last executing test programs:

5m37.845679077s ago: executing program 3 (id=182):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="f8ffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400009e54000000000000000000000000000000000000008b3809aec0701768a9e301b130c68899b2bd025ee9da974e70692c0602c81a60d2b1c3feab59a6c3d5d3eb2901010000575b75aba3c18af19a36a04ab1bafd555731ea5a55d1fa48d5e4dd8407516b7b33e6fd5f51de202adbefd458e00fe7657e3c5829581b8a26a71a01da68420f4aa921765e587a2d1453159b0fff7d03b476bd04c5a5ae153ca23f585626074434cfc73bbc24e1b5811e90ee22455ea602aaea0babdf"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000003000000000000000600000067934000000000007b06fcff10000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000bc0f0000850000000600000095000000000000008381a218e7706f7b21b737e37c963e32b2d1a5a2d0b67c5ee9384de8a65154bc5d3bec48dd370c18c19667cc566ebbaf70512cd056"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x71, &(0x7f0000000580)=""/113, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x3, 0xffff, 0x80}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0, r0], &(0x7f0000000480), 0x10, 0x9, @void, @value}, 0x94)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000200)={'team_slave_0\x00', @random="13f2d49c8113"})
write$binfmt_aout(r9, &(0x7f0000001640)=ANY=[], 0x1a3)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000024000480200001800a00010071756f7461000000100002800c0001400000"], 0x78}}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x1, 0x5840, 0x5)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
r11 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r11, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

5m36.955366521s ago: executing program 3 (id=190):
r0 = syz_open_dev$loop(&(0x7f0000000040), 0x1, 0xc77a4b8cf4dd161)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000140)={0x2, 0x0, 0x0, 0xff81, 0x2000, 0x0, 0x0})
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="34010000100001000000000000000000fe800000000000000000ea406f74b8907d91847aa450aa09b9cc137432e9cb7c000000000000e0000002000000000000000000000000000000000000000000000000000000002f7cf75f3d7ea6f4300e9d2aaf85e602f4948721ad58ea684bf3cd0bded1c35245cfe4c49ef3da5a8e803ddca7e75b49605038b00c579b66b250", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006c000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200020000000000480003006465666c61746500"/236], 0x134}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x90)
memfd_secret(0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
userfaultfd(0x801)
capset(0x0, &(0x7f0000000040)={0x6, 0x0, 0x0, 0x0, 0x6, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000680)={[], [{@smackfsdef={'smackfsdef', 0x3d, ')_w@{\xb3\xfb\xca\x7ft\xf07j+t\xf0\xecB\xb1\x89\xcbi\xb1$\xb5\xd4\xa1\x94@\x0eK\xefgO\xd8\x90\xaf\xc5\xd8m\xf4y7\xc8\x86oo\x89\xe2\xe6g\xad\xd9\xb4\x9d\xc6\x90\xb4A\xe7\x8f#U\xcb\x19\xf8\xe3\a\x12\xc7\xdd\xa4\xa5d\xff$DSz\xa5\x90\xb0S\x19\xd3\xa28\xd2\x12J\'\xbf\xa6\xf2/\xc6\x81k\x1b\x17\xffO\xb3\xf4\\\xee`c\xd8\xc5\xf1\x8fr\xa3\xa6s\x9f\xf2:A\xb4\xde~\x84\xcf.\xc70\x196\x8b\r\xb1\x10\xf3\x12\xae\x10\x12q\x1bZ\xa43x\x13s\x97{o\x91\xe5jPl]\x1af\xa3l@i\x18\xee\xa1oo\xc1OL\xe5P\xffJr\xfa\xb4\x81\\\xdb\xcb\x06w1)\xaf\b\xfd\xb2\xd6i\xe5\xba$G\xcc<*\x8c\x1f\xd1\xc0\xec\xd9F\xad\x06\xc1\xfa\xf9K\x9d\xc6\xd0\x0e\xcc\x82'}}], 0x2f})
r7 = creat(&(0x7f0000000080)='./file0\x00', 0x191)
ioctl$LOOP_SET_FD(r0, 0x4c00, r7)
r8 = openat$cdrom(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$CDROMREADAUDIO(r8, 0x530e, &(0x7f0000000000)={@msf={0x8, 0x7}, 0x2, 0x3e, 0x0})

5m35.98552604s ago: executing program 3 (id=199):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB="f8ffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400009e54000000000000000000000000000000000000008b3809aec0701768a9e301b130c68899b2bd025ee9da974e70692c0602c81a60d2b1c3feab59a6c3d5d3eb2901010000575b75aba3c18af19a36a04ab1bafd555731ea5a55d1fa48d5e4dd8407516b7b33e6fd5f51de202adbefd458e00fe7657e3c5829581b8a26a71a01da68420f4aa921765e587a2d1453159b0fff7d03b476bd04c5a5ae153ca23f585626074434cfc73bbc24e1b5811e90ee22455ea602aaea0babdf"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000003000000000000000600000067934000000000007b06fcff10000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000bc0f0000850000000600000095000000000000008381a218e7706f7b21b737e37c963e32b2d1a5a2d0b67c5ee9384de8a65154bc5d3bec48dd370c18c19667cc566ebbaf70512cd056"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x71, &(0x7f0000000580)=""/113, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x3, 0xffff, 0x80}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0, r0], &(0x7f0000000480), 0x10, 0x9, @void, @value}, 0x94)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000200)={'team_slave_0\x00', @random="13f2d49c8113"})
write$binfmt_aout(r9, &(0x7f0000001640)=ANY=[], 0x1a3)
write$binfmt_misc(r9, &(0x7f0000000000), 0xe09)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000024000480200001800a00010071756f7461000000100002800c0001400000"], 0x78}}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
ioperm(0x1, 0x5840, 0x5)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
r11 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r11, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

