop.0+0x501/0x9b0
[  769.911257][T19546]        redirected_tty_write+0xd4/0x150
[  769.911269][T19546]        vfs_write+0x6c4/0x1150
[  769.911280][T19546]        ksys_write+0x12a/0x250
[  769.911290][T19546]        do_syscall_64+0xcd/0x490
[  769.911302][T19546]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.911314][T19546] 
[  769.911314][T19546] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  769.911329][T19546]        _raw_spin_lock_irqsave+0x3a/0x60
[  769.911347][T19546]        serial8250_console_write+0x181/0x1890
[  769.911364][T19546]        console_flush_all+0x801/0xc60
[  769.911375][T19546]        console_unlock+0xd8/0x210
[  769.911385][T19546]        vprintk_emit+0x418/0x6d0
[  769.911398][T19546]        _printk+0xc7/0x100
[  769.911415][T19546]        register_console+0xc2d/0x11b0
[  769.911430][T19546]        univ8250_console_init+0x5f/0x90
[  769.911451][T19546]        console_init+0x14f/0x680
[  769.911474][T19546]        start_kernel+0x29f/0x4d0
[  769.911496][T19546]        x86_64_start_reservations+0x18/0x30
[  769.911518][T19546]        x86_64_start_kernel+0x130/0x190
[  769.911541][T19546]        common_startup_64+0x13e/0x148
[  769.911556][T19546] 
[  769.911556][T19546] -> #0 (console_owner){-.-.}-{0:0}:
[  769.911575][T19546]        __lock_acquire+0x126f/0x1c90
[  769.911595][T19546]        lock_acquire+0x179/0x350
[  769.911613][T19546]        console_lock_spinning_enable+0xb0/0xd0
[  769.911627][T19546]        console_flush_all+0x7aa/0xc60
[  769.911640][T19546]        console_unlock+0xd8/0x210
[  769.911654][T19546]        vprintk_emit+0x418/0x6d0
[  769.911668][T19546]        _printk+0xc7/0x100
[  769.911687][T19546]        should_fail_ex+0x4e7/0x640
[  769.911703][T19546]        strncpy_from_user+0x3b/0x2e0
[  769.911724][T19546]        strncpy_from_user_nofault+0x7f/0x180
[  769.911742][T19546]        bpf_bprintf_prepare+0xede/0x14b0
[  769.911758][T19546]        bpf_trace_printk+0xda/0x190
[  769.911777][T19546]        bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  769.911795][T19546]        bpf_trace_run2+0x230/0x590
[  769.911833][T19546]        __bpf_trace_contention_begin+0xc9/0x110
[  769.911855][T19546]        trace_contention_begin.constprop.0+0xde/0x160
[  769.911880][T19546]        __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  769.911897][T19546]        do_raw_spin_lock+0x20e/0x2b0
[  769.911919][T19546]        raw_spin_rq_lock_nested+0x7e/0x130
[  769.911936][T19546]        __schedule+0x301/0x5dd0
[  769.911958][T19546]        preempt_schedule_irq+0x51/0x90
[  769.911973][T19546]        irqentry_exit+0x36/0x90
[  769.911987][T19546]        asm_sysvec_reschedule_ipi+0x1a/0x20
[  769.912002][T19546]        unwind_next_frame+0x3e6/0x20a0
[  769.912026][T19546]        arch_stack_walk+0x94/0x100
[  769.912039][T19546]        stack_trace_save+0x8e/0xc0
[  769.912054][T19546]        kasan_save_stack+0x33/0x60
[  769.912069][T19546]        kasan_save_track+0x14/0x30
[  769.912083][T19546]        __kasan_kmalloc+0xaa/0xb0
[  769.912097][T19546]        __kvmalloc_node_noprof+0x27b/0x620
[  769.912121][T19546]        seq_read_iter+0x826/0x12c0
[  769.912141][T19546]        seq_read+0x39e/0x4e0
[  769.912159][T19546]        vfs_read+0x1e4/0xc60
[  769.912170][T19546]        ksys_pread64+0x161/0x1a0
[  769.912183][T19546]        __do_fast_syscall_32+0x7c/0x3a0
[  769.912197][T19546]        do_fast_syscall_32+0x32/0x80
