last executing test programs:

3.480873451s ago: executing program 3 (id=383):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket(0x0, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x201}, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000300), 0x6)
recvmmsg(0xffffffffffffffff, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=r4], 0x90}}, 0x0)

2.988761304s ago: executing program 2 (id=388):
socket$netlink(0x10, 0x3, 0x0) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
sched_setaffinity(0x0, 0xfffffffffffffe58, &(0x7f00000002c0)=0x2) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) (async)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000017000000040006"], 0x20}}, 0x0) (async)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3) (async)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=@newtaction={0xf4c, 0x30, 0x220, 0x0, 0x0, {}, [{0xf38, 0x1, [@m_skbedit={0x9c, 0x0, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8}]}, {0x65, 0x6, "769f4f615bc3d2ebeb9eaadfc0dae4c22ba98da5b80964c0f2a18de9803271ba55faf9ca6409be186b9cf9b5ed0524085efad60aef76be015f5f1662d03dc499499ba782f0916a79f74606fa5e9f59de521bb3ce23891f34bc4f79738f5fe5bc8c"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_pedit={0xe98, 0x3, 0x0, 0x0, {{0xa}, {0xe6c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe68, 0x4, {{{0x5, 0x1d, 0xffffffffffffffff, 0x0, 0x5de}, 0x4, 0x59, [{0xf, 0x6, 0x4, 0x6661, 0x6, 0x9}, {0xe, 0x1, 0x7, 0x7, 0x4}, {0x0, 0x4, 0x5, 0x80000, 0xffff, 0x400}]}, [{0x5, 0x6266, 0x1ff, 0x6, 0x78, 0x59e}, {0x3, 0x3ff, 0xa, 0x4, 0x6, 0xffffffff}, {0x8, 0x4, 0x10000, 0x3, 0x1}, {0x3, 0xffffffc0, 0x7, 0x4, 0x8000, 0x401}, {0xe5, 0xb9d, 0x4, 0x9, 0xd001}, {0x80000001, 0x2, 0x400, 0x1ff, 0xb, 0x2c}, {0x0, 0x8, 0x3, 0xfffffff8, 0x8d4, 0x8001}, {0xe4d7, 0x4, 0x3, 0x6, 0xf, 0x80}, {0x40000000, 0x9b, 0x429d, 0x8, 0x0, 0x8000}, {0x3, 0xff, 0x594, 0x45d5, 0x0, 0x8001}, {0xc2b0, 0x9, 0x1, 0x3, 0x2d, 0xd}, {0x6, 0x8, 0x9e, 0x0, 0x0, 0x8}, {0x8, 0xfffffff8, 0x3cf, 0xac, 0x0, 0x9}, {0x9, 0x3, 0x7, 0x8, 0x7, 0x5}, {0x7, 0xffff, 0xd, 0x1ff, 0x9, 0x3}, {0x40, 0x9, 0x4, 0x20000000, 0x10000, 0x4}, {0x6, 0x2, 0x8, 0x2, 0x0, 0x3}, {0xfffffff9, 0x9, 0x521e, 0x3e7, 0x147, 0x3254}, {0x4, 0x5, 0x9210, 0x8, 0x8, 0x7}, {0xa, 0x3, 0xd, 0x0, 0x5, 0x7}, {0x10001, 0x3, 0xa, 0x1, 0x1, 0x9}, {0x5, 0x7290, 0x8, 0x1, 0x7fffffff, 0x5}, {0x5, 0x608e, 0x9, 0x6, 0x9, 0x9}, {0x2, 0xfff, 0x7, 0xff, 0x7, 0x5}, {0x8, 0x4, 0xa5c8, 0x6f6e, 0x0, 0x88}, {0xd41, 0x8, 0x2, 0x7f, 0xfffffffc, 0x80000000}, {0xf0000000, 0x4, 0x3000000, 0x1, 0x60, 0x4}, {0x5, 0x0, 0x10, 0xbe, 0x2, 0xc}, {0x1, 0x8, 0x2, 0xfffffffa, 0x3000, 0x5}, {0x10000, 0x5, 0x0, 0x800, 0x380, 0x5}, {0x5, 0x8f, 0x2, 0x8, 0x5}, {0x6690a01, 0x2, 0x96d9, 0x1, 0xf, 0x4}, {0x5, 0x1, 0x3, 0x7, 0x4, 0x7ff}, {0x8, 0x7f, 0x8, 0x0, 0x101, 0x2}, {0xa, 0x2, 0x7, 0x461f, 0xffff, 0x4}, {0x8, 0x3, 0xa, 0x7fff, 0x5, 0xffff}, {0x6, 0x3, 0x6, 0x1ff, 0x9, 0x2}, {0x8, 0xffffff4c, 0x3, 0xcb71, 0x6}, {0x3, 0x8, 0x6, 0x401, 0x6, 0x5}, {0x9, 0xf, 0x0, 0x1, 0x3, 0x8d}, {0x1, 0x1, 0x10001, 0x4, 0x2, 0x1}, {0x4, 0x8, 0x19ff, 0x2, 0x0, 0x5}, {0x0, 0x4, 0x3, 0x2, 0x800, 0x3}, {0xfffffffc, 0x10001, 0x0, 0x1, 0x0, 0x2}, {0x8, 0x800, 0x2, 0x3ff, 0x7, 0x9}, {0x3, 0x2, 0x0, 0x0, 0xfffffeff, 0x3}, {0x10000, 0x10000, 0x7, 0x80000001, 0xfffffffd}, {0x1ff, 0xffffffff, 0x100, 0xd3, 0x4, 0x81}, {0xca, 0xf, 0xfffffffa, 0x1ff, 0x6d, 0x9}, {0x7, 0x1, 0x1, 0x9, 0x0, 0x401}, {0x7, 0x7, 0x6, 0x7, 0x8, 0x3}, {0x9902, 0xd, 0x7, 0xc, 0x3, 0x22000}, {0x4, 0x80, 0xb, 0x18, 0x1, 0x9}, {0x3, 0x40, 0x1, 0x9, 0x925, 0x3ff}, {0x0, 0xffff, 0x3, 0xffff7fff, 0x4, 0x5}, {0x4, 0x4, 0xed75, 0x8000, 0xac, 0x6}, {0x1, 0x2, 0x0, 0x30, 0x7963, 0x8000}, {0x5, 0x1, 0x590150d8, 0xfffff316, 0x9, 0x5}, {0x5, 0x8, 0x10000, 0xe, 0x6, 0x21f}, {0x0, 0xfffffffd, 0x1, 0x0, 0x6, 0x4}, {0xf, 0xa, 0x4, 0xe857, 0x3ff, 0x37}, {0x7, 0xf, 0x0, 0x4, 0x3, 0x10001}, {0x8001, 0x7fff, 0x1, 0x9, 0x3, 0x5}, {0x5, 0xbf93, 0x7, 0xa, 0x8, 0x8}, {0x7, 0x10d4, 0x5, 0x4, 0x5, 0x3ff}, {0x7, 0x7f, 0x3, 0x5, 0x4c, 0x1}, {0x9, 0xe7f, 0xffffffff, 0x9, 0xffff0001, 0x2}, {0x9, 0x10001, 0x5, 0xa37a8240, 0x7, 0x831}, {0xfffffeff, 0x8, 0x6, 0x3, 0x0, 0xfffff378}, {0x83da, 0x7fffffff, 0x2, 0x1, 0x9, 0xa9e7}, {0xb46, 0x6, 0x4c, 0x62, 0x6, 0x305}, {0x40, 0x5, 0x7, 0xfff, 0x400, 0x9}, {0xd, 0x29e, 0x8, 0x76, 0x8b0c, 0x400}, {0x8, 0x80000000, 0x8, 0x9, 0x8001, 0x4}, {0xfffffffe, 0x5, 0x0, 0x6cd7c1bc, 0x4, 0x6}, {0x7, 0x6, 0x9, 0x80000000, 0x3, 0xca3f}, {0xffffffff, 0x4, 0x5, 0x3b, 0x8000000, 0x8}, {0x80000001, 0x3, 0x322, 0x6, 0xc1c9, 0x4}, {0x3, 0x6, 0x9, 0x1ff, 0x9, 0x1}, {0x401, 0x8, 0x3, 0x3ff, 0xb52a, 0x3}, {0x0, 0xbcd, 0x3, 0xff, 0x3, 0x2}, {0xc, 0xffffff69, 0x1, 0x8000, 0x2, 0x6}, {0x1, 0x3ff, 0x7ff, 0x4, 0x6, 0x88bb}, {0x5, 0x400, 0x6, 0x8, 0x2, 0x1}, {0x2, 0x9, 0x5, 0x4, 0xde2b, 0x5}, {0x2, 0x4ed, 0x3, 0x1, 0x101, 0x80000001}, {0x3, 0x4, 0x5, 0xf81, 0x0, 0x3}, {0x1, 0x5, 0x3, 0x7, 0x3, 0x8}, {0x7fff, 0xfffffffe, 0x10, 0x4, 0x40, 0x2}, {0x4, 0x3, 0x6, 0x8, 0x1, 0x1}, {0x2, 0xfffffff7, 0x0, 0x1, 0x5, 0xfffffff7}, {0x9, 0x7, 0x2, 0xf0, 0x3, 0xfffeffff}, {0x2, 0x8, 0x35d, 0x8000, 0x8, 0x8004}, {0x7, 0x400, 0x8, 0x3ff, 0x101, 0xc}, {0x8001, 0x3f4, 0x12, 0xf, 0x4}, {0xffffff8f, 0x1, 0xab4, 0xfffffff6, 0x8, 0x6}, {0x6970, 0xe7, 0x1ff, 0x200, 0x7fff, 0x9}, {0x4f, 0x6, 0x7, 0x3, 0x6, 0x78df}, {0xf, 0x5, 0x2, 0x1, 0x9, 0x40}, {0x0, 0x4000, 0x10000, 0x48a5842e, 0x8001, 0x3}, {0x0, 0x0, 0x4, 0x0, 0x9, 0x1}, {0x3, 0x5b5b, 0x800, 0x8, 0x10, 0x8}, {0x3, 0xf425, 0x5, 0x2, 0x5, 0x5}, {0x3, 0x5, 0x1b86, 0xfd, 0x35, 0x101}, {0x7, 0xf15, 0x4, 0xb81, 0x8, 0x6}, {0x2, 0x5, 0xb282, 0x40, 0x7, 0x7fffffff}, {0x2, 0x2, 0x1, 0x6, 0x585b, 0xfffffffc}, {0x10000, 0x51, 0x8, 0x7, 0xfffffff9, 0x5}, {0x8, 0x7, 0x4, 0x80000001, 0x7f, 0x1}, {0x4a4d, 0x200, 0x2, 0x7, 0x8, 0xfffffffd}, {0x0, 0x1, 0xb8, 0x8, 0x2536bf60, 0x1}, {0x7, 0x8, 0x9, 0x7fff, 0x4, 0x800}, {0x4, 0x400, 0x6, 0x1, 0x0, 0xb}, {0x2, 0x5, 0x5, 0x8, 0xf, 0x3}, {0x8000, 0x5, 0x4, 0xe934, 0xfff}, {0x0, 0x4, 0x28, 0x505e, 0xae, 0x4}, {0x3, 0x8, 0x0, 0x2e, 0xb, 0x7}, {0x100, 0x4, 0x101, 0x0, 0xa93e, 0x9}, {0x1, 0x3, 0x3, 0xfd8, 0x80, 0x5}, {0x7f, 0x1ff, 0x0, 0xf, 0x40, 0x7fffffff}, {0x5, 0xd6, 0x3, 0x7, 0x0, 0x2}, {0xc6f, 0x2, 0x1f6, 0x8, 0x0, 0x80000001}, {0x3, 0x7, 0x4, 0xd8e8, 0x2, 0x2}, {0x80, 0x1, 0x2, 0x5bd, 0xf6}, {0x6, 0x6, 0x4, 0x10001, 0x7fff}, {0x8, 0x7, 0x4, 0x8000, 0x3, 0xa35}, {0x1, 0x0, 0x40, 0x3, 0xffff, 0x8001}, {0xfffffff4, 0xaa16, 0x2, 0xffffffff, 0x6, 0x7}], [{0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x2}, {0x0, 0x1}, {0x3}, {}, {0x4, 0x1}, {0x5, 0x1}, {0x3}, {0x4}, {}, {}, {}, {0x1}, {0xfd804372256de54b}, {0x5}, {0x5}, {0x5}, {0x5}, {0x4, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x5, 0x1}, {0x5}, {0x3, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x4}, {0x1, 0x1}, {}, {0x2}, {0x5, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x3a93368492679cc9}, {0x3}, {0x1, 0x9ae6aef5f8d88d0a}, {0x5, 0x1}, {0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x4}, {0x5, 0x1}, {0x5}, {0x1, 0x1}, {0x1, 0x1}, {0x1}, {0x5}, {0x4}, {}, {0x5, 0x1}, {0x1}, {0x3}, {0x2}, {0xbf741bcab8b8ad9e, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x3, 0x1}, {0x4, 0x5fd7fca89de5b9b1}, {0x0, 0x1}, {0x99bb152abf066dea, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x4, 0x144597df8aad735b}, {0x1}, {0x0, 0x1}, {0x5}, {0x4}, {0x6, 0x1}, {0x4}, {0x1}, {}, {0x0, 0x1}, {0x1, 0x1}, {0x3}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x4, 0x7706b90f9fbcf628}, {0x5}, {0x3, 0x1}, {0x2}, {}, {0x3}, {0x1, 0x1}, {0x5}, {0x1}, {0x1}, {0x3, 0x1}, {0x5}, {0x2, 0x1}, {0x4}, {0x3, 0x1}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x1}, {0x3, 0x1}, {0x4}], 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf4c}}, 0x0) (async)
readv(0xffffffffffffffff, 0x0, 0x0) (async)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x18, "000080f100df000000a7d9de16c708db7200"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) (async)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) (async)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)=ANY=[], 0x58}}, 0x48001) (async)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) (async)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="f3ff0006", @ANYRES16=0x0, @ANYBLOB="000000000000000000000a0000001400038008000100000000000800030000000000"], 0x28}}, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000004"], 0x24d8}], 0x1}, 0x0) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
chdir(0x0) (async)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)

2.590890298s ago: executing program 3 (id=389):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad000000", 0x4) (async)
sendmmsg$unix(r2, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}, 0xfffffdef}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) (async)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000f5000003"], 0xfdef) (async, rerun: 64)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x5, 0x100) (rerun: 64)

2.340884013s ago: executing program 3 (id=391):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x6000, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000070000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

2.190195106s ago: executing program 0 (id=392):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010000000000000000009900000008000300", @ANYRES32=r1], 0x1c}}, 0x0)

2.130929462s ago: executing program 0 (id=393):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket(0x0, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r2, 0x1, 0x29, 0x0, 0x0)
write$binfmt_misc(r2, &(0x7f0000000300), 0x6)
recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0)

2.130596358s ago: executing program 3 (id=394):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_setup(0x8, &(0x7f00000002c0))
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0x6, 0x200000)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r2, 0x4140, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x6, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}, {0x7fff, 0x80, 0xfe, 0x3}, {0xa7, 0xe, 0x80}, {0x9, 0x6, 0x5, 0xb}, {0x6, 0x9, 0x3, 0x7}]}, 0x8)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f1"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
getsockname$packet(r3, &(0x7f0000000340)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c0000eebcf4e14e0a7914bacc41f2e96edcd9ed84f22be0494d9e34b1b59e8110d429d66f6d88d77401b2e0bfd277e5c711ff1fce2ce7c5c4bff0e85c3cf96c879d4c033f38b4faafc3061df6715891", @ANYRESOCT=r5, @ANYRES16, @ANYBLOB="b5d8c25ddac8020ee27e0237419b502e70e78b9611e6e484f04c346668558e032c6d402e68c2be76aabb8c2c49667ddde85928a3855826e9062cd990f832d00791ca53e7cac6702d5397cfcbaeaa382dc3f130d5be9a0f15bd0629e31d690042985d807d5af887e3555bf944f7ea96d1998d21730394017dfa060a34645621123509971899b078aeb53e8a7e4e6b865d2c5e5ade", @ANYRES16], 0xffffff77}}, 0x4020010)
connect$inet(r5, &(0x7f0000003580)={0x2, 0x4e22, @dev}, 0x10)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r8 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$MON_IOCX_GETX(r8, 0x4018920a, &(0x7f0000000d80)={&(0x7f00000000c0), &(0x7f0000002180)=""/4115, 0x1013})
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x58}}, 0x0)

1.322700218s ago: executing program 0 (id=395):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
modify_ldt$write(0x1, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
modify_ldt$read(0x0, &(0x7f0000001880)=""/4096, 0xfffffffffffffff0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1400000007060500000000000000000000000005714ae6b98e37f7d2"], 0x14}}, 0x4)

1.130461013s ago: executing program 0 (id=396):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
io_uring_setup(0x177f, &(0x7f0000000340)={0x0, 0x5a27})
syz_open_procfs(0x0, &(0x7f0000000380)='oom_adj\x00')
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a4693986852ffffae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f99530c53c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$inet_sctp(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

1.080726097s ago: executing program 2 (id=397):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket(0x0, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x201}, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r2, 0x1, 0x29, 0x0, 0x0)
write$binfmt_misc(r2, &(0x7f0000000300), 0x6)
recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0)

1.076008117s ago: executing program 0 (id=398):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0xfffc}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48)
r1 = socket$kcm(0x10, 0x2, 0x4)
close(r1)
socket$kcm(0x10, 0x3, 0x0)
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c0000007a006bcd9e3fe3dc6e08000007000000020000007ea60864160af36504005425198bc3488bc3a0e69ee517d34460bc24eab556a705251e6182949a3651f668c3664402682fb6e27bbfa83b5cae0300c9f4d1938037e786", 0x5b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000240), 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000060000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = eventfd2(0x0, 0x0)
r5 = io_uring_setup(0x527f, &(0x7f0000000040)={0x0, 0xfffffffe})
dup3(r4, r5, 0x0)
writev(r4, &(0x7f0000000040)=[{&(0x7f00000000c0)}, {&(0x7f0000000140)="eedc4277530031e7", 0x8}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='sched_wake_idle_without_ipi\x00', r3}, 0x10)
pselect6(0x40, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1000000000000000}, 0x0, &(0x7f0000000680)={0xff}, 0x0, 0x0)