5m35.422176886s ago: executing program 3 (id=203):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
mkdir(&(0x7f0000000140)='./file1/file0\x00', 0x0)
chdir(&(0x7f0000001180)='./bus\x00')
rmdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r1)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f000000c400)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f00000002c0)={0x50, 0x0, r3, {0x7, 0x1f, 0x4, 0x48100480, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x14c, 0x94a4}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000a3c0)="61ddaf21c1282a5a6352f350c2f614ede5b0c406f5488574ed6fcb609ce20f648ee274c8dfeaa625b1fd332f70f776ae0b6e3f959c24f3876756c20e05c82079387520764f2446820d53242898a90e51c5b68297e39b7fcf558b450e9608326c3dc6704a054216a8c6f0d689e5eb6b8564854376910eff147682d2378b9c5b95a626493ce628b1bb6b524ed7e90ebe6eb0246399eac6d624dcf4e824be2de9c1d5d06eab13f2770577304eb676106fd9868a030192067ac009482e03a817f1abd909a94702479fe30b2594ca60b4acc37148cf04e8c0e76dd69e29d243596f8174129ac6ab9dbb79ace8f0fae14234845725102a027d4163f97f3971d207500defeaa2c7318f7e82e591701f9d3f78592ea7ec28806a53278a35a20251eeb2735fa9f37bf0045b5e6faf5f751c7ad31d8426be7b09027b2092f49247159a33b580d2691ebf00797962168bdc368f57282ce5b8526eacb80952ffba771626c0016b8a010546f0b4daf470814cee0ea418b76331c34616cea0459dbd1f196364c99e4a47bcdd64b518ef51833e6f8041fbbbe86e808bdbade7009885f2c4d7ffd76a0e7dc7d542bdee1d136d2096dfa997f98ac83c6341b306a3a8cf81642566d7777480d4dc61b0182f0d418ce95d74c9aadb182326d6671412a1f0c62c93a0ba873ff5daa4ece4b2fc73ed5b02b60890374acc0cd25cbf1707016a542fafd6af098f9737304c726712c8243dcd5eb15c0996e9e03dd741d519cb3e86ea214e20408c2cc5ea607585f1bfd268ba3084ffa69425512571d263fd1ae49b488b2964bd3e78943122006489cc22191dec2900a7fdf798c9f683461f2a7b940f4112b805dc077a7b99071b5b454f7c6d2b13a6b23091f74ecc65a24ac0d11e2ffd7332fb2b2b11aeec3c809d78cc2e168f126f38dddfe3e1d0ec1c6fb25f880690f97a70dc5fbea5d25dba3b24c01d9bd228c58deca660625511127a62220429c94be65d6ad4ce7e79e97af67931b46ccfabca5dbaea11e2dc76279b0244cc2845f31beff418fe4bd892d3676079d9d4eb0251dfead9e0a07a11c0a7e597ac89ec77de60a5f6e0ff4a62374856b8e1659e885d3a0d90293daa0c7bb041cbcd54bf098b66b2ddec28dcba4cfbad969e3b97e4bf680f901485d1cd4b231a9115c22ab2f911415ad0efe0eb7f4bee15c6de7d0f818acd687a117286f9e3c33df5206df918ea4ac52927487968d88f4a18d4889a4060f20487e4cec19250fe48a16b1f9f7250a6ab81fbaa2ad451a936ee98021bf859b9a635132a0dcf7530c0e2c84a459241a1fc9fe45b4a4f32fa8e95185db92660292ece6b5ddbb0b9f69bd7435cd4944f8ff2ed51172f0683fbae1013cde202498f2e1be54d1a2e17b3984b17d1994915a477c87697f465781e41b44c6a40ae035e75a4d9f9c0926bec533db0d4c26d605cb1ae225e692ed315062e8c3283716929e25a22b25105e018d81c07cb7600d1bae16d8beec33c88f1cdb52ac988b4677ed604c28ff1cdeeeb74c332dc526cff5ee935016984cabf117694cccabae944de4d2d2daff8f281b6434475b52c1910210598c684da99c108000a53d2ca03afd42b0200691d92341616353a22a8dacd8cb7eee85953b251236603d2ef1e450675f8d0f3cd0e28ef36457f79c267d836d14ed758148e979b9749ddcef14aec903939c69567a1697aae8f9ed72a16be0267a3a967727937f609720802570287c4e08641b9b7b979c6541add0e8600dd2d75a1dc0822ceb7a7e4e1afda2940d127f488589963b46417d7a7474545e5b08a621c1a7637b3fcb62b0aee10d999505907bd14033370e391f6192ff7d718e1db3ef861d30b2d477f11cd45ecb296d4babcccc34901165e3fcdbef6fa1ee478a97f7d21dc5562582d67c448ae352d3157d83e8ab0122a2bb056bdff8043a91b8f3abe4d788fe741483997a8e3fe126626a14b4243d3ff8ada8dd555c95d5e30b68cc053dfbbb61940cbb552cc1fe211ea5ea13cbfb6a577cde339282d84e92f866145e7b1de4d5a1705fc24fc8843f1a69f4c604adf0d715ad88c6a4ac80a35375662610e0ed07af9c4c76326716a77b106ef87782804ca353eaade28a1ca522d706282ebe48c0b23fd42b2e0297f5997d3aab40615f143e868c6aaf920bc827224946db3e3b3e65ea66dbfa5fe6c45dab930877852e86df251024e4ae46ee8e04cf40f2b3239f4df40062cfddada61700959deaeed3a44fb185ce51685fcab793184435b3e668e7d80820a613acde8d61e24571b9de7ce4581a4751d70a28e8d098660e81941fe40b6844a3204b512457194e100c995c75921569f735afee321080ed6310610887ca842001f5112c5af8c9083e3d088a404b48ee82e1e8be16fd493a2a643816488447706f3e86d2d0ed48f7397aad0cf105a4a71d928a15413ab3813e42478cf7a5be2e03d15ccb90a625863cb2ca1059110f90186cf4c370469f4d7e1ccda56ed9c427cce46e7d1c82641554ffa0c7c42697cbc754702b62be5ab03c995ac8cda3145959c440c4dbcacea29d4554d2d95ed4444e9bcbd6ead7d6398faf189de77645a05a54d6c33c9678daec6e5ac0048f91e15b2fdb808d712e662007da5e228ddc7370f575723a0018a1da70fa27e6624c8c75047eb584bf3399a8fce999df94f6fb54fb6c1fc954b1d899459fcd2f459e57c214ae590513ed268ed2d1114d8276642510a2eb99feecb58d8476550553a9f3d1f04c9bb442dae6dd84628b60cc9fd3c1e5c4fe3b9ad5f43b5d06e31ba4644f7499c03fd68cd2207027eeb1908a8022d70eb8fc8f55fee7be7e3af525d4fb1ab3e9b458246cbb5371e8145e1d04762c62068e03795a5a6b48d8643a83927c47000b7766e320e0ef2339d5423813e8d7845b939a9567745f6e2d6070764669c905ea77943a31f0df838a5d046f25d516bb654336f759c05dcc0febbbf1d214382a76fa09aa32be9799252f1d0fd8bacfe3f32574fdc82c6ed77f1c08d4aef88c157cbdac947346e3e015af60125d3e36ec6bd8dc5127c7ab1ed773c8beffc9dba99bd9fa1498a5a49bcce4ddb13fb85e256fcac569aab1c815527710d2c350c7cc84db5a7eb243227973fd5e2d1d8450077ececa0d96884c90ac0146d37b13f1aacc1eaddec3f0d475df6ceafe73f9076fcfeaf496efcae22d09745453a5e4776876ecfb1d004361f82f76b2bfba050d0fd5060f50fd74f9908a62649955e2f90e4ac4a4f0b29484cf80eebcbecb12db8586ee58443c181a59c046c657ecbb067a1e70d4c548e8b291a5aa681624747d9a52a6184a5fc82d824d9ab6156ec5fd73a038b38d86974e7a89b55a95b609e12c98f4168c0e48139749fce33397948224641e9823588858f82247d9abf8f84250564189676325e43944e888cef6918cd2b842b3a42751475a37656b3f04a02430705f16908d638212f69cf96d5311038e00e048468810d1cfefb0a9aeaf46d1bd31f7156a97542d9373abd3c069aa096486244389312031398a35e0ebca6668ed06dbe80290ac9a2a15ac9c208cdbcb2c1e18f008741649b4fe2ac1e6ca0a19980b6276fa09c5c0e67e748c1669add6fd4c70ba522be4428df305c3313929a4eec348f03fc6a6dfd1d6740a61230a977555b6b4d5165c98323871d750e80f9205231af03ab430a720dcaad03d113f38574ebada74f5b34a05a6abb7ba9b8b280401a3a21dd7e1e026deb438ed020d09fc93ffd7376ced7b5d6c9c35072c7f28ddb7fea3ffa7b7e6766892be2015c20e2cc7fa8bcb5832b97e964947ae940d5ce215ff3a0d74851d5735f3573d533cca9b3a89f9494f150cb732139cc2282304f6a375ee1062f6f850ebf89548973b6c5e7aee8b98b18b443332d3be20fea086653d52756b40ec4f08ad52f4d0a5a61004c700f070b83548670ef36dcbd8daf13ae6d382aaba3c3bac3c1efd953781d69e7365e1393d2c3f34d3dc91999ab9a545bc167e50ea6874fe8f49e93e452ad4710d7127c430ab2caf3ec1627e6a2a6a57604a5da490087991b68cd58d456f6818f22e38007e1628c6a78f6a8a321e3f0d5d5e1bc7f9ef53c4780b451dad949962c8a6a464b25cb161159b72f40fed8280daec34135f77373b9432f411b232e9374e9cb3fcd85a599c20d0b8e294835c60c2e034eb8385c507095c6eb6748180fd1ad97cb0a4b2ffa70c90891d373459538f4106078162bc46b425572466aa4769153b994698bbff1a98b5948e40d98bb2900445eebe95c4892bcb92b4c28b734ea7e106accc9836767e0881f970c9d69063dd918de44a484ef3f860b0dcec58f22b3f1a0abb9c0c2b6cd5bdacdc194f188588c0888d6abfa2d0b79d0b33a41e3b6a0f9fbf811ba20f346025b3a4be17eb5ce583b860cad5424bcaf1ef4a255678706052c1cae9cd77cc78639f975f07737b791831c64f0c974b23a5c428091b8b8e17a037ac3c6d56da4b4c7e4752736cbbc8d67b1b823e87d51ffc95fe9752e8479fc15a6fe7b96fbd7b93dc2144381c424ec7782d7f8b2637010dca11ccdaab1bad652a9ecd8b6ba2c116fa419c8582a0ccf754a294d9de5b457d9b1a4120fd53667862e50cb028e2f92c73a38f77ff57c93b410e7f3257bd56e5aa504f0643bd2bcfae2168046ad2737a36b21f6d993de1fe7b31e9ef7c79d545e5364b65011a6d26e0a2f1018a5280ca88d3d1e30c68195f8cf1a3ece813f22e44d83867c9f711218203d1adf2869ed89babca094b8def7ae0abd0245f522930db59c4b2eeec4d564bfdb931d435a986daba4b604d5bf30b1cfdf6960986ba0dab216dfd7ad95ca2555e0573d073dccd407ddd5ed7920c788aa0213aec90b38981a91bc370ede38d171648316d59478e66c068eec33295345162e9896ffc82f8d94b995d3a3a7a4f459e564632b5918b4fd850da380937655f19e2820376e7deb48edb0f5e295521a9a153f5ef69de397d88acc20be99779d7ea2c38445bd70aeeb68cc6c68c1bc603ab580b632866497a3dbcbfd933e2074323f66f1db73129eec8331c8872aa92a33e2180fc0cf2e28d198faef4421064b8435f37b5bfb9b531332b3b0838015fe848f0ce859db8706f2e53fb07ce4d0fd017d85ac9ce2943ab172f08b13c948c3778d2469257d412b1a5305526cc8dcb4a8645f825cca66a63b7134d8b7c760db6a8fa21f2df3456e9b460867303a9d53fb01db8548800d800e49c08c8d731bbf9a642206f4cc6673e4fc0f7106661abfde1eb8a8d384b26d88c16d15f238556ff4b205145d860228038430cd8a342bc15849afd81666b55b358e3ec584fa96f119b77495c4ec36616070237bb170fc04d3befebdaff66643814eb8519abaaf1e9bf939bf5bfefa33c32fe9909055393e383268e426436305b370867db76991ca600bf6211dece3b6b7b4dc5cd4569ff4538080fec318a9e0cce4a8cf26aca8359b503781aaedc2d58b0bb1a82c163425e678b488bdc7362d0be24a7a8238deb31482c332d4d385005ca84c836933b0fce21685ec067adb9490d1a416f83e36e6e3b87d05ab6973f4e359a1fb5a4dbf2ff6a85d235e50d893f222c2a7d84252be9015e104ee3609c83cafdd796a8422257c9ca9172888d91c0f2f2afe36dccada9a713cfc026cf25e113fc543d522e9254f5e129d7ffd61b43ee25bdd63545a81a2b086b616e23abd380a7bb8e54b8341f42c663da1fc8451f21da7315aea416e6856d4d45128dcd34a0f3aeb7aed00c54c348f38888b8c8fec59028d38344a92249c95943d3ff8608bc11406102ebe8269892b2e909bd82ba467aabef127713a0993df779ba7b0816a990566699e4926d75fd47c3f1b9cae3e58771a6ae8776fdb672ee70f215fd908d6dfddb8a2ad10f27b749fa6e67171848d70d3ae135ee3defb2546bb35a3ad2d8ac0e838ff8abb1cd733d80047bc8626960a257b704b43bf0390b7fee656ca7831d23e8ba940533c16c17de68270bb3b2d3bf142b34899b3a106cf9569b4f46f148297c61390733ff9f399c669122dd045187d0a35fe54b4f17e4090c56cfcfa47498b1701a855827d35cf3624624906f997092b010b1da616325a090770694d028fae9874a91f8d21fea85804956594b8252c24d05df5775148ecbf8ab38f131c268cc263f6a2dcd375acfbf39a2defc9869801a720d83add1ff01ac7fc389bc7e35c2eee2b44f808508e6e02ea31cf23ea9f2118bce520101e307b394e5fdd28e90870a327b0a1444b552b7227134a8e5397474a6c0e1ce89d918c899d292660ea44294e07b1645ff9e85f65156f92d55ae795e134250b5359dec6c31d4892d83f363cb09632bb738c4e7f351361adc3ab54776a5c55d6ff4895516c82cc6387b1a424f3af2bb0398d0d4a71fe44c5132b7ad5fdfa732bbcff9f02395df587714072caca65f5fc1215dc9068585e1fbcee22cd69c0386a6482230540ec9ff8e373018e4e2788b9502e5be3e3247f997800c68a634e4490c91d01144a63a7a55afbfa4f0ef5ad538aeec8ea203ef2716ff989e11ce4985263898b8e36b0d3386b816ce484e81404a01ac0ed9f18ef5643f93d46705c949acddca2b74ad53441090f658d22dd081aaf49a7bb07c93ab8dfb5213cba354b4d37d9899423d3b3d45e9463c506ccd69747162d2d64b54291d11fdc6c9b89114543d6948f10e68008973cc485df080b84e0d098f962715ba009f2aa1fb41f7199ea5b9b70df0e1c378da164f7257b4ed04a9fee7cc2de065ad35a60b882d78e26d5804942ed1f2bcf85fc63795fb9164a5f94ffe6bfbf838c9197bce2160d24f88dca14c3e733d18ff1fb7acb0ebdfc4e2ce268a676fb27cc34d4b6b5d7e8db29c020c4c498d793931b0fc7d91ad68d3d8463e36a267833edbdd7062f4d62aa9fd1cb7f8e561d3939bbfa118b897167168832c0aff17fb6cdcf75ad6ef0a18e2b37fb24c85d0866f2e5f191b2ef8fe9b5997635a74cb06aec67363435eb175559629c09316f96dc56de6c7785335d121fc2e4d47c2f50c37c5bf7950ae5de07b3b73830f4299d5009742d4eca98df821a95d244967a42b5a4f3375edc41c5281ca3104bd247c14e838912634d4764c1b6e440860d98f258aa8a24e8af643497366edc2b781aec0567451884aec0343ced1fbddfae585db1012a6d9245ad85c56aa33d5bc30307515bccc8d36d7848c99884db4a49d748e1953b4673e4286393fc97c233d529435faf7ed9f9aa64029814b7cd6a36c3dd9ca7be95e5c4d48e024a3d23651cc81c00a52e2fa2d094435ebdb4ae5be8e6b53cf628ddc87a4bc2dccc98ac38019c91789a40d103fb95785bde5992de08ecdca1dff2ab7cf5013420b3d29b8a7f0af455c4e86285422b986bdf482b87297061084b50684e936acbb075a84e720a2d03892efec7dc1af2fae2a7ce7725cf0d19f39403b273be262c7a4ff638898f6caf84bfb358c580ba4adfd8664bcc539b82792e39ab4f1d8393b1f98f6dd5aae14bc6b73feeeaef7c3accde4d9b098f2d5c7ed68621851f37d27980c4b44df095d865493eeef2724db90aa53a3c37bd345ea75b4e76e8878deae1b4f3204c2957f3806e36a03e995f7633de9b863ff6b3309d330ade917c82f3286d9500105755efac22a4220f457debd861df3c0925dc4ba8913cea12b8deb93cec87c972421bb8442ef2a2a9d638471108ae0152aefdc45eac6ff786dae370a21bfe1e5777df8070bcefba8596cb8f71a516b505b1f83de1129cee91d3a4d6383daac7b9de46a99bc34661f3d805d2e138a769fd6489e4d058a3ab35ccbc81251aa2f23f83d7740bd8869465634e10e114c62bdfd640d69cebf6e78eb0970fa442746f7c3bea77d8589ab131827a95b274dd63ea04fba4c822aed4f8d0cd83ed83177d90332c7e66f103d4eb1dffb9ec0f52094bc7324a7c59819dca343776d6adb6850e7e7e83e2316db1c32feb4ea1c6f47a2ee41bb09d0a931f4fa3cdf7ada2bac7fe5ae2b997e24b8f8c52b0bee1482b74af68b407f0d78f3767bdcb42557c9f3aff0c2c2ea7745a0f588b00a751c1c8d2124a8bfd4d7f756587d239cc43a8cae1d67cf15c73dc8569a1ebdd7b8559e969541a547c272e52d57e5924ced9afc87cd2cdcdf8e30f423ebe26170393ecec06afa093839fc3a10fdc3f9ae19e79e4df6a9af6027e1129a7a6cb4517607eac80fa2b5f7853fe84028a66976ec4b4af50abe9ca959b844d7b2ab94903efec6dfc99ed9df2c329c0e8449b4d2a0a5bc2506d170884d2c6ea8aefebcaaf2abbfa3c4d9e4d201369a47792124a7909e247dc98b777b60a30b1461d857f164e3df983d9a900f8b11bddbdcf47c29d483033c9250f30e268ddf97e0ecbdd99d6fb3dc4562bb75f8f1e03d1aec424293fa5fc786444411a512fc582a9b577d5e88fb9d6f7346bd489f6eb4296e576e25c45e114fb6a3d0b6b831fb4ffe7486daadf2f0ad78aad8f8f7eba17e524de06e81a5af9c1aa09019fcc51611afc45fd30b8ecd2a2ae19758a1ffa55f79cdf53ef1bb55e49cb58d8b291664be61586ace94c7b378d685e54aeee09af828a3ce7335f9d03f8daabcf3543b8099956f60913db6ab401a427aca83772df4fce9081409ab426dae09739b50a8ab4c04a6d2e63b2c4c0b5f7fbd9dc76722057ab6cefc9ccae3abf251259f999fe09dbe1232b8ecf0e26b3d88d13a1001840f6b5942359c3ac75bfc321d9504bcc0e3f4add741125941ece20b4f90416b1f14edb4ecb1ced79cef883aa1d5193f3efeeae7e103891ae4840978fbe74d2cc90b7e02b4d839f15c75576b74e05f7a8af71823317a851bf0ff9171bdb16ffa36f57ccdef61065a62d64ba434571db0d476995e2bf4f148f0a6276b2fad82f03b91fe53f9a7acff3ecdfcedcc1eae42e52e1f7443114b8edc8a9d5c8a55727f7ee1d20e1ca55b42e51b47fc4d2313458ab9a5f05c1411dc8f11e4c57d3fe87183763bd24cfb8dc583c82ce9c0abbeb76310666d2236e2ca164c66e6336fd571967f35b2b0ba847922f5aabf97aea061d19eb9cc3cd6e764da9651f9e66577d9c8870734fe8e03d20ba107e6e2997ef7c42f940b88410c6bf46635cb5e402113411a98c75e8cfd3760235d7a486bfeea1a1dc188b7886172ac66d45a4bd87f60b8502382888f3806e47ffb74d9aef2519e91536f7798b7c22ee70566e686ae2b577f6341f7c47dc1ae41f2af983b80f7db23a3466b4f14e2afd591b19d36375acbc0c8ebf21654c8cf44ea49103299eb1ac6e96bb282a33a6ea204aa266b7d627c53757daa176f6cde932e7e0342977dbf7d5668e8ba984bf05dc610e5450eb4c3dcf7965eedc9b168a9c274ef6a050e93234a9bb5488a5aefaea9c442729b5416dcee6bac23f238bea2f1f4615c863a3ff7c7a081558237f2097b9ffa869f4b69fa32784f62c0b7a458411efd3a9108735de667c63c34af2225e382a17600acecc118ac1f81ec5ed9a26fa966bee8dc6f55c17bbd89a94932bf930b081fd310ef94c490855453551e9eb809e9d568500e6662564b65701a721208dcbef9a07650f9faa5a503d37f2e1b1912fbfb437f1f4c2d4a830a2dcfae905d323fe9a6a01cc8d88ff82a26a1c228103396b6756659b6a8a9ff8b31494cd8bde6205d6f62e698d9ae43ec740fafc60d798a85e5f8598486b6e82f23506c6004ec2f733cde633c3b45d9ef14fb223c020a67f305e33b5d3b239b5026ca679004e212725a4090818734435247b918dc9c65d2f0c580722651217ce7a2dec34c0f8c49e3dc051c01f5d445dca8675339f5c8b30ddc19f51ffa9e9c513f5fc9892dbe5ee5bc148ebf3033635401c8675f0fb43e503d73cd432e3ae2f25bf29b4088a3193c208f5ba51882364202dc3eed6f3ab9a871b4afa960f1776cc92deb7098ae6f61af30e715ab60d44f378bbb79f8fb663de164a5f4f582e6a17fd7e553e677632d1e8489a8138bc780418de30c0a95ae3ec3b0cdee51901869acc318a6725c0c06273dc67d393129278225b9384d978512befdf449f85146fbbe92e6b52cf40028b13d77ccc68e7b65e0c1a25f1f9d17b06b17f216729684fec1b4c0c3fdaf40af5dd1a3f4492d49e018f60f41d91524bc5d750789fd39b6e69cb66b1d86b2c1405331e3e793fb38dc447161f1ba02cee1519b72727aee9ede2898c5195adb0dc1c29fe6eca6598c5612a7f98bfe0d1853e44f47c94ae57bfdaee16711135226c9b44440abbeca5ed53b0aa58d34fa0faf766087135599d7b88a04d5ba7d69c148f3ebaee211a06438146d762c9f85d9007a228edd7d71ad18fe69a1af0caa6176eade25bea11504c2f0498a450d4d265bf97dea5b23c10560c9844d761702a5814fb355827ed6f46bcebb61d0a06c21746625a438c38496a941f447c2150c9125990ff7feef9d551a7adcbe0fd828ef4397c0799507599899259f61ff914f76be6077d0daa67ac0ab9093ecd0f78455b605a7885cae38a88b2955cecd37f972841f440de12831263ae64c7c78970138a738bcc66aae8c1a5c3ca0e166dde9860bbfc4c7bdb854cdb3d94ad4c723b2de03a50dfd120041a9b3107a480e7e108f729484d0df0d8e47c3a6b7ce0376e642ec5a267a91dd2bb1f1b3fe56a5097edddba482627cf79b66801fdd4ecb733067ad52e8fb9970be01a397ede6a3eaee6b8524f8e1cf00e0c5aed165b8b1533afaaeeaa82153f9840760b58b8a12e8168956db4522f2dd5a13183cf861acb0c0bb2735ff5cb683f633bd99ba2bfa7f1fcdd0a54d3b4fa9a7d3de250d7e40bd7b3a829a4f04fd71c64ed4f2503094773b45fdd821688d10ced9da17089b7c954f7e4a7f3e56226abee46d7eb93a6f3d039a7cf3dc14c18dd7502aa0e29e1c54bd1c2182138e06326f3cd4cddcf1997c9739f9e4a0899ce919f20b2def0ff103e5a9e123a1db4a544d438f789a0ed26664523bd55902364f4a21b2a92fcc111392dcdcf7ac0ece18c474d47a11d544b64836a62e3e1e0e9d15f8066315f000b7d8603f772704ed5b96798f28e4f699a671023a4d49c5a1e30d14145b9179e4b0f3424fd46cc22ca48cde74904876cc037a04aee32b53d02e4869427b6b18bf0ce7b5ffb75268788ca5029d2d12b2df068219af12d4e17e56f83e581b0fd6cb7048204803342ab8b146b0c237d6ac7aeb2ee21550c00da60286994f1e7ca53de19d874f7bb27c8c5e263fa35e548ea28f4ac0cdfdc4c0d5096f2ab328d089dacb5e87f0a29814e8461470a22ee8a4a318f5e2b5317a027da39789b7b17bdcc9b26bdad1ba5e4580f671a3179a9fde91408aa41a68f47c71c524f8e413557b0656cc2a67e36da5a07ee7c55b0877ecf41a8616ec20f59d370f3eff6b10e68a6c55feff6f52f498bc9ab77224a7548ccdfa3de41ff44ee4bd32295a42d9fdac1a4c8484a7383a6bd5e39cb0249e939fe7f53075d6d4a54bcfbaec50853c5e4bfda256665ed56dcd20fbd04a1d40c200223ddac36a7229df6003f335227a6bde261f7e2f7c980e7e522c68abc63601b3b1a9ebdd4530e4f33b9986f5823", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={0x78, 0x0, 0x0, {0x4000000000003, 0x0, 0x0, {0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000002800)="d1f89c14e7f8640b43b1f1d1e00b2b0b3146d223d281c321953af4ade40d696d07f4b7d2ed1c1fd5691291056351901df48500519139568c88f49bb32801c2e3e2932895f1eb24b30efbab27313a3acab179fd6ce1f7150b0f0aae8cde4dd46b4f63cd60f647ea9bcf83f107e981a050f61f5d1bb5c7883f93269bba25e4122796c0f88ab27d913586d055f8c977ffcb05c85210f93cbad91499fedb2ab95e06bf009e54b422f66cef043560f4d77ae5c083cc67fcb0d3f10699aac8cceaf6d3b8f32e15555924edbc42b4ca3d2f4a92f5d30c18176c3abd17db4de2ef74472ffb637dd07460aeb7c882811c089217d88cbb5eec41d2be903e1c65cad2ad742f9ba8b512adab575f89d539492034ddfe4fd28205c8f27c52f0f631703d384634bfcad149ea9e842125062ac67006ca474be31f708b4f4f1e0c97a4eb2f26b671e172e251e8a6e9e1510bb74931aaf6b6ff84f8aefd63591f18f2ae8028985d78fcc5ed2d57bf595d3068e904387eeddd19bd359721a432bed0bff033cbca6acfddb6529fb11290bf1563b45034bd9b6c331091efef04303ca9942fcb64e56f3ff74d610e14c8f8a87e41582aebb272e5d6e945fdc7095bd181b93f13ddbdc18545f9cfc4db7f134c9ffa6add6727ab8755a06dca23d24a67658fda84321bb97fc475ace3b9912dad73f0ee6c8b2d6d58d7328ca63d1aeceb22a419fe4ec4c3b943051e9d276c559c33e6a45a97813bfcf80c7d79ebe04b1827878c4c8c2da2d598f9f3e444ae82f142716827dddcd94f8997d88a30be2a76432641125e28d5a0896b3e040a8b6805abc98da90844261468826b89f6cbac8d7b5eb6cd8a23f7c7ae9b99dfa6616f9dd10ac48e8c53a38ebfcee8c0ae1be1ee982515ce12a1ebf5d2d19022b4407a9bd062c453845ce75f54dd07e3d8079e19b3b116dc51f7a07d005ba682da13b73e3854bb60059fb021b8f4b9430629d408b32ccd3678bf1dc149a3493c44b2a52a5572c128957e0db8a4a214848b64bea6733bb48fc17a4e42474e2b1f47b507d038bb87a3fc32e7bf471685a61f736a414772cc1825e9342c58768640c83486dbf058050dd6c8a9843c106d1a4efa5e5b36deae71448e55f4ef2721d2d210ce075bdc52c97bd6c097a9a4120a507f6c99cd9054579c250cd5b207684deadf75f2f8c54349a57500625be7577fd6c81ca72111935f577c74c2bd1e9419344e2a3563b5a7d6026722469a30a061d123b45f93027a01c7d38863589118d25e333c07f5c3eb85d4dde937d8f1421b72035f8733754ef4793acdc8d1362ef08ac1e9f0246bfb478647ada002f809a3e63433d031e6d5e4f86218ace6a6221103608705719c3106b4659c377f7e3b6ae1777075ea45a68df2004deb6ef742c5971c23d409278be94c5de68153d93d1a2378f1b1656786ec896b72de0da8259a6f181be8829f9cb7cb98ce0b169e734e4a240508952f6ce3ca984eef7e0cd549996147fe56a0bb1598f015ab955df145a51d783397366084e53455840d5688cb9b7d2cdf8abbfcdf850a7de4073eada567d6ca989611c4910e692e44677a857eec2b654f8dc66b2be192786dce3b9780f9806652bdef013304a43dba3f8d15e5105414f6d1fb2a57dea02211fa311b489088a9802e36d649ada97d72a216f54ca6da090a51c01f5638a04f364a3cbf24bb374f644fda38856a7e0f5c3c9cd7b00555d105daf57561379cf1d77bce66d12de44f202a866a43a7a05a6e0910a1f0ab5b1341d8ae992ae9d95fa2c876db1bcd3635d7851f03dde1eddae6dcf95b182edab72a0521c88c8c3a8c2ad3c6ec2cc44321ce1550d51476e95a18ae5fdab801ef4f5a7a56580261d850f392929061ae5808ba390b2f7d8fe7325df9c07c39faadeeb0ee1ed95db7ccf49c9b93fca83e06be745156d422c8b936d65b8e7e76d9eeb2bbf19c1f9a59b8ee6b55d594d4794a869b2d3b37b0b936866894f00e6a90c788c22e0fb87d0ac53ce75e519765647deee2862552c77ceb75d419627e0627067ba24571807cbfae0bd959fa95cb14c2812a1ce41f76d2ad620c55df55f473e56cb219f7b13bed8cc4a98dddfda9d3b9b5650754f73c34bf00496993a1c4056aeb44e4160c3e2090d733604b2b13f40ae346b726a31365b7a230d8f66665dcb726594280678a258f8ddddfe69d424d62abe910db05c0efa5e773d0f6d8ef8c4c49926b46568a7a1321d996eacabb2f716539a020e34a02afc3bfead458287dd22c11e1c5f57cda7668853637dba0b2eb5e5318750b63c829ab0145c02d6bc05aef4113ee0ea0ba97c44d74cedcc89adff648eb5d7fe932a7a76c772b1e2e36c148dd3be951cfa0cfe11bc58635b38708fa1ff88f949eb15f4a4a3de71c33e2915c799d8204d7d1f9cf7c13c608e6ddf29e12b409028ee5edf37353df7982f67a120ff1871001094b1a3148ed5f4f75d9372aa21b2bb6e02b470336a2c20efee8af866032acd6dc56d1fa7a84dc314cafea1a7bba5fbae89e037a4a5597d2eefd153406d67ddbb3b4eeed6d981b229c2c1b76347b05d20835ecc979b697a2981f6785df853d3d5ce07c624136c805d4dc6c7419d68afe2ad4822aea38da761742b33de8394bcd2462518b35c6ef265eb2a9b130e5a3d669b55d457f92500a7b69156475e001989d55547fc831edf2afe2290591e902858914af73ad4e87ddb8ea3a719f435fe1c2839a39fe088ccc863e7c82e96b66e1b6d32ddbdc42bf2f6076b9e93ed2ec4b6ba6fce5dd3a8f5b3aa105aecf72a5cc9108d02a0b923de2d490ad90aed3a45c46d4594948e7b3f3cc7d153f4b2837ca378fb4af215657f016fd9c66395b98357c1d12a655ce07268beccb35acb3f928c1522bea5df98a0337c751308bfb361e68f3775c75e020ac9570283119264d4f8916c143ccc28d8e0709df356de6b6f35fccde79a677606b5b4d846fdad7c271fc5c2ae5f5e2fbcd6fbf21508a2615ab8f0208e276164bce80fb886b648b4cb085c7922a829c2bccdd850cec329870c866f7923c2c1cd59d6c2653263f7aa1f13d84c82575a021793ef875954ce8737c98abee465e780ab64f1d23da92828e62908543850e5730099eb34f5e47dee740581f596413b8e2711bbfc9d25e4a35b57416a741a60ba650b52ae2189cdd125f64565544f9e75bd8c2cbd898ed2dbdd704ee40d1746715eab4155a51289cf7d89a19ab7a355609dff8111c94f6cdf94a94c667508d7201eab7e86569b8b08bca2291cf3fb166df68f6d6da05398e8a1c0c5c66ca3cee621727a77f19b92927569ba44709302c1102683f338150989d971ea6d0151b69865e540ad4e5a186ad9fc8ce57a56ad114487c5ad99c0beae0fd49927c52380de839cc952f8e41e167006573b4ffc39ebec8f9f9fb4168386a78fe52c00cf3c3be6dbcd4ab32ac7cb8fdd1bae70a5c3da6f555aa6c8e6bd7e69e511bd5d87e39ee21f9035b0b14dd50b3c4e211794bfd7e8fbc48658044eab550f6b564d8f663c25ddb30233fb260e2d30bc9956f7293fd5532df2f74019f639c7313ca029280c513c2fc3c77dc4d0e7f5a9f273fda00349c28319743bc8f7eaeacc7f487bcf5866a55b2fa5b66e31964f090ac448a1ccd3b8cbc9735db5d7d1dd2f2bcdad1ee48b4f8a36688d8ddead1f166a5afb2efe12e943ce6ca41f1f45fe650536860881c28ff04a66ddce9cd19b4304c26e3238f114a1f4080999aaf6ff1f4b8b59ef5d54c10cd8a6598420949f1c0eff13259ba7da9f4c749b58f31f01627b780c2502cc6d1d82f68271e2bc945ddcb6784532e1aba414385096eeeb45afca0ddec570b16b476fbf7b4818275a05afe4beec9086e1c816ebf96608ed57a570c931577ca5b14c9359718b4b31b4789f291f5cb012f832e5763ba53521f58d3ee0a10930d3b4ea7747c5c751cfb476159287a9d371530e5d7cffa6ab09f049d2435960b0ad34f7890df22a3cfd6ce052b08409e67a1291f8459a59b988d7b97d2534f306d83656fd43313eebce1732837b6c22dc60a80d03c54b695b4efbf31381916c7da9644ef8e0f6739c98e7892ca89bf696715391c989c3bd53362e01b81d998e50e46fab088f9312465d200c034691b7e5dcb22ead3c3f3225f16a5588b2be09470e225290d8073dce5cd955d31e7acd452950505597f01c4b54a6f16f2e7d00ab182258f26e40bb70db783b2a10aae019f87708e1306e1957fcc081dac3659d603d4044c10b0a1fe61f4482e56d031d43fc355100a9dcf822db16d0895e554b439bd032e6103df725123da3fdd4a48b68863e6bb36e05343136e171d39d86168be30188bf1ebac4a1d748115167033149ac61bb4f8d4cad7f4c68c32de226b03fb42d24d5e37ba886fa357100644e64d869f6395e3d6d3768a30f53e2aca3688408807bd4818a2c5150f8ee770121a4a6402c7dc334a9ee5e876566d19867e45d4bdc73477ff7f543a23f38d5f0bf666219b0391e66457af4238c5bd9a05586333556f8972aca1def4507c4b073d1bc1c3051f0bf34f71673ccc1de9c69170c9fc5299ac733569cfde6a7bbb3cd60b601cfca16510bf7fbb26ffab3b674000844daf55fbf4ab48eade708cf70fdf901454acc8cc95c63fd2ee771bffaf19205e9a119b847931bcfb4c738e39701a3882cef4ff47b46b72ce26ac207a1ccaa253cd3ddae2b2eb61d5b9b3c8156928a169d7dbb2874b884c3b2097cb8ea92ce7fe70af90514c11887df33c4f7ec3d3ee6c327e7129b0188b0ca8c777451b17d8f489d547d711404bef72d1914f66a5676e9d716ede8c4282526419adb31d071d241db47a58bb55ee6ebcb67c82765a25e5e6fedc4c8d1d9b17e2b5bac5e0af3c63ea870ad8c5f9521390b660fc735d331e6eb326abde284256cdb381b4651d05f55807f4ad1b5b883bf6b55ee87285fad8de366f3248ae0b9c32bf85fc95d5bc19a716ac2a5f41e4e58d26bfdfa582be5d506f9929bfe7cea70184c81722ef7300f779d5d64c08a225a083d44ce75ced73f3a016f5047af67245bc8a81214024e905f383252cc0228085aa5fc184cbcb41db3eccede89480e0a1c1d1754cc3ffa53edc27c337ec86ae2f68c6225edb0027c1c5bf9aee1b94b62f6144e4631887272a36add32d908add308207559064cd61576f917db864845e5e89efcb27c80d259eb6fd5fca398da0c7e62fc423511bb8eb3969732c862de33448e95aa5e15d2028b84b3b8348a50abb39c5c10ac7fdc2034d1ceeae9870dc4486f48ac6aae573a775716ec380ed57665b9bf1c77f6869f720e428f8b94170b14c23786ff1cacf95a66ae631c70245bf264ce5078c3bddb4aaa7928eb6f1261d52e45ae5fde6f1b3bff90cd560c6c2f77ecfcf553db137051685c925be70def2be6c9bdd5825eac58d4c892a6d4ad5dcc078c6582ca140e5a75993e5ab7b487f31e5c601844f18f13039c099317f5e512eb9e054dcd8535106a9bd8977bf74254b68753b7f3a9b385d4a38ccaa17e029bd9ab4ff9b9b561b2a7e613ea05eb18a50fc231f32b79b9f32514469193a3d12269f58f3c932e501513e48e81774ad389275d9f00b4f8c677b8bb584b503201f83c7ad2e934e909f9ae1fc540f544dd2327fe1d8e3bb86984a252e2ffa88e2aed6d65a302d1883e51654fdb046d35270130fb9f8e4a4861d7278a07ee627fe272dcf99d294d7b1ce72f2f804cddfe4fa7aeb2c9543ef2665bf826c8ce0ca82dc7d4e57b7181b55a5d96ad83417b79376793235ed5a320a3ffac3a025aefa669450a6df20d830042034c0953836097c9461bc0d9c1446485692d1b9d5c991086f3f118a49bfe2a0888a5af8a868d880e31946dbd0c7ddcfcd27dcf5c62c9c5ff8fa9750d129f32e3c4f524eb3c31d5c9cb33fbcf52384a04a9f4faa216020e45be91181efeb7393d96b1f3ad8e9fadcffe49bec1bf36e70c2291475356ec5a416feb5d3b4f1331052271679d1186b338163682ac5b6bb79c64d6d0f8ddfec84d0d9870f45a64413f529c8dd93b358e66c9da2fd233e53b73ae2761f363ee69a38a0d7320a149c90c086e6a426abca5c461088747a2fb5006919ad7640aad79b1ec03cf6f49206f37382ad3105fcbd0e08d00815029d8cc3ca16472e58226f1def116bfab456c32a2a2323bb5a661eacb3b7c915d1eaa8c5aa8b1bf25c3a7bc9a2e047c499d8f2fbf2fe25606fc7f0ae5a539af68830b1955f82962f596e2ad0feb3e99b1982ffe3e553f102b4360b8e1d659575a8f713b8bb88d97dbcfd98f91c147a97e896646a47a43334569da8a01541b012063e0465c4122cb96b57484b0ab8c5f0c8f346c0766be69decf4e3ebef7f74f153ef8c6b6e9c5fe224e8f995f11c1867c5600cd7a345afacafec9076d4ccfca741fd41e445476d31f7cdf06b0d0cf596c755235408782a5e37abeb1f2dad79c83e59a1040c4b3b6a5a2acce9df0ebdb607c9c0549a4b16028595f7a9cd9da115dab0189f3d98b0dc2b8ddf6be4de2b38421a2071d91f14f8752c74df31fecb64de59dce09da2c3a1a2826446d982509baaa89b76379d8320bf3c1f76448e0ddc0889fe57ba756ab1403949cd2ca9ab520fa485576eca5acb471002a14a31e8d7f54c8c3edda8f416b0ae9d9fdfc445b54ed8fb34ed7c1d11b3c57a2c5ad92217ab2fdebafc195d09fee7a518e027ccf9d2e8de8cef1e0ad52144d82b65519495b8a5c314e85361adca8953dce587cf461a461dc9bbc0eb13a54144964930d80d8b4a015676f3efd10ccfd0ec5fe64deb93b5901b506581461bf2aaf04fa9f8118936c5e67e1cee60ccfc4f011ee2812eb9716af42b22c40d83c55d4e4c4838826cc34387a2085aa3e17219c78255ace7bb1fc30ec80676449084744c0887dc4e7696d25a544f3e4b365cc6ad800931d5787be99d678347ea4d6cdeab5662f6cbcb5fa80590e513c4ca96d73d378085026e0e7c71d968a670aefd48519e35beaeef9c67506db6f9b3edb62ef1b3b52b9c2db876b76101644e7dcf5a5056a8d916a0f69ea5bf096e7a4c2f8f1d0da29dbcef9d2ad1b82179ccd0ef95006b7a1d542a847e3e0f864d63434c15d6de4fecad18b788a867da5515e3d51871417bfd783d2dffd852953ea7113d3a61aac3c7c1a4efb449faa928456eb570e62d0ff9542a971b542d7c1fed9d633eb4a81499c105d0f73c5165badb54b0e83f8192d3d51d46ddd9908b04e9f57d5a4e6b65affee3799ae7cc51b4098f71e8ee947ffdeee4fd03095536376e1281ef8158fd1da4a39aebdad37fad75f6217bf45bfad16f2f1a80f5e8a3eea1141a56beb91319fe948bb44350a6e79959c140a5dad9955fb287aeba0a8a45d1fd8d692d30c96d01c9100e417082ae6edf62965fef7e190af60a99145925a307d1e11534d2a64484be3c6cd642432a2db66ba6d3ab1b7ea645edf4e54623d2ba0619bcc2a917cc2df8b0dbed096951947445ed5f08c626e1f9a5f566515bf106c48174f73587314b513962ed556fa7f16d8c6a953bcdda72f083a9b16357b3262c13cd500dfa09cc3d09240a7338514031768ea3053caa5166c8e4e090b3128464a88ccdc751d8ee1b3b1098997c9eaa2b3a13a47e43723a49e5d011dabb22c0d9605e48d5e26b90a47519536fd77c5260bc713e2b510fa6da698069f6c1df7a72462399d7dd288be19a0eab18adb072677268a306f19685c2d813564bab4ac90b7389c2fb87c0517e769577c081ced55572da71b40d18e4979b6b6290afcde4caa610166920549286dfa80197a10ff074b08d6b96c97110e36742fdbc5607f4c48ea9dd53301eecb5c25fce4eec9381b84e6b5af767c5bcca600149a3021c3f4aa237a0143363549a705c5768b5aa6ed51fd1ca9f0f9dd242f0df21f7c3eaf321fca97837d989ca101b5462d2dc248316c21339cb2b4e3451bb483390c09c958d474c6df2f2eac208ef704cbae5c9f6597c19ce48c4c9161c1b14622ed824b0e8669cbe6746051729fd2fcabb020190764a468c58ce369528bfca46cf8ec51ab69e711a53c4121476d2a5d2ceb19c332a5a86a52cabb246d2be739f361d97a6efc2c1d408b6f079ff5cbfdfa7ffb5da3af4611e42f876a44f8180ebadf8efe05645f3326fd1b1bb7f82753ee13e25c406469a6b103b9083ac06d590a48543240bca6e467eafc7069c97aa93a3a4ef61b6043383b6e990d174637d695893bd910f217c9c2465688eccd8a171cb5270fca2e002261f2e3e595f3484b67c0bbd7b50ea53a470e3935c0eafc6226521f0a15fc7cf5494b67fcfb705019a86a5972a9dd285bc50985947e42ca8519de25510db7ba6553419d4e368fe56c2a7acec8e77cd734f557a0f1b507e0869d2d5c9913c52fcd78b42b8f59ad3ae92226e292ea4439b5486629b739f4cca3d7f21cef79045427656fd1679dc5ab23686e13500dcb6284df60599ce81e2570d1cd5c7c2e0026640177bf1395fcf6e999acac08e3a993c3700ad891b1a68d5efc32a4b4f9cc8841e837e778c2500eb6cffc1b9970b2adf724839c7711ebbb2ee3e55f7aa97746d7538153589deafeef63eee6dfbd43fc72e0b763a0e4709da3deb26691303e99230a93c490029383b322099363ba3b2f76b4773c0c43907361b578cfb312cde55ea6de2f477c351ac82786d15b52f08a42385b2a3349116d34f8719264f79082d7c24165423a8e6764c53b922a0b3121cbb88976e6f53c455be77521bc1ad4997135ff24c520b2fa0002cbcc8eb8ee5cb33b1140dc811ee36816f47f23ff0b77d6680d597ec2fe77f5bfe1bb75c3eddb2356940c01e694da66d1c4fd78f7df5857111c01bb5e9954585e54086af287dc0ce861d921b378e9a2a9c9c5a37d9812595063643b1dae4afa57d884501ee0de2d7e39692ed5ecbd2ba1d9bf4e3f291cf0b1dfb809a2f915ae90bd5fbe76d5848752c298f34e69d8e95f6f3c8a8ef365d0927811b8a90c8f58836da07c058f71b01025af8c9829f761d71465d3d813e1e08a7d8f66dcb0f98daa19bb106fb9b25d49a35e8900e6de4502668cecbb9638c5b0d158317970e802be345ab3570f6a452e18da421fb4957429ec4b6c481b5393be9c7f1cea3d77ad1c935ce6cab01ed08f7f24e5b01d25105211d5e28b25d3a5fea30e3c4cd1289bc2606728f127574cdfed91d7c19d7381c3e532c92d7e532e74f3d24281cbf0f4e1908dd4f5cf145daeb21db6b34f2fe175aafd1c20224544c113f132cefe620bd99c5caff7b74d6acf8a1aae2fda5212ec64c80d647308439d5f90f6f481101599b539cd09a1bdfc510b6c9027c879f76bfd397dce9d3985ff01e62ee0455372960b68202412c6d5eb7b09c36f265b7b8b3822aa489dc169f8079e71dc96e0b75de2ade686761b067416e4915287dfdd6309946487a68115ee9d0bec73ffc63223e9463a30b819297d24824cb20724c6b524d58af1e03264e8e2b8dce59377c78dbd5ff5977782181aeaa8c2bd6d9f3d25ec566fa4a01eb5aeaeb6912acad55ca7336d28e305781bf128d6575dba16110d64c55ec9840f299e353fcc5628f248bd660f4dfa5f3a1bb7fbdac78ec727e87a134c98a98f405a4cd3773e79bd4f22bd3239a5fa8cd5806601e07241b25678f048b05bab6f8da56818f8dd9c97d001f4a7ea8beb3fa65ed7a951878bcef7e1da873e21ac6208cf0852c6cb297c10c84b74582bf59aaa11e7d8239997c9e7fd3c5bbee5b8466c17394fa61771aa10a3541f88419b16bb4fa36126745e99c292911d30ed0fa366dcd62c10879a6826609ab2b80b3a0c2de3d877805a564ce925916063c53d9698bb918eed2b49315fb83465a0db1a63a0528a887f5106dd054edbf381280989581c859a517573a6eb4946e0fcc61956fd5868fd37c788090fd7c3341028cf1bcb38ed595a4fd845ccd45558282c6e23d92d4268875f80ebad1c24f8d247595de2f8b83708b504f674447bc6fa1748b86fdfc971c9275baedda1348324c4dbde22d423744e2d537a4e28d95771b18302bc5d92f9e0ba6b1029a3e73761080a4e6e1b52a9ebe3538cb3e982586c23f0b0cfa78126198a0a496d96734880885e4aef7b35d90af287f9d5b18998fba69cf5a13b9153edc5f1c3cd0d181c1cecb4936a489f34682b056eaf5c57caea4a9ebd9fc7d842bc3850046f925dc430769863922ce5bea6709fa9bf7f21098097d7f47c74269b524c4194bceae0571fe968ebdda85a28fa5be7f794632189da179e248fdc237a3ba3fd53845e42db45747caa6cebf574e9abb75e3b33c1096e40e0e845385d6f961c56fd1c71f92ae31a0c9088b2100b457cf2f8b33ac984fe79ceeb65fde350f9c6229433aa20d226aeb7677e0e7e8002e3e220fb74d4a1bc07ca43fa23fcf9cbabe7799b5b8daeb63b35923c4a92d2c636d36d58e719e6855b57445a26072d716aba7b653dfcdee115b3310b0c8af8649337597c1ac8bcee8b0533cb458d165b4ca4ee72c60a49f4a7061aab09449a318a6dc1d5b1a4f2a7f82c5af241e1f0cbe3e9fd5079e385ec86bc978ca82aaf1de5b470dcbb06b5f0360142857a0519583e3a77a6fbdadfff48de440bb5c3dcb2c3e6624800fa7898ab00242b7109809d58e5aa8a25705266d9bb04f165f843f1c61c23b41f010ad67f80aa8e455385cf3ff89073dc9434ce9be78993d6c73a8adf4db6b540e7a9f60d8dbcf3133a8f5c5c59f8378f2e5aad07f31707fb9834c66d6d0ded8a8b2d984ff5b4bfe70bb6479aecf208beb8f4da7b23957ce77d574993e1a44de0b3a5cb245f0ebf8ea32a22472270798defec3deeb94a4d025d1fe276612ebfe0f4e6e639de1300d47e542fb032150ab0aded71ba693817feb9cb43beb6f3074c2d7bfb77b9b2783e0335449c9a9775ccf9060ab2468a6644ebddd41f70add6d2d24fb9dd377c4f0dce3439283f22075ff3973e4e70e0bdcb53001be03800392084d6768c3e8f7fad09b192a497a36f602d07655d3e6a7ccab561ab92c79506e1e06aad05975accc9b8b48c41da8bc611d331717ee312d77403f9f66ee9a81fa4e624cca690540dca722986dc740a919597f7836ee95b554d3c34db3443ee5b6908f8623b2c82f32b65c3e8c3c0e15c3065d09214ea6290b55bf5520ee92825d9c82745bb5368ddda47036390910e26470b96cfd7c4e7b0df89f897153fd5ab4302de65fcda1f48206346d6051a94d8e0c32b959d914c218f54813811d13d99ef6259f54c0e635c04f875772b38524e94fae3a73109f60d0b00c96c1809f37e8fb37e61620690b07d726d388e9ae5dbc3a1c3557d1e4288da0622d77081ab4cd00ce22243824c363ad1be5cb0ceaad6336a797d8ca6d988c4373b3c00667d651452d50f81a830ac6ebb71559590181eea67dce1599d13f2e778d69a40c2b736dcc7c36782c1788cdc8d5c3820d68093ea84d56daaeaac19c19724ed7d3ebc1b8c1e3092839314dc6eddd99dc0eede13dbcb7fd22d401df8eb7f679a04f785006d3b4c4012bf78b7e43b1b355a9f6d04ca0e86c32d44f73fa514d1e2b147464", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup3(r0, r1, 0x80000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/ip6_mr_cache\x00')
read$FUSE(r4, &(0x7f0000000000)={0x2020}, 0x96)