[  769.912211][T19546]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  769.912227][T19546] 
[  769.912227][T19546] other info that might help us debug this:
[  769.912227][T19546] 
[  769.912230][T19546] Chain exists of:
[  769.912230][T19546]   console_owner --> &p->pi_lock --> &rq->__lock
[  769.912230][T19546] 
[  769.912244][T19546]  Possible unsafe locking scenario:
[  769.912244][T19546] 
[  769.912247][T19546]        CPU0                    CPU1
[  769.912250][T19546]        ----                    ----
[  769.912253][T19546]   lock(&rq->__lock);
[  769.912259][T19546]                                lock(&p->pi_lock);
[  769.912266][T19546]                                lock(&rq->__lock);
[  769.912272][T19546]   lock(console_owner);
[  769.912278][T19546] 
[  769.912278][T19546]  *** DEADLOCK ***
[  769.912278][T19546] 
[  769.912280][T19546] 6 locks held by syz.1.3405/19546:
[  769.912286][T19546]  #0: ffff88802823c540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12c0
[  769.912311][T19546]  #1: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x20a0
[  769.912338][T19546]  #2: ffff88802b43a418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  769.912359][T19546]  #3: ffffffff8e5c4c80 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1b6/0x590
[  769.912384][T19546]  #4: ffffffff8e5b2640 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  769.912410][T19546]  #5: ffffffff8e5b26b0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  769.912441][T19546] 
[  769.912441][T19546] stack backtrace:
[  769.912449][T19546] CPU: 2 UID: 0 PID: 19546 Comm: syz.1.3405 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  769.912469][T19546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  769.912480][T19546] Call Trace:
[  769.912486][T19546]  <TASK>
[  769.912493][T19546]  dump_stack_lvl+0x116/0x1f0
[  769.912510][T19546]  print_circular_bug+0x275/0x350
[  769.912551][T19546]  check_noncircular+0x14c/0x170
[  769.912577][T19546]  __lock_acquire+0x126f/0x1c90
[  769.912602][T19546]  lock_acquire+0x179/0x350
[  769.912623][T19546]  ? console_lock_spinning_enable+0x9f/0xd0
[  769.912640][T19546]  ? console_lock_spinning_enable+0x88/0xd0
[  769.912658][T19546]  console_lock_spinning_enable+0xb0/0xd0
[  769.912673][T19546]  ? console_lock_spinning_enable+0x9f/0xd0
[  769.912689][T19546]  console_flush_all+0x7aa/0xc60
[  769.912707][T19546]  ? __pfx_console_flush_all+0x10/0x10
[  769.912727][T19546]  ? is_printk_cpu_sync_owner+0x32/0x40
[  769.912748][T19546]  console_unlock+0xd8/0x210
[  769.912763][T19546]  ? __pfx_console_unlock+0x10/0x10
[  769.912779][T19546]  ? do_raw_spin_unlock+0xb0/0x230
[  769.912812][T19546]  ? _printk+0xc7/0x100
[  769.912826][T19546]  ? __down_trylock_console_sem+0xb0/0x140
[  769.912841][T19546]  vprintk_emit+0x418/0x6d0
[  769.912851][T19546]  ? __pfx_vprintk_emit+0x10/0x10
[  769.912861][T19546]  ? rb_read_data_buffer.constprop.0+0x18c/0x430
[  769.912875][T19546]  _printk+0xc7/0x100
[  769.912888][T19546]  ? __pfx__printk+0x10/0x10
[  769.912902][T19546]  ? __pfx____ratelimit+0x10/0x10
[  769.912917][T19546]  ? search_extable+0x82/0xb0
[  769.912927][T19546]  should_fail_ex+0x4e7/0x640
[  769.912938][T19546]  strncpy_from_user+0x3b/0x2e0
[  769.912953][T19546]  strncpy_from_user_nofault+0x7f/0x180
[  769.912965][T19546]  bpf_bprintf_prepare+0xede/0x14b0
[  769.912977][T19546]  ? search_extable+0x82/0xb0
[  769.912986][T19546]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  769.912998][T19546]  ? bpf_trace_run2+0x3db/0x590