829.905668ms ago: executing program 3 (id=399):
fsopen(&(0x7f0000000080)='sysfs\x00', 0x0) (async)
fsopen(&(0x7f0000000080)='nfs\x00', 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c) (async)
syz_open_procfs(0x0, &(0x7f0000000100)='mountstats\x00')
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000a40)=[{{&(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000000)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x6, @multicast}, 0x2, {0x2, 0x0, @loopback}, 'veth0_to_bond\x00'}) (async)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00002cbd7000fcdbdf256500000008000100070000000c1003800810008004100200df87c0b1a1d3cdd4cf397aa35d32fec0a86cca53a9f77e59f498affe7be88edadefcb794f686d4cc514896d4300d58fd0b4bacc823ac0d90784d717cc4f2f9cac739475b5e661d4715edc3463426630d54319cf22a59e55d7d90e700af64bf3ff4a2794132e1b9179ffb79658b949e381d5e929010bee78ef9ebe23605484028bb39aa05d8e7c9a042178cb72b82a8b0aa6d6c16b1b489a06260413fda5009d70127a3ac3384efdcc94dd52a48753ddbf77c1ed81e781fd5ee6990378eaf3cc7e34e7b0996e2e6aa1e7bb201c4e43cf2f55ef3f4f1f78c1307df2f9f894d6cfa1639529e96666a8de908b496c1c294e0c7c260e89e6f9afa2f6aa33a5a7ebc529371c87d3f51037e71ea784d0e646fd132b95c98a785eb243320bf224c529818bf1cb1d283fd79ba9eec72b85def23bad5e0077b175935f4494fb7ddb2eb53df1748be56f5e6d8ea509ddd566306ee5e7aa77669894fc09956d2ec0bd9c5c5a0a6df1f0f168399e48e09f14cfee69fe1a8b33925eb9e8652172c881942b9212f8993350d6d153cbcedac135f3cca89a438c36249d0d2edf5d6afdd73408364570bbceb43a02c885cbbe92ebabe4d4c23059de68a4eaee67c7420e9933a04c26d28f407906957207f6d4800c6c3a45d067c7dc7a56d6a7a93e8794e17049a199fcdf0ca5839ed7cc5162de1ea1425a4e43e1de17c798665987f2bead1accc672c58f154f748a5f52a763b73645fd1c09a265dcf739e72c65caea433840a1d6272d6de9a45c1760823a708be23d7b63fb344502edadf27ec7e74c680a88e0dae6a000d7cb77366a764cf8ac3139bf3e5c5d024aa41c76535f1acc26c660b387b6e51bacac5ea64868bcde5"], 0x1028}}, 0x0) (async)
mkdir(&(0x7f0000000040)='./bus\x00', 0x0) (async)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000002000000000000a20000000140a05000000000000400000000000020c000640000000d4170000041400000011000100000000000000000000000092378fb7bd10de247c0a"], 0x48}, 0x1, 0x0, 0x0, 0x24000094}, 0x0) (async)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x5) (async)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0xeabb1df21dec8b8d, 0x0) (async)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400), 0x1, 0x0)

750.759986ms ago: executing program 2 (id=400):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x2, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0xffff}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x19}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

750.47454ms ago: executing program 3 (id=401):
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
write$FUSE_WRITE(r1, &(0x7f00000000c0)={0x18}, 0xfdef)
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11)
r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x18)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x42}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x83}, @NFTA_EXTHDR_LEN={0x8}]}}}]}]}], {0x14}}, 0x8c}}, 0x0)
faccessat2(r5, &(0x7f0000000480)='./file0\x00', 0x0, 0x0)
umount2(&(0x7f0000001540)='./file0\x00', 0x2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8}, @NFTA_NAT_FAMILY={0x8}, @NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x80}}, 0x0)
dup3(r2, r3, 0x0)
sendmsg$IPSET_CMD_GET_BYNAME(r1, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x50, 0xe, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0xc890}, 0x40)
ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f0000000040))
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

680.815731ms ago: executing program 2 (id=403):
r0 = socket$alg(0x26, 0x5, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001480)='.', 0x1}], 0x1, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
io_setup(0x20000000001005, &(0x7f0000000880)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r1, &(0x7f0000000080)='=', 0x11}])
r3 = syz_open_dev$vcsa(&(0x7f0000000000), 0xfffffffe, 0x40)
write(r3, &(0x7f0000000800)="240000001e005f031420000000000000000000000100000000000800080008c013000000", 0x24)

550.492669ms ago: executing program 2 (id=404):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
umount2(&(0x7f0000000080)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
socket$kcm(0x2, 0xa, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000054850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
tkill(r2, 0xb)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
getpid()
r4 = openat$vcsu(0xffffff9c, &(0x7f00000002c0), 0x101000, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r4, 0xc0405405, &(0x7f0000000380)={{0xffffffffffffffff, 0x3, 0x5, 0x2, 0xf006}, 0x24, 0x7, 0x3})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x3c}, {0x6}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0e000000040000000440cfe270591f3b0629508b1537fad229600f89d465d04b00b8368b7e5fce1c401040c39d5eac92677387acafaf12824252294379bb33ada86c8f8cefc1935fb6f75765ef687a3db6248036e3dda2824dd2cd9c1b313fdadc15a9e7af98b433bc2ded8cf1861820c9382e36bc416c4d254d2dca6044a56b18236a7308264457a4c19d4c6de3b4298b1f3553fa3f37b1697eb49759d4f270a762f374104acc1431e3", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000500"/28], 0x48)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000240), 0x0, &(0x7f0000000540)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]})
r5 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r5, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xbc}, @printk={@lli}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x7, 0x10001, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000440)=r7, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, r7}, 0x38)
creat(&(0x7f0000000100)='./bus\x00', 0x0)

498.039983ms ago: executing program 1 (id=406):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
r1 = getpgrp(0xffffffffffffffff)
syz_clone3(&(0x7f0000000340)={0x400, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x38}, &(0x7f0000000100)=""/234, 0xea, &(0x7f0000000240)=""/133, &(0x7f0000000300)=[r1], 0x1}, 0x58) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000700)={0x8, 0x7f, 0x9758, 0x9a, 0x5, "5393cab75ea66bfef2a65ecb5cd8f87c04ea9b"})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r3 = accept4$ax25(0xffffffffffffffff, &(0x7f00000003c0)={{0x3, @bcast}, [@netrom, @bcast, @default, @remote, @bcast, @default, @default, @bcast]}, &(0x7f0000000440)=0x48, 0x800)
r4 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000480), 0x101000, 0x0) (async)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), 0xffffffffffffffff) (async)
r6 = syz_io_uring_setup(0x16ea, &(0x7f0000000200)={0x0, 0x857a, 0x800, 0x3, 0x30f}, &(0x7f0000000280), &(0x7f0000000340))
r7 = io_uring_setup(0x59b5, &(0x7f00000002c0)={0x0, 0x0, 0x20, 0x1, 0x0, 0x0, r6}) (async)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000001200)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) (async)
close_range(r7, 0xffffffffffffffff, 0x0) (async)
sendmsg$IPVS_CMD_GET_DEST(r4, &(0x7f00000006c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f0000000540)={0x10c, r5, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8001}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x34, 0x28}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x34}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xc}]}, @IPVS_CMD_ATTR_SERVICE={0x34, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x12}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x1}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xd}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x10}}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x50010}, 0x20000000) (async)
ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r3, 0xf505, 0x0)

402.584645ms ago: executing program 1 (id=407):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/stat\x00', 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd2(0xffffffff, 0x801)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f00000004c0)={0x0, 0xd001, 0x0, r4, 0xc})
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r1, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000100)='S', 0x1}], 0x1}}], 0x1, 0x7c9ce320e16db15)
sendfile(r1, r0, 0x0, 0x4000000000010046)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x2}], 0x400000000000172, 0x4000000)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4c}, [@IFLA_GROUP={0x8}, @IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x30}, 0x1, 0xffffa888, 0x0, 0x40000}, 0x0)

394.993071ms ago: executing program 2 (id=408):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040001)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x68)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
socket(0x0, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x14, 0x4, 0x6, 0x201}, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r2, 0x1, 0x29, 0x0, 0x0)
write$binfmt_misc(r2, &(0x7f0000000300), 0x6)
recvmmsg(r2, &(0x7f0000000600), 0x204083acb88ff8b, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0)

210.439666ms ago: executing program 1 (id=409):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="000000f5000003"], 0xfdef)

130.687684ms ago: executing program 0 (id=410):
pipe(0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)="ee"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000640)={0x20, 0x0, &(0x7f0000000e00)=[@request_death={0x400c6315}, @clear_death], 0x0, 0x0, 0x0})

50.120775ms ago: executing program 1 (id=411):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f088a80de0ffff00184000632f77fbac14140ee000000d62079f4b4d0f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c)