5m35.262363809s ago: executing program 3 (id=205):
unshare(0x68040200)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000140)='afs_cm_no_server_u\x00', r0, 0x0, 0x8}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
socket$kcm(0x2b, 0x1, 0x0)
r1 = socket(0x2b, 0x80801, 0x1)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_io_uring_setup(0xec7, &(0x7f00000003c0)={0x0, 0x4bb6, 0x0, 0xfffffffe}, &(0x7f0000000200), &(0x7f0000000340))
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x10, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r5 = openat$tcp_congestion(0xffffff9c, &(0x7f00000000c0), 0x1, 0x0)
close_range(r4, r5, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000030000900000000000000c10001000000"], 0x14}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
openat$tun(0xffffff9c, &(0x7f00000002c0), 0x2, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000180)=ANY=[@ANYBLOB="6e61740000000000000000000000000000000200000000000000000000000000000000000400"/54], 0x44)

5m34.905668214s ago: executing program 3 (id=211):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, 0x0})

5m34.889631282s ago: executing program 32 (id=211):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0xc, 0x141341)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, 0x0})

5m10.374204682s ago: executing program 2 (id=420):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000300)='5', 0x1}], 0x1)
r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382)
r2 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
mount(&(0x7f0000000300)=@nullb, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='jfs\x00', 0x0, &(0x7f0000000400)='usrquota')
ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", '\x00', "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r3, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1)
r5 = syz_open_dev$cec(&(0x7f0000000d00), 0x0, 0xc0b02)
socket$packet(0x11, 0x3, 0x300)
ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000d40)={0x0, 0x1, 0x4, 0x0, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059"})
r6 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r7, 0x0, 0x240140d4)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x80)
ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x5, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f56ca74227234da829edb7"]})
r8 = syz_open_procfs(0x0, &(0x7f00000002c0)='timerslack_ns\x00')
pread64(r8, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
syz_emit_ethernet(0x6e, 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
ioctl$LOOP_SET_STATUS(r1, 0x1277, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x0, 0x5, 0xb, 0x1d, "4b8b3ea46929dfed0b2f34380d308f95a023d009852471dd5a94a9fe9549918ae7fd1f0ececd9bada8b108403362cfe0f6fccffb1b6a2115354d4df15d017a3f", "2363f18d9abc6c25af21da2af6d2e80e4caadd6d126cfb80c92dc817d44dcdec", [0x1]})

5m10.251222082s ago: executing program 2 (id=422):
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000008c0)='\x00', 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000340)={0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0, <r4=>0x0], &(0x7f0000000280), 0x2, r3})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r3], &(0x7f0000000280), &(0x7f0000000300)=[r4], &(0x7f0000000340)})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f00000aa000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000180)="660f388213c4c175e27defc4e11973df00eab03bd757f700b9800000c00f3235002000000f30c4e1f556820100000066b820010f00d066b857008ec866baf80cb8f0437784ef66bafc0c66b8feff66ef640f76446ff2", 0x56}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f0000000080)=0x1)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x4, 0x8, 0xc, 0x0, 0x9, 0x10, 0x5, 0xd, 0xe, 0x3, 0x6, 0xd, 0x0, 0x0, 0x615, 0x3, 0x7, 0x71, 0x2, '\x00', 0x7, 0x3})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bda", 0x7)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f00000001c0)=[0x2, 0x4], 0x0, 0x2}}, 0x40)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r10 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r10, &(0x7f0000002d00)={0x2, 0x4e21, @loopback}, 0x10)
sendmsg$rds(r10, &(0x7f00000005c0)={&(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000100)=""/188, 0x1001}], 0x1}, 0x0)
readv(r10, &(0x7f00000018c0)=[{&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000001640)=""/200, 0xc8}], 0x2)
close_range(r9, 0xffffffffffffffff, 0x0)

5m9.867002978s ago: executing program 2 (id=423):
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x20002)
r1 = dup(r0)
write$FUSE_LSEEK(r1, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x500, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})

5m9.814900591s ago: executing program 2 (id=425):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000000206010100000000000000000a00000005000300000000000900020073797a30000000000c000780080012400000000011000300686173683a6e65742c6e65740000000005000500020000000500040000000000d3378979a81b57d48998ac1814b373b2d2bf9f7ef56518bd1590bbce13a47f1df912f55692247233fb9ed3875f9fba7b32ad5a1ea57cd9bc0e14ab5eb84d7a302c53f0e72c011859f2f422fb0845ab524a5c282c4ab90d5ddf3cb45cf8f3c627db7abbd8e0a7efd0ca57d8c22c95dcd35954851868d14e2bf97bc17f1f5e97e09e0810a3b933c9d5d5b8206705631d7a7b0bd08c560e71d8d5fdcc45cb5380fb88d5ae3ea7c82b10904cfe348a97c9898081ace9f00a42e08925993674b5f625799200d3236cfff6bb28283b2a5fb74fb36b4bdb31776462b5466d7a5610ff"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/file0/file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[0x1], 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000001180)=0x2000000)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r4, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000180))
ioctl$SNDCTL_DSP_GETOSPACE(r4, 0x8010500c, 0x0)

5m8.717333783s ago: executing program 2 (id=432):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000440)={0x0, 0xffffffffffffff14, r2, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000080)={r2, r5})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000180)={r4, r5, 0x0, 0x0, 0x2})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x1000000, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
io_uring_setup(0x4299, &(0x7f0000000300)={0x0, 0xffffffbc, 0x0, 0x2, 0x176})
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440), 0x10)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x2710, @local}, 0x10)
clock_gettime(0x0, &(0x7f0000000140))
clock_gettime(0x0, &(0x7f0000000180)={<r8=>0x0, <r9=>0x0})
openat$rfkill(0xffffff9c, &(0x7f00000002c0), 0x84080, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{r8, r9+60000000}, {0x77359400}}, 0x0)
r10 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x4000)=nil, r10, 0x2000009, 0x4000010, 0xffffffffffffffff, 0x0)
r11 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f00000000c0))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r12 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r12, &(0x7f0000000080)='cpu.idle\x00', 0x2, 0x0)

5m8.453064445s ago: executing program 2 (id=433):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], &(0x7f0000000800)=""/196, 0x26, 0xc4, 0x1, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x15, 0x10, 0x4, 0x0, 0x0, 0x1, 0x1, '\x00', 0x0, r0, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
r1 = fsopen(&(0x7f0000000000)='binfmt_misc\x00', 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x8f)

5m8.414364252s ago: executing program 33 (id=433):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000604"], &(0x7f0000000800)=""/196, 0x26, 0xc4, 0x1, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x15, 0x10, 0x4, 0x0, 0x0, 0x1, 0x1, '\x00', 0x0, r0, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
r1 = fsopen(&(0x7f0000000000)='binfmt_misc\x00', 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0xf, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x8f)

4m42.0849063s ago: executing program 1 (id=633):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0x4da6)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000180)=[{r1}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f6003300", 0x10)
listen(r1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000200)=0x2, 0x43)
ioctl$int_in(r1, 0x5452, &(0x7f00000000c0)=0x1)
shutdown(r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000019000000", 0x8)
getpid()
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f00000000c0)=ANY=[], 0x8)

4m41.97517651s ago: executing program 1 (id=634):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b8, 0x118, 0x2b8, 0x182, 0x0, 0x0, 0x1f0, 0x3a8, 0x3a8, 0x1f0, 0x3a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@realm={{0x2c}, {0x0, 0xa}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x5, 'syz1\x00', {0x8}}}}, {{@uncond, 0x0, 0xa4, 0xd8}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0x4, 0x6, 0x3}, {0x0, 0x1}, 0x67a7, 0x9}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x314)

4m41.975030046s ago: executing program 1 (id=635):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000200)={0x0, 0xf00, &(0x7f00000001c0)={&(0x7f0000000040)={0x38, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0xf00}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)

4m41.914625772s ago: executing program 1 (id=636):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x5, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0xffff1000, 0x9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x430, 0x0, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f00000000c0)={0x0, 0x4})
ioctl$PPPIOCGIDLE(0xffffffffffffffff, 0x8008743f, &(0x7f0000000000))
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000010429bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="9320000008100000140012800c0001006d6163766c616e00", @ANYRES32, @ANYBLOB="080001"], 0x48}}, 0x20000000)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet(r7, &(0x7f0000004c00)=[{{&(0x7f0000000140)={0x2, 0x4e1d, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000008c0)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x29}, @multicast2}}}], 0x18}}], 0x1, 0x48040)
sendmmsg$inet(r7, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000340)="40728345b85c75044411aa8a72ed868a9dc79058ea0417e981e4225387b0962066faf3e80d3c8ea4249afbf9984cdb8f1e03fea1df0f5c35a728542f4a61c7b0bcf988d26b438e52ba4abce7273dbe7db282866e0e07deef38f3e0b3656111b02eab025f439affc76273e19ebb4f91fb31c2f122dae07e9bf4fa0da5cc6a25b539e72db8027435c704705bfbf28d39ee576c15d962356bc2c5d279dfbb3a33cbea7e3eeedbbfab5208564d", 0xab}], 0x1}}, {{&(0x7f0000000240)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000b40)=[{&(0x7f00000004c0)="eca3571e6c13b227c6842b3fb670be357af9f723f6c5c7c785a3ff69d486491e00d3268cac8ac8c065ac9199324ddaec1fa5de0db2b4986307b18a19c06b2b74a94b71a796d623d41628ae866306a38786521063b62c1cb104c2c2ccf9551b2582c44b0aa210ec24539ff6c6a75a7b739b470aedd547b72dd2368092086d26d2fd2b", 0x82}, {&(0x7f0000000580)="19b32cc103d762b69eb77c1c25d0dcc9d79b73bb89a89dd791c0223043c7e002096405135385ccbe7f2eaf96034e268129ab747d717d76f02738cdd0389c991a53445ae705831d7729808edaf5d4d1263646729130dd1cdc958684163f07d7d40d25bce6378356997ff0240fcbeb3a305f388fd0fd71679db39f54f6a7f103d30d7f2b4183d025e0f9ef54006c68d04cc2763f", 0x93}, {&(0x7f0000000640)="e8c6c4011ec3cbc7f382a04ce5af8c1849206f3ac6ec4d79986c0f48e73fe3b103e9328bc9b709c3e6b4af2eb81e30b5a41abd37dbd6fdcf8f5fc3a8dc12c91bd3799c8bc681aa4dc18f59b27e9c2b994a52e2bb9a3f2ca1416917d35c910d6937392b9f33d0104b4eff7fd1291b58c11d5999c611d71414fca2b56c3bfd57243e5db2984fc9f7b4eedfc73963235b67b883ab66f94a15a64e3eda7c58ed218f1471e319e224bb24726b73", 0xab}, {&(0x7f0000000700)="1f508cd326ce6122ff83898f6bb7a165a9efe3d970b253fa1e84278b71f22e9aceee5bce5f1cf5921d1ef60fc8edd8214748348544814f67aacab29da440d74a208f6d9860a4c12fd7258cf7ce1b24f7aca8865fc827a75775a130d4bc1e72319326994032d9da81f8368ab854192ba1eac0e3349fae28a1abf8cba0c25ccb06afed49c6be02a936447ec0c964819359779469617c40247e2d1c3ba311eb6f603d09d14437d206c0", 0xa8}, {&(0x7f0000000400)="86572137229c946dd09b00bb6d66b94ecb32d8390822a79b851318bfd9ae1efe0397e3d9daa5728189840d705c49bcaad2c58a8263abdd874500391ea2d95a6b1bfc79", 0x43}, {&(0x7f00000007c0)="27610e9fd1e9bd9620485f2afecff7e3e7376eec56b4292ea9fab922a1d98b28b159fafaf9cb8c9cbd16a2429778a53c0ca58290ecce78cbfa4dfe26e4aeb7436bc5ed8f814c385afd200073cd012ca71406b3b3f31852b6d04cdb4818bd48c7967f94d12e74facb7040df3b2803297bc91fb0df57029c2c46c8661a2fafa20fb0022fc6b7f01a88d00b97dd10ff632441596324c3bef48ce6292ad8522dc977178bfd6613f851274752ce4890c316299d756350d14191e7fd69fe1a51f25b0c26cf96465595d2876c50e4d23cd1c33ae5b5dd0b61ec08e7fe255d1419181cba2690ce10dcd0", 0xe6}, {&(0x7f0000000900)="d2ae31500109904a8c3fc160e36d2cd81b6e7ba19d4c7f7f5623d1c7bbc9ef9aeac4cd7a1568bf317a43ca3910155ed78960328690dd601b20620d2027c5757da8798b4cbc314c460bf2c00bd0e0a0985fcc0e7e95cfc97b69581ae0b6c62dbada14378a08091ffcef715388cc61dfa83cfa7cccba22bbbb85eacd9618d477293cbfe29dc1dd995369a6623250747d5500ab97dd8e", 0x95}, {&(0x7f00000009c0)="a38f623352202153d1395949ca7e906a7f614bbb4a0e387fdfd484b63247ac59c69de5742b68bf3f83cd6bb09c4d58e4afeca12842d076b43e21e96d886fbeb0fc3d8bf828b63218d1261c8c838682a666027021d78e081125a5fdfeddbc83", 0x5f}, {&(0x7f0000000a40)="8b34029801b29ee8b9df1fc70a04ed4fd0ba1314485d5e3730c5a9799ef9ac0980e5df118a677c2d5aea02db5650c38df5d8873498332141e6059db1fd2c02154385a777ceaca3bc386b8fb384fca0337bccfad5", 0x54}, {&(0x7f0000000ac0)="405c642762a3cecf90003167199c4b6b245691e240ad50c0699139828f2198d5d68e75b1ee31800a8e423c466381270766f94cc39e09f329724181bf467d71e25f60bb28ea8ff24e639f2ebeec3193f742431082cab8bee1347c30ab1d1b6e51f81e08010dea56570ee398f4a40b587f53a185e2da5bb30d7a91fdc7e2380b1b", 0x80}], 0xa, &(0x7f0000000bc0)=[@ip_tos_u8={{0xd, 0x0, 0x1, 0xaa}}, @ip_pktinfo={{0x18, 0x0, 0x8, {r5, @broadcast, @private=0xa010101}}}, @ip_retopts={{0xdc, 0x0, 0x7, {[@end, @lsrr={0x83, 0x1f, 0xcf, [@multicast2, @private=0xa010102, @empty, @remote, @remote, @dev={0xac, 0x14, 0x14, 0x2e}, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @cipso={0x86, 0x35, 0xffffffffffffffff, [{0x5, 0x4, "d316"}, {0x0, 0x7, "0ef366967f"}, {0x1, 0x11, "e38baa0fa0e917f37eb8c8d797b20a"}, {0x0, 0x7, "0ab7d55087"}, {0x7, 0xc, "96976bb522b2905e6eb7"}]}, @rr={0x7, 0x23, 0x51, [@private=0xa010100, @remote, @loopback, @dev={0xac, 0x14, 0x14, 0x28}, @loopback, @multicast2, @dev={0xac, 0x14, 0x14, 0x2d}, @multicast2]}, @timestamp_addr={0x44, 0x34, 0x4f, 0x1, 0xe, [{@rand_addr=0x64010100, 0x3b0000}, {@loopback, 0xc}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x28}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@empty, 0x6}, {@local, 0x80000000}]}, @noop, @timestamp_addr={0x44, 0x1c, 0x56, 0x1, 0x1, [{@multicast1, 0x9}, {@rand_addr=0x64010100, 0x8}, {@loopback, 0x8}]}, @ra={0x94, 0x4}]}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x2}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x8}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x18}}, @ip_ttl={{0x10, 0x0, 0x2, 0x80}}, @ip_tos_int={{0x10}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x591}}], 0x164}}, {{&(0x7f0000000d40)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000e80)=[{&(0x7f0000000d80)="df19832202d2c8b56828572bbb1ab321c58f15f25c744cf5b107954179c88f4014dcc497f518924dc8649c6c235fdef4caec527739d70cb1593a8e76d0f529fb6ee614d1c9ce34b284926a6ab8809ba64c4d43a9ee54db9d22c1075a6fca2051dec7c0a57c3dae215b5ed0048d3e29a9446648d2d37f9043002ae440d689acabf0b5b697a3198d9b068ba83597c21870adcd11fe341544a013680ae7dc137bfb54ae4c48e3fbb291c053de5cd0f04fb0eed42bb99392958406b11e0a7257ba335a84a63bdaa3516e4511eaf3ba04c924fac653e1362c351554c3cab9dda97a", 0xdf}], 0x1, &(0x7f0000000ec0)}}, {{&(0x7f0000000f00)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, &(0x7f0000001280)=[{&(0x7f0000000f40)="f4109db89fb3db3983140702ab549d78e3eee675895974a45ecc6f4f5095094d8a96e2b7661a78c8cac84512545f712977f020df6a0947ba1e8c16ab3f8cf7284f1cc766775ebb791f72b446530ced200e56154fec97031c6204656018d8d05a998e76f515c82185be3fcbfb71c6ec8ea72f3838e8fd40145c959d112cc517c3ec0d6f1c9a24a9dfccf6f6a6418a2dc151911ac8df6a7b6465d67caa7504da910f99bcf43809ed24cd511fb5dca435f064e8305d39814e87838d9bd67207b5dce7f7e746a206b4759c5c8049a608c32f6915208d19d2dc4b93", 0xd9}, {&(0x7f0000001040)="1b25e9738540251dea92dcc0a8834979f456350fdc005a7ab3b1f6c21f5ab1e75c3b58805e444fb735ba335fbfe8398778b2f36558cfc407413e171c9cae6cdf9b5bb87ae6a5fdce233f0142d937018e9b0f92bf34ac7fe625d9f9b7b0f8822d5763bc36a4dea3659053d94ab267b3eddf410886aaf1986c00f94d563634", 0x7e}, {&(0x7f00000010c0)="ee8f0072f54b18c79676e336e5276833e18d3982f0b9310fc8e9e714d3322870bebc9d963d71b200773e55f0202c922abf13df288979927c781874cc1e6e2f7e4e3b86fbe007eabe0866ea4b79a84579a9b75e237a037575d3b0397110fa0e0ab84257b16b429f285ad32c4e443317132029113bb8fb7484ccaff9dbe42f53c8374cc35a4e55f717c57dcc014af7e898a9c1effe2d75bde002038a8dba827d8f38f74977e6e7368e2f", 0xa9}, {&(0x7f0000001180)="6ba294e20ecd18d43ca01fa8846a2133eba1cc190d37f91676d9375ffc7272a042ea4682ecc9fd8bd199b8d3ed64fb092d1938bbd124e782ff655d90a0a557483bac1ff0f7242674b1421e8c7b48c31a91d9d429f81bfc9647a93820db33d16b3d36325a466672ee586bd5713c3bd5af", 0x70}, {&(0x7f0000001200)="fd3d2f18d064a81f4b8891b4b059e68787e2e8338db61cdcbc48315ce107cb6c1f21e762fbefeff0f137f238e68165c13c6b6e49dd102ff482c125c9eeb0dac01e4a0450ec996f193d97596e793d0c6cd4f646ea87eaa32b9c686f2fc1ec555fdd2be4161eaad496992eac7befd18a71ddf5f89e557417", 0x77}], 0x5, &(0x7f00000012c0)=[@ip_pktinfo={{0x18, 0x0, 0x8, {r5, @multicast2, @remote}}}], 0x18}}], 0x4, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e0d05f00cbd2c574e03f873b0a8ca"], 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0402030c"], 0x7)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r5, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r4, @ANYRES32=r6], 0x44}}, 0x0)

4m41.694592025s ago: executing program 1 (id=639):
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(0xffffffffffffffff, 0xc038563c, &(0x7f00000001c0)={0x1, 0x0, {0xe, 0x7ff, 0xb, 0x5}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x4, &(0x7f0000000240)=[{0x7, 0x4, 0x0, 0x7fc00100}, {0xb681, 0xa, 0x7, 0xd3}, {0x8, 0x16, 0xfd, 0x401}, {0x7, 0xc5, 0x6, 0x8}]})
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000280)=@assoc_value, &(0x7f0000000340)=0x8)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x8, &(0x7f0000000180)=ANY=[@ANYRESHEX=0x0, @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f00000003c0)="2e0fc72ebf003664260fc76d130f35642e0f01cf660f3a14910200250fc79a000066b97509000066b80000010066ba000000000f300f320f060f00d2", 0x3c}], 0x0, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
r7 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r7, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r8}, './file0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)

4m41.575000784s ago: executing program 1 (id=641):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = socket(0x10, 0x80002, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
preadv(r5, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0xffffffff, 0x4)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendto$packet(r6, &(0x7f00000012c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x20004881, &(0x7f0000001280)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @remote}, 0x14)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
r8 = semget(0x1, 0x1, 0x789)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000040)=[0x2])
ioctl$TCXONC(r0, 0x5608, 0x1)

4m26.463101087s ago: executing program 34 (id=641):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = socket(0x10, 0x80002, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
preadv(r5, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0xffffffff, 0x4)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendto$packet(r6, &(0x7f00000012c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x20004881, &(0x7f0000001280)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @remote}, 0x14)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
r8 = semget(0x1, 0x1, 0x789)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000040)=[0x2])
ioctl$TCXONC(r0, 0x5608, 0x1)

1m31.90293958s ago: executing program 0 (id=2101):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2})
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"88bc980ec56ec28db42bcfb4c982b0634d8e850390d839692b5fac06e3083f67", 0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x0, "a2a49f8885378ff96899dc48ace973a217baf658d9ded3372e67151f7decbfce", <r2=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f00000000c0)={"5ba58a89a24ffa053858158566de4840c1eac7105fab50d1874044901bbb868b", r2})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x200000000000001)
request_key(&(0x7f0000000240)='id_legacy\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)='GPL\x00', 0xffffffffffffffff)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0)

1m31.755172939s ago: executing program 0 (id=2103):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYBLOB="f8ffffff00"/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400009e54000000000000000000000000000000000000008b3809aec0701768a9e301b130c68899b2bd025ee9da974e70692c0602c81a60d2b1c3feab59a6c3d5d3eb2901010000575b75aba3c18af19a36a04ab1bafd555731ea5a55d1fa48d5e4dd8407516b7b33e6fd5f51de202adbefd458e00fe7657e3c5829581b8a26a71a01da68420f4aa921765e587a2d1453159b0fff7d03b476bd04c5a5ae153ca23f585626074434cfc73bbc24e1b5811e90ee22455ea602aaea0babdf"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000003000000000000000600000067934000000000007b06fcff10000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000bc0f0000850000000600000095000000000000008381a218e7706f7b21b737e37c963e32b2d1a5a2d0b67c5ee9384de8a65154bc5d3bec48dd370c18c19667cc"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x71, &(0x7f0000000580)=""/113, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x3, 0xffff, 0x80}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0, r0], &(0x7f0000000480), 0x10, 0x9, @void, @value}, 0x94)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f0000001640)=ANY=[], 0x1a3)
write$binfmt_misc(r8, &(0x7f0000000000), 0xe09)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000024000480200001800a00010071756f7461000000100002800c0001400000"], 0x78}}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x1, 0x5840, 0x5)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
r10 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r10, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1m30.93800502s ago: executing program 0 (id=2106):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x42, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11641e7a, 0x20000000, 0x2, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x20, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x20, 0x4004, @fd=r2, 0x6, 0x0, 0x0, 0x9, 0x1, {0x2}})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

1m29.882818205s ago: executing program 0 (id=2116):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r2 = socket(0x1, 0x803, 0x0)
fsopen(&(0x7f0000000040)='afs\x00', 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$vsock_stream(0x28, 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet_sctp(0x2, 0x400000000001, 0x84)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
write$binfmt_misc(r4, &(0x7f0000000980), 0xfdef)
read$FUSE(r3, &(0x7f00000081c0)={0x2020}, 0x2020)
r5 = syz_open_dev$evdev(&(0x7f0000000280), 0x1ff, 0x0)
ioctl$EVIOCGREP(r5, 0x80284504, &(0x7f0000000040)=""/102)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r6], 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x1, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="500000001000210400000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000000000008000500", @ANYRES32=r10], 0x50}}, 0x2)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00'})
r11 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_KEY(r12, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="c1a51e54", @ANYRES16=r13, @ANYBLOB="05032dbd7000fbdbdf25160000000c0006000100000001000000"], 0x20}, 0x1, 0x0, 0x0, 0x4000080}, 0x4008014)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x80000000}, 0xc)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x2, 0x2})
ioctl$SG_IO(r11, 0x2285, &(0x7f0000000240)={0x53, 0xffffffffffffffff, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000380)="7d04c0cc5bed", 0x0, 0x0, 0x12, 0x1, 0x0})