[  769.913011][T19546]  bpf_trace_printk+0xda/0x190
[  769.913022][T19546]  ? __pfx_bpf_trace_printk+0x10/0x10
[  769.913035][T19546]  ? bpf_trace_run2+0x3db/0x590
[  769.913052][T19546]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  769.913060][T19546]  bpf_trace_run2+0x230/0x590
[  769.913073][T19546]  ? __pfx_bpf_trace_run2+0x10/0x10
[  769.913088][T19546]  __bpf_trace_contention_begin+0xc9/0x110
[  769.913102][T19546]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  769.913119][T19546]  trace_contention_begin.constprop.0+0xde/0x160
[  769.913134][T19546]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  769.913146][T19546]  ? __lock_acquire+0xb8a/0x1c90
[  769.913159][T19546]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  769.913170][T19546]  ? do_raw_spin_lock+0x12c/0x2b0
[  769.913186][T19546]  do_raw_spin_lock+0x20e/0x2b0
[  769.913201][T19546]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  769.913215][T19546]  ? rcu_qs+0x2b/0xe0
[  769.913225][T19546]  ? rcu_note_context_switch+0x192/0x1e00
[  769.913236][T19546]  raw_spin_rq_lock_nested+0x7e/0x130
[  769.913246][T19546]  ? preempt_schedule_irq+0x51/0x90
[  769.913255][T19546]  ? preempt_schedule_irq+0x51/0x90
[  769.913263][T19546]  __schedule+0x301/0x5dd0
[  769.913277][T19546]  ? bpf_trace_run2+0x2a5/0x590
[  769.913290][T19546]  ? __pfx_bpf_trace_run2+0x10/0x10
[  769.913305][T19546]  ? rb_commit+0x11f/0x9f0
[  769.913315][T19546]  ? __pfx___schedule+0x10/0x10
[  769.913329][T19546]  ? __lock_acquire+0x622/0x1c90
[  769.913343][T19546]  ? mark_held_locks+0x49/0x80
[  769.913357][T19546]  preempt_schedule_irq+0x51/0x90
[  769.913365][T19546]  irqentry_exit+0x36/0x90
[  769.913375][T19546]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  769.913385][T19546] RIP: 0010:unwind_next_frame+0x3e6/0x20a0
[  769.913401][T19546] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 10 15 00 00 41 c7 45 00 00 00 00 00 31 ed e8 f2 06 18 0a 85 c0 0f 85 a7 06 00 00 <48> c7 c7 80 4c 5c 8e 48 8d 35 00 00 00 00 e8 97 71 2d 00 e8 22 26
[  769.913411][T19546] RSP: 0018:ffffc90003b7f688 EFLAGS: 00000202
[  769.913419][T19546] RAX: 0000000000000001 RBX: ffffc90003b7ff10 RCX: ffffc90003b80001
[  769.913426][T19546] RDX: 0000000000000000 RSI: ffffffff8c155de0 RDI: ffffffff8df35db0
[  769.913432][T19546] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  769.913438][T19546] R10: 0000000000000000 R11: 000000000001315e R12: ffffc90003b7f748
[  769.913445][T19546] R13: ffffc90003b7f6f8 R14: ffffc90003b7ff10 R15: ffffc90003b7f72c
[  769.913454][T19546]  ? unwind_next_frame+0xa92/0x20a0
[  769.913469][T19546]  ? ksys_pread64+0x161/0x1a0
[  769.913479][T19546]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  769.913491][T19546]  arch_stack_walk+0x94/0x100
[  769.913501][T19546]  ? __do_fast_syscall_32+0x7c/0x3a0
[  769.913512][T19546]  stack_trace_save+0x8e/0xc0
[  769.913523][T19546]  ? __pfx_stack_trace_save+0x10/0x10
[  769.913534][T19546]  ? lock_acquire+0x179/0x350
[  769.913547][T19546]  ? __lock_acquire+0x622/0x1c90
[  769.913560][T19546]  kasan_save_stack+0x33/0x60
[  769.913569][T19546]  ? kasan_save_stack+0x33/0x60
[  769.913578][T19546]  ? kasan_save_track+0x14/0x30
[  769.913587][T19546]  ? __kasan_kmalloc+0xaa/0xb0
[  769.913596][T19546]  ? __kvmalloc_node_noprof+0x27b/0x620
[  769.913611][T19546]  ? seq_read_iter+0x826/0x12c0
[  769.913624][T19546]  ? seq_read+0x39e/0x4e0