373.906µs ago: executing program 1 (id=412):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
sendfile(r0, r1, 0x0, 0x3fffff)
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2e67726f065d47693e42", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
keyctl$invalidate(0x15, 0x0)
read$FUSE(r2, &(0x7f00000077c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
r4 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'wlan1\x00', &(0x7f0000000000)=@ethtool_ringparam={0x11}})
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x207601a}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r2, &(0x7f0000002140)="4627563e95d073e9c44031e486c6c3c887234dab29bb5d4444d206b6ed7b2b3001b6ed59a692ab0f0251ebf104d3747ab90777b96df4449e5275f86a62902df16f5fba75e202cbdf6fe7cc018a76b412f6485398037d6cb464f1dcf7fda3c76e43cdf64a53f6182a0b7e6476035e8bce74d0582b1ccf32dc8b0cc3b610b143afb4d3c163308a66f2dedd0d45f392d7899f5c4d2ded35c1602f7338dea29e0dff356a32c9e921eeebf8b9845ec2a40b68a8bdcb88009c910e110de23a02648667d740186ee2a3f4a59672477230c4a3a62a1417659b1978cf2b671f836d49fd361ad0af9157916d29cb4fcc1e873a336660b639383485a5322faca6694c74f58fa428582950bd136778dff61da52778dade8b2c3331b31a89259469b0900ab4173202f6256b2d23d3feb8517556292de52662192eca03da5744515c4a92cd3f0f296209bacb28a0267776c9797a784cfd95a52f9de496a5ed70459d55041b663a70d7d471da4f86cd187fd53e667422a0fdfe5eb34e2f2b8c133f2271fe5b1e71533b698169ac8107187533e37765fbd69c327ec608249c44018e3496b2f66fb8bb942f4bd26ed687ee1f7d2a53d7233fbde91cd03f4b4db0c23ed56ff9a61e0d5a1bf6ed50c308e8af0c32b2e0b15df009046ed88d60b772e0cdbfb3d765251aae01b01660df364dce51971ea2034b316a0b0071cb1d28bb86279de377ccb5a18ce981241b5d566e248866f280d71c6775e14fad44342945663bd56ad056f79e49f8071153391f8de78b05496a5f174e812ee0b102e0421c632e4a9f8ffd87ea68df1d7e85af4b30024b2a3cf0e1106871b3427eedfe857f3bc2a021d42fc09224ece3c56e57806a2da229231cc8e3ed5dbd82fd2d3894cba01e36c2ba91a42456eb570446fa3e2eddfe30264572d5d778cbf5d676ad4bd37d11e09573a5566b3656a760c9d3030b2bcd90be0d670866010e2d33c93f223a79ca167bce1a46670db33470c75776582f26b5d9ce847493ddb34612bc829f93f473c24263246011c4ca689f62f4539550ee13b246aeeec477fb2e9e4b223f66c006303abdb003809b9cd4e993b90821750b86608882355e5f587182c1ac6c677b07c26956073ff3a78d4f325139d9c0b8aead052e73fd21b3615ea22acc084bf5060f72936796311e31c038426f0a0e6c304cd2d9c363e7a1a21752032be17adca8b476b0e571b591c9dd923b0066fd5e32e045494c0a9e1e511f147988e0a5fe9652b92ed0e015ef54e3ed2a510b9383f1938dece777ca866f1a21082052827f3a48c2f38482fe3a8286c0ff17d4c24a468a5a0ec0a2eb1165f48cf76fc07450c82294d973a1793dd58008834f0d3aba4e097ceff0ba44656c67839ff3e489975297b334ecf6c7ce4634afbe3d8ab70827563aa75ffafc43429170c3fe3854238485c5a9b567a959a746010c22a92e863e318312e0efc06ab86d1435e06aca5f4b7b7f06a78f90795545c145c9941b74adb9a31ab4f749f81665dd9308acba8d7861856b548eab226377be82611ad79c8d25b176de98003c1ea28b556a2b90360913c39f8f64f0d122c732af5a990603429b354ecd4de797e17722c66546cc38349cb09c40ea54972562734e9816c83103e0bd19451e6144d005e6ce6d6d6fc1ce90238b73d1e0aaa4ee9fd0545054cea97639a404edf3b27c0073be84961084ea685e8ace53c7d7f52b62e378d9ee167aec3e5cbd60ff36c0d3ad40181bad59f111c30e9414112fbc71ad7ede21c288c878dd2509c36f93c31dab5d091107c8e8bdcadffdcb3053eba35b44c70a6421b343922cb11c69b886db0f412e5c23f89dbaff9e5847fd749e28356cab3999f1142449047a3a6c43bf670244e55d888f36ef1dc87bc5bb1460b6c8d1e69efca9a02ba834591906a65102c3e1c1c7dbdeccc7e261795f349d110836445d8ba19cbc699c46d4edc34942a488de1cc1140dc6acf23c8ec1f475e613c85ba025ff7ae639cb2499629eb5f5c88c4057e30bcf41767424af763c9204084856d87cd99f0da06ae6ee5b7382c1f6f2cbb2cf2dfd8320271f16ba7ebd8f0e3c742482f5426530b1ab946c7118f70aa4eac41dd78569341a0f3dd250531aaefdff4cab9e9eed7efdaa865f9b804ade79ced061a1fcd18a6c61a708fdf119841dc232cc5c4e5343cb8a82e9dd9647779bca053b5a2c43481c06ce2a593e388f5f5f4e681771021aaaf0589dac69db22c7285035d1eb89c75935fa4208b3786f2640ce9d65b0e671967dc27808fea5d17ac70a3ac2802f65d45d9c0372aeed530ee58bf04e190f50dac25139caec0b253d17af28eaed173c7043d66567188f04ea51733835c1c66ac7a634d7b90bdac4a6d1075bb277dc6ca420b24485012db44aed5a2e8099f4f3ed53bdb0b35b35905db28169b3e3b3d13ff94bdf2c9549f4a54c64b8d27098b86ff46cfd515f35b1d5a1bbf1bb29df16cdf296e804977a6b583d018c4fdb66264d5f2d9e162059017d6b6cbc6d6c2f1009717c67093f6feaafce1f242f4b730a2e714e9bba79f18c42a158425147b7b2cd9add4ac1d2c1a95b13a4f352d51982a5d967cd611911e6d0777afbc10883c6293f056acc69da89a0a64913be996466ed63f969d5ccd124cd3052d6654e6db0519449f3cbf3a2011541d26e5b76c3c192857905bcf989fd943d42aee9ebd40fee33094eae69154092e9514819ff126040ea7d43a927809149cfaffcc76cb1e332426bf0eb1ac1a3968c70030453a284a0fe39b9ebd704f0950cb5350d4c60d65566b3f24ec4636cd5bb3e23066f4d4f1814e60f286f3ad2d3c10e79c5991c8bf5fdb561723873fe0c75c7bb6ba262aa3a6655349df95f07abb0200d5b9152da4bfdd66a311b29a15755e8465b7b0d99f7f8ccefe9cb3561b5619d4c21b36c9b29442ccd5949882d0167244d84b677685d62074f63b8dc66941f317c78bb093491e2acb7207cc80fe51c22199aae878170af9fa1eb164854587007eb108f23d1c7946bf75aee50eee6fffdae24b992393bd37d268a136b3dcb1b7d2c9b9fbfe0c860b0d344f488e85de2a65a20eb057f0047d0b6b8898bdd68e21f2234a2c66b963a2d86f62297a7d1176c14acaddd4861f5bb74ee91eb3b6ba0c7328433b977e23c02ab67d82a12d620fc034f1c9c3a99a6a07ddf59eaa18384e429101dacbd93ee794e27b774242446fa433a8c03e4312ad56f6c4dfd1ad014d07932480e07caedabda36caaeaaf405dfa1a650843f2e09ae89c666ab8754d9bf9b290f4c4c9242d8f98533bfdbae191a6fbcba6bdb9096427d2d8efb5dcfbd58df7763cc445bf44a0be6de2335a395ab8157dee25794be81c3d87a7d457b52d88f86cabf91f2ec16a8e05a00f72277943737839a5242163025704c7b938f3f424ef5db6b60d3181e3ef94cbdc6516f0ecf01b52164b92f2e12ed55db595fd8de6862a3b12ebe06b19d1f93132b83b2f5ddbc9808b3ce8fa40352c84664d824edd2631a5e2fddaae887689092007d3d0f22a948f54bfd5c42bea5f0d6bf5018cee5ef232c8b6ea3f54ee6f4997c8ad5ccfd28227eeca811312375a849bdf4d343c1b0ec7035279d1bc0892ef193a74018d5ccd5ccaf0503a697b23abb44b7aa3beced0626daa5e1fbfc4d29d2804292fcc60b775f656179510168bf05929dbc92e009d94561d946f7b4b5a18c08d29678c482d90e07abb029e80546e5cee6c4a30712a9b92d556a29b2de021bd49b6398340a9363b689bedc007416bcb659c0c4b6eaa31ec4976ee4896ff87a7dfab48dc7046d44c9c2db6881f7d6b252e582eb878b0be9b24666e74e8eb565c07582f17817ea2422de5da79cb367e76b9b8a9d056de06ad0483986fef2a3b62d64d5d2128cf55499025ad0739ad3ce5e1bfa6aaac16828bdacad2f86b32ed933a2f672efd1f4a32dd23e59aed872d1015eaaf701a0ef8e1427d59728450c4f1bd561e7ef6f8e34d12ae2120a51746a5c346e739c09854caeec07af0d70dd4d9164b3ae8a098a41c081465fdb5537cb560426bc0de4b735f253dbc779b9dce429d99700cd6c0cbd778caeb56401b2bb5c1ca310ab0c91e1d9f4578b5fb3b4f0dad4c565495797e8e83603f3ef188a896fad5bfec24457e0f6f962b8613434f16acf74308171567eae5ad9ec11186a56493a5394042bd1b29fbe0ce64e5f1b0b56e8910343666d627d71c729c0c90bfae0134e117842d67b160ff50688f7b45f0ae330c2d4890732ace7795ff74b6e36466da623c8eef75528b22199c9bf589a1fcd2aca6c5fe3cce2eddabf1ddc8e87380b815ed5928222613383db7941eb9d55b45487b399a9a35ca4cbd9eaf08c71273fc3334b0acdbd117b13697a9ae475e79a44911ce4fed1490a2ec654fe469c9ea933999dae3616b063769446cfefb4562bd124e42f62a3dd0385fe3d21029ad8fd1c58b0badd42e415a76e3e92f246629d3579dd80d940e6dd9bee3d9a6ef8a7840fb253507e718eca32ff4119eb0bcc02aa210939a3bc41704a63202139c68e276254395ab6b858f4528ea2b3a57328e0b31816de3ad85e50e7f4ec9445eaf21a8b9916ed209bb7e79a7a08c2e4e09644ab831c0ba68d05d5ebf57a9eb36bb9caa8e7ac78a8ccca1bcb03cef0c5eb31fafa6e283632c117031aa3919f72aa80a2b9b2557749951348d5294ed2414ffcbafdf976bfb7a401bedb208fe1285738df515af493047aec962bcacb8ea7bad5fc12d5bf415e66c06c4c87044e694291e104ef53850cbc7ef73ab57982d77a3f941c226a915163e8eebd256cb8a1f0130023d2c5d3be77cab39bae4449711d6f39e50cc83eefaf6cc727b1c0b3fc4f7bd110d18262cd872cee8ca95f1be8005d5b339abbde923ef2d4290d5579e4420ff2beb705c16e96101c38c31cfd05639f252730c145182e4406aab68f556e0290ccf05e25a7bf13cdb5db47a8a0841fbeb880d4f0add608d1badb8992924b548ef1426ec774ec9d86678d4c2aae8f1e3b2dfb295802f75727a308dd1b39460f26858eff99fae8d27f24ea6902adabc89311a5fd18c3d9c606db7295f25acd22624bcc753c4c3acdb3f6c563174441333b69a126e4fcc6b06165f6221539c5ed277c20dac4b7978619e10616475de88810bbac714f3651efaa59b75791080a1086c0f3f1b5edb4b3976cc936665855f6a56788d76c6e771b1c968c859fd1ba995d336d301695fc012b8031a14ca529e3e9bf622db6813417925bb4e1a7a5b786aa90f4d048f1f442a2696970dd442d3a6ee117a3e768644c99951b75e51e98de61bc7ed8eb9e87fd43ec75e948829bd19fc545cddefee7a6f068a419e216982ca4ce6ad3256f1e64d203ba1da27e9e175738124ca86a312d0dd0caae6d64751d459d8134830ebb4f4c7931aa90c1ad6fefd99ea4ded3d246236719d6fd48979ee31eaabbea385e91aea0557a58d73a63660ecee981e3da40a39fec3f01caaffafee3504e9f8dc990cc2d69c513db25f6e722ea4811f778af8a338498b6b908682aca6e02e898cb65377f820529d35707cb83ba69b16c92b571728c58188fb08ed6f6c27d6b70e963b147605714468b90966f082d7175fcbc6e770835efb6e7bac5eeaeb5b2c23eb30ecc102e647f1ff71bc6b35f629a55dd305f8ed5287e35403a91b4dc77a6df2fff354460bf563c071846c84617da4df4c46a9e359c45d217a2b096c830ac8614947d110334ca17f587d86825b2b7ae1039fc11109687c1ad0a16f0180d1700414a4694e7ab73c715436dce437a9b3dff55f62fc1ffffc33d3be037c34c9ee7a0fcfeaec1778268565663f39b69c141304c892ae80da42cc854a87c955e6d8060a731eb16ee91e8ea27f90da85196e4f034d40b85ff59eb4b7c76218342f9c9f8d3749c874562829b7ad0c786c5c25ed240aa14755ff7f5ba5298f9f6b6ec3a46ac36d6a39c59c2ecf7781da77931214ac9a8697691d933b20cb64acde409fc159d748e4f92d83ff7767260fdec04b2e80cc524a2366e8fa5b70eb8684d164dec49fa95f42e7e75daa8c268204beec1fbc58cbbe3317af0993a8676dfdb13db7875f50cebdbc629bcd605dd4c4a65c31870495fb9a9ec51c1867ca8b117a6f9507aa26cee54c4c12f8f22b9d88072639ad765bb7906435128d1c146b9e2029880eccbdf78449bd0630381ad16c13444d709a11890d80fae0d24c037180a8726143306a7cd67abbc830167f524008f9a8e3172df597a63af2e87a92e90b70ce53069657f9b46acc9da241a1b00571540ec5fed4a9acfdd0066ba248cb2bf24540d7296256d4c9a5a5bc821817ada912cdde59876d86d4c53c1d047c6bc3442c2ee78326d7c51b6d01bd4f7ff5bc45db88649220d44099b406ac2e4744996b869ea688ecb4e758e755b29717869d5dfccbf5fd553ad83de0c4cd16b3fd4913451734226e4cf29bc0a860943b3e854d8cf49f07d2bfba1c280efaa85bb8f0f8818d1e58178c338c9e46c873adc0a4b6c832aaf0878956d8a04fcc043ff307f60a263cf1bc57ad0434b6a6f99075d932ff75deb8b017cbd16b272139a4addc24749d9551ba44d5bef0536e58de5e9d0b8985f1044163d542859c699f27f033b01d1e5d4c5598bcc4279f29c56eca82cf40c3b2799277e9b0aea04ba5cdd679e3eb63ceb0eafc21c373356caadc0f5730054a0979d7e32117962af0444b7e0e75bf1d30fd1af656956367bbbddf018531833f6c383b76cd63d014c91f67b41548e558cfae6a953a78c36ba3a896b3a0bf48aaa947d042a456a48c8f323682f560f2679f53578f00746cb04c4ef12b905b37f1b1bac9c75a85d6f173d531198f150ee6dbe7fcdbed4e0baf7610b82a793c17124970924ae32c86f9b7b40a229219958cd2445fca613e264adbf29644b1f405c68ef8afff7f4c1dc86f0e578e3716fa86c53f776dc42e7d28978f1e694428560b923b5d44e3aacb18cb38d3efd90ca0812027d336b011557e9e953cbff769e9ba84b903f5fcf1e6b4ab3e210ceaac574f80607116b196b6ded8668729f9be216bfdd049e88d1cb45581701c6ca7c991488a73e6ae5decdfc6416fa69b76f82e92246ee2b29c91885be24e96ea72438499c5c421ffd199f172667adf7d257947bb47945817930a7f2f0dfc73c2a5f6002fd40b9ea51c4a0c610e9759d43c082ed0c126c0de63c5a079b4c8bac46fcc8a1f74d8929ee2b7878430e3caed5f5aad7378fcbc4d659144a7cdbd654185ffdabd9b36257993ca823990df4aa7809ee58b7a278f38085202f3618fefef67f71b39f8ed35a28b3ff47e6caa3cecdbb41b899ea7ef3179ec3d67d0e3380f61d5a57453b9b790d171e1838c68f988a6914f4b81a7a12a0f50612182de8844a5f18026bc4110a10a31a88dae4bb40a3fea22360830784cf82ccde8187d04635e7e5bc6cda8252fa77d7022ae5fdeb978315f925cdbe7cbe0e3894965795fda4b94068bee89f79f86c420b211411929b9b3074703583c0ba0703a4d282441495110dd167c228079db163febc9ea0bcb02ab400999abfecfbca274fca55a055859eb256fcddc1d1773d72d5c3793ca3ff5f2fbe647b04f5ff2b2dc50a3a897e03634a36d21e391e6b6290cf85064711600de9a74057b78d9c04857017bc762300872f674eed1b68fac65025f3252bb803a9ff8ccf4b2b49028622168439db3bc01ea9ae7618b73dc7f858ba388891da14b88f7fee4f5f49abd687ba947969b8b923c2e119fe172126835ab4d1429133a38bbb80f1f6c308ffd180a179c05d9fb112a70e7658f9e3c7b6545556726e6589ba479edf21afd08da62963b5b724fa7b618c27fba201297dd465217de92395734355e9b34e27ff4916d78dbe0424df3d6110297a7847efda2675f12a3bf5e4b07827cdae6c61b0d969f6bb15be656b394a3f3ca8d705a4cac9c78c66c4be58c40888d49ceb08eb9a90c230faace7e4c837a8cb1aa69b020f9f43532cb7315cd698dfffb0179fb24e135480af4c437170c010e6e8f94108523dca95598c59b9e483753b79bafb02a455ceec727fd271b4cb4af7d958751a747afe6625c1e8b0316af5e13e42dc8d97dc42d5960edcaa391164693250a6f98653fa20c78823e1c1a77b798491f197a647b291cdd04087b3143e5b0fc550ecbbff19666b1c8e2a5bf2cb40f9f54c11828a8dd16489f36583e3128cda7a9abde8abbf61294450af638f56444176b5a11f84e67e4e666d6df58c45c0adc45938a2639fb1717a44c8dedf8471ac82fc1771a704f778fb812acb953493a831be5b28b16b20a112aafcee4e44640a6653c4b3035d5de4fcc16312057046bc3c650057dd9be4450b3e837ff8ac19019e67550a124416d671ccc76de36946c2d91f3d63b212111f4f09f39c24c1a981a7e63dd37a8d94ebfae1df5796d971193a8c723f172a9266af23d1d0e48aae73de4e7545a13f09a1ae3feb147ba1c700776148f027abc7dbdd1f3cb823b9a4c0e9dd43fd0bc411dc3eac2369f10fc9669ffaec5ef76da6b7f8884430b3a00da63a0e5272de159ea047584f4804a14159b1321309db45c55af563081d126300dc3ac446936f6653db92fc09d225716f425997dc247939b8c1e09a11f8b10c36b671cc590922051871ce19f6db85eefac9a666c3cec6fd5a69e7610ae5123413b458024b02521420d8c50c265d7b763f070b8fd1981824da47079135a667ee2395e43cae172e6a5ae96aeb7ce490212792498e427b80036f52cc557d3f94b118b2248af9a75a6d27d084ba423edc616981864cb0069a06f359a953a6e7df6b765d222626030248253e4e93eb0979b0a5550ee15d1489f56cc1d30b1584f37b51dfa029af5b45a85b141f4f8ffdc809a19e01f22f80c8a11e9d35f790a6de2d898462a19f412de4df26896a3d107baa7a661b5482cd71453b5f88f889b93ee6df84363ecaf04cb0dcd4369f9d1a827b955182334a998e8f2edbfe74beb14e9ff50134f03d24d70b068801684e25370c1cfc065d88582389713500f974e8a6c6e7f015b8e84e5b9861e45d4ce4eef79f0e8d4f15eaf7c1b33e64287470b5b3c0b8b6bdadae567f977341b57486c1eb279be8ee1cdf11b6e0dbd42d32c95b6801cea98e6000ea80777c6ad3f62012732859497080b3aa127a0f3a7b80a99182406ccfd54affb463f8eaf01b0c65ab582628b3c2237d039ee68d307dd113e4b593b243bd64eb6f58a0ccdd8e9a78f9ed393e2affde8d616d57c7aa1d12ebb4be718b49843ec6a90d5d8c197f154f27805046c410d4e1b66cbf4a8e495a3a229a2a1d58b4909a240d7ae6ea9e740c055b06e756e57e2ff19c148cbaf37357c0d3273b7f2ec631565e9f6c6c8722ddb0c1180695fb204f35917dc2fe11469801c545b2560a59d0666ec129b88e4f427989e820982329c2c39321f25648666af651f87b495195a95a5d158fd161324796272303114d99d22890385853dbc66d37ce22de0db447260217cf51aaed240e4f4963ca7510522fc6e7dbe164ccdedc334787ddb24bbc8205bf3353d447a1de2407c248775fa7e318d83e3ff18150b3cd9a7cbb0df0703aab6ef8d0f71bf9b5a305dc25fbd200e06b73c7f298320bd90dab05ec62b5f885e7cf95274c656051c71628f31196354460b001b6366c26fd2e92f6ad68ea37d7e3fe91fe98223563b4d23f802b3911a5241a793cb9f5b4f80081ace5877f95da7499f728ab09837120ca75c63d725e46f9f77c3da16318c9bcdd4a9d68379b627c1a71a34b684e5614ab3fabceab8d2741aca921b1b018098060686c56d7ed190e7470f529f6e680ed72e749fe7c9c2f37ea8cf08d4520e496361d2437018bbda93396c05abb2aeba443ea1ee56a3da04a8b880452a3610cb4163154e02df8a08a5e48c03fb0b0cdd4d355142cc736b344b9fd987b49b85791e5bf7805250dfe63b04c7ff56608129ef43664aa2acf82f18b49cdfd2ae5551ea4d486b35cd2ea60e3f032c58f531d4d36054f5ce268a29862ded0a3cc0ff1d30882f7c85b95e9a8599bf1d143d2d25555bbaa6f8b673b76ca8cc17b693519194784833d902581fec4e656ca546eade53abfd7e4650df648cb61a146bef5382f9255bf4a7c380854568495bdb7b33f490d240ead3d1851ce3b6400eda5a370f13ec998605f46b234bc9293c026bd1d648647bf52d506deb522012ae89c4ea75414ae6677c4aef28dd756f877af23d1a5ae3cb2205850c14f27f595d1a1542bb1eaf641293e3ba40e0bb54193a1e5db969d37c97709efbc34ab509f08a51ba71ecc4f9f66c27190115948cffaae914e7eb4e8d0c59ef7368e9b08a05bbbd340e1c1d34319f150d299c0ddf3bb2138359e826f4997068b99d13cc454fea46b8664d413b79b19656d62cbb5b31744aa33f99651fa56703eaec2e6998c7321f69f6cd110c89ae0c612a96f9a84dd751fd81ff66c80563e7091f5c5b67f89d52e7c58eb26218cddeaf5c6def3ad07a610bd4e5785675580c199b8550cbb02e3b4e1d240bb8df8e514fb505f39fd222209584331bef5d271056accaef84c88741ebd9f116cce3fe7b07b78ac4bad346c0d6e71c9daecd8d60aa8ea0914f85c9078dfaff04ba5e9bbbacddbc0cb40fe20f869d7f196c5edb6657c50b82c67f1abab663bff0a8da16422fe31a4a17995ee25081a06154d1c03f1a87a9d4ad5141a9227849bd920d2515ca16a245b635c85a77884cce0b8ae56929b5e22c52f971c2eed4ccfd64f7790a616f719fc0305af71405abae9407ed1cdaa26606331fdcf9b3c19b90e561f646ea15e0e668ef37b349594a335baf26962b89ef33c98aec3ca3e7df47c20dc2928d074e5f87c0edcf37cb25d3b8304f57f8257a5ae96791697e3c6d04f4ec2eb6a69f25346defed5b509368dea2b1960218bc6dd21b567583c229fc7b5fc85f7f2032eb304c3a1f72204f75ee950344cdef846d94e916b29a43d00c789256810de5fff6f9fd1af0fcfc2edd3fff9e2010d88083fc0b9e6a291e9a7a08af62433689a39e34bed8dafc90fec82be5c63a843d82132ce8916e395791dc86c8d11caf57f7fd096c28537ec38d6c14df9782312abc85fba2d04b0b159637b0e09f7e9faa1a6136359d17cf7c58b83994d58674ddbc248b804a82156900ca95a5002ef62de046e2f5ddf8e1e19f00189d4f5169bfc3c67afc149c6bc155767e64eac433cfb787be7f7bae7f869c0ec3d142668c2f90d383af7207a635850c515d69c6a62e24e0d58c5da244a917a17caa6be01992c4f8be0b9fff57522db4756840bdf72cafa6061ff2b86305c180c470b3af589e7c9e5328d98cf737bf01d80762e1e41a4d63a8655387be7f295862fdea629aa97b40c2ba1b563f1a103a860f7dff7fd5ee8423ce3dbf0fad41b66965c67299e35483130d461ac6c68215850fd441323bb856cdf03f624520743f7b445641c72e08994c8f252fe179b29226637b533f0ed6c94a0b84efc1a884af940fbc05c654b59d37a54047de233c496103bb27b657e7f63c24ef3ce29709622f67653f398dc7c4e44", 0x2000, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0xb0, 0x0, 0x0, [{{0x6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x4}}, {0x0, 0x0, 0x1, 0x0, '.'}}]}, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x0)