1m29.034455229s ago: executing program 0 (id=2122):
keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r1, 0x6f000)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r2, 0x4b3c, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$inet(0x2, 0x3, 0x6)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x1003, 0xffffffffffffffff, 0x0, 0xa00369a4}, 0x38)
shutdown(r4, 0x0)
recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000000400000000000000000008500000053000000850000007d00000095", @ANYRES8], &(0x7f0000000100)='syzkaller\x00', 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
fsopen(&(0x7f0000000040)='bdev\x00', 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000940)=@raw={'raw\x00', 0x9, 0x3, 0x41c, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x354, 0xffffffff, 0xffffffff, 0x354, 0xffffffff, 0x3, &(0x7f0000000000), {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2, [0xffffffff, 0xff000000, 0xff], [0xffffffff, 0xffffff00, 0xffffffff], 'veth0_macvtap\x00', 'ip6_vti0\x00', {}, {}, 0x4, 0x3, 0x2, 0xd2}, 0x0, 0x200, 0x220, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x5}}, @common=@rt={{0x138}, {0x6, [0xbbd, 0x2], 0xb, 0x4, 0x4, [@private1, @loopback, @ipv4={'\x00', '\xff\xff', @multicast2}, @empty, @empty, @private2, @dev={0xfe, 0x80, '\x00', 0x37}, @ipv4={'\x00', '\xff\xff', @loopback}, @dev={0xfe, 0x80, '\x00', 0x34}, @empty, @dev={0xfe, 0x80, '\x00', 0x13}, @private2={0xfc, 0x2, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @private1, @local, @private0], 0x5}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xec, 0x134, 0x0, {}, [@common=@hbh={{0x48}, {0x400, 0x6d6bd484097fadc9, 0x0, [0xf1, 0xfff8, 0x401, 0x6c2, 0x5, 0x3340, 0x7, 0x1, 0x3ff, 0x9, 0x400, 0x400, 0x1, 0x48, 0x0, 0x6], 0x10}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0xa8d, 0x8, 'snmp\x00', {0x9}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x478)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m27.850952293s ago: executing program 0 (id=2127):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYBLOB="f8ffffff00"/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400009e54000000000000000000000000000000000000008b3809aec0701768a9e301b130c68899b2bd025ee9da974e70692c0602c81a60d2b1c3feab59a6c3d5d3eb2901010000575b75aba3c18af19a36a04ab1bafd555731ea5a55d1fa48d5e4dd8407516b7b33e6fd5f51de202adbefd458e00fe7657e3c5829581b8a26a71a01da68420f4aa921765e587a2d1453159b0fff7d03b476bd04c5a5ae153ca23f585626074434cfc73bbc24e1b5811e90ee22455ea602aaea0babdf"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000003000000000000000600000067934000000000007b06fcff10000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000bc0f0000850000000600000095000000000000008381a218e7706f7b21b737e37c963e32b2d1a5a2d0b67c5ee9384de8a65154bc5d3bec48dd370c18c19667cc566ebbaf70"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x71, &(0x7f0000000580)=""/113, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x3, 0xffff, 0x80}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0, r0], &(0x7f0000000480), 0x10, 0x9, @void, @value}, 0x94)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f0000001640)=ANY=[], 0x1a3)
write$binfmt_misc(r8, &(0x7f0000000000), 0xe09)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000024000480200001800a00010071756f7461000000100002800c0001400000"], 0x78}}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x1, 0x5840, 0x5)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
r10 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r10, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1m12.485524462s ago: executing program 35 (id=2127):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYBLOB="f8ffffff00"/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400009e54000000000000000000000000000000000000008b3809aec0701768a9e301b130c68899b2bd025ee9da974e70692c0602c81a60d2b1c3feab59a6c3d5d3eb2901010000575b75aba3c18af19a36a04ab1bafd555731ea5a55d1fa48d5e4dd8407516b7b33e6fd5f51de202adbefd458e00fe7657e3c5829581b8a26a71a01da68420f4aa921765e587a2d1453159b0fff7d03b476bd04c5a5ae153ca23f585626074434cfc73bbc24e1b5811e90ee22455ea602aaea0babdf"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000003000000000000000600000067934000000000007b06fcff10000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000bc0f0000850000000600000095000000000000008381a218e7706f7b21b737e37c963e32b2d1a5a2d0b67c5ee9384de8a65154bc5d3bec48dd370c18c19667cc566ebbaf70"], &(0x7f00000002c0)='syzkaller\x00', 0x8, 0x71, &(0x7f0000000580)=""/113, 0x40f00, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x3, 0xffff, 0x80}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, r0, r0], &(0x7f0000000480), 0x10, 0x9, @void, @value}, 0x94)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f0000001640)=ANY=[], 0x1a3)
write$binfmt_misc(r8, &(0x7f0000000000), 0xe09)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000024000480200001800a00010071756f7461000000100002800c0001400000"], 0x78}}, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x1, 0x5840, 0x5)
ioctl$TCSETA(0xffffffffffffffff, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"})
r10 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r10, 0x400, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

17.926174577s ago: executing program 4 (id=2541):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8341)
ioctl$USBDEVFS_BULK(r0, 0x4008550d, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="a463e714e3a827e7b4f58a83c475f451c996aa8d9c0884714117a88b", @ANYRESHEX, @ANYBLOB="020029bd7000fbdbdf254b0000000400870008009e00000000000a00f50050505050505000000500f600000000000a000600ffffffffffff0000040087004d022a00dd904ece2b7f143b425c138d323babedf2aa75dcd4a0f386dae12b18bb256e738f4df5c6c87db2453b9410ab9390795a0b17d6b7429a6b2ab9fd402e5ad8953f9acbca06431098f37548fc929b8ffe06240d5966b97727c4aef4b48e92304909cfd0fafd5add8999ef32275e2119c153b1487be961127b99aceb3ea2feadc94b81339574425df72b7dea80a59b2f20d6d7908c10000067c8e0211a32b864b6df8f487b3484ce000c40ffffffffffff00000000ffffffffffff0e004008021100000000000000ffffffffffff0c0000080211000001000000003a0000080211000000000000002b004008021100000100000000080211000000000000ffffffffffff00000000000000ffffffffffff0000000000004008021100000000000000080211000001220040080211000000ffffff7f0802110000011c00400802110000000900000008021100000101004008021100000100000000080211000001000040ffffffffffff050000000802110000010500100163bd06080211000000dd490464c974589012e356b87cf5c3d83a20ec83fadecc0582072e7571bcce15e7"], 0x2a4}}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000240), 0xfffbf5b7, 0x872ac2)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x1068)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a00010000000000000000001c00"/28], 0x19}}, 0x0)
set_mempolicy(0x1, 0x0, 0x800)
set_mempolicy(0x4000, &(0x7f0000000040)=0x7fffffff, 0x40)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0xf00, &(0x7f0000000100)={&(0x7f0000001200)={0x20, 0x1418, 0x1, 0x0, 0x3, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10)

17.849301944s ago: executing program 4 (id=2543):
r0 = socket$tipc(0x1e, 0x2, 0x0)
open(&(0x7f00000001c0)='.\x00', 0x20000, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0, &(0x7f00007a4000/0x4000)=nil})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="08000000070a01080000000000000000020001000080000000007a32000000000c00034000000000000000000900010073797a3000000000c9bc2c7d661f2da7af60ab678406a368174d2930632b37ee2aaed5567106b17ae82dfbc719a690d18f0a4264af3b2fa98b6a7e1cc2d37715f2147833601885c68e7e768ee8dab80cdc4b186ea412d9b97bcba1b7704d1cc719f8ab118e926399728a3aed"], 0x38}}, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
socket$kcm(0x29, 0x2, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x0, 0xf2a9, 0x7, 0x4000000000010000, 0x10, 0x1, 0x6, 0x5}, 0x0, &(0x7f0000000240)={0x1ff, 0x1ff, 0xe, 0xfffffffffffffffb, 0x457, 0x84, 0x3, 0x6}, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x3}, 0x10)
sendmsg$tipc(r5, 0x0, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r0, 0x10f, 0x88)

16.944038156s ago: executing program 4 (id=2550):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000ac0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x78}}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f00000001c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x84, 0x0, @empty, @broadcast}, "dd9dec79219eb549dbd024c7"}}}}, 0x0)

16.811860481s ago: executing program 4 (id=2553):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8341)
ioctl$USBDEVFS_BULK(r0, 0x4008550d, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="a463e714e3a827e7b4f58a83c475f451c996aa8d9c0884714117a88b", @ANYRESHEX, @ANYBLOB="020029bd7000fbdbdf254b0000000400870008009e00000000000a00f50050505050505000000500f600000000000a000600ffffffffffff0000040087004d022a00dd904ece2b7f143b425c138d323babedf2aa75dcd4a0f386dae12b18bb256e738f4df5c6c87db2453b9410ab9390795a0b17d6b7429a6b2ab9fd402e5ad8953f9acbca06431098f37548fc929b8ffe06240d5966b97727c4aef4b48e92304909cfd0fafd5add8999ef32275e2119c153b1487be961127b99aceb3ea2feadc94b81339574425df72b7dea80a59b2f20d6d7908c10000067c8e0211a32b864b6df8f487b3484ce000c40ffffffffffff00000000ffffffffffff0e004008021100000000000000ffffffffffff0c0000080211000001000000003a0000080211000000000000002b004008021100000100000000080211000000000000ffffffffffff00000000000000ffffffffffff0000000000004008021100000000000000080211000001220040080211000000ffffff7f0802110000011c00400802110000000900000008021100000101004008021100000100000000080211000001000040ffffffffffff050000000802110000010500100163bd06080211000000dd490464c974589012e356b87cf5c3d83a20ec83fadecc0582072e7571bcce15e7"], 0x2a4}}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000240), 0xfffbf5b7, 0x872ac2)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x1068)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a00010000000000000000001c00"/28], 0x19}}, 0x0)
set_mempolicy(0x1, &(0x7f0000000000)=0x964, 0x800)
set_mempolicy(0x4000, 0x0, 0x40)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0xf00, &(0x7f0000000100)={&(0x7f0000001200)={0x20, 0x1418, 0x1, 0x0, 0x3, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10)

16.811405039s ago: executing program 4 (id=2554):
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x5c, 0x0, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x40, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "a0d4e01051d6ff63"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0c7c6c4ccd67902d2678fc89fffa0e35"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="d61999a5cad5b6e054c67d91ce64e9e25ccfe5805e9c21b1"}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d000000000000ecffffff000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000c20000000000000000000000900000000000000000000000900000000000000000000000902"], 0x0, 0x96, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0xffffffff, 0x0, @void, @value}, 0x28)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000280)=0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$unix(r3, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1f00}, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r4=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x31, 0x0, 0x7f, 0x8, 0x1, 0x4, '\x00', r4, r0, 0x2, 0x0, 0x4, 0x1, @void, @value, @void, @value}, 0x50)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22)

15.901567554s ago: executing program 4 (id=2566):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = socket(0x10, 0x80002, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
preadv(r5, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0xffffffff, 0x4)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendto$packet(r6, &(0x7f00000012c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x20004881, &(0x7f0000001280)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @remote}, 0x14)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
r8 = semget(0x1, 0x1, 0x789)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000040)=[0x2])
ioctl$TCXONC(r0, 0x5608, 0x1)

5.634263513s ago: executing program 7 (id=2610):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = socket(0x10, 0x80002, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
preadv(r5, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0xffffffff, 0x4)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendto$packet(r6, &(0x7f00000012c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x20004881, &(0x7f0000001280)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @remote}, 0x14)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
r8 = semget(0x1, 0x1, 0x789)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000040)=[0x2])
ioctl$TCXONC(r0, 0x5608, 0x1)

4.920307181s ago: executing program 5 (id=2615):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
socket$tipc(0x1e, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xc, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
preadv2(r3, 0x0, 0x0, 0x2b, 0x0, 0x0)
io_setup(0x4082, &(0x7f0000000380))
unshare(0x400)
landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000040)=0x1ff)
close(0x3)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18eb000000000000000000000200000073014000f90eb9c29500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = io_uring_setup(0x253c, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x3, 0x2})
r7 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
close_range(r6, 0xffffffffffffffff, 0x0)

4.592384052s ago: executing program 7 (id=2617):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f00000000c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000580)=ANY=[@ANYRES8=0x0, @ANYRESHEX=r0, @ANYRES16=r1, @ANYRESDEC=r1, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x2)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001100010125bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000100020007d622006d2e9b4dee1d3a6c0008000a0017b17eb7006508f6ffffffffffffff00"/51, @ANYRES32=0x0, @ANYBLOB="08001300", @ANYRES32=0x0, @ANYBLOB="08001f00070000000a000200aaaaaaaaaa140000"], 0x4c}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff01000000000000001b000000000001e00004010000040000000000000000"], 0xb8}, 0x1, 0xfffff000}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@empty, @in6=@remote, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}]}]}, 0xa0}}, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_int(r8, 0x29, 0x3c, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev}, 0x1c)
socket$inet(0x2, 0x3, 0x6)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="050000002f000000420000004000000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000002814007c8bb1b1abc6bff378a7ef5c37a5d56004f34fbb6b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000240)="85b4c9adb5c930b6528d31f4ac950a254eb3e942253fae5513cf5e79f84babf9d37ecd768063c905c91f051fc6b04bdbd9bf2fe7ba8c809747653b37835c62037fee17af07a2b7ace387c571afb55da5f691f65a99f3022deb42c8129c623ad6235564e992ced00ecfbecd22", 0x1003, r9, 0x0, 0xa00369a4}, 0x38)

3.866847124s ago: executing program 5 (id=2619):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000001a000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000740)={r0, r2, 0x25, 0x6, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0}}, 0x40)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040))
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200})
r7 = openat$vcsu(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
read$FUSE(r7, &(0x7f0000000840)={0x2020}, 0x2020)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r9=>0x0})
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x49, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000380)={0x0, 0xf0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r8, 0xb01, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}}, 0x0)

3.260203192s ago: executing program 5 (id=2620):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xa, [{}, {0x10}]}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f00000000c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000580)=ANY=[@ANYRES8=0x0, @ANYRESHEX=r0, @ANYRES16=r1, @ANYRESDEC=r1, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x2)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001100010125bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000100020007d622006d2e9b4dee1d3a6c0008000a0017b17eb7006508f6ffffffffffffff00"/51, @ANYRES32=0x0, @ANYBLOB="08001300", @ANYRES32=0x0, @ANYBLOB="08001f00070000000a000200aaaaaaaaaa140000"], 0x4c}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff01000000000000001b000000000001e00004010000040000000000000000"], 0xb8}, 0x1, 0xfffff000}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@empty, @in6=@remote, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}]}]}, 0xa0}}, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_int(r8, 0x29, 0x3c, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev}, 0x1c)
socket$inet(0x2, 0x3, 0x6)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="050000002f000000420000004000000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000002814007c8bb1b1abc6bff378a7ef5c37a5d56004f34fbb6b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000240)="85b4c9adb5c930b6528d31f4ac950a254eb3e942253fae5513cf5e79f84babf9d37ecd768063c905c91f051fc6b04bdbd9bf2fe7ba8c809747653b37835c62037fee17af07a2b7ace387c571afb55da5f691f65a99f3022deb42c8129c623ad6235564e992ced00ecfbecd22", 0x1003, r9, 0x0, 0xa00369a4}, 0x38)

2.259015725s ago: executing program 7 (id=2621):
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f0000000880)='./file1\x00', 0x0, 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r2, 0x810c9365, 0x0)
sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x24044025}, 0x48844)
writev(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x256603, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r4, 0xab00, r5)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000080)={0x0, 0x7, {<r6=>0xffffffffffffffff}, {}, 0x3})
r7 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x0, r7, 0x0, &(0x7f00000000c0))
kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r1, &(0x7f0000000100)={0xffffffffffffffff, r3, 0x1})
r8 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x1)
ioctl$NBD_SET_SOCK(r8, 0xab00, r5)
ioctl$NBD_SET_FLAGS(r8, 0xab0a, 0x1000001000104)
ioctl$NBD_SET_SOCK(r8, 0xab00, r5)
ioctl$NBD_DO_IT(r4, 0xab03)
close_range(r3, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

2.252131721s ago: executing program 6 (id=2622):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = getpid()
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='\x00', 0x89901)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0xc, &(0x7f0000000900)=ANY=[@ANYBLOB="dcba2678dec8b9350e80d67c048cb62e56267f10e41462a1bcf954a1418f25cfcdca9676a46ed7d1b4d6ad3cc31bf9ff7d2691f34c4af3b1702ef05cf41671c1d9f87744faa36a2f8f261a5e7b88d35823e108fb94b0b9a4dc987deeb0b1cb286225c5edc69ecc1e", @ANYRESHEX=r3, @ANYRESHEX=r0, @ANYRES16=r1, @ANYRES16=r3, @ANYRES16=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0)
ioctl$SIOCX25SDTEFACILITIES(r2, 0x89eb, &(0x7f0000000300)={0x0, 0x200, 0x60ef, 0x4, 0x9, 0xf, 0x1e, "d63d5dec114b2c1f5ceef2a13dd7dc30c4294d31", "bc3eb9da46b4d2a862f77dc346def41040192af1"})
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x138)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"])
chdir(&(0x7f0000000280)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket(0x10, 0x5, 0x9)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000180), 0xfea7)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sched_setaffinity(0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810)
r7 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_ifreq(r7, 0x8923, &(0x7f0000000040)={'lo\x00', @ifru_hwaddr=@multicast})

1.513594935s ago: executing program 6 (id=2623):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x17, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000014000000b703000000000000850000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000017000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@ipv6_deladdrlabel={0x38, 0x49, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x6}, [@IFAL_ADDRESS={0x14, 0x1, @private2}, @IFAL_LABEL={0x8, 0x2, 0x4}]}, 0x38}}, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{}]})

1.352383269s ago: executing program 7 (id=2624):
mremap(&(0x7f000000d000/0x2000)=nil, 0xfffffffffffffe74, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil)
r0 = socket$kcm(0xf, 0x3, 0x2)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x5, &(0x7f0000000040)=0x1001, 0x4)
sendmsg$inet(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="02", 0x33fe0}, {0x0}], 0x2}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0x0)
r1 = openat$nvram(0xffffff9c, &(0x7f0000000240), 0x2181, 0x0)
r2 = openat$nmem0(0xffffff9c, &(0x7f0000000280), 0x151a00, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="a1ba1259c55eeba15b6fa1000000f073411d72db56db"], 0x50)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000500)=<r4=>0x0, &(0x7f0000000540)=0x4)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000700)={0xffffffffffffffff, 0x8, 0x18}, 0xc)
r6 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000a40)=@o_path={&(0x7f0000000a80)='./file0\x00', 0x0, 0x4008, r3}, 0x14)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000007c0)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff, {<r8=>0xffffffffffffffff}}, './file0\x00'})
connect$bt_l2cap(r8, &(0x7f0000000740)={0x1f, 0x5, @none, 0x7e}, 0xe)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1b00000000000000000000000700000000000000", @ANYRES32=0x1, @ANYBLOB="cfec756c00"/20, @ANYRES32=0x0, @ANYRESOCT, @ANYRES64], 0x50)
r10 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r10, &(0x7f0000000780)=[{&(0x7f00000004c0)='4', 0x1}], 0x1)
r11 = open(&(0x7f0000000880)='./file0\x00', 0x101100, 0x8)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000008c0)={0x1, <r12=>0xffffffffffffffff}, 0x4)
r13 = syz_open_procfs(0x0, &(0x7f0000000380)='net/ip_mr_vif\x00')
pread64(r13, &(0x7f000001a240)=""/102391, 0x18ff7, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x1f, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085450400fcffffff851000000300000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018120000", @ANYRES32=r3, @ANYBLOB="000000000000000018400000050000000000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000079"], &(0x7f0000000440)='GPL\x00', 0x4, 0x4a, &(0x7f0000000480)=""/74, 0x40f00, 0x7, '\x00', r4, 0x25, r8, 0x8, &(0x7f00000005c0)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000840)={0x4, 0x3, 0x8, 0x100}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000900)=[r5, r6, r7, r9, r10, r11, r12, 0xffffffffffffffff, r13], &(0x7f0000000940)=[{0x5, 0x2, 0xb, 0x4}], 0x10, 0x0, @void, @value}, 0x94)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="18020000000000000000000016000000850000000500000095000000000000002303f03bfae165c4bc628493371b43603a47c018ef0f7ffcf276988d40b37fa91a86f47a0b2cedc200d3f58cb4cf02dcdc614c7f8aaac0f46d4082cd9645831b7ce5b4aa31ea5f408eac8c4b7142232f1ca1413424797943897cd49fda0e721fee4b2a"], &(0x7f0000000040)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r15=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r14, r15}, 0x10)
syz_emit_ethernet(0xe6, &(0x7f0000000080)=ANY=[], 0x0)
cachestat(r0, &(0x7f0000000040)={0x0, 0x7}, &(0x7f00000000c0), 0x0)
openat(r11, &(0x7f0000000580)='./file0\x00', 0x100, 0x130)
r16 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r16, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000000d0601040000000000000000030000070500050001000000050001000700000005000100070000000500019ebd1db865197751c9c05c13f616d300070000000500050007000000120003006269746d61703a69702c6d61ca00000005000500030078b3b1e955f2b53b73683a6970000e0003006269746d61"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x800)

1.345246446s ago: executing program 6 (id=2625):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\b\x00', 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @mcast2, @mcast2={0xe}}}}}}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000acc000000000a01030000000000000000010000010900010073797a3100000000a30006006047c6001a1b4516ef492625e8ebef515fd3a074e684246c2b5b31320dbafdd29f2b4ff7ae2e15f5d081ed5b57765edde2cf676cc7d38bbc05bbeee13e8015d136346f55b6a6e6a2fb9fa5a4a5b657527bde1b30d15f63ad8c0ebba011b92bed7bffdc52c3d8ebf6ec2e98fd1a8a995cb280b4d863b90a75733ca8320156cdd8b78df82afdac71630d9bc2dd4780ae5e6f4937e115d7965ba8679525ccfeff0008000240000000042c000000030a01020000000000000000010000000900030073797a32000000000900010073797a310000000050000000050a010200000000000000000100000030000480080002405d6295290800024041d0b5b508000140000000031400030076657468305f746f5f687372000000000900010073797a310000000028000000000a05000000000000000000010000080900010073797a3100000000080002"], 0x198}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000001000000e27f000001", @ANYRESHEX=r1], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000618110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket(0x28, 0x5, 0x0)
setuid(0xee01)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f00000014c0)={'syztnl1\x00', 0x0})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r3}, 0x38)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r5, 0x0, 0x0}, 0x10)

1.234560747s ago: executing program 6 (id=2626):
socket$inet6(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000000040)={0x6, 0xfff, 0xb, 0x10000, 0x4, 0x3})
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc)
getsockopt$inet_buf(r1, 0x0, 0x29, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xffffffff}]}}}]}, 0x38}}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x44}}, 0x0)

1.230743577s ago: executing program 5 (id=2627):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
socket$tipc(0x1e, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xc, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
preadv2(r3, 0x0, 0x0, 0x2b, 0x0, 0x0)
io_setup(0x4082, &(0x7f0000000380))
unshare(0x400)
landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000040)=0x1ff)
close(0x3)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18eb000000000000000000000200000073014000f90eb9c29500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = io_uring_setup(0x253c, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x3, 0x2})
r7 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
close_range(r6, 0xffffffffffffffff, 0x0)

1.162267257s ago: executing program 7 (id=2629):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000001a000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000740)={r0, r2, 0x25, 0x6, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0}}, 0x40)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000040))
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200})
r7 = openat$vcsu(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
read$FUSE(r7, &(0x7f0000000840)={0x2020}, 0x2020)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r9=>0x0})
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x49, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000380)={0x0, 0xf0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r8, 0xb01, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}}, 0x0)

1.032214101s ago: executing program 6 (id=2630):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}}]}, &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0xc, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x0, 0x10, 0xfffffffb, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x4)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000140)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x1000, 0x3a, '\xf4\xb5\xb2\xed\xc6;\xc7,4\\xev/bus/us\xae\xd1\x93\xc1\bm\xe9\xf3#\x00:\xbem\x02H;\x90\xa5\x1f\x8d\xc6\xae\xcc\x95a7\xc3\x168%\xc3\xc6\n\x8d\xbc\x81\x1a\x80\x16jY\x9f~\x12\x94]\x1e\x8c\x1d\xe7\xfe\"y\xa6O\xf5\xa2\xb6\xe7\xe3]%)l\x90\xe9\x026\xe4\xabX\xa0+\x86\nB&\xab\xef\xea\xa3\tUc\xc3\xad\x84\xa3vK{\xb2\xa3\xfc\x1f', 0x3a, '/dev/bus/usb/00#/00#\x00', 0x3a, './file0'}, 0xaf)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x9}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)
preadv(r0, &(0x7f0000000740)=[{0x0}, {&(0x7f0000000500)=""/97, 0x61}], 0x2, 0x0, 0x0)

860.905938ms ago: executing program 7 (id=2631):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f00000000c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000580)=ANY=[@ANYRES8=0x0, @ANYRESHEX=r0, @ANYRES16=r1, @ANYRESDEC=r1, @ANYRESHEX=r2], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x2)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001100010125bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000100020007d622006d2e9b4dee1d3a6c0008000a0017b17eb7006508f6ffffffffffffff00"/51, @ANYRES32=0x0, @ANYBLOB="08001300", @ANYRES32=0x0, @ANYBLOB="08001f00070000000a000200aaaaaaaaaa140000"], 0x4c}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff01000000000000001b000000000001e00004010000040000000000000000"], 0xb8}, 0x1, 0xfffff000}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@empty, @in6=@remote, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}]}]}, 0xa0}}, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_int(r8, 0x29, 0x3c, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev}, 0x1c)
socket$inet(0x2, 0x3, 0x6)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="050000002f000000420000004000000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000002814007c8bb1b1abc6bff378a7ef5c37a5d56004f34fbb6b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000240)="85b4c9adb5c930b6528d31f4ac950a254eb3e942253fae5513cf5e79f84babf9d37ecd768063c905c91f051fc6b04bdbd9bf2fe7ba8c809747653b37835c62037fee17af07a2b7ace387c571afb55da5f691f65a99f3022deb42c8129c623ad6235564e992ced00ecfbecd22", 0x1003, r9, 0x0, 0xa00369a4}, 0x38)

729.043627ms ago: executing program 36 (id=2566):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = socket(0x10, 0x80002, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
preadv(r5, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0xffffffff, 0x4)
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendto$packet(r6, &(0x7f00000012c0)="3f030e0033e6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0x48, 0x20004881, &(0x7f0000001280)={0x11, 0x0, 0x0, 0x1, 0x1, 0x6, @remote}, 0x14)
bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
r8 = semget(0x1, 0x1, 0x789)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000040)=[0x2])
ioctl$TCXONC(r0, 0x5608, 0x1)

229.745594ms ago: executing program 5 (id=2633):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0x3, 0x1}, 0x6)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x8090}, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a88000000060a0b040000000000000000020000005c000480580001800a000100696e6e65720000004800028008000240000000840800034000000007080004400000000f080001400000000024000580090001006d657461000000001400028008000240bfc79edb080001400000000e0900010073797a30000000000900020073797a32"], 0xb0}}, 0x0)
socket(0x1d, 0x3, 0x1)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
pipe2(&(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x4080)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000ec0)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x4}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8c, '\x00', 0x0, 0xe, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
syz_socket_connect_nvme_tcp()
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x27)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89e1, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x8}, {0x0, 0xffff}, {0xffe0}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x16}]}, 0x2c}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480), 0xffffffffffffffff)
bind$phonet(r2, &(0x7f0000000640)={0x23, 0x2, 0xcd, 0x7}, 0x10)
sendmsg$TIPC_NL_PEER_REMOVE(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000a40)={0x20, r10, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}]}]}, 0x20}}, 0x0)
sendto$l2tp6(r2, &(0x7f0000000240)="08b5", 0x2, 0x811, 0x0, 0x0)
sendmsg$TIPC_NL_MON_GET(r8, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xa0048000}, 0xc, &(0x7f00000002c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="f0000000", @ANYRES16=r10, @ANYBLOB="020200000000000000251200000044000280340003800800020000020000080001000000000008000100ff000000080002000900000008000200d20500000800010000000080040004000800020000000100640002805400038008000200090000000800010003000000080000000800010024020000080002000101000008000200010000000800020004000000080002000000f8ff08000200ff000000080001003a320000040004c9d4c20008000200faffffff34000980080001006d000000080001000e00000008000200f7ffffff08000200ff0000000800020000000100080001000500000000f0b81943229f26c9b1aca2581f89e491bad6e6e265df3cda84ab4f828e9dd8e702e9a4c03ca02d03d654622ca68124cbc0bfbcc9e939b816351d5b8ed0871516a2901ad4d984d3cc0f003aacfddaa5069a9da79534f2596163587b77786d41de21e42934643d5813f5a3dec53cd0a8ad54547b6684a0141ba901c29beff50c2619a713c5f647f9b3840a167b9b5b6217c206c27a78f5056303fb27c8d2aaf60714de"], 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@fallback=r9, 0xffffffffffffffff, 0x2f, 0x0, 0x0, @void, @value}, 0x20)
r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), r5)
sendmsg$IPVS_CMD_DEL_DAEMON(r7, &(0x7f0000000600)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x40, r11, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xf}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x10)