[  769.913636][T19546]  ? vfs_read+0x1e4/0xc60
[  769.913644][T19546]  ? ksys_pread64+0x161/0x1a0
[  769.913661][T19546]  kasan_save_track+0x14/0x30
[  769.913670][T19546]  __kasan_kmalloc+0xaa/0xb0
[  769.913679][T19546]  __kvmalloc_node_noprof+0x27b/0x620
[  769.913695][T19546]  ? find_held_lock+0x2b/0x80
[  769.913704][T19546]  ? seq_read_iter+0x826/0x12c0
[  769.913719][T19546]  ? seq_read_iter+0x826/0x12c0
[  769.913732][T19546]  ? aa_file_perm+0x4d6/0xfb0
[  769.913740][T19546]  seq_read_iter+0x826/0x12c0
[  769.913756][T19546]  seq_read+0x39e/0x4e0
[  769.913770][T19546]  ? __pfx_seq_read+0x10/0x10
[  769.913783][T19546]  ? get_pid_task+0xfc/0x250
[  769.913803][T19546]  ? rw_verify_area+0xcf/0x680
[  769.913817][T19546]  ? __pfx_seq_read+0x10/0x10
[  769.913830][T19546]  vfs_read+0x1e4/0xc60
[  769.913839][T19546]  ? __pfx_vfs_read+0x10/0x10
[  769.913848][T19546]  ? find_held_lock+0x2b/0x80
[  769.913857][T19546]  ? __fget_files+0x204/0x3c0
[  769.913873][T19546]  ? __fget_files+0x20e/0x3c0
[  769.913889][T19546]  ? __fget_files+0x1b0/0x3c0
[  769.913914][T19546]  ksys_pread64+0x161/0x1a0
[  769.913929][T19546]  ? __pfx_ksys_pread64+0x10/0x10
[  769.913945][T19546]  ? rcu_is_watching+0x12/0xc0
[  769.913963][T19546]  __do_fast_syscall_32+0x7c/0x3a0
[  769.913981][T19546]  do_fast_syscall_32+0x32/0x80
[  769.913998][T19546]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  769.914016][T19546] RIP: 0023:0xf7f14579
[  769.914027][T19546] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  769.914041][T19546] RSP: 002b:00000000f4c5655c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  769.914056][T19546] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000080
[  769.914065][T19546] RDX: 00000000000000ed RSI: 0000000000000000 RDI: 0000000000000000
[  769.914074][T19546] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  769.914083][T19546] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  769.914093][T19546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  769.914108][T19546]  </TASK>
[  770.405169][T19546] CPU: 2 UID: 0 PID: 19546 Comm: syz.1.3405 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[  770.405184][T19546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  770.405192][T19546] Call Trace:
[  770.405197][T19546]  <TASK>
[  770.405201][T19546]  dump_stack_lvl+0x116/0x1f0
[  770.405215][T19546]  should_fail_ex+0x512/0x640
[  770.405226][T19546]  strncpy_from_user+0x3b/0x2e0
[  770.405242][T19546]  strncpy_from_user_nofault+0x7f/0x180
[  770.405256][T19546]  bpf_bprintf_prepare+0xede/0x14b0
[  770.405268][T19546]  ? search_extable+0x82/0xb0
[  770.405277][T19546]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  770.405289][T19546]  ? bpf_trace_run2+0x3db/0x590
[  770.405303][T19546]  bpf_trace_printk+0xda/0x190
[  770.405315][T19546]  ? __pfx_bpf_trace_printk+0x10/0x10
[  770.405328][T19546]  ? bpf_trace_run2+0x3db/0x590
[  770.405343][T19546]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  770.405351][T19546]  bpf_trace_run2+0x230/0x590
[  770.405365][T19546]  ? __pfx_bpf_trace_run2+0x10/0x10
[  770.405380][T19546]  __bpf_trace_contention_begin+0xc9/0x110
[  770.405395][T19546]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  770.405412][T19546]  trace_contention_begin.constprop.0+0xde/0x160
[  770.405429][T19546]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  770.405442][T19546]  ? __lock_acquire+0xb8a/0x1c90