0s ago: executing program 1 (id=413):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="14000000100001f500000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:29249' (ED25519) to the list of known hosts.
[   34.312387][ T5328] cgroup: Unknown subsys name 'net'
[   34.615406][ T5328] cgroup: Unknown subsys name 'cpuset'
[   34.626728][ T5328] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   35.995744][ T5328] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   37.986088][ T5351] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   37.989324][ T5352] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   37.990942][ T5358] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   37.991924][ T5352] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   37.993327][ T5358] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   37.995457][ T5352] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   37.997116][ T5358] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   37.998161][ T5354] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   37.999847][ T5352] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   38.000040][ T5354] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   38.000279][ T5354] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   38.000611][ T5354] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   38.001344][ T5359] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   38.001878][ T5358] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   38.002098][ T5358] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   38.002232][ T5358] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   38.005044][ T5351] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   38.005072][ T5358] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   38.008729][ T5358] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   38.010684][ T5351] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   38.012384][ T5358] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   38.015168][ T5351] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   38.017623][ T5358] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   38.018529][ T5351] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   38.180093][ T5344] chnl_net:caif_netlink_parms(): no params data found
[   38.185663][ T5345] chnl_net:caif_netlink_parms(): no params data found
[   38.191248][ T5356] chnl_net:caif_netlink_parms(): no params data found
[   38.254885][ T5343] chnl_net:caif_netlink_parms(): no params data found
[   38.328521][ T5356] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.330614][ T5356] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.332600][ T5356] bridge_slave_0: entered allmulticast mode
[   38.334627][ T5356] bridge_slave_0: entered promiscuous mode
[   38.388173][ T5344] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.389995][ T5344] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.391786][ T5344] bridge_slave_0: entered allmulticast mode
[   38.393723][ T5344] bridge_slave_0: entered promiscuous mode
[   38.397539][ T5356] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.399358][ T5356] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.401104][ T5356] bridge_slave_1: entered allmulticast mode
[   38.403044][ T5356] bridge_slave_1: entered promiscuous mode
[   38.422868][ T5345] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.424705][ T5345] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.427494][ T5345] bridge_slave_0: entered allmulticast mode
[   38.429443][ T5345] bridge_slave_0: entered promiscuous mode
[   38.431497][ T5344] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.433259][ T5344] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.435049][ T5344] bridge_slave_1: entered allmulticast mode
[   38.437183][ T5344] bridge_slave_1: entered promiscuous mode
[   38.466395][ T5345] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.468275][ T5345] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.470118][ T5345] bridge_slave_1: entered allmulticast mode
[   38.472077][ T5345] bridge_slave_1: entered promiscuous mode
[   38.483091][ T5344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.486345][ T5356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.489767][ T5356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.509192][ T5344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.519587][ T5343] bridge0: port 1(bridge_slave_0) entered blocking state
[   38.521448][ T5343] bridge0: port 1(bridge_slave_0) entered disabled state
[   38.523269][ T5343] bridge_slave_0: entered allmulticast mode
[   38.525219][ T5343] bridge_slave_0: entered promiscuous mode
[   38.538149][ T5345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.564590][ T5343] bridge0: port 2(bridge_slave_1) entered blocking state
[   38.566592][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state
[   38.568469][ T5343] bridge_slave_1: entered allmulticast mode
[   38.570421][ T5343] bridge_slave_1: entered promiscuous mode
[   38.573161][ T5345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.577397][ T5344] team0: Port device team_slave_0 added
[   38.580532][ T5356] team0: Port device team_slave_0 added
[   38.618014][ T5344] team0: Port device team_slave_1 added
[   38.621444][ T5356] team0: Port device team_slave_1 added
[   38.623864][ T5343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   38.628738][ T5345] team0: Port device team_slave_0 added
[   38.639484][ T5343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   38.649836][ T5345] team0: Port device team_slave_1 added
[   38.660529][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.662295][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.668749][ T5344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.704462][ T5344] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.706252][ T5344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.712469][ T5344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.725007][ T5343] team0: Port device team_slave_0 added
[   38.727694][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.729435][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.735825][ T5345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.739298][ T5345] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.741041][ T5345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.749221][ T5345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.752356][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.754114][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.760673][ T5356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.768256][ T5343] team0: Port device team_slave_1 added
[   38.779916][ T5356] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.781650][ T5356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.788195][ T5356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.802358][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_0
[   38.804106][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.810496][ T5343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   38.840474][ T5343] batman_adv: batadv0: Adding interface: batadv_slave_1
[   38.842291][ T5343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   38.849187][ T5343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   38.861161][ T5344] hsr_slave_0: entered promiscuous mode
[   38.863096][ T5344] hsr_slave_1: entered promiscuous mode
[   38.876471][ T5345] hsr_slave_0: entered promiscuous mode
[   38.878297][ T5345] hsr_slave_1: entered promiscuous mode
[   38.880435][ T5345] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.882424][ T5345] Cannot create hsr debugfs directory
[   38.892572][ T5356] hsr_slave_0: entered promiscuous mode
[   38.894648][ T5356] hsr_slave_1: entered promiscuous mode
[   38.897618][ T5356] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.899521][ T5356] Cannot create hsr debugfs directory
[   38.964575][ T5343] hsr_slave_0: entered promiscuous mode
[   38.967268][ T5343] hsr_slave_1: entered promiscuous mode
[   38.969830][ T5343] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   38.971723][ T5343] Cannot create hsr debugfs directory
[   39.126925][ T5344] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   39.130914][ T5344] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   39.134098][ T5344] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   39.137644][ T5344] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   39.158847][ T5345] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   39.162554][ T5345] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   39.166753][ T5345] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   39.171864][ T5345] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   39.187634][ T5356] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   39.217892][ T5356] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   39.221189][ T5356] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   39.234641][ T5356] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   39.256024][ T5343] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   39.263507][ T5343] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   39.269844][ T5343] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   39.272903][ T5343] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   39.285664][ T5344] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.310069][ T5344] 8021q: adding VLAN 0 to HW filter on device team0
[   39.312836][ T5345] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.321243][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.323055][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.331073][ T5345] 8021q: adding VLAN 0 to HW filter on device team0
[   39.338715][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.340541][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.357262][   T83] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.359095][   T83] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.362065][   T83] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.363857][   T83] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.369861][ T5356] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.390338][ T5356] 8021q: adding VLAN 0 to HW filter on device team0
[   39.403531][   T83] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.405344][   T83] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.411234][ T5343] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.417462][   T83] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.419352][   T83] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.442259][ T5343] 8021q: adding VLAN 0 to HW filter on device team0
[   39.448975][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.450830][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.453333][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.455123][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.474163][ T5343] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   39.479358][ T5343] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   39.504234][ T5345] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.511826][ T5344] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.531755][ T5345] veth0_vlan: entered promiscuous mode
[   39.543090][ T5345] veth1_vlan: entered promiscuous mode
[   39.554021][ T5344] veth0_vlan: entered promiscuous mode
[   39.562988][ T5356] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.565972][ T5344] veth1_vlan: entered promiscuous mode
[   39.574540][ T5343] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.583065][ T5345] veth0_macvtap: entered promiscuous mode
[   39.590390][ T5345] veth1_macvtap: entered promiscuous mode
[   39.604343][ T5344] veth0_macvtap: entered promiscuous mode
[   39.610072][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.615714][ T5345] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.623548][ T5344] veth1_macvtap: entered promiscuous mode
[   39.630040][ T5343] veth0_vlan: entered promiscuous mode
[   39.632229][ T5356] veth0_vlan: entered promiscuous mode
[   39.635336][ T5345] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.638258][ T5345] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.640518][ T5345] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.642686][ T5345] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.650408][ T5356] veth1_vlan: entered promiscuous mode
[   39.655016][ T5343] veth1_vlan: entered promiscuous mode
[   39.663652][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.667214][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.670376][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.677530][ T5344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.680192][ T5344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.683128][ T5344] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.693492][ T5356] veth0_macvtap: entered promiscuous mode
[   39.703319][ T5344] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.705599][ T5344] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.708231][ T5344] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.710833][ T5344] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.719723][ T5356] veth1_macvtap: entered promiscuous mode
[   39.732212][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.734311][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.740340][ T5343] veth0_macvtap: entered promiscuous mode
[   39.744047][ T5343] veth1_macvtap: entered promiscuous mode
[   39.752315][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.755065][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.757831][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.760489][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.763746][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.780876][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.783603][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.786104][ T5356] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.789060][ T5356] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.792218][ T5356] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.795571][   T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.797839][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.799723][   T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.799840][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.808186][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.810946][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.813538][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.816343][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.818691][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   39.821241][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.824343][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.830493][ T5356] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.832673][ T5356] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.834780][ T5356] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.837387][ T5356] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.846044][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.848688][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.851106][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.853628][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.856050][ T5343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   39.858886][ T5343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   39.862100][ T5343] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.876053][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.876777][ T5343] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.880034][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.880318][ T5343] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.885102][ T5343] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.887768][ T5343] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.898192][ T5345] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   39.918030][   T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.920057][   T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.928420][   T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.930419][   T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.945095][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.949138][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.949826][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   39.955800][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   39.991683][ T5409] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   40.059392][ T5348] Bluetooth: hci1: command tx timeout
[   40.059560][ T5351] Bluetooth: hci3: command tx timeout
[   40.061223][ T5348] Bluetooth: hci0: command tx timeout
[   40.063506][ T5351] Bluetooth: hci2: command tx timeout
[   40.151128][ T5424] 9pnet_fd: Insufficient options for proto=fd
[   40.201423][ T5428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'.
[   40.208047][ T5428] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'.
[   40.235852][ T5430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7'.
[   40.254729][ T5422] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1'.
[   40.257554][ T5422] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1'.
[   40.395352][ T5442] FAULT_INJECTION: forcing a failure.
[   40.395352][ T5442] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   40.400651][ T5442] CPU: 3 UID: 0 PID: 5442 Comm: syz.1.11 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   40.404302][ T5442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   40.407950][ T5442] Call Trace:
[   40.409173][ T5442]  <TASK>
[   40.410178][ T5442]  dump_stack_lvl+0x16c/0x1f0
[   40.411818][ T5442]  should_fail_ex+0x497/0x5b0
[   40.413549][ T5442]  _copy_to_user+0x30/0xc0
[   40.415065][ T5442]  kvm_arch_vcpu_ioctl+0xb92/0x4c80
[   40.416701][ T5442]  ? is_bpf_text_address+0x94/0x1a0
[   40.418068][ T5442]  ? kernel_text_address+0x8d/0x100
[   40.419468][ T5442]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[   40.420953][ T5442]  ? stack_trace_save+0x95/0xd0
[   40.422214][ T5442]  ? __pfx___lock_acquire+0x10/0x10
[   40.423641][ T5442]  ? __pfx_mark_lock+0x10/0x10
[   40.424894][ T5442]  ? stack_depot_save_flags+0x28/0x900
[   40.426338][ T5442]  ? lock_acquire.part.0+0x11b/0x380
[   40.427761][ T5442]  ? kvm_vcpu_ioctl+0x1de/0x1510
[   40.429116][ T5442]  ? rcu_is_watching+0x12/0xc0
[   40.430364][ T5442]  ? trace_contention_end+0xea/0x140
[   40.431749][ T5442]  ? __mutex_lock+0x1a6/0x9c0
[   40.432953][ T5442]  ? kvm_vcpu_ioctl+0x1de/0x1510
[   40.434248][ T5442]  ? __pfx___mutex_lock+0x10/0x10
[   40.435562][ T5442]  ? find_held_lock+0x2d/0x110
[   40.436818][ T5442]  ? kvm_vcpu_ioctl+0x9e1/0x1510
[   40.438095][ T5442]  kvm_vcpu_ioctl+0x9e1/0x1510
[   40.439333][ T5442]  ? tomoyo_path_number_perm+0x467/0x5b0
[   40.440787][ T5442]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[   40.442107][ T5442]  ? tomoyo_path_number_perm+0x190/0x5b0
[   40.443565][ T5442]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   40.445093][ T5442]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   40.446612][ T5442]  ? do_vfs_ioctl+0x513/0x1950
[   40.447867][ T5442]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   40.449136][ T5442]  ? trace_lock_acquire+0x14a/0x1d0
[   40.450437][ T5442]  kvm_vcpu_compat_ioctl+0x210/0x3f0
[   40.451778][ T5442]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   40.453271][ T5442]  ? __fget_files+0x244/0x3f0
[   40.454463][ T5442]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[   40.455941][ T5442]  __do_compat_sys_ioctl+0x259/0x2b0
[   40.457411][ T5442]  __do_fast_syscall_32+0x73/0x120
[   40.458800][ T5442]  do_fast_syscall_32+0x32/0x80
[   40.460052][ T5442]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   40.461692][ T5442] RIP: 0023:0xf7f66579
[   40.462727][ T5442] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   40.467537][ T5442] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   40.469619][ T5442] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000c048aeca
[   40.471588][ T5442] RDX: 0000000020000580 RSI: 0000000000000000 RDI: 0000000000000000
[   40.473673][ T5442] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   40.475643][ T5442] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   40.477608][ T5442] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   40.479605][ T5442]  </TASK>
[   41.135673][ T5472] syz.2.20 uses obsolete (PF_INET,SOCK_PACKET)
[   41.238439][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   41.894124][ T5469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   41.904441][ T5484] netlink: 'syz.3.24': attribute type 10 has an invalid length.
[   41.909224][ T5484] netlink: 40 bytes leftover after parsing attributes in process `syz.3.24'.
[   42.136805][ T5351] Bluetooth: hci0: command tx timeout
[   42.136882][ T5348] Bluetooth: hci2: command tx timeout
[   42.138810][ T5351] Bluetooth: hci3: command tx timeout
[   42.415425][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   42.777482][ T5508] ubi0: attaching mtd0
[   42.780070][ T5508] ubi0: scanning is finished
[   42.781405][ T5508] ubi0: empty MTD device detected
[   42.902696][ T5508] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[   42.904723][ T5508] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   42.906785][ T5508] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[   42.908609][ T5508] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[   42.910490][ T5508] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   42.912222][ T5508] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[   42.914267][ T5508] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 998541828
[   42.916869][ T5508] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   42.920126][ T5510] ubi0: background thread "ubi_bgt0d" started, PID 5510
[   43.190956][   T39] audit: type=1326 audit(1727663703.598:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.196114][   T39] audit: type=1326 audit(1727663703.598:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.211394][   T39] audit: type=1326 audit(1727663703.598:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.216957][   T39] audit: type=1326 audit(1727663703.598:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.222303][   T39] audit: type=1326 audit(1727663703.598:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.230632][   T39] audit: type=1326 audit(1727663703.598:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.236471][   T39] audit: type=1326 audit(1727663703.598:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.241773][   T39] audit: type=1326 audit(1727663703.598:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.247875][   T39] audit: type=1326 audit(1727663703.598:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.253407][   T39] audit: type=1326 audit(1727663703.598:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5513 comm="syz.0.35" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x7ffc0000
[   43.287341][ T5521] lo speed is unknown, defaulting to 1000
[   43.289233][ T5521] lo speed is unknown, defaulting to 1000
[   43.291566][ T5521] lo speed is unknown, defaulting to 1000
[   43.296298][ T5521] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   43.302122][ T5521] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   43.317135][ T5521] lo speed is unknown, defaulting to 1000
[   43.319233][ T5521] lo speed is unknown, defaulting to 1000
[   43.321023][ T5521] lo speed is unknown, defaulting to 1000
[   43.322859][ T5521] lo speed is unknown, defaulting to 1000
[   43.324628][ T5521] lo speed is unknown, defaulting to 1000
[   43.391666][ T5524] input: syz0 as /devices/virtual/input/input5
[   43.408243][ T5524] xt_CT: You must specify a L4 protocol and not use inversions on it
[   43.511002][ T5527] capability: warning: `syz.2.39' uses deprecated v2 capabilities in a way that may be insecure
[   43.545876][ T5529] netlink: 'syz.1.40': attribute type 9 has an invalid length.
[   43.548425][ T5529] netlink: 134640 bytes leftover after parsing attributes in process `syz.1.40'.