113.345971ms ago: executing program 6 (id=2634):
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f0000000880)='./file1\x00', 0x0, 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/syz0\x00', 0x200002, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r2, 0x810c9365, 0x0)
sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x24044025}, 0x48844)
writev(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x256603, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r4, 0xab00, r5)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000080)={0x0, 0x7, {<r6=>0xffffffffffffffff}, {}, 0x3})
r7 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x0, r7, 0x0, &(0x7f00000000c0))
kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, r1, &(0x7f0000000100)={0xffffffffffffffff, r3, 0x1})
r8 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x1)
ioctl$NBD_SET_SOCK(r8, 0xab00, r5)
ioctl$NBD_SET_FLAGS(r8, 0xab0a, 0x1000001000104)
ioctl$NBD_SET_SOCK(r8, 0xab00, r5)
ioctl$NBD_DO_IT(r4, 0xab03)
close_range(r3, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

0s ago: executing program 5 (id=2635):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
r2 = openat$cgroup_pressure(r0, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ppoll(&(0x7f0000000180)=[{r1}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xffffa}, 0x2f)
close(r1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000280)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0)
preadv2(r4, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/65, 0x41}], 0x1, 0x1, 0x0, 0x1)
close(r2)

kernel console output (not intermixed with test programs):

.959502][T13505] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2019'.
[  300.568570][T13515] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2023'.
[  301.068901][   T39] audit: type=1804 audit(1737182552.664:529): pid=13526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2026" name="/newroot/406/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  301.222981][T13538] serio: Serial port ptm0
[  301.277046][T13538] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2030'.
[  301.700209][T13553] loop9: detected capacity change from 0 to 7
[  301.702634][T13553] Dev loop9: unable to read RDB block 7
[  301.704368][T13553]  loop9: unable to read partition table
[  301.706566][T13553] loop9: partition table beyond EOD, truncated
[  301.708410][T13553] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  301.708410][T13553] 
) failed (rc=-5)
[  301.883331][   T39] audit: type=1326 audit(1737182553.484:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.0.2035" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa1579 code=0x0
[  303.240977][T13584] wireguard0: entered promiscuous mode
[  303.249439][T13587] serio: Serial port ptm0
[  303.287249][T13597] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2047'.
[  303.303497][T13587] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2043'.
[  303.307603][T13598] loop9: detected capacity change from 0 to 7
[  303.314592][T13598] Dev loop9: unable to read RDB block 7
[  303.316242][T13598]  loop9: unable to read partition table
[  303.318224][T13598] loop9: partition table beyond EOD, truncated
[  303.320039][T13598] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  303.320039][T13598] 
) failed (rc=-5)
[  303.436146][   T39] audit: type=1804 audit(1737182555.034:531): pid=13604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2049" name="/newroot/508/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  303.594075][   T39] audit: type=1326 audit(1737182555.194:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13610 comm="syz.6.2051" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  304.504299][T13632] serio: Serial port ptm0
[  304.569130][T13632] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2056'.
[  304.620859][   T39] audit: type=1804 audit(1737182556.214:533): pid=13637 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2058" name="/newroot/312/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  304.678405][T13642] loop9: detected capacity change from 0 to 7
[  304.680508][T13642] Dev loop9: unable to read RDB block 7
[  304.682182][T13642]  loop9: unable to read partition table
[  304.686201][T13642] loop9: partition table beyond EOD, truncated
[  304.688006][T13642] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  304.688006][T13642] 
) failed (rc=-5)
[  305.485695][T13664] »»»»»» speed is unknown, defaulting to 1000
[  305.488960][T13664] »»»»»» speed is unknown, defaulting to 1000
[  305.495228][   T39] audit: type=1326 audit(1737182557.094:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13665 comm="syz.5.2067" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  305.792750][   T39] audit: type=1804 audit(1737182557.344:535): pid=13675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2068" name="/newroot/512/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  306.503203][T13701] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2076'.
[  306.539906][T13702] loop9: detected capacity change from 0 to 7
[  306.542295][T13702] Dev loop9: unable to read RDB block 7
[  306.546725][T13702]  loop9: unable to read partition table
[  306.551523][T13702] loop9: partition table beyond EOD, truncated
[  306.554132][T13702] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  306.554132][T13702] 
) failed (rc=-5)
[  307.065051][   T39] audit: type=1326 audit(1737182558.664:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13728 comm="syz.0.2083" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa1579 code=0x0
[  307.194981][T13730] serio: Serial port ptm0
[  307.258263][T13730] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2085'.
[  307.362814][ T5981] usb 11-1: new low-speed USB device number 16 using dummy_hcd
[  307.773056][ T5981] usb 11-1: Invalid ep0 maxpacket: 32
[  307.866789][T13741] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2087'.
[  307.869351][T13741] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2087'.
[  307.903127][ T5981] usb 11-1: new low-speed USB device number 17 using dummy_hcd
[  307.946274][T13749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2091'.
[  307.948778][T13749] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2091'.
[  307.954142][T13749] vxcan3: entered promiscuous mode
[  307.955854][T13749] vxcan3: entered allmulticast mode
[  308.062770][ T5981] usb 11-1: Invalid ep0 maxpacket: 32
[  308.064473][ T5981] usb usb11-port1: attempt power cycle
[  308.278993][T13760] loop9: detected capacity change from 0 to 7
[  308.282930][T13760] Dev loop9: unable to read RDB block 7
[  308.284608][T13760]  loop9: unable to read partition table
[  308.286775][T13760] loop9: partition table beyond EOD, truncated
[  308.288625][T13760] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  308.288625][T13760] 
) failed (rc=-5)
[  308.542880][ T5981] usb 11-1: new low-speed USB device number 18 using dummy_hcd
[  308.563267][ T5981] usb 11-1: Invalid ep0 maxpacket: 32
[  308.665550][T13764] serio: Serial port ptm0
[  308.692768][ T5981] usb 11-1: new low-speed USB device number 19 using dummy_hcd
[  308.713306][ T5981] usb 11-1: Invalid ep0 maxpacket: 32
[  308.715002][ T5981] usb usb11-port1: unable to enumerate USB device
[  308.727192][T13764] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2095'.
[  308.817067][T13767] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2096'.
[  308.821687][T13766] delete_channel: no stack
[  309.010945][   T39] audit: type=1804 audit(1737182560.604:537): pid=13770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2097" name="/newroot/421/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  309.791303][T13781] tap0: tun_chr_ioctl cmd 1074025675
[  309.793220][T13781] tap0: persist enabled
[  309.794575][T13781] tap0: tun_chr_ioctl cmd 1074025675
[  309.796260][T13781] tap0: persist disabled
[  309.964901][T13788] loop9: detected capacity change from 0 to 7
[  309.967149][T13788] Dev loop9: unable to read RDB block 7
[  309.968699][T13788]  loop9: unable to read partition table
[  309.970562][T13788] loop9: partition table beyond EOD, truncated
[  309.972324][T13788] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  309.972324][T13788] 
) failed (rc=-5)
[  310.036074][T13789] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  310.037968][T13789] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  310.040041][T13789] vhci_hcd vhci_hcd.0: Device attached
[  310.101065][   T39] audit: type=1326 audit(1737182561.694:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13794 comm="syz.4.2105" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  310.402815][ T5976] vhci_hcd: vhci_device speed not set
[  310.462782][ T5976] usb 47-1: new full-speed USB device number 2 using vhci_hcd
[  310.872382][T13792] vhci_hcd: connection reset by peer
[  310.874281][ T1180] vhci_hcd: stop threads
[  310.876213][ T1180] vhci_hcd: release socket
[  310.877641][ T1180] vhci_hcd: disconnect device
[  310.958526][T13803] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  311.096713][   T39] audit: type=1804 audit(1737182562.694:539): pid=13815 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2110" name="/newroot/322/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  311.199248][T13822] serio: Serial port ptm0
[  311.204539][   T39] audit: type=1326 audit(1737182562.804:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.4.2112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000
[  311.210689][   T39] audit: type=1326 audit(1737182562.804:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.4.2112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000
[  311.223040][   T39] audit: type=1326 audit(1737182562.804:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.4.2112" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f16579 code=0x7ffc0000
[  311.230713][   T39] audit: type=1326 audit(1737182562.824:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.4.2112" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f16579 code=0x7ffc0000
[  311.237045][   T39] audit: type=1326 audit(1737182562.824:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.4.2112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000
[  311.245081][   T39] audit: type=1326 audit(1737182562.824:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.4.2112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x7ffc0000
[  311.253327][T13822] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2111'.
[  311.348515][T13829] fuse: Unknown parameter 'wr	¾¡?id'
[  311.853620][T13836] vlan0: entered promiscuous mode
[  311.856135][T13836] vlan0: entered allmulticast mode
[  311.857623][T13836] hsr_slave_1: entered allmulticast mode
[  312.499345][   T39] kauditd_printk_skb: 11 callbacks suppressed
[  312.499354][   T39] audit: type=1326 audit(1737182564.094:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13848 comm="syz.4.2121" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  312.541419][T13847] binder: 13846:13847 ioctl c0306201 200002c0 returned -14
[  312.813667][T13858] netlink: 'syz.5.2123': attribute type 1 has an invalid length.
[  312.815878][T13858] netlink: 134708 bytes leftover after parsing attributes in process `syz.5.2123'.
[  313.969919][T13870] serio: Serial port ptm0
[  314.024122][T13870] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2126'.
[  314.136512][T13880] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2130'.
[  314.139778][T13880] nlmon0: Master is either lo or non-ether device
[  315.334981][   T39] audit: type=1326 audit(1737182566.934:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13895 comm="syz.4.2136" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  315.423244][T13898] IPVS: set_ctl: invalid protocol: 44 172.30.0.7:21
[  315.425797][T13898] xt_TCPMSS: Only works on TCP SYN packets
[  315.563189][   T39] audit: type=1804 audit(1737182567.164:559): pid=13902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2138" name="/newroot/328/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  315.644936][ T5976] vhci_hcd: vhci_device speed not set
[  316.034381][T13915] serio: Serial port ptm0
[  316.164094][T13915] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2142'.
[  316.567285][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  317.216823][   T39] audit: type=1326 audit(1737182568.814:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13929 comm="syz.6.2148" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  317.883397][   T39] audit: type=1326 audit(1737182569.484:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13945 comm="syz.4.2152" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  318.121926][T13950] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  318.657391][T13959] serio: Serial port ptm0
[  318.736682][T13959] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2155'.
[  319.018228][T13964] bridge_slave_0: left allmulticast mode
[  319.020561][T13964] bridge_slave_0: left promiscuous mode
[  319.022277][T13964] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.032354][T13964] bridge_slave_1: left allmulticast mode
[  319.037081][T13964] bridge_slave_1: left promiscuous mode
[  319.041391][T13964] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.096024][T13964] bond0: (slave bond_slave_0): Releasing backup interface
[  319.145762][T13964] bond0: (slave bond_slave_1): Releasing backup interface
[  319.151296][T13964] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  319.154288][T13964] batman_adv: batadv0: Removing interface: batadv_slave_0
[  319.157365][T13964] batman_adv: batadv0: Removing interface: batadv_slave_1
[  319.251487][   T39] audit: type=1804 audit(1737182570.844:562): pid=13972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2158" name="/newroot/437/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  319.268800][T13964] vlan0: entered promiscuous mode
[  319.277870][T13964] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  319.536954][   T39] audit: type=1326 audit(1737182571.134:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13987 comm="syz.4.2164" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  320.368006][T13996] netlink: 'syz.6.2165': attribute type 1 has an invalid length.
[  320.385963][T13996] bond0: entered promiscuous mode
[  320.388112][T13996] 8021q: adding VLAN 0 to HW filter on device bond0
[  320.398692][T13996] 8021q: adding VLAN 0 to HW filter on device bond0
[  320.401149][T13996] bond0: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  320.414379][T13996] bond0: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  320.419509][T13996] bond0: (slave ip6gre1): making interface the new active one
[  320.421695][T13996] ip6gre1: entered promiscuous mode
[  320.425046][T13996] bond0: (slave ip6gre1): Enslaving as an active interface with an up link
[  320.432090][T13996] netlink: 'syz.6.2165': attribute type 1 has an invalid length.
[  321.073486][T14012] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2169'.
[  321.151886][T14014] trusted_key: syz.4.2170 sent an empty control message without MSG_MORE.
[  321.598648][   T39] audit: type=1326 audit(1737182573.194:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  321.617531][   T39] audit: type=1326 audit(1737182573.204:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  321.654548][   T39] audit: type=1326 audit(1737182573.204:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  321.684975][   T39] audit: type=1326 audit(1737182573.204:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70ae5a7 code=0x7ffc0000
[  321.699611][   T39] audit: type=1326 audit(1737182573.204:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  321.706398][   T39] audit: type=1326 audit(1737182573.214:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  321.712997][   T39] audit: type=1326 audit(1737182573.214:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14025 comm="syz.6.2174" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70ae579 code=0x7ffc0000
[  322.884548][T14041] serio: Serial port ptm0
[  322.976650][T14041] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2178'.
[  323.414448][   T39] kauditd_printk_skb: 292 callbacks suppressed
[  323.414458][   T39] audit: type=1804 audit(1737182575.014:863): pid=14047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2180" name="/newroot/338/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  324.726517][T14068] loop9: detected capacity change from 0 to 7
[  324.733077][T14068] Dev loop9: unable to read RDB block 7
[  324.734581][T14068]  loop9: unable to read partition table
[  324.736354][T14068] loop9: partition table beyond EOD, truncated
[  324.738029][T14068] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  324.738029][T14068] 
) failed (rc=-5)
[  325.352042][T14073] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2187'.
[  325.407971][   T39] audit: type=1326 audit(1737182577.004:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14074 comm="syz.4.2188" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  325.554873][T14081] serio: Serial port ptm0
[  325.707541][T14081] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2189'.
[  326.304470][T14086] serio: Serial port ptm1
[  326.367553][T14086] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2191'.
[  327.621869][T14110] loop9: detected capacity change from 0 to 7
[  327.625765][T14110] Dev loop9: unable to read RDB block 7
[  327.627453][T14110]  loop9: unable to read partition table
[  327.629596][T14110] loop9: partition table beyond EOD, truncated
[  327.631886][T14110] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  327.631886][T14110] 
) failed (rc=-5)
[  327.672421][T14111] serio: Serial port ptm0
[  327.752738][T14111] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2198'.
[  328.441353][   T39] audit: type=1326 audit(1737182580.034:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14118 comm="syz.4.2200" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  328.588691][T14124] serio: Serial port ptm0
[  329.262919][T14122] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2202'.
[  329.485599][ T5942] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  329.491712][ T5942] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  329.506506][ T5942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  329.510501][T14141] 9pnet_virtio: no channels available for device syz
[  329.521204][ T5942] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  329.525212][ T5942] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  329.527335][ T5942] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  329.561228][T14138] »»»»»» speed is unknown, defaulting to 1000
[  329.565715][T14138] »»»»»» speed is unknown, defaulting to 1000
[  329.658225][T14138] chnl_net:caif_netlink_parms(): no params data found
[  329.705277][T14138] bridge0: port 1(bridge_slave_0) entered blocking state
[  329.708395][T14138] bridge0: port 1(bridge_slave_0) entered disabled state
[  329.710615][T14138] bridge_slave_0: entered allmulticast mode
[  329.712839][T14138] bridge_slave_0: entered promiscuous mode
[  329.715320][T14138] bridge0: port 2(bridge_slave_1) entered blocking state
[  329.717308][T14138] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.719463][T14138] bridge_slave_1: entered allmulticast mode
[  329.721534][T14138] bridge_slave_1: entered promiscuous mode
[  329.744705][T14138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  329.748393][T14138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  329.786080][T14138] team0: Port device team_slave_0 added
[  329.788945][T14138] team0: Port device team_slave_1 added
[  329.809432][T14138] batman_adv: batadv0: Adding interface: batadv_slave_0
[  329.811714][T14138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  329.821814][T14138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  329.825903][T14138] batman_adv: batadv0: Adding interface: batadv_slave_1
[  329.827830][T14138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  329.835099][T14138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  329.859783][T14138] hsr_slave_0: entered promiscuous mode
[  329.861896][T14138] hsr_slave_1: entered promiscuous mode
[  329.864361][T14138] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  329.866577][T14138] Cannot create hsr debugfs directory
[  329.943613][T14138] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  329.950323][T14138] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  329.954664][T14138] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  329.958332][T14138] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  329.967685][T14138] bridge0: port 2(bridge_slave_1) entered blocking state
[  329.969834][T14138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  329.971940][T14138] bridge0: port 1(bridge_slave_0) entered blocking state
[  329.974388][T14138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  329.998781][T14138] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.006516][ T8516] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.013822][ T8516] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.033513][T14138] 8021q: adding VLAN 0 to HW filter on device team0
[  330.045022][ T8516] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.047038][ T8516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.053436][ T8516] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.055461][ T8516] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.143837][T14138] 8021q: adding VLAN 0 to HW filter on device batadv0
[  330.251020][T14138] veth0_vlan: entered promiscuous mode
[  330.255755][T14138] veth1_vlan: entered promiscuous mode
[  330.267789][T14138] veth0_macvtap: entered promiscuous mode
[  330.270892][T14138] veth1_macvtap: entered promiscuous mode
[  330.276931][T14138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  330.279904][T14138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.283979][T14138] batman_adv: batadv0: Interface activated: batadv_slave_0
[  330.293354][T14138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  330.296330][T14138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  330.299743][T14138] batman_adv: batadv0: Interface activated: batadv_slave_1
[  330.305327][T14138] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  330.308336][T14138] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  330.311666][T14138] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  330.316245][T14138] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  330.369087][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.371446][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.383317][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  330.385592][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.798560][T14172] netlink: 'syz.4.2214': attribute type 10 has an invalid length.
[  330.805743][T14172] 8021q: adding VLAN 0 to HW filter on device batadv0
[  330.808813][T14172] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  330.811770][ T5981] IPVS: starting estimator thread 0...
[  330.922813][T14174] IPVS: using max 37 ests per chain, 88800 per kthread
[  331.000205][T14180] serio: Serial port ptm0
[  331.027236][T14179] loop9: detected capacity change from 0 to 7
[  331.030411][T14179] Dev loop9: unable to read RDB block 7
[  331.032228][T14179]  loop9: unable to read partition table
[  331.034363][T14179] loop9: partition table beyond EOD, truncated
[  331.036429][T14179] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  331.036429][T14179] 
) failed (rc=-5)
[  331.135006][T14180] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2208'.
[  331.592810][ T5942] Bluetooth: hci1: command tx timeout
[  331.699628][ T5942] Bluetooth: hci4: Unable to find connection with handle 0x00c9
[  331.777985][T14196] serio: Serial port ptm1
[  331.836202][T14199] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2210'.
[  332.259615][T14208] overlay: Unknown parameter 'uid<00000000000000000000'
[  332.433968][   T39] audit: type=1804 audit(1737182584.034:866): pid=14207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2217" name="/newroot/455/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  333.043412][T14225] 9pnet_virtio: no channels available for device syz
[  333.425844][T14227] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2223'.
[  333.672788][ T5942] Bluetooth: hci1: command tx timeout
[  333.761032][ T5996] IPVS: starting estimator thread 0...
[  333.783829][T14226] syz.7.2220: attempt to access beyond end of device
[  333.783829][T14226] nbd7: rw=4096, sector=0, nr_sectors = 1 limit=0
[  333.787589][T14226] XFS (nbd7): SB validate failed with error -5.
[  333.803058][T14226] netlink: 'syz.7.2220': attribute type 10 has an invalid length.
[  333.828936][T14226] 8021q: adding VLAN 0 to HW filter on device batadv0
[  333.832219][T14226] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  333.872787][T14234] IPVS: using max 37 ests per chain, 88800 per kthread
[  333.976307][T14242] serio: Serial port ptm0
[  334.288304][T14246] 9pnet_virtio: no channels available for device syz
[  334.837032][T14258] loop9: detected capacity change from 0 to 7
[  334.839470][T14258] Dev loop9: unable to read RDB block 7
[  334.841770][T14258]  loop9: unable to read partition table
[  334.844390][T14258] loop9: partition table beyond EOD, truncated
[  334.846909][T14258] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  334.846909][T14258] 
) failed (rc=-5)
[  335.068647][T14262] overlay: Unknown parameter 'uid<00000000000000000000'
[  335.346989][T14270] serio: Serial port ptm0
[  335.355122][T14269] loop9: detected capacity change from 0 to 7
[  335.401136][T14271] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2233'.
[  335.405189][T14269] Dev loop9: unable to read RDB block 7
[  335.406926][T14269]  loop9: unable to read partition table
[  335.408755][T14269] loop9: partition table beyond EOD, truncated
[  335.410559][T14269] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  335.410559][T14269] 
) failed (rc=-5)
[  335.753136][ T5942] Bluetooth: hci1: command tx timeout
[  336.214835][   T39] audit: type=1326 audit(1737182587.814:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14280 comm="syz.5.2236" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  337.154368][T14281] [U] 
[  337.451709][T14307] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2241'.
[  337.595678][T14310] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2242'.
[  337.747579][T14313] loop9: detected capacity change from 0 to 7
[  337.749917][T14313] Dev loop9: unable to read RDB block 7
[  337.751594][T14313]  loop9: unable to read partition table
[  337.753893][T14313] loop9: partition table beyond EOD, truncated
[  337.755755][T14313] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  337.755755][T14313] 
) failed (rc=-5)
[  337.842871][ T5942] Bluetooth: hci1: command tx timeout
[  337.936562][T14320] overlayfs: failed to clone upperpath
[  338.070008][   T39] audit: type=1326 audit(1737182589.664:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14325 comm="syz.5.2248" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  338.132824][ T5975] usb 12-1: new high-speed USB device number 2 using dummy_hcd
[  338.282778][ T5975] usb 12-1: Using ep0 maxpacket: 16
[  338.285536][ T5975] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  338.288707][ T5975] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  338.291467][ T5975] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  338.296018][ T5975] usb 12-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  338.298598][ T5975] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.304399][ T5975] usb 12-1: config 0 descriptor??
[  338.833378][T14319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  338.837458][T14319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  338.851888][ T5975] usbhid 12-1:0.0: can't add hid device: -71
[  338.853892][ T5975] usbhid 12-1:0.0: probe with driver usbhid failed with error -71
[  338.856977][ T5975] usb 12-1: USB disconnect, device number 2
[  339.138046][T14348] FAULT_INJECTION: forcing a failure.
[  339.138046][T14348] name failslab, interval 1, probability 0, space 0, times 0
[  339.142381][T14348] CPU: 3 UID: 0 PID: 14348 Comm: syz.6.2261 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  339.145579][T14348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  339.148709][T14348] Call Trace:
[  339.149680][T14348]  <TASK>
[  339.150549][T14348]  dump_stack_lvl+0x16c/0x1f0
[  339.151910][T14348]  should_fail_ex+0x497/0x5b0
[  339.153411][T14348]  ? fs_reclaim_acquire+0xae/0x150
[  339.154973][T14348]  should_failslab+0xc2/0x120
[  339.156378][T14348]  __kmalloc_noprof+0xce/0x4f0
[  339.157869][T14348]  ? bio_kmalloc+0x41/0x70
[  339.159164][T14348]  bio_kmalloc+0x41/0x70
[  339.160406][T14348]  blk_rq_map_kern+0x3b5/0x790
[  339.161836][T14348]  scsi_execute_cmd+0x360/0xf30
[  339.163247][T14348]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[  339.165219][T14348]  ? __pfx_scsi_execute_cmd+0x10/0x10
[  339.166779][T14348]  ? is_bpf_text_address+0x94/0x1a0
[  339.168285][T14348]  ? kernel_text_address+0x8d/0x100
[  339.169804][T14348]  ? __kernel_text_address+0xd/0x40
[  339.171295][T14348]  sr_do_ioctl+0x21c/0x830
[  339.172608][T14348]  ? __pfx_sr_do_ioctl+0x10/0x10
[  339.174106][T14348]  ? kasan_save_stack+0x42/0x60
[  339.175538][T14348]  sr_packet+0xee/0x1c0
[  339.176788][T14348]  dvd_do_auth+0x54f/0xe50
[  339.178091][T14348]  ? __pfx_dvd_do_auth+0x10/0x10
[  339.179527][T14348]  ? __might_fault+0x13b/0x190
[  339.180941][T14348]  ? lock_acquire+0x2f/0xb0
[  339.182257][T14348]  ? __might_fault+0xe3/0x190
[  339.183626][T14348]  ? __might_fault+0xe3/0x190
[  339.185030][T14348]  mmc_ioctl_dvd_auth+0x154/0x230
[  339.186490][T14348]  ? __pfx_mmc_ioctl_dvd_auth+0x10/0x10
[  339.188107][T14348]  cdrom_ioctl+0x2d98/0x3280
[  339.189472][T14348]  ? mark_lock+0xb5/0xc60
[  339.190722][T14348]  ? __pfx_cdrom_ioctl+0x10/0x10
[  339.192220][T14348]  ? __pfx_mark_lock+0x10/0x10
[  339.193675][T14348]  ? trace_rpm_return_int+0x1a6/0x230
[  339.195242][T14348]  ? rpm_resume+0x81c/0x1330
[  339.196594][T14348]  ? lock_acquire.part.0+0x11b/0x380
[  339.198136][T14348]  ? find_held_lock+0x2d/0x110
[  339.199529][T14348]  ? __pm_runtime_resume+0xc3/0x170
[  339.201055][T14348]  ? __pfx_lock_release+0x10/0x10
[  339.202527][T14348]  ? lockdep_hardirqs_on+0x7c/0x110
[  339.204026][T14348]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  339.205723][T14348]  ? __pm_runtime_resume+0xc3/0x170
[  339.207222][T14348]  sr_block_ioctl+0x1b0/0x250
[  339.208652][T14348]  ? __pfx_sr_block_ioctl+0x10/0x10
[  339.210140][T14348]  blkdev_compat_ptr_ioctl+0x9c/0xe0
[  339.211665][T14348]  ? __pfx_blkdev_compat_ptr_ioctl+0x10/0x10
[  339.213428][T14348]  compat_blkdev_ioctl+0x2f7/0x750
[  339.214921][T14348]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  339.216587][T14348]  ? __fget_files+0x206/0x3a0
[  339.217972][T14348]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  339.219597][T14348]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  339.221123][T14348]  __do_fast_syscall_32+0x73/0x120
[  339.222605][T14348]  do_fast_syscall_32+0x32/0x80
[  339.224052][T14348]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  339.225883][T14348] RIP: 0023:0xf70ae579
[  339.227065][T14348] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  339.232577][T14348] RSP: 002b:00000000f50a055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  339.234982][T14348] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005392
[  339.237261][T14348] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000
[  339.239586][T14348] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  339.241858][T14348] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  339.244122][T14348] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  339.246422][T14348]  </TASK>
[  339.385520][T14346] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2251'.
[  339.465451][   T39] audit: type=1326 audit(1737182591.064:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14351 comm="syz.6.2263" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  340.100299][T14365] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2255'.
[  340.133845][T14363] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  340.326006][   T39] audit: type=1326 audit(1737182591.924:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14379 comm="syz.4.2264" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  340.776460][T14386] syz_tun: entered allmulticast mode
[  340.863675][T14352] [U] 
[  341.187380][T14404] syz.7.2272: attempt to access beyond end of device
[  341.187380][T14404] nbd7: rw=2048, sector=0, nr_sectors = 8 limit=0
[  341.191150][T14404] SQUASHFS error: Failed to read block 0x0: -5
[  341.194765][T14404] unable to read squashfs_super_block
[  341.231593][   T39] audit: type=1326 audit(1737182592.824:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14406 comm="syz.7.2273" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  341.831970][T14420] serio: Serial port ptm1
[  342.110092][T14420] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2276'.
[  342.255883][T14434] syz.5.2282: attempt to access beyond end of device
[  342.255883][T14434] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0
[  342.259623][T14434] SQUASHFS error: Failed to read block 0x0: -5
[  342.261490][T14434] unable to read squashfs_super_block
[  342.500142][T14441] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2281'.
[  342.610046][T14443] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2283'.
[  343.195167][   T39] audit: type=1326 audit(1737182594.784:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14458 comm="syz.7.2290" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  343.412778][    T9] usb 11-1: new high-speed USB device number 20 using dummy_hcd
[  343.535806][T14468] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2293'.
[  343.582822][    T9] usb 11-1: Using ep0 maxpacket: 8
[  343.586403][    T9] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  343.589418][    T9] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  343.592253][    T9] usb 11-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  343.596091][    T9] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  343.603804][    T9] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  343.606637][    T9] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.619150][    T9] usbtmc 11-1:16.0: bulk endpoints not found
[  343.752925][ T5995] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  343.904772][ T5995] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  343.911155][ T5995] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  343.914387][ T5995] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  343.916979][ T5995] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  343.920062][ T5995] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  343.924611][ T5995] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  343.927616][ T5995] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  343.929911][ T5995] usb 10-1: Product: syz
[  343.931345][ T5995] usb 10-1: Manufacturer: syz
[  343.934757][ T5995] cdc_wdm 10-1:1.0: skipping garbage
[  343.936235][ T5995] cdc_wdm 10-1:1.0: skipping garbage
[  343.938446][ T5995] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  343.940208][ T5995] cdc_wdm 10-1:1.0: Unknown control protocol
[  344.203816][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.206012][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.208579][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.210544][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.212542][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.214510][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.216558][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.218506][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.220440][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.222385][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.224337][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.226301][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.228256][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.230190][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.232033][ T3224] usb 10-1: USB disconnect, device number 6
[  344.233877][    C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71
[  344.233897][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes
[  344.233906][    C3] cdc_wdm 10-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  344.814586][T14486] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2298'.
[  344.821443][T14486] vlan2: entered promiscuous mode
[  344.823875][T14486] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  345.061454][   T39] audit: type=1326 audit(1737182596.654:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14497 comm="syz.7.2304" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  346.200145][ T5995] usb 11-1: USB disconnect, device number 20
[  346.497549][T14524] serio: Serial port ptm0
[  346.563827][T14524] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2308'.
[  346.642845][ T5995] usb 11-1: new high-speed USB device number 21 using dummy_hcd
[  346.796364][ T5995] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  346.799082][ T5995] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  346.804050][ T5995] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66
[  346.807144][ T5995] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  346.810814][ T5995] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  346.818909][ T5995] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  346.822279][ T5995] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  346.825082][ T5995] usb 11-1: Product: syz
[  346.826696][ T5995] usb 11-1: Manufacturer: syz
[  346.836566][ T5995] cdc_wdm 11-1:1.0: skipping garbage
[  346.838142][ T5995] cdc_wdm 11-1:1.0: skipping garbage
[  346.840394][ T5995] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device
[  346.842666][ T5995] cdc_wdm 11-1:1.0: Unknown control protocol
[  347.101560][    C3] cdc_wdm 11-1:1.0: nonzero urb status received: -71
[  347.104323][    C3] cdc_wdm 11-1:1.0: wdm_int_callback - 0 bytes
[  347.107047][    C3] cdc_wdm 11-1:1.0: nonzero urb status received: -71
[  347.109802][    C3] cdc_wdm 11-1:1.0: wdm_int_callback - 0 bytes
[  347.124527][ T3224] usb 11-1: USB disconnect, device number 21
[  347.126299][    C3] cdc_wdm 11-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  347.487351][T14542] FAULT_INJECTION: forcing a failure.
[  347.487351][T14542] name failslab, interval 1, probability 0, space 0, times 0
[  347.491602][T14542] CPU: 2 UID: 0 PID: 14542 Comm: syz.7.2315 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  347.494665][T14542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  347.498402][T14542] Call Trace:
[  347.499682][T14542]  <TASK>
[  347.500836][T14542]  dump_stack_lvl+0x16c/0x1f0
[  347.502349][T14542]  should_fail_ex+0x497/0x5b0
[  347.503732][T14542]  ? fs_reclaim_acquire+0xae/0x150
[  347.505171][T14542]  should_failslab+0xc2/0x120
[  347.506506][T14542]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  347.508011][T14542]  ? vma_merge_new_range+0x3f0/0xb70
[  347.509569][T14542]  ? vm_area_alloc+0x1f/0x1c0
[  347.510938][T14542]  vm_area_alloc+0x1f/0x1c0
[  347.512227][T14542]  ? __pfx_hugetlb_vm_op_close+0x10/0x10
[  347.513789][T14542]  __mmap_region+0x1091/0x2760
[  347.515113][T14542]  ? __pfx___mmap_region+0x10/0x10
[  347.516588][T14542]  ? hlock_class+0x4e/0x130
[  347.517851][T14542]  ? mark_lock+0xb5/0xc60
[  347.519103][T14542]  ? mm_get_unmapped_area_vmflags+0x97/0xe0
[  347.520775][T14542]  ? hugetlb_get_unmapped_area+0x1ac/0x2a0
[  347.522440][T14542]  ? hugetlb_get_unmapped_area+0x1b5/0x2a0
[  347.524102][T14542]  ? cap_mmap_addr+0x53/0x320
[  347.525402][T14542]  mmap_region+0x127/0x320
[  347.526667][T14542]  do_mmap+0xa09/0x1050
[  347.527850][T14542]  vm_mmap_pgoff+0x1ba/0x360
[  347.529270][T14542]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  347.530736][T14542]  ? hugetlbfs_get_inode+0x323/0x740
[  347.532224][T14542]  ksys_mmap_pgoff+0x1c8/0x5c0
[  347.533581][T14542]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  347.535096][T14542]  __do_fast_syscall_32+0x73/0x120
[  347.536564][T14542]  do_fast_syscall_32+0x32/0x80
[  347.537894][T14542]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  347.539675][T14542] RIP: 0023:0xf7f6f579
[  347.540877][T14542] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  347.546347][T14542] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  347.548640][T14542] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000400000
[  347.550847][T14542] RDX: 0000000003000003 RSI: 000000000006c832 RDI: 00000000ffffffff
[  347.553054][T14542] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  347.555170][T14542] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  347.557249][T14542] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  347.559495][T14542]  </TASK>
[  347.560725][    C2] hpet: Lost 3 RTC interrupts
[  347.591642][   T39] audit: type=1326 audit(1737182599.184:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14544 comm="syz.7.2316" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  347.958834][T14556] program syz.5.2317 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  348.341210][   T39] audit: type=1804 audit(1737182599.934:875): pid=14563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2320" name="/newroot/369/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  349.362940][T14579] serio: Serial port ptm0
[  349.537816][T14579] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2324'.
[  350.596694][   T39] audit: type=1326 audit(1737182602.194:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14606 comm="syz.4.2332" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  350.853205][T14613] »»»»»» speed is unknown, defaulting to 1000
[  350.855526][T14613] »»»»»» speed is unknown, defaulting to 1000
[  352.136894][   T39] audit: type=1804 audit(1737182603.734:877): pid=14635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2338" name="/newroot/373/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  352.560850][T14636] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2339'.
[  352.772782][T14641] vlan3: entered promiscuous mode
[  352.774228][T14641] vlan3: entered allmulticast mode
[  352.775644][T14641] hsr_slave_1: entered allmulticast mode