[  770.405455][T19546]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  770.405466][T19546]  ? do_raw_spin_lock+0x12c/0x2b0
[  770.405482][T19546]  do_raw_spin_lock+0x20e/0x2b0
[  770.405497][T19546]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  770.405512][T19546]  ? rcu_qs+0x2b/0xe0
[  770.405522][T19546]  ? rcu_note_context_switch+0x192/0x1e00
[  770.405534][T19546]  raw_spin_rq_lock_nested+0x7e/0x130
[  770.405545][T19546]  ? preempt_schedule_irq+0x51/0x90
[  770.405554][T19546]  ? preempt_schedule_irq+0x51/0x90
[  770.405563][T19546]  __schedule+0x301/0x5dd0
[  770.405577][T19546]  ? bpf_trace_run2+0x2a5/0x590
[  770.405590][T19546]  ? __pfx_bpf_trace_run2+0x10/0x10
[  770.405604][T19546]  ? rb_commit+0x11f/0x9f0
[  770.405615][T19546]  ? __pfx___schedule+0x10/0x10
[  770.405630][T19546]  ? __lock_acquire+0x622/0x1c90
[  770.405644][T19546]  ? mark_held_locks+0x49/0x80
[  770.405658][T19546]  preempt_schedule_irq+0x51/0x90
[  770.405667][T19546]  irqentry_exit+0x36/0x90
[  770.405676][T19546]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  770.405687][T19546] RIP: 0010:unwind_next_frame+0x3e6/0x20a0
[  770.405704][T19546] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 10 15 00 00 41 c7 45 00 00 00 00 00 31 ed e8 f2 06 18 0a 85 c0 0f 85 a7 06 00 00 <48> c7 c7 80 4c 5c 8e 48 8d 35 00 00 00 00 e8 97 71 2d 00 e8 22 26
[  770.405714][T19546] RSP: 0018:ffffc90003b7f688 EFLAGS: 00000202
[  770.405726][T19546] RAX: 0000000000000001 RBX: ffffc90003b7ff10 RCX: ffffc90003b80001
[  770.405733][T19546] RDX: 0000000000000000 RSI: ffffffff8c155de0 RDI: ffffffff8df35db0
[  770.405740][T19546] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  770.405746][T19546] R10: 0000000000000000 R11: 000000000001315e R12: ffffc90003b7f748
[  770.405752][T19546] R13: ffffc90003b7f6f8 R14: ffffc90003b7ff10 R15: ffffc90003b7f72c
[  770.405762][T19546]  ? unwind_next_frame+0xa92/0x20a0
[  770.405777][T19546]  ? ksys_pread64+0x161/0x1a0
[  770.405788][T19546]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  770.405801][T19546]  arch_stack_walk+0x94/0x100
[  770.405811][T19546]  ? __do_fast_syscall_32+0x7c/0x3a0
[  770.405823][T19546]  stack_trace_save+0x8e/0xc0
[  770.405834][T19546]  ? __pfx_stack_trace_save+0x10/0x10
[  770.405845][T19546]  ? lock_acquire+0x179/0x350
[  770.405858][T19546]  ? __lock_acquire+0x622/0x1c90
[  770.405871][T19546]  kasan_save_stack+0x33/0x60
[  770.405881][T19546]  ? kasan_save_stack+0x33/0x60
[  770.405890][T19546]  ? kasan_save_track+0x14/0x30
[  770.405899][T19546]  ? __kasan_kmalloc+0xaa/0xb0
[  770.405908][T19546]  ? __kvmalloc_node_noprof+0x27b/0x620
[  770.405924][T19546]  ? seq_read_iter+0x826/0x12c0
[  770.405938][T19546]  ? seq_read+0x39e/0x4e0
[  770.405951][T19546]  ? vfs_read+0x1e4/0xc60
[  770.405958][T19546]  ? ksys_pread64+0x161/0x1a0
[  770.405984][T19546]  kasan_save_track+0x14/0x30
[  770.405998][T19546]  __kasan_kmalloc+0xaa/0xb0
[  770.406015][T19546]  __kvmalloc_node_noprof+0x27b/0x620
[  770.406041][T19546]  ? find_held_lock+0x2b/0x80
[  770.406055][T19546]  ? seq_read_iter+0x826/0x12c0
[  770.406069][T19546]  ? seq_read_iter+0x826/0x12c0
[  770.406082][T19546]  ? aa_file_perm+0x4d6/0xfb0
[  770.406091][T19546]  seq_read_iter+0x826/0x12c0
[  770.406107][T19546]  seq_read+0x39e/0x4e0
[  770.406121][T19546]  ? __pfx_seq_read+0x10/0x10
[  770.406135][T19546]  ? get_pid_task+0xfc/0x250
[  770.406152][T19546]  ? rw_verify_area+0xcf/0x680
[  770.406165][T19546]  ? __pfx_seq_read+0x10/0x10
[  770.406179][T19546]  vfs_read+0x1e4/0xc60