[   43.566450][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   43.726373][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   43.741197][ T5531] netlink: 44 bytes leftover after parsing attributes in process `syz.1.41'.
[   43.986603][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   44.010350][ T5548] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   44.216389][ T5351] Bluetooth: hci3: command tx timeout
[   44.216527][   T65] Bluetooth: hci0: command tx timeout
[   44.220077][ T5348] Bluetooth: hci2: command tx timeout
[   44.416391][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   44.434738][ T5566] netlink: 28 bytes leftover after parsing attributes in process `syz.0.50'.
[   44.438976][ T5566] netlink: 28 bytes leftover after parsing attributes in process `syz.0.50'.
[   44.786695][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   44.788794][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   45.098440][ T5348] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   45.100729][ T5348] Bluetooth: hci1: Injecting HCI hardware error event
[   45.103057][   T65] Bluetooth: hci1: hardware error 0x00
[   45.226391][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   45.256794][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   46.245491][ T5576] block nbd2: shutting down sockets
[   46.296553][ T5348] Bluetooth: hci3: command tx timeout
[   46.307448][ T5348] Bluetooth: hci2: command tx timeout
[   46.307460][ T5351] Bluetooth: hci0: command tx timeout
[   46.809693][ T5582] =======================================================
[   46.809693][ T5582] WARNING: The mand mount option has been deprecated and
[   46.809693][ T5582]          and is ignored by this kernel. Remove the mand
[   46.809693][ T5582]          option from the mount to silence this warning.
[   46.809693][ T5582] =======================================================
[   47.186364][   T65] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   47.186604][ T1297] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[   47.350141][ T1297] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   47.353839][ T1297] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[   47.356779][ T1297] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[   47.360160][ T1297] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   47.362505][ T1297] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.371851][ T5586] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   47.375190][ T1297] hub 7-1:1.0: bad descriptor, ignoring hub
[   47.377156][ T1297] hub 7-1:1.0: probe with driver hub failed with error -5
[   47.379862][ T1297] cdc_wdm 7-1:1.0: skipping garbage
[   47.381259][ T1297] cdc_wdm 7-1:1.0: skipping garbage
[   47.384770][ T1297] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[   47.388068][ T1297] cdc_wdm 7-1:1.0: Unknown control protocol
[   47.512872][ T5602] netlink: 8 bytes leftover after parsing attributes in process `syz.1.62'.
[   47.596737][ T5381] IPVS: starting estimator thread 0...
[   47.598241][ T5607] tipc: Started in network mode
[   47.600769][ T5607] tipc: Node identity ac1414aa, cluster identity 4711
[   47.603092][ T5607] FAULT_INJECTION: forcing a failure.
[   47.603092][ T5607] name failslab, interval 1, probability 0, space 0, times 0
[   47.609581][ T5607] CPU: 2 UID: 0 PID: 5607 Comm: syz.3.64 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   47.612384][ T5607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   47.615146][ T5607] Call Trace:
[   47.616036][ T5607]  <TASK>
[   47.616837][ T5607]  dump_stack_lvl+0x16c/0x1f0
[   47.618102][ T5607]  should_fail_ex+0x497/0x5b0
[   47.619323][ T5607]  should_failslab+0xc2/0x120
[   47.620550][ T5607]  __kmalloc_cache_noprof+0x6b/0x310
[   47.621948][ T5607]  ? tipc_mon_create+0x15f/0x5e0
[   47.623282][ T5607]  tipc_mon_create+0x15f/0x5e0
[   47.624536][ T5607]  tipc_enable_bearer+0xa48/0xfa0
[   47.626049][ T5607]  ? __pfx_tipc_enable_bearer+0x10/0x10
[   47.627548][ T5607]  ? __mutex_trylock_common+0xea/0x250
[   47.629028][ T5607]  ? __nla_parse+0x40/0x60
[   47.630236][ T5607]  __tipc_nl_bearer_enable+0x32a/0x420
[   47.631690][ T5607]  ? __mutex_lock+0x1a6/0x9c0
[   47.632914][ T5607]  ? __pfx___tipc_nl_bearer_enable+0x10/0x10
[   47.634479][ T5607]  ? __pfx___mutex_lock+0x10/0x10
[   47.636114][ T5607]  ? __nla_parse+0x40/0x60
[   47.637326][ T5607]  tipc_nl_bearer_enable+0x21/0x40
[   47.638709][ T5607]  genl_family_rcv_msg_doit+0x202/0x2f0
[   47.640158][ T5607]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[   47.641720][ T5607]  ? __radix_tree_lookup+0x21f/0x2c0
[   47.643114][ T5607]  genl_rcv_msg+0x565/0x800
[   47.644342][ T5607]  ? __pfx_genl_rcv_msg+0x10/0x10
[   47.645684][ T5607]  ? __pfx_tipc_nl_bearer_enable+0x10/0x10
[   47.647190][ T5607]  netlink_rcv_skb+0x165/0x410
[   47.648479][ T5607]  ? __pfx_genl_rcv_msg+0x10/0x10
[   47.649804][ T5607]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   47.651194][ T5607]  ? down_read+0xc9/0x330
[   47.652342][ T5607]  ? __pfx_down_read+0x10/0x10
[   47.653647][ T5607]  ? netlink_deliver_tap+0x1ae/0xcf0
[   47.655072][ T5607]  genl_rcv+0x28/0x40
[   47.656136][ T5607]  netlink_unicast+0x53c/0x7f0
[   47.657380][ T5607]  ? __pfx_netlink_unicast+0x10/0x10
[   47.658757][ T5607]  ? __phys_addr_symbol+0x30/0x80
[   47.660108][ T5607]  ? __check_object_size+0x488/0x710
[   47.661526][ T5607]  netlink_sendmsg+0x8b8/0xd70
[   47.662843][ T5607]  ? __pfx_netlink_sendmsg+0x10/0x10
[   47.664251][ T5607]  ? lock_acquire+0x2f/0xb0
[   47.665478][ T5607]  ____sys_sendmsg+0x9ae/0xb40
[   47.666704][ T5607]  ? __pfx_____sys_sendmsg+0x10/0x10
[   47.668091][ T5607]  ? get_compat_msghdr+0x11b/0x170
[   47.669424][ T5607]  ? __pfx___lock_acquire+0x10/0x10
[   47.670829][ T5607]  ___sys_sendmsg+0x135/0x1e0
[   47.672097][ T5607]  ? __pfx____sys_sendmsg+0x10/0x10
[   47.673432][ T5607]  ? lock_acquire+0x2f/0xb0
[   47.674575][ T5607]  ? __fget_files+0x40/0x3f0
[   47.676105][ T5607]  ? fdget+0x176/0x210
[   47.677166][ T5607]  __sys_sendmsg+0x117/0x1f0
[   47.678384][ T5607]  ? __pfx___sys_sendmsg+0x10/0x10
[   47.679749][ T5607]  ? __fget_files+0x244/0x3f0
[   47.680965][ T5607]  __do_fast_syscall_32+0x73/0x120
[   47.682240][ T5607]  do_fast_syscall_32+0x32/0x80
[   47.683536][ T5607]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   47.685218][ T5607] RIP: 0023:0xf7f74579
[   47.686315][ T5607] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   47.686366][ T5608] IPVS: using max 35 ests per chain, 84000 per kthread
[   47.691220][ T5607] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   47.691240][ T5607] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000100
[   47.691247][ T5607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   47.691253][ T5607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   47.691259][ T5607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   47.691265][ T5607] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   47.691278][ T5607]  </TASK>
[   47.714564][ T5349] usb 7-1: USB disconnect, device number 2
[   47.718287][ T5607] tipc: Disabling bearer <udp:s>
[   47.719721][ T5585] cdc_wdm 7-1:1.0: Error submitting int urb - -19
[   47.964072][ T5625] netlink: 28 bytes leftover after parsing attributes in process `syz.0.69'.
[   47.966664][ T5625] netlink: 28 bytes leftover after parsing attributes in process `syz.0.69'.
[   48.196270][ T5407] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[   48.367453][ T5407] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   48.370220][ T5407] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[   48.372632][ T5407] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[   48.375524][ T5407] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[   48.378013][ T5407] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.384237][ T5585] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   48.388471][ T5407] hub 7-1:1.0: bad descriptor, ignoring hub
[   48.393405][ T5407] hub 7-1:1.0: probe with driver hub failed with error -5
[   48.398168][ T5407] cdc_wdm 7-1:1.0: skipping garbage
[   48.400927][ T5407] cdc_wdm 7-1:1.0: skipping garbage
[   48.405230][ T5407] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[   48.410070][ T5407] cdc_wdm 7-1:1.0: Unknown control protocol
[   48.668915][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[   48.670867][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[   48.808031][   T63] usb 7-1: USB disconnect, device number 3
[   49.780523][ T5650] FAULT_INJECTION: forcing a failure.
[   49.780523][ T5650] name failslab, interval 1, probability 0, space 0, times 0
[   49.784767][ T5650] CPU: 0 UID: 0 PID: 5650 Comm: syz.2.79 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   49.787434][ T5650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   49.790204][ T5650] Call Trace:
[   49.791091][ T5650]  <TASK>
[   49.791877][ T5650]  dump_stack_lvl+0x16c/0x1f0
[   49.793147][ T5650]  should_fail_ex+0x497/0x5b0
[   49.794388][ T5650]  ? fs_reclaim_acquire+0xae/0x160
[   49.795791][ T5650]  should_failslab+0xc2/0x120
[   49.797029][ T5650]  __kmalloc_noprof+0xcb/0x410
[   49.798281][ T5650]  copy_splice_read+0x1a8/0xb90
[   49.799573][ T5650]  ? look_up_lock_class+0x59/0x150
[   49.800911][ T5650]  ? __pfx_copy_splice_read+0x10/0x10
[   49.802306][ T5650]  ? __pfx_register_lock_class+0x10/0x10
[   49.803792][ T5650]  ? __pfx_copy_splice_read+0x10/0x10
[   49.805181][ T5650]  do_splice_read+0x282/0x370
[   49.806403][ T5650]  splice_direct_to_actor+0x2a4/0xa40
[   49.807800][ T5650]  ? __pfx_direct_splice_actor+0x10/0x10
[   49.809288][ T5650]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   49.810837][ T5650]  ? __fget_files+0x23a/0x3f0
[   49.812069][ T5650]  do_splice_direct+0x178/0x250
[   49.813347][ T5650]  ? __pfx_do_splice_direct+0x10/0x10
[   49.814766][ T5650]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   49.816353][ T5650]  do_sendfile+0xb0c/0xe40
[   49.817596][ T5650]  ? __pfx_do_sendfile+0x10/0x10
[   49.818902][ T5650]  ? __fget_files+0x244/0x3f0
[   49.820135][ T5650]  __ia32_compat_sys_sendfile+0x1e7/0x230
[   49.821605][ T5650]  ? ksys_write+0x1ad/0x260
[   49.822808][ T5650]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[   49.824425][ T5650]  __do_fast_syscall_32+0x73/0x120
[   49.825755][ T5650]  do_fast_syscall_32+0x32/0x80
[   49.826277][ T5389] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   49.827028][ T5650]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   49.830596][ T5650] RIP: 0023:0xf7f66579
[   49.831666][ T5650] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   49.836643][ T5650] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[   49.838789][ T5650] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003
[   49.840820][ T5650] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000
[   49.842868][ T5650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   49.844894][ T5650] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   49.846937][ T5650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   49.848974][ T5650]  </TASK>
[   49.987998][ T5659] binder: 5655:5659 ioctl c0306201 20000640 returned -22
[   49.996385][ T5389] usb 5-1: Using ep0 maxpacket: 16
[   49.999059][ T5389] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[   50.001133][ T5389] usb 5-1: config 0 has no interface number 0
[   50.002731][ T5389] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   50.005472][ T5389] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   50.009399][ T5389] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[   50.011725][ T5389] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[   50.013791][ T5389] usb 5-1: Product: syz
[   50.014875][ T5389] usb 5-1: SerialNumber: syz
[   50.017070][ T5389] usb 5-1: config 0 descriptor??
[   50.019811][ T5389] cm109 5-1:0.8: invalid payload size 0, expected 4
[   50.022653][ T5389] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input6
[   50.229640][    C2] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[   50.460462][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[   50.462544][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[   50.464783][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[   50.466877][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[   50.468690][ T5407] usb 5-1: USB disconnect, device number 2
[   50.470290][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[   50.470302][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[   50.481853][ T5407] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[   50.701740][ T5674] netlink: 28 bytes leftover after parsing attributes in process `syz.3.87'.
[   50.706638][ T5674] netlink: 28 bytes leftover after parsing attributes in process `syz.3.87'.
[   51.038251][ T5682] IPv6: addrconf: prefix option has invalid lifetime
[   51.895764][ T5703] binder: 5699:5703 ioctl c0306201 20000640 returned -22
[   52.206291][ T5389] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   52.406344][ T5389] usb 7-1: Using ep0 maxpacket: 32
[   52.417823][ T5389] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[   52.419970][ T5389] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   52.422800][ T5389] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[   52.436320][ T5389] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   52.446276][ T5389] usb 7-1: config 0 interface 0 has no altsetting 0
[   52.606245][ T5389] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   52.608629][ T5389] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   52.610808][ T5389] usb 7-1: Product: syz
[   52.611917][ T5389] usb 7-1: Manufacturer: syz
[   52.613150][ T5389] usb 7-1: SerialNumber: syz
[   52.615429][ T5389] usb 7-1: config 0 descriptor??
[   52.618127][ T5389] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   52.621893][ T5389] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   52.623077][ T5707] warning: `syz.3.100' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   52.633042][ T5707] FAULT_INJECTION: forcing a failure.
[   52.633042][ T5707] name failslab, interval 1, probability 0, space 0, times 0
[   52.637035][ T5707] CPU: 3 UID: 0 PID: 5707 Comm: syz.3.100 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   52.639707][ T5707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   52.642515][ T5707] Call Trace:
[   52.643405][ T5707]  <TASK>
[   52.644189][ T5707]  dump_stack_lvl+0x16c/0x1f0
[   52.645441][ T5707]  should_fail_ex+0x497/0x5b0
[   52.646689][ T5707]  ? fs_reclaim_acquire+0xae/0x160
[   52.648236][ T5707]  should_failslab+0xc2/0x120
[   52.649430][ T5707]  __kmalloc_noprof+0xcb/0x410
[   52.650665][ T5707]  ? __kmalloc_noprof+0x207/0x410
[   52.651960][ T5707]  tomoyo_realpath_from_path+0xbf/0x710
[   52.653356][ T5707]  ? tomoyo_fill_path_info+0x233/0x420
[   52.654724][ T5707]  tomoyo_mount_acl+0x1af/0x880
[   52.655973][ T5707]  ? hlock_class+0x4e/0x130
[   52.657135][ T5707]  ? __lock_acquire+0x163e/0x3ce0
[   52.658431][ T5707]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[   52.659895][ T5707]  ? __pfx___lock_acquire+0x10/0x10
[   52.661215][ T5707]  ? stack_trace_save+0x95/0xd0
[   52.662656][ T5707]  ? __pfx_lock_release+0x10/0x10
[   52.663972][ T5707]  ? trace_lock_acquire+0x14a/0x1d0
[   52.665285][ T5707]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   52.666923][ T5707]  ? tomoyo_mount_permission+0x146/0x410
[   52.668365][ T5707]  ? lock_acquire+0x2f/0xb0
[   52.669528][ T5707]  ? tomoyo_mount_permission+0x146/0x410
[   52.670951][ T5707]  tomoyo_mount_permission+0x16b/0x410
[   52.672325][ T5707]  ? tomoyo_mount_permission+0x146/0x410
[   52.673753][ T5707]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[   52.675276][ T5707]  ? get_current_fs_domain+0x188/0x1f0
[   52.676687][ T5707]  security_sb_mount+0x9b/0x260
[   52.677948][ T5707]  path_mount+0x129/0x1f10
[   52.679101][ T5707]  ? kmem_cache_free+0x152/0x4b0
[   52.680393][ T5707]  ? __pfx_path_mount+0x10/0x10
[   52.681636][ T5707]  ? putname+0x12e/0x170
[   52.682748][ T5707]  __ia32_sys_mount+0x292/0x310
[   52.683986][ T5707]  ? __pfx___ia32_sys_mount+0x10/0x10
[   52.685351][ T5707]  __do_fast_syscall_32+0x73/0x120
[   52.686653][ T5707]  do_fast_syscall_32+0x32/0x80
[   52.687881][ T5707]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   52.689474][ T5707] RIP: 0023:0xf7f74579
[   52.690520][ T5707] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   52.695311][ T5707] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[   52.697394][ T5707] RAX: ffffffffffffffda RBX: 0000000020000100 RCX: 0000000020000280
[   52.699374][ T5707] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000020000300
[   52.701363][ T5707] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   52.703312][ T5707] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   52.705303][ T5707] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   52.707276][ T5707]  </TASK>
[   52.710434][ T5707] ERROR: Out of memory at tomoyo_realpath_from_path.
[   52.712620][ T5710] netlink: 'syz.3.100': attribute type 6 has an invalid length.
[   52.714571][ T5710] netlink: 'syz.3.100': attribute type 8 has an invalid length.
[   52.869380][ T5712] netlink: 28 bytes leftover after parsing attributes in process `syz.3.102'.
[   52.872517][ T5712] netlink: 28 bytes leftover after parsing attributes in process `syz.3.102'.
[   53.381635][ T5723] netlink: 'syz.3.104': attribute type 6 has an invalid length.
[   53.383694][ T5723] netlink: 'syz.3.104': attribute type 8 has an invalid length.
[   54.075791][ T5735] binder: 5732:5735 ioctl c0306201 20000640 returned -22
[   54.085843][ T5736] netlink: 28 bytes leftover after parsing attributes in process `syz.0.108'.
[   54.088807][ T5736] netlink: 28 bytes leftover after parsing attributes in process `syz.0.108'.
[   54.200732][ T5740] syzkaller1: entered promiscuous mode
[   54.202301][ T5740] syzkaller1: entered allmulticast mode
[   54.299974][ T5742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.112'.
[   54.958780][ T5407] usb 7-1: USB disconnect, device number 4
[   54.962190][ T5407] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[   56.062057][ T5767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.120'.
[   56.118755][ T5776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.123'.
[   56.147269][ T5777] binder: 5773:5777 ioctl c0306201 20000640 returned -22
[   56.784042][   T39] kauditd_printk_skb: 12 callbacks suppressed
[   56.784052][   T39] audit: type=1326 audit(1727663717.188:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5783 comm="syz.2.126" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f66579 code=0x0
[   57.209181][ T5790] netlink: 28 bytes leftover after parsing attributes in process `syz.3.127'.
[   57.211430][ T5790] netlink: 28 bytes leftover after parsing attributes in process `syz.3.127'.
[   58.966425][ T5808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.133'.
[   59.065851][ T5812] binder: 5810:5812 ioctl c0306201 20000640 returned -22
[   59.882492][   T39] audit: type=1326 audit(1727663720.288:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5833 comm="syz.0.140" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ee579 code=0x0
[   59.905811][ T5836] FAULT_INJECTION: forcing a failure.
[   59.905811][ T5836] name failslab, interval 1, probability 0, space 0, times 0
[   59.909141][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz.2.141 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   59.911775][ T5836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   59.914505][ T5836] Call Trace:
[   59.915382][ T5836]  <TASK>
[   59.916148][ T5836]  dump_stack_lvl+0x16c/0x1f0
[   59.917419][ T5836]  should_fail_ex+0x497/0x5b0
[   59.918646][ T5836]  ? fs_reclaim_acquire+0xae/0x160
[   59.919986][ T5836]  should_failslab+0xc2/0x120
[   59.921209][ T5836]  __kmalloc_node_noprof+0xd1/0x440
[   59.922584][ T5836]  ? __kvmalloc_node_noprof+0xad/0x1a0
[   59.923998][ T5836]  __kvmalloc_node_noprof+0xad/0x1a0
[   59.925365][ T5836]  check_cfg+0x10a/0x840
[   59.926478][ T5836]  ? check_subprogs+0x57c/0x7d0
[   59.927755][ T5836]  bpf_check+0x73ac/0xc7c0
[   59.928918][ T5836]  ? __pfx_bpf_check+0x10/0x10
[   59.930160][ T5836]  ? find_held_lock+0x2d/0x110
[   59.931417][ T5836]  ? ktime_get_with_offset+0x13a/0x240
[   59.932834][ T5836]  ? trace_lock_acquire+0x14a/0x1d0
[   59.934182][ T5836]  ? ktime_get_with_offset+0x13a/0x240
[   59.935599][ T5836]  ? timekeeping_debug_get_ns+0x3e0/0x5b0
[   59.937065][ T5836]  ? lockdep_hardirqs_on+0x7c/0x110
[   59.938409][ T5836]  ? bpf_obj_name_cpy+0x156/0x1b0
[   59.939725][ T5836]  bpf_prog_load+0xe3f/0x2670
[   59.940953][ T5836]  ? __pfx_bpf_prog_load+0x10/0x10
[   59.942283][ T5836]  ? find_held_lock+0x2d/0x110
[   59.943548][ T5836]  __sys_bpf+0x4c8c/0x5780
[   59.944703][ T5836]  ? ksys_write+0x21e/0x260
[   59.945878][ T5836]  ? __pfx___sys_bpf+0x10/0x10
[   59.947368][ T5836]  ? vfs_write+0x14d/0x1140
[   59.948599][ T5836]  ? __mutex_unlock_slowpath+0x164/0x650
[   59.950059][ T5836]  ? fput+0x30/0x390
[   59.951088][ T5836]  ? ksys_write+0x1ad/0x260
[   59.952267][ T5836]  ? __pfx_ksys_write+0x10/0x10
[   59.953531][ T5836]  __ia32_sys_bpf+0x76/0xe0
[   59.954718][ T5836]  __do_fast_syscall_32+0x73/0x120
[   59.956049][ T5836]  do_fast_syscall_32+0x32/0x80
[   59.957392][ T5836]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   59.959035][ T5836] RIP: 0023:0xf7f66579
[   59.960180][ T5836] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   59.965247][ T5836] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[   59.967396][ T5836] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200054c0
[   59.969447][ T5836] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[   59.971482][ T5836] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   59.973514][ T5836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   59.975557][ T5836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   59.977667][ T5836]  </TASK>
[   60.041185][ T5841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.143'.
[   60.772630][ T5857] netlink: 28 bytes leftover after parsing attributes in process `syz.3.146'.
[   60.774971][ T5857] netlink: 28 bytes leftover after parsing attributes in process `syz.3.146'.
[   60.862335][ T5860] binder: 5858:5860 ioctl c0306201 20000640 returned -22
[   61.175402][ T5862] netlink: 288 bytes leftover after parsing attributes in process `syz.0.149'.
[   62.000262][   T39] audit: type=1326 audit(1727663722.408:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz.2.154" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f66579 code=0x0
[   62.210364][ T5881] sp0: Synchronizing with TNC
[   62.272264][ T5884] vlan2: entered allmulticast mode
[   62.273636][ T5884] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[   62.282289][ T5884] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[   62.518360][ T5890] bridge0: entered allmulticast mode
[   62.527295][ T5890] pimreg: entered allmulticast mode
[   62.533707][ T5890] pimreg: left allmulticast mode
[   62.535280][ T5890] bridge0: left allmulticast mode
[   63.347375][ T5386] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   63.500307][ T5386] usb 8-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[   63.504385][ T5386] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.509358][ T5386] usb 8-1: config 0 descriptor??
[   63.517012][ T5386] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input7
[   63.534817][ T5386] input: failed to attach handler mousedev to device input7, error: -2
[   63.576297][ T1806] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   63.718678][ T5386] usb 8-1: USB disconnect, device number 2
[   63.728191][ T1806] usb 6-1: Using ep0 maxpacket: 32
[   63.735489][ T1806] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[   63.740044][ T1806] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   63.744255][ T1806] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[   63.747957][ T1806] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   63.752221][ T1806] usb 6-1: config 0 interface 0 has no altsetting 0
[   63.758370][ T1806] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   63.761092][ T1806] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   63.763927][ T1806] usb 6-1: Product: syz
[   63.765298][ T1806] usb 6-1: Manufacturer: syz