[  353.195263][   T39] audit: type=1326 audit(1737182604.794:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14642 comm="syz.5.2342" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  353.352877][ T5294] Bluetooth: hci1: command 0x0405 tx timeout
[  353.510724][   T39] audit: type=1326 audit(1737182605.104:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.6.2345" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  354.137799][T14656] bridge0: port 3(syz_tun) entered blocking state
[  354.140114][T14656] bridge0: port 3(syz_tun) entered disabled state
[  354.142240][T14656] syz_tun: entered allmulticast mode
[  354.145051][T14656] syz_tun: entered promiscuous mode
[  354.146998][T14656] bridge0: port 3(syz_tun) entered blocking state
[  354.149845][T14656] bridge0: port 3(syz_tun) entered forwarding state
[  354.724404][T14670] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2347'.
[  354.890731][   T39] audit: type=1804 audit(1737182606.484:880): pid=14669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2348" name="/newroot/487/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  355.623074][   T39] audit: type=1326 audit(1737182607.214:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14701 comm="syz.6.2355" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  356.250200][   T39] audit: type=1326 audit(1737182607.844:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14706 comm="syz.4.2356" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  356.299677][   T39] audit: type=1326 audit(1737182607.894:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.7.2364" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  356.812870][   T39] audit: type=1326 audit(1737182608.394:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14718 comm="syz.6.2357" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  357.009287][T14727] serio: Serial port ptm0
[  357.063994][T14727] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2358'.
[  357.764097][T14733] »»»»»» speed is unknown, defaulting to 1000
[  357.766961][T14733] »»»»»» speed is unknown, defaulting to 1000
[  358.005054][   T39] audit: type=1804 audit(1737182609.604:885): pid=14739 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2360" name="/newroot/34/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  358.020629][T14739] rdma_rxe: rxe_newlink: failed to add lo
[  358.025932][T14747] serio: Serial port ptm0
[  358.030208][T14739] siw: device registration error -23
[  358.034197][T14739] »»»»»»: renamed from lo (while UP)
[  358.105553][T14747] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2374'.
[  358.496449][T14757] serio: Serial port ptm0
[  358.550955][T14757] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2369'.
[  358.740637][T14761] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2370'.
[  358.834970][   T39] audit: type=1326 audit(1737182610.434:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14764 comm="syz.4.2372" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f16579 code=0x0
[  359.101967][   T39] audit: type=1326 audit(1737182610.694:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14768 comm="syz.6.2373" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  359.965207][T14780] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2377'.
[  359.983654][T14781] serio: Serial port ptm0
[  360.128709][T14781] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2376'.
[  360.268217][T14789] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  360.272057][T14789] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  360.279168][T14789] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  360.284172][T14789] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  360.288921][T14789] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  360.292207][T14789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  360.310543][T14786] serio: Serial port ptm1
[  360.313144][T14789] Bluetooth: hci1: command 0x0405 tx timeout
[  360.336997][T14787] »»»»»» speed is unknown, defaulting to 1000
[  360.339343][T14787] »»»»»» speed is unknown, defaulting to 1000
[  360.445695][T14787] chnl_net:caif_netlink_parms(): no params data found
[  360.545336][T14787] bridge0: port 1(bridge_slave_0) entered blocking state
[  360.547573][T14787] bridge0: port 1(bridge_slave_0) entered disabled state
[  360.549748][T14787] bridge_slave_0: entered allmulticast mode
[  360.554244][T14787] bridge_slave_0: entered promiscuous mode
[  360.557033][T14787] bridge0: port 2(bridge_slave_1) entered blocking state
[  360.559110][T14787] bridge0: port 2(bridge_slave_1) entered disabled state
[  360.561237][T14787] bridge_slave_1: entered allmulticast mode
[  360.565663][T14787] bridge_slave_1: entered promiscuous mode
[  360.622906][T14787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  360.626823][T14787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  360.632224][T14797] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2379'.
[  360.711602][T14787] team0: Port device team_slave_0 added
[  360.715848][T14787] team0: Port device team_slave_1 added
[  360.740958][T14787] batman_adv: batadv0: Adding interface: batadv_slave_0
[  360.743019][T14787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.750403][T14787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  360.754255][T14787] batman_adv: batadv0: Adding interface: batadv_slave_1
[  360.756201][T14787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  360.763982][T14787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  360.790651][T14787] hsr_slave_0: entered promiscuous mode
[  360.792907][T14787] hsr_slave_1: entered promiscuous mode
[  360.796701][T14787] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  360.798837][T14787] Cannot create hsr debugfs directory
[  360.885814][T14787] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.048794][T14787] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.114110][T14787] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.155942][   T39] audit: type=1326 audit(1737182612.754:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14802 comm="syz.7.2382" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  361.186292][T14787] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[  361.377578][T14787] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.586313][T14787] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  361.594566][T14787] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  361.614683][T14787] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  361.624002][T14787] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  361.755329][T14787] 8021q: adding VLAN 0 to HW filter on device bond0
[  361.771954][T14787] 8021q: adding VLAN 0 to HW filter on device team0
[  361.777788][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.779871][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.787709][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.789783][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.880962][T14787] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.007782][T14787] veth0_vlan: entered promiscuous mode
[  362.014025][T14787] veth1_vlan: entered promiscuous mode
[  362.045221][T14787] veth0_macvtap: entered promiscuous mode
[  362.049034][T14787] veth1_macvtap: entered promiscuous mode
[  362.055934][T14787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.058934][T14787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.061692][T14787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.068175][T14787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.072442][T14787] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.079684][T14787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  362.083616][T14787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.086445][T14787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  362.089383][T14787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.093525][T14787] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.097696][T14787] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.100276][T14787] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.106652][T14787] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.109190][T14787] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.199459][T14827] serio: Serial port ptm0
[  362.201421][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.205076][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.226633][ T1136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.229529][ T1136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.251290][T14827] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2386'.
[  362.269716][T14828] serio: Serial port ptm1
[  362.392935][ T5942] Bluetooth: hci2: command tx timeout
[  362.439024][T14828] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2385'.
[  363.314508][T14841] 9pnet_virtio: no channels available for device syz
[  363.401057][T14845] rdma_rxe: rxe_newlink: failed to add lo
[  363.404693][T14845] siw: device registration error -23
[  363.407629][T14845] »»»»»»: renamed from lo (while UP)
[  363.425690][   T39] audit: type=1804 audit(1737182615.024:889): pid=14842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2388" name="/newroot/1/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  364.483083][ T5942] Bluetooth: hci2: command tx timeout
[  364.877612][T14862] serio: Serial port ptm0
[  364.934245][T14862] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2394'.
[  365.122930][T14867] serio: Serial port ptm1
[  365.142124][   T39] audit: type=1326 audit(1737182616.734:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14868 comm="syz.6.2396" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  365.176562][T14867] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2395'.
[  365.705107][   T39] audit: type=1326 audit(1737182617.294:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14875 comm="syz.5.2397" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  366.526699][T14883] serio: Serial port ptm0
[  366.552944][ T5942] Bluetooth: hci2: command tx timeout
[  366.588612][T14883] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2407'.
[  367.624356][T14904] program syz.7.2414 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  367.733972][   T39] audit: type=1326 audit(1737182619.334:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14911 comm="syz.5.2406" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  367.743121][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.743476][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.746846][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.748365][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.755326][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.757136][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.759312][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.760002][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.761121][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.766279][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.767520][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.771682][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.771857][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.773799][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.777844][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.779721][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.783143][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.786007][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.789013][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.790327][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.792396][T14913] binder_alloc: binder_alloc_mmap_handler: 14912 20ffd000-21000000 already mapped failed -16
[  367.795361][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.802882][T14914] binder: BINDER_SET_CONTEXT_MGR already set
[  367.815743][T14914] binder: 14912:14914 ioctl 4018620d 200001c0 returned -16
[  367.834048][T14913] syz.7.2408 (14913): drop_caches: 2
[  367.912525][T14922] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  368.642952][T14789] Bluetooth: hci2: command tx timeout
[  368.643458][T14938] serio: Serial port ptm0
[  368.695403][T14938] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2416'.
[  368.866367][T14952] fuse: Unknown parameter 'fezzTK1ä¢"æW'
[  368.895812][   T39] audit: type=1326 audit(1737182620.494:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14953 comm="syz.5.2419" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  368.982347][T14957] IPVS: set_ctl: invalid protocol: 135 10.1.1.1:58817
[  369.509025][   T39] audit: type=1804 audit(1737182621.104:894): pid=14974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2424" name="/newroot/6/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  370.157669][T14983] netlink: 'syz.5.2428': attribute type 4 has an invalid length.
[  370.243201][T14987] FAULT_INJECTION: forcing a failure.
[  370.243201][T14987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  370.247041][T14987] CPU: 2 UID: 0 PID: 14987 Comm: syz.7.2430 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  370.250142][T14987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  370.253247][T14987] Call Trace:
[  370.254262][T14987]  <TASK>
[  370.255134][T14987]  dump_stack_lvl+0x16c/0x1f0
[  370.256633][T14987]  should_fail_ex+0x497/0x5b0
[  370.258570][T14987]  _copy_to_user+0x32/0xd0
[  370.260416][T14987]  simple_read_from_buffer+0xd0/0x160
[  370.262500][T14987]  proc_fail_nth_read+0x198/0x270
[  370.263966][T14987]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  370.265607][T14987]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  370.267343][T14987]  vfs_read+0x1df/0xbe0
[  370.268562][T14987]  ? __fget_files+0x1fc/0x3a0
[  370.269955][T14987]  ? __pfx___mutex_lock+0x10/0x10
[  370.271412][T14987]  ? __pfx_vfs_read+0x10/0x10
[  370.272827][T14987]  ? __fget_files+0x206/0x3a0
[  370.274201][T14987]  ksys_read+0x12b/0x250
[  370.275429][T14987]  ? __pfx_ksys_read+0x10/0x10
[  370.277051][T14987]  __do_fast_syscall_32+0x73/0x120
[  370.278626][T14987]  do_fast_syscall_32+0x32/0x80
[  370.280879][T14987]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  370.283433][T14987] RIP: 0023:0xf7f6f579
[  370.284634][T14987] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  370.290205][T14987] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  370.292611][T14987] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[  370.294891][T14987] RDX: 000000000000000f RSI: 00000000f7403ff4 RDI: 0000000000000000
[  370.297614][T14987] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  370.300800][T14987] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  370.303177][T14987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  370.305595][T14987]  </TASK>
[  370.307008][    C2] hpet: Lost 3 RTC interrupts
[  370.414619][   T39] audit: type=1326 audit(1737182622.014:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14996 comm="syz.5.2434" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  370.712836][T14789] Bluetooth: hci2: command 0x0405 tx timeout
[  370.775747][T15007] netlink: 'syz.6.2438': attribute type 4 has an invalid length.
[  370.910754][    T9] usb 12-1: new high-speed USB device number 3 using dummy_hcd
[  371.025455][T15014] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2439'.
[  371.087501][T15015] serio: Serial port ptm0
[  371.144329][T15015] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2440'.
[  371.732827][    T9] usb 12-1: Using ep0 maxpacket: 8
[  371.736957][    T9] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  371.739851][    T9] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  371.746911][    T9] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  371.749873][    T9] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  371.756590][    T9] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  371.759302][    T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.972777][    T9] usb 12-1: usb_control_msg returned -71
[  371.974467][    T9] usbtmc 12-1:16.0: can't read capabilities
[  371.983708][    T9] usb 12-1: USB disconnect, device number 3
[  372.597685][   T39] audit: type=1804 audit(1737182624.194:896): pid=15052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2449" name="/newroot/56/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  372.775072][   T39] audit: type=1326 audit(1737182624.374:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15055 comm="syz.6.2450" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  373.380066][   T39] audit: type=1326 audit(1737182624.974:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15060 comm="syz.4.2451" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x0
[  373.429226][   T39] audit: type=1326 audit(1737182625.024:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15064 comm="syz.5.2452" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  374.029029][T15079] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[  374.031445][T15079] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  374.034401][T15079] vhci_hcd vhci_hcd.0: Device attached
[  374.091537][T15080] vhci_hcd: connection closed
[  374.092574][ T1142] vhci_hcd: stop threads
[  374.096081][ T1142] vhci_hcd: release socket
[  374.097400][ T1142] vhci_hcd: disconnect device
[  374.414772][T15083] 9pnet_fd: Insufficient options for proto=fd
[  374.466058][T15083] netlink: zone id is out of range
[  374.468252][T15083] netlink: zone id is out of range
[  374.470350][T15083] netlink: zone id is out of range
[  374.470361][T15083] netlink: zone id is out of range
[  374.470369][T15083] netlink: zone id is out of range
[  374.470377][T15083] netlink: zone id is out of range
[  374.478576][T15083] netlink: zone id is out of range
[  374.480684][T15083] netlink: zone id is out of range
[  374.480695][T15083] netlink: zone id is out of range
[  374.480702][T15083] netlink: zone id is out of range
[  374.814268][T15088] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2460'.
[  374.949389][T15095] dlm: no locking on control device
[  374.991420][T15100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2464'.
[  374.994942][T15100] FAULT_INJECTION: forcing a failure.
[  374.994942][T15100] name failslab, interval 1, probability 0, space 0, times 0
[  374.999697][T15100] CPU: 2 UID: 0 PID: 15100 Comm: syz.4.2464 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  375.002844][T15100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.005912][T15100] Call Trace:
[  375.006891][T15100]  <TASK>
[  375.007817][T15100]  dump_stack_lvl+0x16c/0x1f0
[  375.009613][T15100]  should_fail_ex+0x497/0x5b0
[  375.010986][T15100]  ? fs_reclaim_acquire+0xae/0x150
[  375.012495][T15100]  should_failslab+0xc2/0x120
[  375.013868][T15100]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[  375.016026][T15100]  ? __alloc_skb+0x2b3/0x380
[  375.017392][T15100]  __alloc_skb+0x2b3/0x380
[  375.018694][T15100]  ? __pfx___alloc_skb+0x10/0x10
[  375.020133][T15100]  netlink_ack+0x164/0xb20
[  375.021447][T15100]  ? __mutex_trylock_common+0xea/0x250
[  375.023019][T15100]  netlink_rcv_skb+0x327/0x410
[  375.024438][T15100]  ? __pfx_crypto_user_rcv_msg+0x10/0x10
[  375.026059][T15100]  ? find_held_lock+0x2d/0x110
[  375.027445][T15100]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  375.028981][T15100]  ? crypto_netlink_rcv+0x1b/0x40
[  375.030896][T15100]  ? netlink_deliver_tap+0x1ae/0xca0
[  375.030923][T15100]  crypto_netlink_rcv+0x2a/0x40
[  375.033925][T15100]  netlink_unicast+0x53c/0x7f0
[  375.033941][T15100]  ? __pfx_netlink_unicast+0x10/0x10
[  375.033954][T15100]  ? __phys_addr_symbol+0x30/0x80
[  375.033968][T15100]  ? __check_object_size+0x488/0x710
[  375.033984][T15100]  netlink_sendmsg+0x8b8/0xd70
[  375.033999][T15100]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.034015][T15100]  ____sys_sendmsg+0x9ae/0xb40
[  375.034028][T15100]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.034040][T15100]  ? get_compat_msghdr+0x11b/0x170
[  375.034057][T15100]  ___sys_sendmsg+0x135/0x1e0
[  375.034073][T15100]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.034093][T15100]  ? __pfx_lock_release+0x10/0x10
[  375.034103][T15100]  ? trace_lock_acquire+0x14e/0x1f0
[  375.034125][T15100]  ? __fget_files+0x206/0x3a0
[  375.034142][T15100]  __sys_sendmsg+0x16e/0x220
[  375.034157][T15100]  ? __pfx___sys_sendmsg+0x10/0x10
[  375.034180][T15100]  __do_fast_syscall_32+0x73/0x120
[  375.034195][T15100]  do_fast_syscall_32+0x32/0x80
[  375.034209][T15100]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.034225][T15100] RIP: 0023:0xf706e579
[  375.034236][T15100] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.034246][T15100] RSP: 002b:00000000f506055c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  375.034258][T15100] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200
[  375.034265][T15100] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  375.034271][T15100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.034278][T15100] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.034285][T15100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.034298][T15100]  </TASK>
[  375.034585][    C2] hpet: Lost 1 RTC interrupts
[  375.092736][   T39] audit: type=1326 audit(1737182626.684:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15107 comm="syz.4.2467" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x0
[  375.428541][T15121] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2469'.
[  375.631650][T15121] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2469'.
[  375.798469][T15129] FAULT_INJECTION: forcing a failure.
[  375.798469][T15129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  375.803934][T15129] CPU: 3 UID: 0 PID: 15129 Comm: syz.5.2472 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  375.807020][T15129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.810104][T15129] Call Trace:
[  375.811079][T15129]  <TASK>
[  375.811949][T15129]  dump_stack_lvl+0x16c/0x1f0
[  375.813334][T15129]  should_fail_ex+0x497/0x5b0
[  375.814713][T15129]  _copy_from_user+0x2e/0xd0
[  375.816062][T15129]  do_fb_ioctl+0x292/0x7d0
[  375.817420][T15129]  ? __pfx_do_fb_ioctl+0x10/0x10
[  375.818854][T15129]  ? tomoyo_path_number_perm+0x298/0x5b0
[  375.820487][T15129]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  375.822204][T15129]  fb_compat_ioctl+0x55f/0x670
[  375.823583][T15129]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  375.825124][T15129]  ? __fget_files+0x206/0x3a0
[  375.826511][T15129]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  375.828036][T15129]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  375.829572][T15129]  __do_fast_syscall_32+0x73/0x120
[  375.831052][T15129]  do_fast_syscall_32+0x32/0x80
[  375.832518][T15129]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.834352][T15129] RIP: 0023:0xf70be579
[  375.835555][T15129] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.841078][T15129] RSP: 002b:00000000f50b055c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  375.843483][T15129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601
[  375.845762][T15129] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000
[  375.848063][T15129] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.850350][T15129] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.852638][T15129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.854868][T15129]  </TASK>
[  376.070208][   T39] audit: type=1804 audit(1737182627.664:901): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2476" name="/newroot/521/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  376.282763][ T3224] usb 11-1: new high-speed USB device number 22 using dummy_hcd
[  376.432887][ T3224] usb 11-1: Using ep0 maxpacket: 8
[  376.436198][ T3224] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  376.443324][ T3224] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  376.451822][ T3224] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  376.462875][ T3224] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  376.468260][ T3224] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  376.472917][ T3224] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.710462][ T3224] usb 11-1: GET_CAPABILITIES returned 0
[  376.714495][ T3224] usbtmc 11-1:16.0: can't read capabilities
[  376.726959][T15153] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 0, id = 0
[  376.872123][T15168] 9pnet_fd: Insufficient options for proto=fd
[  376.913541][T15174] FAULT_INJECTION: forcing a failure.
[  376.913541][T15174] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.917423][T15174] CPU: 1 UID: 0 PID: 15174 Comm: syz.7.2487 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  376.919301][ T1336] usb 11-1: USB disconnect, device number 22
[  376.920549][T15174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  376.925371][   T39] audit: type=1326 audit(1737182628.514:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15173 comm="syz.4.2488" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x0
[  376.925639][T15174] Call Trace:
[  376.931993][T15174]  <TASK>
[  376.932887][T15174]  dump_stack_lvl+0x16c/0x1f0
[  376.934273][T15174]  should_fail_ex+0x497/0x5b0
[  376.935660][T15174]  _copy_from_user+0x2e/0xd0
[  376.937036][T15174]  do_handle_open+0x41f/0x990
[  376.938421][T15174]  ? __fget_files+0x206/0x3a0
[  376.939767][T15174]  ? __pfx_do_handle_open+0x10/0x10
[  376.941316][T15174]  ? ksys_write+0x1ba/0x250
[  376.942709][T15174]  ? __do_fast_syscall_32+0x73/0x120
[  376.944265][T15174]  __do_fast_syscall_32+0x73/0x120
[  376.945765][T15174]  do_fast_syscall_32+0x32/0x80
[  376.947195][T15174]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  376.949062][T15174] RIP: 0023:0xf7f6f579
[  376.950255][T15174] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  376.955800][T15174] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000156
[  376.958232][T15174] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000
[  376.960542][T15174] RDX: 0000000000513300 RSI: 0000000000000000 RDI: 0000000000000000
[  376.962847][T15174] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  376.965203][T15174] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  376.967480][T15174] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  376.969783][T15174]  </TASK>
[  377.282655][   T39] audit: type=1804 audit(1737182628.874:903): pid=15183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.2490" name="/newroot/66/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  377.999828][ T1413] ieee802154 phy0 wpan0: encryption failed: -22
[  378.037517][T15199] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2491'.
[  378.297734][   T39] audit: type=1804 audit(1737182629.894:904): pid=15208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2499" name="/newroot/25/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  378.420011][T15216] FAULT_INJECTION: forcing a failure.
[  378.420011][T15216] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  378.425227][T15216] CPU: 2 UID: 0 PID: 15216 Comm: syz.7.2501 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  378.428339][T15216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  378.431377][T15216] Call Trace:
[  378.432373][T15216]  <TASK>
[  378.433250][T15216]  dump_stack_lvl+0x16c/0x1f0
[  378.434616][T15216]  should_fail_ex+0x497/0x5b0
[  378.435973][T15216]  ? fs_reclaim_acquire+0xae/0x150
[  378.437439][T15216]  should_fail_alloc_page+0xe7/0x130
[  378.438988][T15216]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  378.440758][T15216]  ? mark_lock+0xb5/0xc60
[  378.441921][T15216]  __alloc_pages_noprof+0x190/0x25b0
[  378.443336][T15216]  ? mark_lock+0xb5/0xc60
[  378.444752][T15216]  ? hlock_class+0x4e/0x130
[  378.446055][T15216]  ? mark_lock+0xb5/0xc60
[  378.447317][T15216]  ? __pfx_mark_lock+0x10/0x10
[  378.448689][T15216]  ? is_bpf_text_address+0x8a/0x1a0
[  378.450446][T15216]  ? __pfx_mark_lock+0x10/0x10
[  378.452179][T15216]  ? hlock_class+0x4e/0x130
[  378.453437][T15216]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  378.455041][T15216]  ? hlock_class+0x4e/0x130
[  378.456334][T15216]  ? mark_lock+0xb5/0xc60
[  378.457563][T15216]  ? hlock_class+0x4e/0x130
[  378.458801][T15216]  ? mark_lock+0xb5/0xc60
[  378.460270][T15216]  ? __pfx_mark_lock+0x10/0x10
[  378.462231][T15216]  ? hlock_class+0x4e/0x130
[  378.463568][T15216]  ? __lock_acquire+0xcc5/0x3c40
[  378.464996][T15216]  ? hlock_class+0x4e/0x130
[  378.466300][T15216]  ? __lock_acquire+0xcc5/0x3c40
[  378.467722][T15216]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  378.469427][T15216]  ? policy_nodemask+0xea/0x4e0
[  378.470873][T15216]  alloc_pages_mpol_noprof+0x2c8/0x620
[  378.472457][T15216]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  378.474239][T15216]  ? __lock_acquire+0xcc5/0x3c40
[  378.475707][T15216]  folio_alloc_mpol_noprof+0x36/0xd0
[  378.477241][T15216]  vma_alloc_folio_noprof+0xee/0x1b0
[  378.478772][T15216]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  378.480893][T15216]  ? find_held_lock+0x2d/0x110
[  378.482704][T15216]  do_pte_missing+0x2017/0x3e00
[  378.484122][T15216]  __handle_mm_fault+0x103c/0x2a40
[  378.485614][T15216]  ? __pfx___handle_mm_fault+0x10/0x10
[  378.487177][T15216]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  378.488799][T15216]  ? find_vma+0xc0/0x140
[  378.490047][T15216]  ? __pfx_find_vma+0x10/0x10
[  378.491405][T15216]  handle_mm_fault+0x3fa/0xaa0
[  378.492796][T15216]  do_user_addr_fault+0x7a3/0x13f0
[  378.494264][T15216]  exc_page_fault+0x5c/0xc0
[  378.495607][T15216]  asm_exc_page_fault+0x26/0x30
[  378.497015][T15216] RIP: 0010:_copy_to_iter+0x52a/0x1400
[  378.498715][T15216] Code: e8 eb 3f 02 fd 48 8b 4c 24 18 44 89 e6 48 8b 44 24 28 4c 8d 2c 01 4c 89 ef e8 c2 b8 64 fd 0f 01 cb 4c 89 e1 4c 89 f7 4c 89 ee <f3> a4 0f 1f 00 0f 01 ca 4c 89 e0 4d 29 e7 48 29 c8 49 01 cf 48 01
[  378.504967][T15216] RSP: 0018:ffffc900063df9c0 EFLAGS: 00050246
[  378.506671][T15216] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000002fe
[  378.508926][T15216] RDX: 0000000000000000 RSI: ffff88805f298000 RDI: 0000000020006380
[  378.511282][T15216] RBP: ffffc900063dfbc8 R08: 0000000000000000 R09: ffffed100be5305f
[  378.513537][T15216] R10: ffff88805f2982fd R11: 0000000000000000 R12: 00000000000002fe
[  378.515795][T15216] R13: ffff88805f298000 R14: 0000000020006380 R15: 00000000000002fe
[  378.518050][T15216]  ? __pfx__copy_to_iter+0x10/0x10
[  378.519542][T15216]  ? __virt_addr_valid+0x1a4/0x590
[  378.521639][T15216]  ? __virt_addr_valid+0x5e/0x590
[  378.523516][T15216]  ? __phys_addr_symbol+0x30/0x80
[  378.525568][T15216]  ? __check_object_size+0x488/0x710
[  378.527695][T15216]  seq_read_iter+0xd00/0x12b0
[  378.529615][T15216]  seq_read+0x39f/0x4e0
[  378.531299][T15216]  ? __pfx_seq_read+0x10/0x10
[  378.533131][T15216]  ? __debugfs_file_get+0x43d/0x5d0
[  378.535280][T15216]  full_proxy_read+0xfd/0x1b0
[  378.537175][T15216]  ? __pfx_full_proxy_read+0x10/0x10
[  378.539300][T15216]  vfs_read+0x1df/0xbe0
[  378.540990][T15216]  ? __fget_files+0x1fc/0x3a0
[  378.542896][T15216]  ? __pfx___mutex_lock+0x10/0x10
[  378.544882][T15216]  ? __pfx_vfs_read+0x10/0x10
[  378.546798][T15216]  ? __fget_files+0x206/0x3a0
[  378.548714][T15216]  ksys_read+0x12b/0x250
[  378.550178][T15216]  ? __pfx_ksys_read+0x10/0x10
[  378.551843][T15216]  __do_fast_syscall_32+0x73/0x120
[  378.553865][T15216]  do_fast_syscall_32+0x32/0x80
[  378.555374][T15216]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  378.557202][T15216] RIP: 0023:0xf7f6f579
[  378.558374][T15216] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  378.565186][T15216] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  378.567507][T15216] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000020006380
[  378.569756][T15216] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  378.571983][T15216] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  378.574203][T15216] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  378.576491][T15216] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  378.578719][T15216]  </TASK>
[  378.580634][    C2] hpet: Lost 9 RTC interrupts
[  378.981768][   T39] audit: type=1326 audit(1737182630.574:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15233 comm="syz.6.2510" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae579 code=0x0
[  379.148394][   T39] audit: type=1804 audit(1737182630.744:906): pid=15240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2506" name="/newroot/26/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  379.703160][T15260] vivid-000: =================  START STATUS  =================
[  379.706046][T15260] vivid-000: Test Pattern: 75% Colorbar
[  379.708127][T15260] vivid-000: Fill Percentage of Frame: 100
[  379.709895][T15260] vivid-000: Horizontal Movement: No Movement
[  379.711709][T15260] vivid-000: Vertical Movement: No Movement
[  379.717032][T15260] vivid-000: OSD Text Mode: All
[  379.718592][T15260] vivid-000: Show Border: false
[  379.720085][T15260] vivid-000: Show Square: false
[  379.721556][T15260] vivid-000: Sensor Flipped Horizontally: false
[  379.725201][T15260] vivid-000: Sensor Flipped Vertically: false
[  379.727084][T15260] vivid-000: Insert SAV Code in Image: false
[  379.728883][T15260] vivid-000: Insert EAV Code in Image: false
[  379.730682][T15260] vivid-000: Insert Video Guard Band: false
[  379.732444][T15260] vivid-000: Reduced Framerate: false
[  379.735103][T15260] vivid-000: HDMI 000-0 Is Connected To: Output HDMI 023-0
[  379.740784][T15260] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  379.743338][T15260] vivid-000: Enable Capture Cropping: true
[  379.745127][T15260] vivid-000: Enable Capture Composing: true
[  379.746908][T15260] vivid-000: Enable Capture Scaler: true
[  379.748623][T15260] vivid-000: Timestamp Source: End of Frame
[  379.750401][T15260] vivid-000: Colorspace: Rec. 709
[  379.751921][T15260] vivid-000: Transfer Function: Default
[  379.753981][T15260] vivid-000: Y'CbCr Encoding: Default
[  379.758039][T15260] vivid-000: HSV Encoding: Hue 0-179
[  379.759728][T15260] vivid-000: Quantization: Default
[  379.761311][T15260] vivid-000: Apply Alpha To Red Only: false
[  379.763397][T15260] vivid-000: Standard Aspect Ratio: 4x3
[  379.765072][T15260] vivid-000: DV Timings Signal Mode: Current DV Timings
[  379.767127][T15260] vivid-000: DV Timings: 640x480p59 inactive
[  379.768920][T15260] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  379.771114][T15260] vivid-000: Maximum EDID Blocks: 2
[  379.772667][T15260] vivid-000: Limited RGB Range (16-235): true
[  379.774844][T15260] vivid-000: Rx RGB Quantization Range: Automatic
[  379.776807][T15260] vivid-000: Power Present: 0x00000001
[  379.778497][T15260] tpg source WxH: 1280x720 (Luma)
[  379.780019][T15260] tpg field: 1
[  379.781086][T15260] tpg crop: 64x64@0x0
[  379.782312][T15260] tpg compose: 16x16@0x0
[  379.784213][T15260] tpg colorspace: 3
[  379.785459][T15260] tpg transfer function: 0/0
[  379.786909][T15260] tpg quantization: 0/0
[  379.788237][T15260] tpg RGB range: 0/1
[  379.789430][T15260] vivid-000: ==================  END STATUS  ==================
[  379.936498][T15264] 9pnet_virtio: no channels available for device syz
[  380.012867][ T5981] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  380.167430][T14789] Bluetooth: hci2: command 0x0405 tx timeout
[  380.172016][ T5981] usb 10-1: config index 0 descriptor too short (expected 23569, got 27)
[  380.175646][ T5981] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.183723][ T5981] usb 10-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  380.186343][ T5981] usb 10-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  380.188669][ T5981] usb 10-1: Manufacturer: syz
[  380.241946][ T5981] usb 10-1: config 0 descriptor??
[  380.611850][ T5981] rc_core: IR keymap rc-hauppauge not found
[  380.614336][ T5981] Registered IR keymap rc-empty
[  380.650776][ T5981] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  380.661921][ T5981] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input19
[  380.743572][T15281] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2520'.
[  380.902781][ T5976] usb 11-1: new high-speed USB device number 23 using dummy_hcd
[  381.055651][ T5976] usb 11-1: config 0 has no interfaces?
[  381.057908][ T5976] usb 11-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  381.061209][ T5976] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.065586][ T5976] usb 11-1: config 0 descriptor??
[  381.092850][ T3224] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  381.242840][ T3224] usb 9-1: Using ep0 maxpacket: 8
[  381.245941][ T3224] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  381.248559][ T3224] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  381.251451][ T3224] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  381.254672][ T3224] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  381.258205][ T3224] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  381.260735][ T3224] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.316630][T15273] netlink: 212408 bytes leftover after parsing attributes in process `syz.6.2518'.
[  381.319436][T15273] net_ratelimit: 28 callbacks suppressed
[  381.319445][T15273] netlink: zone id is out of range
[  381.322648][T15273] netlink: zone id is out of range
[  381.324313][T15273] netlink: zone id is out of range
[  381.325876][T15273] netlink: zone id is out of range
[  381.327412][T15273] netlink: zone id is out of range
[  381.328949][T15273] netlink: zone id is out of range
[  381.330473][T15273] netlink: zone id is out of range
[  381.331994][T15273] netlink: zone id is out of range
[  381.333599][T15273] netlink: zone id is out of range
[  381.335163][T15273] netlink: zone id is out of range
[  381.485543][ T5975] usb 11-1: USB disconnect, device number 23
[  381.486810][ T3224] usb 9-1: GET_CAPABILITIES returned 0
[  381.497229][ T3224] usbtmc 9-1:16.0: can't read capabilities
[  381.692092][ T3224] usb 9-1: USB disconnect, device number 9
[  381.824262][T15295] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2524'.
[  382.147932][T15298] serio: Serial port ptm0
[  382.218806][T15298] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2525'.
[  382.636642][T15311] FAULT_INJECTION: forcing a failure.
[  382.636642][T15311] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  382.642058][T15311] CPU: 0 UID: 0 PID: 15311 Comm: syz.7.2528 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  382.645161][T15311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  382.648213][T15311] Call Trace:
[  382.649458][T15311]  <TASK>
[  382.650566][T15311]  dump_stack_lvl+0x16c/0x1f0
[  382.652336][T15311]  should_fail_ex+0x497/0x5b0
[  382.654088][T15311]  _copy_to_user+0x32/0xd0
[  382.655757][T15311]  simple_read_from_buffer+0xd0/0x160
[  382.657786][T15311]  proc_fail_nth_read+0x198/0x270
[  382.659660][T15311]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  382.661797][T15311]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  382.663843][T15311]  vfs_read+0x1df/0xbe0
[  382.665410][T15311]  ? __fget_files+0x1fc/0x3a0
[  382.667160][T15311]  ? __pfx___mutex_lock+0x10/0x10
[  382.669035][T15311]  ? __pfx_vfs_read+0x10/0x10
[  382.670782][T15311]  ? __fget_files+0x206/0x3a0
[  382.672555][T15311]  ksys_read+0x12b/0x250
[  382.674293][T15311]  ? __pfx_ksys_read+0x10/0x10
[  382.675735][T15311]  __do_fast_syscall_32+0x73/0x120
[  382.677683][T15311]  do_fast_syscall_32+0x32/0x80
[  382.679489][T15311]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  382.681834][T15311] RIP: 0023:0xf7f6f579
[  382.684573][T15311] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  382.684587][T15311] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  382.684600][T15311] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50c6620
[  382.684607][T15311] RDX: 000000000000000f RSI: 00000000f7403ff4 RDI: 0000000000000000
[  382.684614][T15311] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  382.684620][T15311] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  382.684627][T15311] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  382.704537][T15311]  </TASK>
[  382.722916][ T5975] usb 10-1: USB disconnect, device number 7
[  383.211528][T15317] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  383.219179][T15317] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  383.221420][T15317] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  383.230777][T15317] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  383.257727][    C2] hpet: Lost 1 RTC interrupts
[  383.268637][T15317] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  383.290238][T15317] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  383.304049][T15317] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  383.332351][T15317] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  383.356913][T15317] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  383.612756][T15341] FAULT_INJECTION: forcing a failure.
[  383.612756][T15341] name failslab, interval 1, probability 0, space 0, times 0
[  383.621014][T15341] CPU: 2 UID: 0 PID: 15341 Comm: syz.7.2538 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  383.624195][T15341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  383.627275][T15341] Call Trace:
[  383.628265][T15341]  <TASK>
[  383.629165][T15341]  dump_stack_lvl+0x16c/0x1f0
[  383.630533][T15341]  should_fail_ex+0x497/0x5b0
[  383.631912][T15341]  ? fs_reclaim_acquire+0xae/0x150
[  383.633399][T15341]  should_failslab+0xc2/0x120
[  383.634785][T15341]  __kmalloc_noprof+0xce/0x4f0
[  383.636209][T15341]  ? sock_kmalloc+0x111/0x170
[  383.637574][T15341]  ? sock_kmalloc+0x13a/0x170
[  383.638942][T15341]  sock_kmalloc+0x111/0x170
[  383.640272][T15341]  skcipher_recvmsg+0x49d/0x1020
[  383.641704][T15341]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  383.643293][T15341]  sock_recvmsg+0x1f6/0x250
[  383.644627][T15341]  ____sys_recvmsg+0x219/0x6b0
[  383.646049][T15341]  ? __pfx_____sys_recvmsg+0x10/0x10
[  383.647574][T15341]  ? find_held_lock+0x2d/0x110
[  383.648977][T15341]  ___sys_recvmsg+0x115/0x1a0
[  383.650345][T15341]  ? __pfx____sys_recvmsg+0x10/0x10
[  383.651850][T15341]  ? __fget_files+0x1fc/0x3a0
[  383.653225][T15341]  ? trace_lock_acquire+0x14e/0x1f0
[  383.654756][T15341]  ? __fget_files+0x206/0x3a0
[  383.656165][T15341]  __sys_recvmsg+0x16b/0x220
[  383.657510][T15341]  ? __pfx___sys_recvmsg+0x10/0x10
[  383.659010][T15341]  __do_fast_syscall_32+0x73/0x120
[  383.660503][T15341]  do_fast_syscall_32+0x32/0x80
[  383.661917][T15341]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  383.663766][T15341] RIP: 0023:0xf7f6f579