[  770.406189][T19546]  ? __pfx_vfs_read+0x10/0x10
[  770.406197][T19546]  ? find_held_lock+0x2b/0x80
[  770.406207][T19546]  ? __fget_files+0x204/0x3c0
[  770.406223][T19546]  ? __fget_files+0x20e/0x3c0
[  770.406237][T19546]  ? __fget_files+0x1b0/0x3c0
[  770.406253][T19546]  ksys_pread64+0x161/0x1a0
[  770.406262][T19546]  ? __pfx_ksys_pread64+0x10/0x10
[  770.406272][T19546]  ? rcu_is_watching+0x12/0xc0
[  770.406283][T19546]  __do_fast_syscall_32+0x7c/0x3a0
[  770.406294][T19546]  do_fast_syscall_32+0x32/0x80
[  770.406305][T19546]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  770.406317][T19546] RIP: 0023:0xf7f14579
[  770.406325][T19546] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  770.406334][T19546] RSP: 002b:00000000f4c5655c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  770.406344][T19546] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000080
[  770.406350][T19546] RDX: 00000000000000ed RSI: 0000000000000000 RDI: 0000000000000000
[  770.406356][T19546] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  770.406362][T19546] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  770.406368][T19546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  770.406377][T19546]  </TASK>
[  770.406466][T15436] Bluetooth: hci0: command 0x0406 tx timeout

VM DIAGNOSIS:
23:00:51  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802b43ff60 RCX=ffffffff81af48fd RDX=ffff888073954880
RSI=ffffffff81af48d9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc900043b7910
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed1005687fed R15=ffff88802b23b6c0
RIP=ffffffff81af48df RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809752d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000072f0a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011400000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=0000000000000000 RCX=ffffffff82111f91 RDX=ffffea0001d22f08
RSI=ffffffff8c155de0 RDI=ffffea0001d22f00 RBP=ffffea0001d22f08 RSP=ffffc900043cf700
R8 =0000000000000000 R9 =fffffbfff2152b6a R10=ffffffff90a95b57 R11=000000000000001e
R12=0000000000000000 R13=dffffc0000000000 R14=dead000000000100 R15=ffffea0001d22f00
RIP=ffffffff82111ac3 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809762d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000005682c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000074 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8556d065 RDI=ffffffff9b09f540 RBP=ffffffff9b09f500 RSP=ffffc90003b7e928
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=722d302e36312e36
R12=0000000000000000 R13=0000000000000074 R14=ffffffff9b09f500 R15=ffffffff8556d000
RIP=ffffffff8556d08f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809772d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000005682d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011400000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=dffffc0000000000 RBX=0000000000015ab9 RCX=0000000000000000 RDX=1ffff1100471b92e
RSI=ffff8880238dc910 RDI=ffff8880238dc970 RBP=000000440fe828eb RSP=ffffc90003a9f740
R8 =ffff88802b53b050 R9 =ffff88802b53b05c R10=1ffff110056a74a0 R11=ffff88802b53a700
R12=0000000000000000 R13=ffff88802b53a4c0 R14=0000000000000001 R15=ffff8880238dc900
RIP=ffffffff818be2d0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88809782d000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=000000005682d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000