[   63.767310][ T1806] usb 6-1: SerialNumber: syz
[   63.770236][ T1806] usb 6-1: config 0 descriptor??
[   63.773779][ T1806] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   63.779267][ T1806] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   63.987159][    C0] ldusb 6-1:0.0: usb_submit_urb failed (-19)
[   63.989612][ T1297] usb 6-1: USB disconnect, device number 2
[   63.994880][ T1297] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[   64.192494][ T5904] ldusb: No device or device unplugged -19
[   64.285051][ T5906] netlink: 24 bytes leftover after parsing attributes in process `syz.3.163'.
[   64.899669][ T5922] netlink: 28 bytes leftover after parsing attributes in process `syz.1.167'.
[   64.902650][ T5922] netlink: 28 bytes leftover after parsing attributes in process `syz.1.167'.
[   64.989327][ T5925] binder: 5923:5925 ioctl c0306201 20000640 returned -22
[   65.902325][ T5928] netlink: 28 bytes leftover after parsing attributes in process `syz.2.169'.
[   65.905072][ T5928] netlink: 28 bytes leftover after parsing attributes in process `syz.2.169'.
[   66.957671][ T5962] binder: 5959:5962 ioctl c0306201 20000640 returned -22
[   67.139845][ T5969] netlink: 28 bytes leftover after parsing attributes in process `syz.0.178'.
[   67.142108][ T5969] netlink: 28 bytes leftover after parsing attributes in process `syz.0.178'.
[   67.512711][ T5978] FAULT_INJECTION: forcing a failure.
[   67.512711][ T5978] name failslab, interval 1, probability 0, space 0, times 0
[   67.515918][ T5978] CPU: 1 UID: 0 PID: 5978 Comm: syz.2.182 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   67.518512][ T5978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   67.521137][ T5978] Call Trace:
[   67.521971][ T5978]  <TASK>
[   67.522719][ T5978]  dump_stack_lvl+0x16c/0x1f0
[   67.523966][ T5978]  should_fail_ex+0x497/0x5b0
[   67.525163][ T5978]  ? fs_reclaim_acquire+0xae/0x160
[   67.526560][ T5978]  should_failslab+0xc2/0x120
[   67.527870][ T5978]  __kmalloc_cache_noprof+0x6b/0x310
[   67.529187][ T5978]  ? device_add+0xccf/0x1a70
[   67.530383][ T5978]  device_add+0xccf/0x1a70
[   67.531562][ T5978]  ? dev_set_name+0xc8/0x100
[   67.532751][ T5978]  ? __pfx_dev_set_name+0x10/0x10
[   67.534056][ T5978]  ? __pfx_device_add+0x10/0x10
[   67.535351][ T5978]  ? __init_waitqueue_head+0xca/0x150
[   67.536765][ T5978]  netdev_register_kobject+0x187/0x3f0
[   67.538210][ T5978]  register_netdevice+0x1473/0x1e20
[   67.539627][ T5978]  ? __pfx_register_netdevice+0x10/0x10
[   67.541089][ T5978]  ? alloc_netdev_mqs+0xf2a/0x12a0
[   67.542451][ T5978]  ? validate_linkmsg+0x6d2/0x9a0
[   67.543798][ T5978]  br_dev_newlink+0x27/0x110
[   67.545035][ T5978]  ? __pfx_br_dev_newlink+0x10/0x10
[   67.546416][ T5978]  __rtnl_newlink+0x119c/0x1920
[   67.547728][ T5978]  ? __pfx___rtnl_newlink+0x10/0x10
[   67.549122][ T5978]  rtnl_newlink+0x67/0xa0
[   67.550287][ T5978]  ? __pfx_rtnl_newlink+0x10/0x10
[   67.551633][ T5978]  rtnetlink_rcv_msg+0x3c7/0xea0
[   67.552958][ T5978]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   67.554397][ T5978]  ? __pfx___dev_queue_xmit+0x10/0x10
[   67.555826][ T5978]  netlink_rcv_skb+0x165/0x410
[   67.557190][ T5978]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   67.558711][ T5978]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   67.560193][ T5978]  ? netlink_deliver_tap+0x1ae/0xcf0
[   67.561525][ T5978]  netlink_unicast+0x53c/0x7f0
[   67.562797][ T5978]  ? __pfx_netlink_unicast+0x10/0x10
[   67.564195][ T5978]  ? __phys_addr_symbol+0x30/0x80
[   67.565529][ T5978]  ? __check_object_size+0x488/0x710
[   67.566939][ T5978]  netlink_sendmsg+0x8b8/0xd70
[   67.568212][ T5978]  ? __pfx_netlink_sendmsg+0x10/0x10
[   67.569606][ T5978]  ? lock_acquire+0x2f/0xb0
[   67.570823][ T5978]  ____sys_sendmsg+0x9ae/0xb40
[   67.572092][ T5978]  ? __pfx_____sys_sendmsg+0x10/0x10
[   67.573490][ T5978]  ? get_compat_msghdr+0x11b/0x170
[   67.574853][ T5978]  ? __pfx___lock_acquire+0x10/0x10
[   67.576231][ T5978]  ___sys_sendmsg+0x135/0x1e0
[   67.577634][ T5978]  ? __pfx____sys_sendmsg+0x10/0x10
[   67.579093][ T5978]  ? lock_acquire+0x2f/0xb0
[   67.580322][ T5978]  ? __fget_files+0x40/0x3f0
[   67.581555][ T5978]  ? fdget+0x176/0x210
[   67.582660][ T5978]  __sys_sendmsg+0x117/0x1f0
[   67.583895][ T5978]  ? __pfx___sys_sendmsg+0x10/0x10
[   67.585261][ T5978]  ? __fget_files+0x244/0x3f0
[   67.586528][ T5978]  __do_fast_syscall_32+0x73/0x120
[   67.587886][ T5978]  do_fast_syscall_32+0x32/0x80
[   67.589181][ T5978]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   67.590860][ T5978] RIP: 0023:0xf7f66579
[   67.591941][ T5978] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   67.596951][ T5978] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   67.599134][ T5978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[   67.601209][ T5978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   67.603296][ T5978] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   67.605359][ T5978] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   67.607441][ T5978] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   67.609513][ T5978]  </TASK>
[   67.908976][ T5984] netlink: 'syz.0.185': attribute type 6 has an invalid length.
[   67.911092][ T5984] netlink: 'syz.0.185': attribute type 8 has an invalid length.
[   68.606449][ T6001] netlink: 28 bytes leftover after parsing attributes in process `syz.0.189'.
[   68.610621][ T6001] netlink: 28 bytes leftover after parsing attributes in process `syz.0.189'.
[   68.805987][ T6009] binder: 6006:6009 ioctl c0306201 20000640 returned -22
[   69.172917][ T6015] netlink: 28 bytes leftover after parsing attributes in process `syz.1.195'.
[   70.282964][ T6028] syz.2.200 (6028) used greatest stack depth: 20768 bytes left
[   70.553037][ T6044] FAULT_INJECTION: forcing a failure.
[   70.553037][ T6044] name failslab, interval 1, probability 0, space 0, times 0
[   70.561590][ T6044] CPU: 1 UID: 0 PID: 6044 Comm: syz.3.205 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   70.564516][ T6044] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   70.567353][ T6044] Call Trace:
[   70.568237][ T6044]  <TASK>
[   70.569024][ T6044]  dump_stack_lvl+0x16c/0x1f0
[   70.570275][ T6044]  should_fail_ex+0x497/0x5b0
[   70.571530][ T6044]  ? fs_reclaim_acquire+0xae/0x160
[   70.572898][ T6044]  should_failslab+0xc2/0x120
[   70.574145][ T6044]  __kmalloc_noprof+0xcb/0x410
[   70.575422][ T6044]  lsm_blob_alloc+0x68/0x90
[   70.576664][ T6044]  security_sk_alloc+0x30/0x270
[   70.577957][ T6044]  sk_prot_alloc+0x1c7/0x2a0
[   70.579193][ T6044]  sk_alloc+0x36/0xb90
[   70.580281][ T6044]  bpf_prog_test_run_skb+0x335/0x2140
[   70.581696][ T6044]  ? lock_acquire+0x2f/0xb0
[   70.582918][ T6044]  ? __fget_files+0x40/0x3f0
[   70.584144][ T6044]  ? __fget_files+0x244/0x3f0
[   70.585387][ T6044]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[   70.586918][ T6044]  ? fput+0x30/0x390
[   70.587959][ T6044]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[   70.589487][ T6044]  __sys_bpf+0x1921/0x5780
[   70.590671][ T6044]  ? ksys_write+0x21e/0x260
[   70.591869][ T6044]  ? __pfx___sys_bpf+0x10/0x10
[   70.593130][ T6044]  ? vfs_write+0x14d/0x1140
[   70.594331][ T6044]  ? __mutex_unlock_slowpath+0x164/0x650
[   70.595813][ T6044]  ? fput+0x30/0x390
[   70.596850][ T6044]  ? ksys_write+0x1ad/0x260
[   70.598042][ T6044]  ? __pfx_ksys_write+0x10/0x10
[   70.599329][ T6044]  __ia32_sys_bpf+0x76/0xe0
[   70.600530][ T6044]  __do_fast_syscall_32+0x73/0x120
[   70.601880][ T6044]  do_fast_syscall_32+0x32/0x80
[   70.603185][ T6044]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   70.604847][ T6044] RIP: 0023:0xf7f74579
[   70.605923][ T6044] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   70.610960][ T6044] RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[   70.613157][ T6044] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000540
[   70.615230][ T6044] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[   70.617306][ T6044] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   70.619395][ T6044] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   70.621480][ T6044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   70.623583][ T6044]  </TASK>
[   70.624530][    C1] vkms_vblank_simulate: vblank timer overrun
[   70.711495][ T1374] ieee802154 phy0 wpan0: encryption failed: -22
[   70.713306][ T1374] ieee802154 phy1 wpan1: encryption failed: -22
[   70.737394][ T6052] binder: 6051:6052 ioctl 4018620d 0 returned -22
[   70.739224][ T6041] __nla_validate_parse: 1 callbacks suppressed
[   70.739235][ T6041] netlink: 28 bytes leftover after parsing attributes in process `syz.2.204'.
[   70.743764][ T6041] netlink: 28 bytes leftover after parsing attributes in process `syz.2.204'.
[   70.796343][ T6054] binder: 6051:6054 ioctl c0306201 20000640 returned -22
[   71.005243][ T6059] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   71.046291][ T1806] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[   71.164671][ T6064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.211'.
[   71.167389][ T6064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.211'.
[   71.256356][ T1806] usb 8-1: Using ep0 maxpacket: 16
[   71.263023][ T1806] usb 8-1: config 0 has an invalid interface number: 8 but max is 0
[   71.265108][ T1806] usb 8-1: config 0 has no interface number 0
[   71.266729][ T1806] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   71.269470][ T1806] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   71.273140][ T1806] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[   71.275527][ T1806] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[   71.277612][ T1806] usb 8-1: Product: syz
[   71.278689][ T1806] usb 8-1: SerialNumber: syz
[   71.296772][ T1806] usb 8-1: config 0 descriptor??
[   71.300162][ T1806] cm109 8-1:0.8: invalid payload size 0, expected 4
[   71.302703][ T1806] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.8/input/input8
[   71.517439][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[   71.630721][ T5381] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   71.719765][ T6081] netlink: 28 bytes leftover after parsing attributes in process `syz.1.217'.
[   71.722320][ T6081] netlink: 28 bytes leftover after parsing attributes in process `syz.1.217'.
[   71.747055][    C0] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[   71.747142][ T1806] usb 8-1: USB disconnect, device number 3
[   71.748959][    C0] cm109 8-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[   71.755311][ T1806] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[   71.797811][ T5381] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[   71.800726][ T5381] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[   71.803644][ T5381] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[   71.807605][ T5381] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[   71.811828][ T5381] usb 5-1: config 0 interface 0 has no altsetting 0
[   71.815460][ T5381] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[   71.818751][ T5381] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[   71.821541][ T5381] usb 5-1: Product: syz
[   71.823294][ T5381] usb 5-1: Manufacturer: syz
[   71.824853][ T5381] usb 5-1: SerialNumber: syz
[   71.828523][ T5381] usb 5-1: config 0 descriptor??
[   71.834046][ T5381] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[   71.837529][ T5381] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[   72.072327][ T6076] ieee802154 phy0 wpan0: encryption failed: -90
[   72.078995][ T5381] usb 5-1: USB disconnect, device number 3
[   72.081896][ T5381] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[   72.351401][ T6091] netlink: 28 bytes leftover after parsing attributes in process `syz.3.219'.
[   72.353564][ T6091] netlink: 28 bytes leftover after parsing attributes in process `syz.3.219'.
[   72.712974][ T6095] overlayfs: failed to set uuid (61/file1, err=-1); falling back to uuid=null.
[   72.715751][ T6095] overlayfs: failed to verify upper root origin
[   72.801326][ T6098] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[   72.977604][ T6102] binder: 6101:6102 ioctl 4018620d 0 returned -22
[   73.040702][ T6103] binder: 6101:6103 ioctl c0306201 20000640 returned -22
[   74.082653][ T6122] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.092657][ T6122] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.122328][ T6114] netlink: 28 bytes leftover after parsing attributes in process `syz.0.227'.
[   74.125141][ T6114] netlink: 28 bytes leftover after parsing attributes in process `syz.0.227'.
[   74.577656][ T6129] block nbd2: NBD_DISCONNECT
[   74.859997][ T6142] binder: 6141:6142 ioctl 4018620d 0 returned -22
[   74.917505][ T6147] binder: 6141:6147 ioctl c0306201 20000640 returned -22
[   75.491294][ T6156] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   75.738192][ T6164] process 'syz.3.244' launched './file0' with NULL argv: empty string added
[   75.846807][ T6170] __nla_validate_parse: 1 callbacks suppressed
[   75.846818][ T6170] netlink: 8 bytes leftover after parsing attributes in process `syz.3.245'.
[   75.885161][    T8] cfg80211: failed to load regulatory.db
[   75.985383][ T6176] netlink: 28 bytes leftover after parsing attributes in process `syz.3.246'.
[   75.988061][ T6176] netlink: 28 bytes leftover after parsing attributes in process `syz.3.246'.
[   76.289091][ T6180] dns_resolver: Unsupported server list version (0)
[   76.293439][ T6180] mmap: syz.1.248 (6180) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   77.076432][ T5389] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[   77.216400][ T5389] usb 7-1: device descriptor read/64, error -71
[   77.486300][ T5389] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[   77.616399][ T5389] usb 7-1: device descriptor read/64, error -71
[   77.726637][ T5389] usb usb7-port1: attempt power cycle
[   77.756779][ T6196] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'.
[   77.994751][ T6204] capability: warning: `syz.1.257' uses 32-bit capabilities (legacy support in use)
[   78.076742][ T5389] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[   78.096778][ T5389] usb 7-1: device descriptor read/8, error -71
[   78.137226][ T6213] netlink: 'syz.1.259': attribute type 2 has an invalid length.
[   78.139282][ T6213] netlink: 'syz.1.259': attribute type 11 has an invalid length.
[   78.141298][ T6213] netlink: 132 bytes leftover after parsing attributes in process `syz.1.259'.
[   78.189232][ T6213] overlayfs: workdir and upperdir must be separate subtrees
[   78.193371][ T6213] overlayfs: missing 'workdir'
[   78.336318][ T5389] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[   78.356727][ T5389] usb 7-1: device descriptor read/8, error -71
[   78.468108][ T5389] usb usb7-port1: unable to enumerate USB device
[   78.841664][ T6226] netlink: 28 bytes leftover after parsing attributes in process `syz.1.264'.
[   78.844132][ T6226] netlink: 28 bytes leftover after parsing attributes in process `syz.1.264'.
[   78.908642][ T6228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.263'.
[   79.117591][ T6231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.265'.
[   79.120095][ T6231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.265'.
[   80.346645][ T6244] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd
[   80.402922][ T6250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   80.411945][ T6250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   80.666324][ T1806] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   80.806270][ T1806] usb 6-1: device descriptor read/64, error -71
[   80.868995][ T6269] FAULT_INJECTION: forcing a failure.
[   80.868995][ T6269] name failslab, interval 1, probability 0, space 0, times 0
[   80.872437][ T6269] CPU: 3 UID: 0 PID: 6269 Comm: syz.2.284 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   80.875131][ T6269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.877931][ T6269] Call Trace:
[   80.878840][ T6269]  <TASK>
[   80.879632][ T6269]  dump_stack_lvl+0x16c/0x1f0
[   80.880893][ T6269]  should_fail_ex+0x497/0x5b0
[   80.882163][ T6269]  ? fs_reclaim_acquire+0xae/0x160
[   80.883544][ T6269]  should_failslab+0xc2/0x120
[   80.884798][ T6269]  __kmalloc_noprof+0xcb/0x410
[   80.886077][ T6269]  ? rcu_is_watching+0x12/0xc0
[   80.887448][ T6269]  tomoyo_encode2+0x100/0x3e0
[   80.888708][ T6269]  tomoyo_realpath_from_path+0x1a7/0x710
[   80.890198][ T6269]  ? tomoyo_path_number_perm+0x232/0x5b0
[   80.891704][ T6269]  tomoyo_path_number_perm+0x245/0x5b0
[   80.893160][ T6269]  ? tomoyo_path_number_perm+0x232/0x5b0
[   80.894667][ T6269]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   80.896273][ T6269]  ? trace_lock_acquire+0x14a/0x1d0
[   80.897660][ T6269]  ? lock_acquire+0x2f/0xb0
[   80.898885][ T6269]  ? __fget_files+0x40/0x3f0
[   80.900124][ T6269]  ? __fget_files+0x244/0x3f0
[   80.901383][ T6269]  security_file_ioctl_compat+0x9b/0x240
[   80.902888][ T6269]  __do_compat_sys_ioctl+0x52/0x2b0
[   80.904275][ T6269]  __do_fast_syscall_32+0x73/0x120
[   80.905635][ T6269]  do_fast_syscall_32+0x32/0x80
[   80.907031][ T6269]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   80.908755][ T6269] RIP: 0023:0xf7f66579
[   80.909923][ T6269] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   80.915399][ T6269] RSP: 002b:00000000f56e656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[   80.917666][ T6269] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[   80.919852][ T6269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   80.922075][ T6269] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   80.924243][ T6269] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   80.926454][ T6269] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.928697][ T6269]  </TASK>
[   80.931627][ T6269] ERROR: Out of memory at tomoyo_realpath_from_path.
[   80.936815][ T6269] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   81.011216][ T6271] __nla_validate_parse: 4 callbacks suppressed
[   81.011226][ T6271] netlink: 28 bytes leftover after parsing attributes in process `syz.3.275'.
[   81.015511][ T6271] netlink: 28 bytes leftover after parsing attributes in process `syz.3.275'.
[   81.056344][ T1806] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   81.113084][ T6277] netlink: 28 bytes leftover after parsing attributes in process `syz.2.276'.
[   81.115664][ T6277] netlink: 28 bytes leftover after parsing attributes in process `syz.2.276'.
[   81.196272][ T1806] usb 6-1: device descriptor read/64, error -71
[   81.223758][ T6279] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   81.316446][ T1806] usb usb6-port1: attempt power cycle
[   81.383774][ T6284] binder: 6283:6284 ioctl c0306201 0 returned -14
[   81.441062][ T6285] binder: 6283:6285 ioctl c0306201 20000640 returned -22
[   81.546355][ T5389] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   81.656322][ T1806] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   81.676344][ T5389] usb 5-1: device descriptor read/64, error -71
[   81.676993][ T1806] usb 6-1: device descriptor read/8, error -71
[   81.916283][ T1806] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   81.916556][ T5389] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   81.936658][ T1806] usb 6-1: device descriptor read/8, error -71
[   82.047214][ T1806] usb usb6-port1: unable to enumerate USB device
[   82.066371][ T5389] usb 5-1: device descriptor read/64, error -71
[   82.196356][ T5389] usb usb5-port1: attempt power cycle
[   82.556785][ T5389] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   82.587024][ T5389] usb 5-1: device descriptor read/8, error -71
[   82.846387][ T5389] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   82.866805][ T5389] usb 5-1: device descriptor read/8, error -71
[   82.976479][ T5389] usb usb5-port1: unable to enumerate USB device
[   84.286082][ T6315] netlink: 28 bytes leftover after parsing attributes in process `syz.3.288'.
[   84.288598][ T6315] netlink: 28 bytes leftover after parsing attributes in process `syz.3.288'.
[   84.489449][ T6320] netlink: 12 bytes leftover after parsing attributes in process `syz.1.289'.
[   84.726300][   T25] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   84.876332][   T25] usb 5-1: Using ep0 maxpacket: 16
[   84.879210][   T25] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[   84.881875][   T25] usb 5-1: config 0 has no interface number 0
[   84.883892][   T25] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   84.889388][   T25] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[   84.892366][   T25] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[   84.895080][   T25] usb 5-1: Product: syz
[   84.896591][   T25] usb 5-1: SerialNumber: syz
[   84.900279][   T25] usb 5-1: config 0 descriptor??
[   84.904141][   T25] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[   85.362089][ T6332] netlink: 8 bytes leftover after parsing attributes in process `syz.3.294'.
[   85.500532][ T6343] netlink: 28 bytes leftover after parsing attributes in process `syz.2.292'.
[   85.502928][ T6343] netlink: 28 bytes leftover after parsing attributes in process `syz.2.292'.
[   85.546399][ T6334] Bluetooth: MGMT ver 1.23
[   85.594287][ T6347] pim6reg: entered allmulticast mode
[   85.599983][ T6347] pim6reg: left allmulticast mode
[   85.750302][ T6348] raw_sendmsg: syz.1.297 forgot to set AF_INET. Fix it!
[   86.134020][ T6350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.298'.
[   86.295253][ T6355] netlink: 28 bytes leftover after parsing attributes in process `syz.2.299'.
[   86.299588][ T6355] netlink: 28 bytes leftover after parsing attributes in process `syz.2.299'.
[   86.570357][ T6363] netlink: 'syz.3.300': attribute type 1 has an invalid length.
[   86.572378][ T6363] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   86.574452][ T6363] IPv6: NLM_F_CREATE should be set when creating new route
[   87.358271][   T25] usb 5-1: USB disconnect, device number 8
[   87.360042][ T6373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.305'.
[   87.550403][ T6381] netlink: 28 bytes leftover after parsing attributes in process `syz.0.306'.
[   87.552863][ T6381] netlink: 28 bytes leftover after parsing attributes in process `syz.0.306'.
[   87.706018][ T6388] netlink: 28 bytes leftover after parsing attributes in process `syz.3.310'.
[   87.711637][ T6388] netlink: 28 bytes leftover after parsing attributes in process `syz.3.310'.
[   88.572282][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.315'.
[   89.272668][ T6425] netlink: 696 bytes leftover after parsing attributes in process `syz.0.318'.
[   90.027530][ T6437] FAULT_INJECTION: forcing a failure.
[   90.027530][ T6437] name failslab, interval 1, probability 0, space 0, times 0
[   90.037226][ T6437] CPU: 2 UID: 0 PID: 6437 Comm: syz.0.321 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[   90.039978][ T6437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   90.042804][ T6437] Call Trace:
[   90.043694][ T6437]  <TASK>
[   90.044490][ T6437]  dump_stack_lvl+0x16c/0x1f0
[   90.045833][ T6437]  should_fail_ex+0x497/0x5b0
[   90.047130][ T6437]  ? fs_reclaim_acquire+0xae/0x160
[   90.048504][ T6437]  should_failslab+0xc2/0x120
[   90.049761][ T6437]  __kmalloc_noprof+0xcb/0x410
[   90.051043][ T6437]  ipt_alloc_initial_table+0x6c/0x6f0
[   90.052484][ T6437]  iptable_mangle_table_init+0x1a/0x60
[   90.053958][ T6437]  xt_find_table_lock+0x2df/0x4f0
[   90.055316][ T6437]  xt_request_find_table_lock+0x28/0xf0
[   90.056776][ T6437]  get_info+0x1a1/0x760
[   90.057893][ T6437]  ? sockopt_release_sock+0x52/0x60
[   90.059303][ T6437]  ? __pfx_get_info+0x10/0x10
[   90.060559][ T6437]  ? __local_bh_enable_ip+0xa4/0x120
[   90.061986][ T6437]  ? aa_get_newest_label+0x376/0x680
[   90.063429][ T6437]  ? lock_acquire.part.0+0x11b/0x380
[   90.064831][ T6437]  ? __pfx_aa_get_newest_label+0x10/0x10
[   90.066327][ T6437]  ? find_held_lock+0x2d/0x110
[   90.067594][ T6437]  ? bpf_lsm_capable+0x9/0x10
[   90.069176][ T6437]  ? security_capable+0x7e/0x260
[   90.070517][ T6437]  do_ipt_get_ctl+0x16a/0xaa0
[   90.071769][ T6437]  ? __mutex_unlock_slowpath+0x164/0x650
[   90.073259][ T6437]  ? __pfx_do_ipt_get_ctl+0x10/0x10
[   90.074646][ T6437]  ? find_held_lock+0x2d/0x110
[   90.075922][ T6437]  ? __pfx_lock_release+0x10/0x10