[  383.665006][T15341] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  383.670439][T15341] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000174
[  383.672806][T15341] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000980
[  383.675094][T15341] RDX: 0000000040010003 RSI: 0000000000000000 RDI: 0000000000000000
[  383.677358][T15341] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  383.679618][T15341] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  383.681883][T15341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  383.684182][T15341]  </TASK>
[  383.685394][    C2] hpet: Lost 3 RTC interrupts
[  383.759007][T15343] overlay: filesystem on ./file0 not supported as upperdir
[  383.825797][T15355] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2544'.
[  384.007344][   T39] audit: type=1804 audit(1737182635.604:907): pid=15360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2545" name="/newroot/538/file1" dev="fuse" ino=1 res=1 errno=0
[  384.016179][   T39] audit: type=1804 audit(1737182635.614:908): pid=15360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2545" name="/newroot/538/file1" dev="fuse" ino=1 res=1 errno=0
[  384.706123][T15369] serio: Serial port ptm0
[  384.765164][T15374] FAULT_INJECTION: forcing a failure.
[  384.765164][T15374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.768971][T15374] CPU: 3 UID: 0 PID: 15374 Comm: syz.7.2549 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  384.772224][T15374] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  384.775362][T15374] Call Trace:
[  384.776351][T15374]  <TASK>
[  384.777221][T15374]  dump_stack_lvl+0x16c/0x1f0
[  384.778603][T15374]  should_fail_ex+0x497/0x5b0
[  384.779974][T15374]  ? __pfx_compat_drm_getunique+0x10/0x10
[  384.780405][T15369] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2546'.
[  384.781634][T15374]  _copy_from_user+0x2e/0xd0
[  384.781653][T15374]  compat_drm_getunique+0x98/0x170
[  384.781667][T15374]  ? __pfx_compat_drm_getunique+0x10/0x10
[  384.788830][T15374]  drm_compat_ioctl+0x298/0x460
[  384.790251][T15374]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  384.791805][T15374]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  384.793431][T15374]  __do_fast_syscall_32+0x73/0x120
[  384.795266][T15374]  do_fast_syscall_32+0x32/0x80
[  384.796633][T15374]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.798412][T15374] RIP: 0023:0xf7f6f579
[  384.799665][T15374] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  384.805285][T15374] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  384.807794][T15374] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0086401
[  384.810098][T15374] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
[  384.812385][T15374] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.814672][T15374] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  384.816991][T15374] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.819279][T15374]  </TASK>
[  384.844838][T15378] 9pnet_fd: Insufficient options for proto=fd
[  384.860457][T15378] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  384.862342][T15378] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  384.866203][T15378] vhci_hcd vhci_hcd.0: Device attached
[  384.894798][T15382] vhci_hcd: connection closed
[  384.895562][ T1180] vhci_hcd: stop threads
[  384.898347][ T1180] vhci_hcd: release socket
[  384.899685][ T1180] vhci_hcd: disconnect device
[  384.912191][   T39] audit: type=1326 audit(1737182636.504:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15386 comm="syz.4.2554" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706e579 code=0x0
[  384.968100][ T5942] Bluetooth: hci2: Malformed LE Event: 0x1b
[  385.181719][T15400] FAULT_INJECTION: forcing a failure.
[  385.181719][T15400] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.186047][T15400] CPU: 2 UID: 0 PID: 15400 Comm: syz.7.2556 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  385.189098][T15400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  385.192122][T15400] Call Trace:
[  385.193142][T15400]  <TASK>
[  385.193993][T15400]  dump_stack_lvl+0x16c/0x1f0
[  385.195366][T15400]  should_fail_ex+0x497/0x5b0
[  385.196683][T15400]  _copy_to_user+0x32/0xd0
[  385.197923][T15400]  simple_read_from_buffer+0xd0/0x160
[  385.199460][T15400]  proc_fail_nth_read+0x198/0x270
[  385.200923][T15400]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  385.202505][T15400]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  385.204089][T15400]  vfs_read+0x1df/0xbe0
[  385.205339][T15400]  ? __fget_files+0x1fc/0x3a0
[  385.206686][T15400]  ? __pfx___mutex_lock+0x10/0x10
[  385.208141][T15400]  ? __pfx_vfs_read+0x10/0x10
[  385.209497][T15400]  ? __fget_files+0x206/0x3a0
[  385.210850][T15400]  ksys_read+0x12b/0x250
[  385.212089][T15400]  ? __pfx_ksys_read+0x10/0x10
[  385.213582][T15400]  __do_fast_syscall_32+0x73/0x120
[  385.215129][T15400]  do_fast_syscall_32+0x32/0x80
[  385.216587][T15400]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  385.218598][T15400] RIP: 0023:0xf7f6f579
[  385.219792][T15400] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  385.225319][T15400] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  385.227716][T15400] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620
[  385.229952][T15400] RDX: 000000000000000f RSI: 00000000f7403ff4 RDI: 0000000000000000
[  385.232192][T15400] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  385.234433][T15400] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  385.236718][T15400] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  385.238966][T15400]  </TASK>
[  385.240265][    C2] hpet: Lost 3 RTC interrupts
[  385.273996][ T5942] Bluetooth: hci1: command 0x0405 tx timeout
[  385.274008][T14789] Bluetooth: hci4: command 0x0c1a tx timeout
[  385.324981][T15404] netlink: 80 bytes leftover after parsing attributes in process `syz.7.2557'.
[  385.362858][T14789] Bluetooth: hci2: command 0x0405 tx timeout
[  385.978216][   T39] audit: type=1804 audit(1737182637.574:910): pid=15426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2565" name="/newroot/544/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  386.478024][T15433] FAULT_INJECTION: forcing a failure.
[  386.478024][T15433] name failslab, interval 1, probability 0, space 0, times 0
[  386.483804][T15433] CPU: 3 UID: 0 PID: 15433 Comm: syz.7.2567 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  386.486962][T15433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  386.490103][T15433] Call Trace:
[  386.491091][T15433]  <TASK>
[  386.491960][T15433]  dump_stack_lvl+0x16c/0x1f0
[  386.493382][T15433]  should_fail_ex+0x497/0x5b0
[  386.494771][T15433]  should_failslab+0xc2/0x120
[  386.496107][T15433]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  386.497698][T15433]  ? skb_clone+0x190/0x3f0
[  386.499008][T15433]  skb_clone+0x190/0x3f0
[  386.500265][T15433]  netlink_deliver_tap+0xafd/0xca0
[  386.501757][T15433]  netlink_unicast+0x5e1/0x7f0
[  386.503135][T15433]  ? __pfx_netlink_unicast+0x10/0x10
[  386.504729][T15433]  ? __phys_addr_symbol+0x30/0x80
[  386.506216][T15433]  ? __check_object_size+0x488/0x710
[  386.507774][T15433]  netlink_sendmsg+0x8b8/0xd70
[  386.509189][T15433]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.510739][T15433]  ____sys_sendmsg+0x9ae/0xb40
[  386.512150][T15433]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.513801][T15433]  ? get_compat_msghdr+0x11b/0x170
[  386.515327][T15433]  ___sys_sendmsg+0x135/0x1e0
[  386.516737][T15433]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.518278][T15433]  ? __pfx_lock_release+0x10/0x10
[  386.519769][T15433]  ? trace_lock_acquire+0x14e/0x1f0
[  386.521325][T15433]  ? __fget_files+0x206/0x3a0
[  386.522693][T15433]  __sys_sendmsg+0x16e/0x220
[  386.524059][T15433]  ? __pfx___sys_sendmsg+0x10/0x10
[  386.525593][T15433]  __do_fast_syscall_32+0x73/0x120
[  386.527085][T15433]  do_fast_syscall_32+0x32/0x80
[  386.528532][T15433]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.530350][T15433] RIP: 0023:0xf7f6f579
[  386.531536][T15433] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  386.537104][T15433] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  386.539440][T15433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020001080
[  386.541680][T15433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  386.543875][T15433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  386.546134][T15433] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  386.548409][T15433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  386.550608][T15433]  </TASK>
[  386.809765][T15437] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  386.812269][T15437] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  386.832589][T15437] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  386.837105][T15437] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  386.839881][T15437] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  386.841653][T15437] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  386.854396][T15437] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  386.856271][T15437] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  386.903391][T15454] FAULT_INJECTION: forcing a failure.
[  386.903391][T15454] name failslab, interval 1, probability 0, space 0, times 0
[  386.907418][T15454] CPU: 3 UID: 0 PID: 15454 Comm: syz.7.2573 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  386.910781][T15454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  386.914084][T15454] Call Trace:
[  386.915075][T15454]  <TASK>
[  386.916091][T15454]  dump_stack_lvl+0x16c/0x1f0
[  386.917616][T15454]  should_fail_ex+0x497/0x5b0
[  386.918970][T15454]  ? fs_reclaim_acquire+0xae/0x150
[  386.920549][T15454]  should_failslab+0xc2/0x120
[  386.921907][T15454]  kmem_cache_alloc_node_noprof+0x72/0x3b0
[  386.923551][T15454]  ? __up_read+0x1fb/0x760
[  386.925037][T15454]  ? __alloc_skb+0x2b3/0x380
[  386.926482][T15454]  __alloc_skb+0x2b3/0x380
[  386.927757][T15454]  ? __pfx___alloc_skb+0x10/0x10
[  386.929286][T15454]  netlink_ack+0x164/0xb20
[  386.930713][T15454]  ? __pfx___lock_acquire+0x10/0x10
[  386.932229][T15454]  rdma_nl_rcv_skb.constprop.0.isra.0+0x346/0x450
[  386.934055][T15454]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  386.936375][T15454]  ? netlink_deliver_tap+0x1ae/0xca0
[  386.938040][T15454]  netlink_unicast+0x53c/0x7f0
[  386.939483][T15454]  ? __pfx_netlink_unicast+0x10/0x10
[  386.941089][T15454]  ? __phys_addr_symbol+0x30/0x80
[  386.942807][T15454]  ? __check_object_size+0x488/0x710
[  386.944348][T15454]  netlink_sendmsg+0x8b8/0xd70
[  386.945852][T15454]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.947469][T15454]  ____sys_sendmsg+0x9ae/0xb40
[  386.948933][T15454]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.950617][T15454]  ? get_compat_msghdr+0x11b/0x170
[  386.952225][T15454]  ___sys_sendmsg+0x135/0x1e0
[  386.953778][T15454]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.955352][T15454]  ? __pfx_lock_release+0x10/0x10
[  386.956992][T15454]  ? trace_lock_acquire+0x14e/0x1f0
[  386.958650][T15454]  ? __fget_files+0x206/0x3a0
[  386.959951][T15454]  __sys_sendmsg+0x16e/0x220
[  386.961128][T15454]  ? __pfx___sys_sendmsg+0x10/0x10
[  386.962414][T15454]  __do_fast_syscall_32+0x73/0x120
[  386.963797][T15454]  do_fast_syscall_32+0x32/0x80
[  386.965335][T15454]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.967289][T15454] RIP: 0023:0xf7f6f579
[  386.968476][T15454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  386.974319][T15454] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  386.976894][T15454] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000200
[  386.979177][T15454] RDX: 000000000000c094 RSI: 0000000000000000 RDI: 0000000000000000
[  386.981614][T15454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  386.983999][T15454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  386.986486][T15454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  386.988677][T15454]  </TASK>
[  387.031726][   T39] audit: type=1326 audit(1737182638.624:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15457 comm="syz.7.2575" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x0
[  387.915721][   T39] audit: type=1804 audit(1737182639.514:912): pid=15455 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2574" name="/newroot/546/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  388.018127][T15486] syz.6.2577[15486] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.018176][T15486] syz.6.2577[15486] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.021884][T15486] syz.6.2577[15486] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.070497][   T39] audit: type=1326 audit(1737182639.664:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15494 comm="syz.5.2576" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  388.210369][T15500] serio: Serial port ptm0
[  388.292899][T15500] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2579'.
[  388.594155][T15513] overlay: Unknown parameter 'func'
[  389.322327][   T39] audit: type=1804 audit(1737182640.914:914): pid=15518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2583" name="/newroot/549/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  390.060133][T15527] 9pnet_virtio: no channels available for device syz
[  390.095632][T15529] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2586'.
[  390.100497][   T39] audit: type=1326 audit(1737182641.694:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110604][   T39] audit: type=1326 audit(1737182641.704:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=306 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110626][   T39] audit: type=1326 audit(1737182641.704:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110643][   T39] audit: type=1326 audit(1737182641.704:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110660][   T39] audit: type=1326 audit(1737182641.704:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110677][   T39] audit: type=1326 audit(1737182641.704:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110694][   T39] audit: type=1326 audit(1737182641.704:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110711][   T39] audit: type=1326 audit(1737182641.704:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  390.110728][   T39] audit: type=1326 audit(1737182641.704:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15528 comm="syz.7.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f6f579 code=0x7ffc0000
[  391.313400][T15555] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2592'.
[  391.410968][T15552] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  391.438149][T15559] serio: Serial port ptm0
[  391.509498][T15559] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2593'.
[  392.410404][T15569] Cannot find set identified by id 0 to match
[  393.199239][T15585] sp0: Synchronizing with TNC
[  393.234452][ T5995] kernel read not supported for file 354/task/355/projid_map (pid: 5995 comm: kworker/2:4)
[  393.240071][T15585] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2600'.
[  394.171956][T15602] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2605'.
[  395.761469][T15620] »»»»»» speed is unknown, defaulting to 1000
[  395.767180][T15620] »»»»»» speed is unknown, defaulting to 1000
[  396.277117][T15626] netlink: 'syz.5.2611': attribute type 1 has an invalid length.
[  396.549516][T15633] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2612'.
[  396.650956][T15640] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  396.806597][   T39] kauditd_printk_skb: 15 callbacks suppressed
[  396.806613][   T39] audit: type=1326 audit(1737182648.404:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15645 comm="syz.5.2615" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  397.275458][T15652] serio: Serial port ptm0
[  397.340771][T15652] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2617'.
[  397.806488][   T39] audit: type=1804 audit(1737182649.394:940): pid=15656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2618" name="/newroot/434/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  398.242892][T15664] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  398.722804][T15673] nbd6: detected capacity change from 0 to 67108884
[  398.729061][ T7696] block nbd6: Send control failed (result -89)
[  398.731826][ T7696] block nbd6: Request send failed, requeueing
[  398.740635][T14789] block nbd6: Receive control failed (result -32)
[  398.747870][   T26] block nbd6: Dead connection, failed to find a fallback
[  398.751119][   T26] block nbd6: shutting down sockets
[  398.753532][   T26] blk_print_req_error: 3 callbacks suppressed
[  398.753544][   T26] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.759017][   T26] buffer_io_error: 3 callbacks suppressed
[  398.759024][   T26] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.767098][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.770300][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.772775][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.776469][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.778661][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.781115][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.786699][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.789984][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.793697][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.797264][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.800369][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.805507][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.811929][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.815614][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.819057][ T7696] ldm_validate_partition_table(): Disk read failed.
[  398.821662][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.825252][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.828350][ T7696] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  398.831463][ T7696] Buffer I/O error on dev nbd6, logical block 0, async page read
[  398.834317][ T7696] Dev nbd6: unable to read RDB block 0
[  398.836339][ T7696]  nbd6: unable to read partition table
[  398.886074][T15675] ldm_validate_partition_table(): Disk read failed.
[  398.895824][T15675] Dev nbd6: unable to read RDB block 0
[  398.903073][T15675]  nbd6: unable to read partition table
[  398.914148][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  398.918555][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554441, location=33554441
[  398.924839][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554185, location=33554185
[  398.930423][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554440, location=33554440
[  398.934162][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554184, location=33554184
[  398.946077][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554439, location=33554439
[  398.952747][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554183, location=33554183
[  398.957130][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554291, location=33554291
[  398.961845][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554035, location=33554035
[  398.963742][ T7696] ldm_validate_partition_table(): Disk read failed.
[  398.966631][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554289, location=33554289
[  398.968331][ T7696] Dev nbd6: unable to read RDB block 0
[  398.970627][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=33554033, location=33554033
[  398.972445][ T7696]  nbd6: unable to read partition table
[  398.979930][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  398.994735][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  399.000121][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16777220, location=16777220
[  399.005661][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16776964, location=16776964
[  399.009874][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16777219, location=16777219
[  399.013724][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16776963, location=16776963
[  399.018409][T15676] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2620'.
[  399.018511][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16777218, location=16777218
[  399.024787][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16776962, location=16776962
[  399.030286][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16777070, location=16777070
[  399.033792][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16776814, location=16776814
[  399.040260][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16777068, location=16777068
[  399.045920][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=16776812, location=16776812
[  399.049901][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  399.068215][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  399.072059][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388609, location=8388609
[  399.078502][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388353, location=8388353
[  399.082323][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388608, location=8388608
[  399.087089][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388352, location=8388352
[  399.090718][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388607, location=8388607
[  399.094232][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388351, location=8388351
[  399.098502][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388459, location=8388459
[  399.123576][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388203, location=8388203
[  399.127909][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388457, location=8388457
[  399.132372][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=8388201, location=8388201
[  399.142849][T15675] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  399.146224][T15675] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[  399.923080][T15686] block nbd7: Device being setup by another task
[  399.965919][   T39] audit: type=1804 audit(1737182651.564:941): pid=15688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2622" name="/newroot/436/file0/cgroup.controllers" dev="9p" ino=38535943 res=1 errno=0
[  399.983868][T15687] block nbd7: Device being setup by another task
[  400.304094][T14789] block nbd7: Receive control failed (result -32)
[  400.305031][T15685] block nbd7: shutting down sockets
[  400.454995][T15697] netlink: 72 bytes leftover after parsing attributes in process `syz.7.2624'.
[  400.458123][T15699] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2626'.
[  400.494667][   T39] audit: type=1326 audit(1737182652.094:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15700 comm="syz.5.2627" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x0
[  400.565508][T15703] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  400.580857][T15703] kvm: pic: level sensitive irq not supported
[  400.581657][T15703] kvm: pic: non byte read
[  400.586006][T15703] kvm: pic: level sensitive irq not supported
[  400.586311][T15703] kvm: pic: non byte read
[  400.590613][T15703] kvm: pic: level sensitive irq not supported
[  400.591126][T15703] kvm: pic: non byte read
[  400.595378][T15703] kvm: pic: level sensitive irq not supported
[  400.595654][T15703] kvm: pic: non byte read
[  400.600223][T15703] kvm: pic: level sensitive irq not supported
[  400.600483][T15703] kvm: pic: non byte read
[  400.605199][T15703] kvm: pic: level sensitive irq not supported
[  400.605483][T15703] kvm: pic: non byte read
[  400.609612][T15703] kvm: pic: level sensitive irq not supported
[  400.609861][T15703] kvm: pic: non byte read
[  400.613929][T15703] kvm: pic: level sensitive irq not supported
[  400.614192][T15703] kvm: pic: non byte read
[  400.618224][T15703] kvm: pic: level sensitive irq not supported
[  400.618472][T15703] kvm: pic: non byte read
[  400.622371][T15703] kvm: pic: level sensitive irq not supported
[  400.622610][T15703] kvm: pic: non byte read
[  401.101810][ T5942] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  401.106872][T15717] serio: Serial port ptm0
[  401.107828][ T5942] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  401.112772][ T5942] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  401.118086][ T5942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  401.125189][ T5942] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  401.132838][ T5942] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  401.147778][T14789] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  401.152617][T14789] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  401.198445][T14789] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  401.200720][T15717] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2631'.
[  401.209279][T14789] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  401.212484][T14789] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  401.215586][T14789] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  401.254077][T15718] »»»»»» speed is unknown, defaulting to 1000
[  401.256304][T15718] »»»»»» speed is unknown, defaulting to 1000
[  401.404115][T15718] chnl_net:caif_netlink_parms(): no params data found
[  401.487253][T15718] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.490026][T15718] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.492993][T15718] bridge_slave_0: entered allmulticast mode
[  401.497190][T15718] bridge_slave_0: entered promiscuous mode
[  401.500664][T15718] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.503442][T15718] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.506073][T15718] bridge_slave_1: entered allmulticast mode
[  401.509206][T15718] bridge_slave_1: entered promiscuous mode
[  401.601032][ T8521] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.637803][T15718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  401.645577][T15718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  401.702207][T15718] team0: Port device team_slave_0 added
[  401.725244][ T8521] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.733181][T15718] team0: Port device team_slave_1 added
[  401.758053][T15718] batman_adv: batadv0: Adding interface: batadv_slave_0
[  401.760070][T15718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.772953][T15718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.780378][T15718] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.782470][T15718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.791289][T15718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  401.811573][ T8521] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.846238][T15718] hsr_slave_0: entered promiscuous mode
[  401.848519][T15718] hsr_slave_1: entered promiscuous mode
[  401.850434][T15718] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  401.852561][T15718] Cannot create hsr debugfs directory
[  401.887133][ T8521] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.933444][T15737] 
[  401.934186][T15737] ======================================================
[  401.936075][T15737] WARNING: possible circular locking dependency detected
[  401.937998][T15737] 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0 Not tainted
[  401.940607][T15737] ------------------------------------------------------
[  401.943632][T15737] syz.6.2634/15737 is trying to acquire lock:
[  401.945752][T15737] ffff8880441a1968 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x446/0x1460
[  401.949017][T15737] 
[  401.949017][T15737] but task is already holding lock:
[  401.951508][T15737] ffff8880441a1438 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460
[  401.954900][T15737] 
[  401.954900][T15737] which lock already depends on the new lock.
[  401.954900][T15737] 
[  401.957952][T15737] 
[  401.957952][T15737] the existing dependency chain (in reverse order) is:
[  401.960388][T15737] 
[  401.960388][T15737] -> #5 (&q->q_usage_counter(io)#55){++++}-{0:0}:
[  401.962818][T15737]        blk_mq_submit_bio+0x1fb6/0x24c0
[  401.964375][T15737]        __submit_bio+0x384/0x540
[  401.965818][T15737]        submit_bio_noacct_nocheck+0x698/0xd70
[  401.967722][T15737]        submit_bio_noacct+0x93a/0x1e20
[  401.969388][T15737]        mpage_readahead+0x41d/0x590
[  401.970871][T15737]        read_pages+0x1a8/0xdc0
[  401.972266][T15737]        page_cache_ra_unbounded+0x3dc/0x750
[  401.973975][T15737]        force_page_cache_ra+0x24b/0x340
[  401.975570][T15737]        page_cache_sync_ra+0x110/0x9c0
[  401.977149][T15737]        filemap_get_pages+0xd7b/0x1be0
[  401.978706][T15737]        filemap_read+0x3ca/0xd70
[  401.980123][T15737]        blkdev_read_iter+0x187/0x480
[  401.981627][T15737]        vfs_read+0x87f/0xbe0
[  401.982966][T15737]        ksys_read+0x12b/0x250
[  401.984340][T15737]        do_syscall_64+0xcd/0x250
[  401.985769][T15737]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.987566][T15737] 
[  401.987566][T15737] -> #4 (mapping.invalidate_lock#2){++++}-{4:4}:
[  401.989888][T15737]        down_read+0x9a/0x330
[  401.991170][T15737]        filemap_fault+0x2e0/0x2820
[  401.992679][T15737]        __do_fault+0x10a/0x490
[  401.994080][T15737]        do_pte_missing+0x1a8/0x3e00
[  401.995625][T15737]        __handle_mm_fault+0x103c/0x2a40
[  401.997286][T15737]        handle_mm_fault+0x3fa/0xaa0
[  401.998812][T15737]        do_user_addr_fault+0x60d/0x13f0
[  402.000439][T15737]        exc_page_fault+0x5c/0xc0
[  402.001888][T15737]        asm_exc_page_fault+0x26/0x30
[  402.003383][T15737] 
[  402.003383][T15737] -> #3 (&vma->vm_lock->lock){++++}-{4:4}:
[  402.005550][T15737]        down_write+0x93/0x200
[  402.006903][T15737]        vma_link+0x26d/0x4a0
[  402.008241][T15737]        insert_vm_struct+0x197/0x3f0
[  402.009735][T15737]        alloc_bprm+0x6e0/0xc90
[  402.011075][T15737]        kernel_execve+0xb0/0x3b0
[  402.012515][T15737]        kernel_init+0x14a/0x2b0
[  402.013955][T15737]        ret_from_fork+0x45/0x80
[  402.015367][T15737]        ret_from_fork_asm+0x1a/0x30
[  402.016868][T15737] 
[  402.016868][T15737] -> #2 (&mm->mmap_lock){++++}-{4:4}:
[  402.018921][T15737]        __might_fault+0x11b/0x190
[  402.020358][T15737]        _copy_from_user+0x29/0xd0
[  402.021753][T15737]        __blk_trace_setup+0xa8/0x180
[  402.023305][T15737]        blk_trace_setup+0x47/0x70
[  402.024770][T15737]        sg_ioctl+0x7a3/0x26b0
[  402.026140][T15737]        compat_ptr_ioctl+0x6b/0xa0
[  402.027643][T15737]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  402.029318][T15737]        __do_fast_syscall_32+0x73/0x120
[  402.030925][T15737]        do_fast_syscall_32+0x32/0x80
[  402.032474][T15737]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  402.034439][T15737] 
[  402.034439][T15737] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}:
[  402.036793][T15737]        __mutex_lock+0x19b/0xa60
[  402.038271][T15737]        blk_register_queue+0x13c/0x4f0
[  402.039861][T15737]        add_disk_fwnode+0x785/0x1300
[  402.041413][T15737]        brd_alloc.isra.0+0x50a/0x7c0
[  402.042935][T15737]        brd_init+0x12b/0x1d0
[  402.044308][T15737]        do_one_initcall+0x128/0x630
[  402.045855][T15737]        kernel_init_freeable+0x58f/0x8b0
[  402.047504][T15737]        kernel_init+0x1c/0x2b0
[  402.048961][T15737]        ret_from_fork+0x45/0x80
[  402.050394][T15737]        ret_from_fork_asm+0x1a/0x30
[  402.051919][T15737] 
[  402.051919][T15737] -> #0 (&q->sysfs_lock){+.+.}-{4:4}:
[  402.054126][T15737]        __lock_acquire+0x249e/0x3c40
[  402.055653][T15737]        lock_acquire.part.0+0x11b/0x380
[  402.057187][T15737]        __mutex_lock+0x19b/0xa60
[  402.058733][T15737]        __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.060713][T15737]        blk_mq_update_nr_hw_queues+0x2a/0x40
[  402.062488][T15737]        nbd_start_device+0x15b/0xd70
[  402.064103][T15737]        nbd_ioctl+0x21a/0xfd0
[  402.065528][T15737]        compat_blkdev_ioctl+0x2f7/0x750
[  402.067131][T15737]        __do_compat_sys_ioctl+0x1cb/0x2c0
[  402.068817][T15737]        __do_fast_syscall_32+0x73/0x120
[  402.070503][T15737]        do_fast_syscall_32+0x32/0x80
[  402.071963][T15737]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  402.073966][T15737] 
[  402.073966][T15737] other info that might help us debug this:
[  402.073966][T15737] 
[  402.076735][T15737] Chain exists of:
[  402.076735][T15737]   &q->sysfs_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#55
[  402.076735][T15737] 
[  402.081069][T15737]  Possible unsafe locking scenario:
[  402.081069][T15737] 
[  402.083273][T15737]        CPU0                    CPU1
[  402.084875][T15737]        ----                    ----
[  402.086433][T15737]   lock(&q->q_usage_counter(io)#55);
[  402.088010][T15737]                                lock(mapping.invalidate_lock#2);
[  402.090251][T15737]                                lock(&q->q_usage_counter(io)#55);
[  402.092505][T15737]   lock(&q->sysfs_lock);
[  402.093800][T15737] 
[  402.093800][T15737]  *** DEADLOCK ***
[  402.093800][T15737] 
[  402.096198][T15737] 4 locks held by syz.6.2634/15737:
[  402.097701][T15737]  #0: ffff8880241b4198 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x151/0xfd0
[  402.100372][T15737]  #1: ffff8880241b40d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x20/0x40
[  402.103471][T15737]  #2: ffff8880441a1438 (&q->q_usage_counter(io)#55){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460
[  402.106890][T15737]  #3: ffff8880441a1470 (&q->q_usage_counter(queue)#39){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x1460
[  402.110465][T15737] 
[  402.110465][T15737] stack backtrace:
[  402.112176][T15737] CPU: 2 UID: 0 PID: 15737 Comm: syz.6.2634 Not tainted 6.13.0-rc7-syzkaller-00160-gad26fc09dabf #0
[  402.115298][T15737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  402.118383][T15737] Call Trace:
[  402.119363][T15737]  <TASK>
[  402.120241][T15737]  dump_stack_lvl+0x116/0x1f0
[  402.121622][T15737]  print_circular_bug+0x41c/0x610
[  402.123114][T15737]  check_noncircular+0x31a/0x400
[  402.124580][T15737]  ? __pfx_check_noncircular+0x10/0x10
[  402.126115][T15737]  ? save_trace+0x290/0xa10
[  402.127446][T15737]  ? add_lock_to_list+0x17d/0x390
[  402.128916][T15737]  __lock_acquire+0x249e/0x3c40
[  402.130334][T15737]  ? __pfx___lock_acquire+0x10/0x10
[  402.131835][T15737]  ? __pfx_stack_trace_save+0x10/0x10
[  402.133411][T15737]  ? stack_depot_save_flags+0x28/0x9e0
[  402.134921][T15737]  ? find_held_lock+0x2d/0x110
[  402.136268][T15737]  lock_acquire.part.0+0x11b/0x380
[  402.137744][T15737]  ? __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.139509][T15737]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  402.141132][T15737]  ? rcu_is_watching+0x12/0xc0
[  402.142511][T15737]  ? trace_lock_acquire+0x14e/0x1f0
[  402.144049][T15737]  ? __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.145842][T15737]  ? lock_acquire+0x2f/0xb0
[  402.147154][T15737]  ? __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.148945][T15737]  __mutex_lock+0x19b/0xa60
[  402.150268][T15737]  ? __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.152046][T15737]  ? __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.153845][T15737]  ? __pfx___mutex_lock+0x10/0x10
[  402.155448][T15737]  ? __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.157337][T15737]  __blk_mq_update_nr_hw_queues+0x446/0x1460
[  402.159095][T15737]  ? lock_acquire.part.0+0x11b/0x380
[  402.160632][T15737]  ? __mutex_trylock_common+0xea/0x250
[  402.162146][T15737]  ? __pfx___mutex_trylock_common+0x10/0x10
[  402.163841][T15737]  ? blk_mq_update_nr_hw_queues+0x20/0x40
[  402.165501][T15737]  ? rcu_is_watching+0x12/0xc0
[  402.166872][T15737]  ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10
[  402.168694][T15737]  ? __pfx___mutex_trylock_common+0x10/0x10
[  402.170366][T15737]  ? blk_mq_update_nr_hw_queues+0x20/0x40
[  402.171959][T15737]  ? __pfx___mutex_lock+0x10/0x10
[  402.173467][T15737]  ? trace_contention_end+0xee/0x140
[  402.175014][T15737]  ? __mutex_lock+0x1cc/0xa60
[  402.176385][T15737]  ? nbd_ioctl+0x151/0xfd0
[  402.177670][T15737]  ? __pfx___mutex_lock+0x10/0x10
[  402.179101][T15737]  blk_mq_update_nr_hw_queues+0x2a/0x40
[  402.180664][T15737]  nbd_start_device+0x15b/0xd70
[  402.182063][T15737]  ? bpf_lsm_capable+0x9/0x10
[  402.183389][T15737]  nbd_ioctl+0x21a/0xfd0
[  402.184657][T15737]  ? __pfx_nbd_ioctl+0x10/0x10
[  402.186077][T15737]  ? __pfx_lock_release+0x10/0x10
[  402.187508][T15737]  ? trace_lock_acquire+0x14e/0x1f0
[  402.189014][T15737]  ? __pfx_nbd_ioctl+0x10/0x10
[  402.190400][T15737]  compat_blkdev_ioctl+0x2f7/0x750
[  402.191865][T15737]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  402.193454][T15737]  ? __fget_files+0x206/0x3a0
[  402.194860][T15737]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  402.196475][T15737]  __do_compat_sys_ioctl+0x1cb/0x2c0
[  402.197999][T15737]  __do_fast_syscall_32+0x73/0x120
[  402.199477][T15737]  do_fast_syscall_32+0x32/0x80
[  402.200895][T15737]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  402.202705][T15737] RIP: 0023:0xf70ae579
[  402.203897][T15737] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  402.209418][T15737] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  402.211792][T15737] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ab03
[  402.214066][T15737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  402.216339][T15737] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  402.218586][T15737] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  402.220850][T15737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  402.223116][T15737]  </TASK>
[  402.225101][    C2] hpet: Lost 18 RTC interrupts
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  402.303837][ T8521] bridge_slave_1: left allmulticast mode
[  402.304636][T15737] block nbd6: shutting down sockets
[  402.306068][ T8521] bridge_slave_1: left promiscuous mode
[  402.310651][ T8521] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.334618][ T8521] bridge_slave_0: left allmulticast mode
[  402.336944][ T8521] bridge_slave_0: left promiscuous mode
[  402.339077][ T8521] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.516326][ T8521] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  402.521202][ T8521] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  402.525700][ T8521] bond0 (unregistering): Released all slaves
[  402.543697][T15737] syz_tun (unregistering): left allmulticast mode
[  402.556872][T15736] bond0: (slave syz_tun): Releasing backup interface
[  402.613156][ T8521] IPVS: stopping master sync thread 15153 ...
[  402.794415][ T8521] hsr_slave_0: left promiscuous mode
[  402.799749][ T8521] hsr_slave_1: left promiscuous mode
[  402.806196][ T8521] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  402.808374][ T8521] batman_adv: batadv0: Removing interface: batadv_slave_0
[  402.811664][ T8521] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  402.814516][ T8521] batman_adv: batadv0: Removing interface: batadv_slave_1
[  402.818546][ T8521] veth1_macvtap: left promiscuous mode
[  402.820193][ T8521] veth0_macvtap: left promiscuous mode
[  402.821792][ T8521] veth1_vlan: left promiscuous mode
[  402.823784][ T8521] veth0_vlan: left promiscuous mode
[  403.036206][ T8521] team0 (unregistering): Port device team_slave_1 removed
[  403.086483][ T8521] team0 (unregistering): Port device team_slave_0 removed
[  403.315081][T15714] bridge0: port 3(syz_tun) entered disabled state
[  403.320387][T15714] syz_tun (unregistering): left allmulticast mode
[  403.322926][T15714] syz_tun (unregistering): left promiscuous mode
[  403.325324][T15714] bridge0: port 3(syz_tun) entered disabled state
[  403.733126][ T8521] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.837405][ T8521] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.926134][ T8521] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  403.996101][ T8521] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.363940][ T8521] bridge_slave_1: left allmulticast mode
[  404.365734][ T8521] bridge_slave_1: left promiscuous mode
[  404.367579][ T8521] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.373187][ T8521] bridge_slave_0: left allmulticast mode
[  404.374777][ T8521] bridge_slave_0: left promiscuous mode
[  404.376832][ T8521] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.383364][ T8521] bridge_slave_1: left allmulticast mode
[  404.385388][ T8521] bridge_slave_1: left promiscuous mode
[  404.387421][ T8521] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.391152][ T8521] bridge_slave_0: left allmulticast mode
[  404.394206][ T8521] bridge_slave_0: left promiscuous mode
[  404.396980][ T8521] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.556604][ T8521] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  404.560205][ T8521] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  404.563530][ T8521] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  404.567537][ T8521] bond0 (unregistering): Released all slaves
[  404.571136][ T8521] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  404.575043][ T8521] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  404.578064][ T8521] bond0 (unregistering): Released all slaves
[  404.879745][ T8521] hsr_slave_0: left promiscuous mode
[  404.881919][ T8521] hsr_slave_1: left promiscuous mode
[  404.884748][ T8521] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  404.886894][ T8521] batman_adv: batadv0: Removing interface: batadv_slave_0
[  404.889249][ T8521] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  404.891365][ T8521] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.895242][ T8521] hsr_slave_0: left promiscuous mode
[  404.897128][ T8521] hsr_slave_1: left promiscuous mode
[  404.898955][ T8521] batman_adv: batadv0: Removing interface: batadv_slave_0
[  404.901221][ T8521] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.905351][ T8521] veth1_macvtap: left promiscuous mode
[  404.906957][ T8521] veth0_macvtap: left promiscuous mode
[  404.908572][ T8521] veth1_vlan: left promiscuous mode
[  404.910143][ T8521] veth0_vlan: left promiscuous mode
[  405.147039][ T8521] team0 (unregistering): Port device team_slave_1 removed
[  405.192926][ T8521] team0 (unregistering): Port device team_slave_0 removed
[  405.544255][ T8521] team0 (unregistering): Port device team_slave_1 removed
[  405.549790][ T8521] team0 (unregistering): Port device team_slave_0 removed
[  406.120689][ T8521] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
06:44:09  Registers:
info registers vcpu 0