[   90.077262][ T6437]  ? trace_lock_acquire+0x14a/0x1d0
[   90.078650][ T6437]  ? nf_sockopt_find.constprop.0+0x221/0x290
[   90.080233][ T6437]  nf_getsockopt+0x79/0xe0
[   90.081435][ T6437]  ip_getsockopt+0x18e/0x1e0
[   90.082696][ T6437]  ? __pfx_ip_getsockopt+0x10/0x10
[   90.084054][ T6437]  ? __pfx_sock_common_getsockopt+0x10/0x10
[   90.085662][ T6437]  do_sock_getsockopt+0x3fe/0x870
[   90.087008][ T6437]  ? __pfx_do_sock_getsockopt+0x10/0x10
[   90.088468][ T6437]  ? __fget_files+0x244/0x3f0
[   90.089742][ T6437]  __sys_getsockopt+0x1a1/0x270
[   90.091047][ T6437]  ? __pfx___sys_getsockopt+0x10/0x10
[   90.092468][ T6437]  ? fput+0x30/0x390
[   90.093522][ T6437]  ? ksys_write+0x1ad/0x260
[   90.094742][ T6437]  ? __pfx_ksys_write+0x10/0x10
[   90.096041][ T6437]  __ia32_sys_getsockopt+0xbc/0x160
[   90.097407][ T6437]  ? lockdep_hardirqs_on+0x7c/0x110
[   90.098784][ T6437]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[   90.100501][ T6437]  __do_fast_syscall_32+0x73/0x120
[   90.101880][ T6437]  do_fast_syscall_32+0x32/0x80
[   90.103554][ T6437]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   90.105704][ T6437] RIP: 0023:0xf73ee579
[   90.106811][ T6437] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   90.111849][ T6437] RSP: 002b:00000000f56d656c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[   90.114042][ T6437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[   90.116124][ T6437] RDX: 0000000000000040 RSI: 0000000020000180 RDI: 0000000020000100
[   90.118255][ T6437] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   90.120326][ T6437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   90.122425][ T6437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   90.124495][ T6437]  </TASK>
[   90.508283][ T6459] binder: 6456:6459 ioctl c0306201 20000640 returned -22
[   91.350543][ T6469] fuse: Bad value for 'rootmode'
[   91.410853][ T6474] __nla_validate_parse: 7 callbacks suppressed
[   91.410864][ T6474] netlink: 52 bytes leftover after parsing attributes in process `syz.0.331'.
[   91.519562][ T6482] netlink: 28 bytes leftover after parsing attributes in process `syz.2.329'.
[   91.527895][ T6482] netlink: 28 bytes leftover after parsing attributes in process `syz.2.329'.
[   91.576421][   T65] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[   91.579650][   T65] Bluetooth: hci3: Injecting HCI hardware error event
[   91.582291][   T65] Bluetooth: hci3: hardware error 0x00
[   91.641224][ T6483] netlink: 28 bytes leftover after parsing attributes in process `syz.1.332'.
[   91.644680][ T6483] netlink: 28 bytes leftover after parsing attributes in process `syz.1.332'.
[   92.728695][ T6486] netlink: 28 bytes leftover after parsing attributes in process `syz.2.333'.
[   92.731384][ T6486] netlink: 28 bytes leftover after parsing attributes in process `syz.2.333'.
[   93.656364][   T65] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[   95.316406][ T5349] IPVS: starting estimator thread 0...
[   95.380545][ T6492] Zero length message leads to an empty skb
[   95.406342][ T6490] IPVS: using max 35 ests per chain, 84000 per kthread
[   95.786353][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.335'.
[   96.109770][ T6509] binder: 6507:6509 ioctl c0306201 20000640 returned -22
[   97.030964][ T6516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.340'.
[   97.033702][ T6516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.340'.
[   97.154495][ T6527] netlink: 'syz.0.344': attribute type 1 has an invalid length.
[   97.284743][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.0.345'.
[   97.435469][ T6534] ieee802154 phy0 wpan0: encryption failed: -22
[   97.805330][ T6536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.346'.
[   97.899618][ T6538] netlink: 16 bytes leftover after parsing attributes in process `syz.2.347'.
[   97.901970][ T6538] netlink: 16 bytes leftover after parsing attributes in process `syz.2.347'.
[   98.143035][ T6543] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.348'.
[   98.145445][ T6543] openvswitch: netlink: IP tunnel attribute has 3056 unknown bytes.
[   98.394521][ T6555] binder: 6550:6555 ioctl c0306201 20000640 returned -22
[   99.090514][ T5348] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   99.093894][ T5348] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   99.097539][ T5348] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   99.100516][ T5348] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   99.103580][ T5348] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   99.106060][ T5348] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   99.224723][ T6564] chnl_net:caif_netlink_parms(): no params data found
[   99.317695][ T6564] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.319632][ T6564] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.321535][ T6564] bridge_slave_0: entered allmulticast mode
[   99.323547][ T6564] bridge_slave_0: entered promiscuous mode
[   99.330612][ T6564] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.332431][ T6564] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.334304][ T6564] bridge_slave_1: entered allmulticast mode
[   99.336697][ T6564] bridge_slave_1: entered promiscuous mode
[   99.360931][ T6564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.364749][ T6564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.393161][ T6564] team0: Port device team_slave_0 added
[   99.398733][ T6564] team0: Port device team_slave_1 added
[   99.430545][ T6572] netlink: 28 bytes leftover after parsing attributes in process `syz.0.354'.
[   99.432926][ T6572] netlink: 28 bytes leftover after parsing attributes in process `syz.0.354'.
[   99.501657][ T6564] batman_adv: batadv0: Adding interface: batadv_slave_0
[   99.505792][ T6564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.515159][ T6564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   99.523840][ T6577] bridge0: entered allmulticast mode
[   99.528023][ T6577] pimreg: entered allmulticast mode
[   99.531735][ T6564] batman_adv: batadv0: Adding interface: batadv_slave_1
[   99.536132][ T6564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   99.542686][ T6564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   99.545721][ T6577] pimreg: left allmulticast mode
[   99.550752][ T6577] bridge0: left allmulticast mode
[   99.596074][ T6564] hsr_slave_0: entered promiscuous mode
[   99.598015][ T6564] hsr_slave_1: entered promiscuous mode
[   99.599735][ T6564] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   99.601603][ T6564] Cannot create hsr debugfs directory
[   99.675541][ T6564] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.763219][ T6564] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.913118][ T6564] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.975779][ T6564] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.074659][ T6564] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  100.079896][ T6564] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  100.084753][ T6564] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  100.100430][ T6564] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  100.147560][ T6564] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.160053][ T6564] 8021q: adding VLAN 0 to HW filter on device team0
[  100.164151][ T1142] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.165927][ T1142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.176111][   T83] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.178398][   T83] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.289182][ T6564] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.315867][ T6564] veth0_vlan: entered promiscuous mode
[  100.324186][ T6564] veth1_vlan: entered promiscuous mode
[  100.339572][ T6564] veth0_macvtap: entered promiscuous mode
[  100.350359][ T6564] veth1_macvtap: entered promiscuous mode
[  100.362024][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.365385][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.369167][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.371778][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.374772][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.378583][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.381055][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  100.384171][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.388251][ T6564] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.392755][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.395499][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.401027][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.403756][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.406909][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.410218][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.413474][ T6564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  100.420352][ T6564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  100.429409][ T6564] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.434804][ T6564] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.439306][ T6564] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.441563][ T6564] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.444025][ T6564] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.483144][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.485087][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.501780][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.504145][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.617894][ T6595] FAULT_INJECTION: forcing a failure.
[  100.617894][ T6595] name failslab, interval 1, probability 0, space 0, times 0
[  100.621807][ T6595] CPU: 0 UID: 0 PID: 6595 Comm: syz.3.357 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[  100.624461][ T6595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  100.627810][ T6595] Call Trace:
[  100.628697][ T6595]  <TASK>
[  100.629488][ T6595]  dump_stack_lvl+0x16c/0x1f0
[  100.630954][ T6595]  should_fail_ex+0x497/0x5b0
[  100.632202][ T6595]  ? fs_reclaim_acquire+0xae/0x160
[  100.633526][ T6595]  should_failslab+0xc2/0x120
[  100.634814][ T6595]  kmem_cache_alloc_lru_noprof+0x72/0x2f0
[  100.636308][ T6595]  ? alloc_inode+0xba/0x230
[  100.637594][ T6595]  alloc_inode+0xba/0x230
[  100.638786][ T6595]  new_inode+0x22/0x210
[  100.639869][ T6595]  ? start_creating.part.0+0x25d/0x3a0
[  100.641289][ T6595]  __debugfs_create_file+0x11a/0x660
[  100.642711][ T6595]  kvm_dev_ioctl+0x14b9/0x1ab0
[  100.643966][ T6595]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  100.645321][ T6595]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  100.646670][ T6595]  __do_compat_sys_ioctl+0x259/0x2b0
[  100.648071][ T6595]  __do_fast_syscall_32+0x73/0x120
[  100.649772][ T6595]  do_fast_syscall_32+0x32/0x80
[  100.651073][ T6595]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  100.652722][ T6595] RIP: 0023:0xf7f45579
[  100.653786][ T6595] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  100.658664][ T6595] RSP: 002b:00000000f56c656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  100.660736][ T6595] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ae01
[  100.662703][ T6595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  100.664659][ T6595] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  100.666608][ T6595] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  100.668580][ T6595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.670585][ T6595]  </TASK>
[  100.672977][ T6595] debugfs: out of free dentries, can not create file 'remote_tlb_flush_requests'
[  100.848776][ T6600] program syz.2.359 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  100.899815][ T6603] 9pnet_fd: Insufficient options for proto=fd
[  101.176370][   T65] Bluetooth: hci4: command tx timeout
[  101.907599][ T6611] netlink: 28 bytes leftover after parsing attributes in process `syz.3.361'.
[  102.969636][ T6620] __nla_validate_parse: 1 callbacks suppressed
[  102.969646][ T6620] netlink: 28 bytes leftover after parsing attributes in process `syz.3.364'.
[  102.973557][ T6620] netlink: 28 bytes leftover after parsing attributes in process `syz.3.364'.
[  103.256321][   T65] Bluetooth: hci4: command tx timeout
[  103.502289][ T6627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.367'.
[  103.557391][ T6634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.369'.
[  103.741153][ T6646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.372'.
[  105.336355][ T5348] Bluetooth: hci4: command tx timeout
[  105.374645][ T6657] netlink: 12 bytes leftover after parsing attributes in process `syz.0.375'.
[  106.177843][ T6664] netlink: 8 bytes leftover after parsing attributes in process `syz.1.377'.
[  106.344197][ T5348] Bluetooth: hci2: unexpected event 0x03 length: 4 < 11
[  106.524035][ T6671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.379'.
[  106.526772][ T6671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.379'.
[  106.591648][ T6673] netlink: 28 bytes leftover after parsing attributes in process `syz.1.380'.
[  106.968670][ T6678] macsec2: entered allmulticast mode
[  106.970113][ T6678] veth1_macvtap: entered allmulticast mode
[  107.011464][ T6678] veth1_macvtap (unregistering): left allmulticast mode
[  107.417491][ T5348] Bluetooth: hci4: command 0x0419 tx timeout
[  107.627704][ T6693] binder: 6691:6693 ioctl c0306201 20000680 returned -14
[  108.346364][ T6708] vlan2: entered allmulticast mode
[  108.352804][ T6708] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  108.377650][ T6708] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  108.698740][ T6715] __nla_validate_parse: 7 callbacks suppressed
[  108.698797][ T6715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.394'.
[  108.702964][ T6715] netlink: 8 bytes leftover after parsing attributes in process `syz.3.394'.
[  108.749644][ T6718] netlink: 28 bytes leftover after parsing attributes in process `syz.0.393'.
[  108.756427][ T6718] netlink: 28 bytes leftover after parsing attributes in process `syz.0.393'.
[  109.496513][   T65] Bluetooth: hci4: command 0x0419 tx timeout
[  109.625152][   T39] audit: type=1326 audit(1727663770.028:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6725 comm="syz.0.398" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ee579 code=0x0
[  109.695991][ T6727] netlink: 28 bytes leftover after parsing attributes in process `syz.2.397'.
[  109.698695][ T6727] netlink: 28 bytes leftover after parsing attributes in process `syz.2.397'.
[  110.110160][ T1806] libceph: connect (1)[c::]:6789 error -101
[  110.112096][ T1806] libceph: mon0 (1)[c::]:6789 connect error
[  110.127877][ T6744] ceph: No mds server is up or the cluster is laggy
[  110.132967][   T39] audit: type=1326 audit(1727663770.538:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6743 comm="syz.2.404" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f66579 code=0x0
[  110.231086][ T6744] evm: overlay not supported
[  110.303403][ T6758] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.307703][ T6758] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.506615][ T6762] netlink: 28 bytes leftover after parsing attributes in process `syz.2.408'.
[  110.510052][ T6762] netlink: 28 bytes leftover after parsing attributes in process `syz.2.408'.
[  110.563673][ T6769] binder: 6766:6769 unknown command 1074553621
[  110.565984][ T6769] binder: 6766:6769 ioctl c0306201 20000640 returned -22
[  110.631454][ T6772] fuse: Bad value for 'user_id'
[  110.632792][ T6772] fuse: Bad value for 'user_id'
[  110.699673][ T6776] binder: 6775:6776 ioctl c0306201 0 returned -14
[  110.711639][ T1806] ==================================================================
[  110.713868][ T1806] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.717011][ T1806] Read of size 8 at addr ffff8880684f8608 by task kworker/1:2/1806
[  110.721481][ T1806] 
[  110.722315][ T1806] CPU: 1 UID: 0 PID: 1806 Comm: kworker/1:2 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[  110.725766][ T1806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.729371][ T1806] Workqueue: events binder_deferred_func
[  110.731306][ T1806] Call Trace:
[  110.732438][ T1806]  <TASK>
[  110.733439][ T1806]  dump_stack_lvl+0x116/0x1f0
[  110.735063][ T1806]  print_report+0xc3/0x620
[  110.736585][ T1806]  ? __virt_addr_valid+0x5e/0x590
[  110.738304][ T1806]  ? __phys_addr+0xc6/0x150
[  110.739844][ T1806]  kasan_report+0xd9/0x110
[  110.741353][ T1806]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.743522][ T1806]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.745675][ T1806]  __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.747774][ T1806]  binder_release_work+0x9b/0x490
[  110.749482][ T1806]  binder_deferred_func+0xe6e/0x12e0
[  110.751282][ T1806]  process_one_work+0x958/0x1b30
[  110.752853][ T1806]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  110.754515][ T1806]  ? __pfx_process_one_work+0x10/0x10
[  110.756025][ T1806]  ? assign_work+0x1a0/0x250
[  110.757261][ T1806]  worker_thread+0x6c8/0xf00
[  110.758518][ T1806]  ? __kthread_parkme+0x148/0x220
[  110.759861][ T1806]  ? __pfx_worker_thread+0x10/0x10
[  110.761234][ T1806]  kthread+0x2c1/0x3a0
[  110.762359][ T1806]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.763744][ T1806]  ? __pfx_kthread+0x10/0x10
[  110.764978][ T1806]  ret_from_fork+0x45/0x80
[  110.766181][ T1806]  ? __pfx_kthread+0x10/0x10
[  110.767512][ T1806]  ret_from_fork_asm+0x1a/0x30
[  110.768797][ T1806]  </TASK>
[  110.769626][ T1806] 
[  110.770294][ T1806] Allocated by task 6776:
[  110.771447][ T1806]  kasan_save_stack+0x33/0x60
[  110.772704][ T1806]  kasan_save_track+0x14/0x30
[  110.773957][ T1806]  __kasan_kmalloc+0xaa/0xb0
[  110.775198][ T1806]  binder_thread_write+0xe19/0x4c60
[  110.776630][ T1806]  binder_ioctl+0x268b/0x7050
[  110.777891][ T1806]  compat_ptr_ioctl+0x6b/0xa0
[  110.779190][ T1806]  __do_compat_sys_ioctl+0x259/0x2b0
[  110.780596][ T1806]  __do_fast_syscall_32+0x73/0x120
[  110.781973][ T1806]  do_fast_syscall_32+0x32/0x80
[  110.783293][ T1806]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  110.784980][ T1806] 
[  110.785632][ T1806] Freed by task 1806:
[  110.786704][ T1806]  kasan_save_stack+0x33/0x60
[  110.787968][ T1806]  kasan_save_track+0x14/0x30
[  110.789234][ T1806]  kasan_save_free_info+0x3b/0x60
[  110.790586][ T1806]  __kasan_slab_free+0x51/0x70
[  110.791869][ T1806]  kfree+0x14f/0x4b0
[  110.792925][ T1806]  binder_deferred_func+0xdd7/0x12e0
[  110.794351][ T1806]  process_one_work+0x958/0x1b30
[  110.795677][ T1806]  worker_thread+0x6c8/0xf00
[  110.796911][ T1806]  kthread+0x2c1/0x3a0
[  110.798003][ T1806]  ret_from_fork+0x45/0x80
[  110.799202][ T1806]  ret_from_fork_asm+0x1a/0x30
[  110.800480][ T1806] 
[  110.801128][ T1806] The buggy address belongs to the object at ffff8880684f8600
[  110.801128][ T1806]  which belongs to the cache kmalloc-64 of size 64
[  110.804750][ T1806] The buggy address is located 8 bytes inside of
[  110.804750][ T1806]  freed 64-byte region [ffff8880684f8600, ffff8880684f8640)
[  110.808681][ T1806] 
[  110.809494][ T1806] The buggy address belongs to the physical page:
[  110.811626][ T1806] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x684f8
[  110.814528][ T1806] ksm flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  110.817019][ T1806] page_type: f5(slab)
[  110.818158][ T1806] raw: 04fff00000000000 ffff88801ac428c0 ffffea0001212480 dead000000000003
[  110.820399][ T1806] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000
[  110.822667][ T1806] page dumped because: kasan: bad access detected
[  110.824340][ T1806] page_owner tracks the page as allocated
[  110.825834][ T1806] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5344, tgid 5344 (syz-executor), ts 99190196978, free_ts 99190178077
[  110.830785][ T1806]  post_alloc_hook+0x2d1/0x350
[  110.832059][ T1806]  get_page_from_freelist+0x101e/0x3070
[  110.833524][ T1806]  __alloc_pages_noprof+0x223/0x25c0
[  110.834928][ T1806]  alloc_pages_mpol_noprof+0x2c9/0x610
[  110.836373][ T1806]  new_slab+0x2ba/0x3f0
[  110.837476][ T1806]  ___slab_alloc+0xd1d/0x16f0
[  110.838740][ T1806]  __slab_alloc.constprop.0+0x56/0xb0
[  110.840155][ T1806]  __kmalloc_cache_node_noprof+0xf1/0x360
[  110.841650][ T1806]  __get_vm_area_node+0xe1/0x2d0
[  110.842978][ T1806]  __vmalloc_node_range_noprof+0x26a/0x15a0
[  110.844536][ T1806]  vmalloc_noprof+0x6b/0x90
[  110.845740][ T1806]  xt_compat_init_offsets+0xe1/0x1f0
[  110.847174][ T1806]  compat_table_info+0xb7/0x5f0
[  110.848465][ T1806]  compat_get_entries+0x212/0x850
[  110.849792][ T1806]  do_ip6t_get_ctl+0x596/0xaf0
[  110.851115][ T1806]  nf_getsockopt+0x79/0xe0
[  110.852313][ T1806] page last free pid 5344 tgid 5344 stack trace:
[  110.853977][ T1806]  free_unref_page+0x5f4/0xdc0
[  110.855267][ T1806]  vfree+0x17a/0x890
[  110.856314][ T1806]  xt_compat_flush_offsets+0x8f/0x160
[  110.857737][ T1806]  get_info+0x2f7/0x750
[  110.858855][ T1806]  do_ip6t_get_ctl+0x16a/0xaf0
[  110.860127][ T1806]  nf_getsockopt+0x79/0xe0
[  110.861316][ T1806]  ipv6_getsockopt+0x1f7/0x280
[  110.862647][ T1806]  tcp_getsockopt+0x9e/0x100
[  110.863878][ T1806]  do_sock_getsockopt+0x3fe/0x870
[  110.865215][ T1806]  __sys_getsockopt+0x1a1/0x270
[  110.866514][ T1806]  __do_compat_sys_socketcall+0x42b/0x700
[  110.868015][ T1806]  __do_fast_syscall_32+0x73/0x120
[  110.869370][ T1806]  do_fast_syscall_32+0x32/0x80
[  110.870664][ T1806]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  110.872338][ T1806] 
[  110.872979][ T1806] Memory state around the buggy address:
[  110.874466][ T1806]  ffff8880684f8500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  110.876573][ T1806]  ffff8880684f8580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  110.878682][ T1806] >ffff8880684f8600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  110.880786][ T1806]                       ^
[  110.881944][ T1806]  ffff8880684f8680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  110.884059][ T1806]  ffff8880684f8700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  110.886160][ T1806] ==================================================================
[  110.888786][ T1806] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  110.890730][ T1806] CPU: 1 UID: 0 PID: 1806 Comm: kworker/1:2 Not tainted 6.11.0-syzkaller-12113-ge7ed34365879 #0
[  110.893421][ T1806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.896232][ T1806] Workqueue: events binder_deferred_func
[  110.897718][ T1806] Call Trace:
[  110.898610][ T1806]  <TASK>
[  110.899400][ T1806]  dump_stack_lvl+0x3d/0x1f0
[  110.900646][ T1806]  panic+0x71d/0x800
[  110.901708][ T1806]  ? mark_held_locks+0x9f/0xe0
[  110.903013][ T1806]  ? __pfx_panic+0x10/0x10
[  110.904197][ T1806]  ? irqentry_exit+0x3b/0x90
[  110.905433][ T1806]  ? lockdep_hardirqs_on+0x7c/0x110
[  110.906818][ T1806]  ? check_panic_on_warn+0x1f/0xb0
[  110.908180][ T1806]  check_panic_on_warn+0xab/0xb0
[  110.909489][ T1806]  end_report+0x117/0x180
[  110.910643][ T1806]  kasan_report+0xe9/0x110
[  110.911828][ T1806]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.913513][ T1806]  ? __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.915201][ T1806]  __list_del_entry_valid_or_report+0x14c/0x1c0
[  110.916836][ T1806]  binder_release_work+0x9b/0x490
[  110.918179][ T1806]  binder_deferred_func+0xe6e/0x12e0
[  110.919572][ T1806]  process_one_work+0x958/0x1b30
[  110.920885][ T1806]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  110.922385][ T1806]  ? __pfx_process_one_work+0x10/0x10
[  110.923839][ T1806]  ? assign_work+0x1a0/0x250
[  110.925072][ T1806]  worker_thread+0x6c8/0xf00
[  110.926322][ T1806]  ? __kthread_parkme+0x148/0x220
[  110.927658][ T1806]  ? __pfx_worker_thread+0x10/0x10
[  110.929017][ T1806]  kthread+0x2c1/0x3a0
[  110.930112][ T1806]  ? _raw_spin_unlock_irq+0x23/0x50
[  110.931491][ T1806]  ? __pfx_kthread+0x10/0x10
[  110.932721][ T1806]  ret_from_fork+0x45/0x80
[  110.933911][ T1806]  ? __pfx_kthread+0x10/0x10
[  110.935161][ T1806]  ret_from_fork_asm+0x1a/0x30
[  110.936441][ T1806]  </TASK>
[  110.937708][ T1806] Kernel Offset: disabled
[  110.938874][ T1806] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:36:11  Registers:
info registers vcpu 0

CPU#0
RAX=ffffc9002b967d68 RBX=ffffc900031efd68 RCX=ffffffff8b03ff30 RDX=1ffff9200572cfae
RSI=ffffffff8b03ffc0 RDI=ffffc9002b967d70 RBP=ffffc9002b967d68 RSP=ffffc90000007da8
R8 =0000000000000006 R9 =ffffc9002b967d68 R10=ffffc900031efd68 R11=0000000000000000
R12=dffffc0000000000 R13=0000000000000000 R14=ffff88802b42c9c0 R15=0000000000000000
RIP=ffffffff8b039e9e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b400000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f71df1f0 CR3=000000005e75a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000007000000000 0000000200000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85035855 RDI=ffffffff9a63a260 RBP=ffffffff9a63a220 RSP=ffffc9000cf0f620
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630383838666666
R12=0000000000000000 R13=0000000000000066 R14=ffffffff850357f0 R15=0000000000000000
RIP=ffffffff8503587f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b500000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f73ec230 CR3=000000005c3ec000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000001e4839 RBX=0000000000000002 RCX=ffffffff8b12f739 RDX=0000000000000000
RSI=ffffffff8b4cc8e0 RDI=ffffffff8bb12060 RBP=ffffed10036ec000 RSP=ffffc90000487e08
R8 =0000000000000001 R9 =ffffed10056c7025 R10=ffff88802b63812b R11=0000000000000000
R12=0000000000000002 R13=ffff88801b760000 R14=ffffffff901cc608 R15=0000000000000000
RIP=ffffffff8b130b1f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00000000f73e5dfc CR3=000000002a87e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88802b5467c0 RCX=ffffffff81809cec RDX=ffff888024bcc880
RSI=ffffffff81809cc6 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90006e879a0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=ffffed10056a8cf9 R13=0000000000000001 R14=ffff88802b5467c8 R15=ffff88802b740100
RIP=ffffffff81809cc8 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88802b700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7f555b8 CR3=000000000db7c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000