CPU#0
RAX=00000000010d6d24 RBX=0000000000000000 RCX=ffffffff8b1a8889 RDX=ffffed1005686fee
RSI=ffffffff8bb17300 RDI=ffffffff81703079 RBP=fffffbfff1b52ef8 RSP=ffffffff8da07e20
R8 =0000000000000000 R9 =ffffed1005686fed R10=ffff88802b437f6b R11=0000000000000001
R12=0000000000000000 R13=ffffffff8da977c0 R14=ffffffff901cf850 R15=0000000000000000
RIP=ffffffff8b1a9c6f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f72369c0 CR3=000000006f8a2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000f475a6c298 RBX=ffff88802b528400 RCX=00000000000006e0 RDX=00000000000000f4
RSI=ffff88802b528400 RDI=0000000000369132 RBP=0000000000369132 RSP=ffffc9000047fc48
R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=0000000000000001
R12=0000000000000001 R13=0000000000000019 R14=0000000000000001 R15=ffff88802b52ca80
RIP=ffffffff814660c5 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020022000 CR3=0000000025762000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f29e7fbd5a0f9a10 ef445cd7bb9ba823
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 04db010b48fb9824 8fc429b7e50e533f
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7b0c5c77e0acad97 5389867a3b9f6869
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 08ef6a663d7771ac 52b72bff25595c99
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001980
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a000000f46cc99b 0a0000007884f09a
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d1a3809ab693f9b6 7e00000096f7ef84
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ef72f60052ac9006 0000f468b693f9b6
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f944e00f46e03fe 0000f46df4678e39
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9ef1accdd5c4d62a 39c72b78e8f2a6e4
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8da7263d9961690d cd8d038b441fada1
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85146355 RDI=ffffffff9a66a200 RBP=ffffffff9a66a1c0 RSP=ffffc9002482f000
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=0000000000000037 R14=ffffffff851462f0 R15=0000000000000000
RIP=ffffffff8514637f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff88802b600000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000033f06ffc CR3=000000002385c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000530b44 RBX=0000000000000003 RCX=ffffffff8b1a8889 RDX=ffffed10056e6fee
RSI=ffffffff8bb17300 RDI=ffffffff81703079 RBP=ffffed10039df488 RSP=ffffc9000049fe08
R8 =0000000000000000 R9 =ffffed10056e6fed R10=ffff88802b737f6b R11=0000000000000001
R12=0000000000000003 R13=ffff88801cefa440 R14=ffffffff901cf850 R15=0000000000000000
RIP=ffffffff8b1a9c6f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7398e3c CR3=000000005b1ce000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000