last executing test programs:

7.095947436s ago: executing program 2 (id=3347):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r6, 0x6, 0x3, &(0x7f0000000200)=0x2d, 0x4)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
ioctl$KVM_CAP_SYNC_REGS(r3, 0x4068aea3, &(0x7f0000000080))
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)

5.816997787s ago: executing program 2 (id=3352):
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="180000000000000000000095000000000010009c07b346cb5e13f8772644f4971e732de04fedad572bac3404f614c6921cc6566233111a04388a1dd9abd53082a556d3870cc36484b7afd31929aee457d4af6b6ec2d0aec2be5822d676d4d9c11f086b9ee55435fa635bf655e9a79e6ef3c3e8ad04cf1da9c1a928f766b975a31f0c49d8b56581c9304a570a7c27812e5da8d9143ea1ecc8e0f700befc1d70bf4fa9b153672e1e6924fddc5f747e8013"], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x7fff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x29)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[], 0x30}}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000001000100ff7f00000202000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'xfrm0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010003b1d00080000000000000000000059bb74046027caf5047e0bef832d1884d64cb160280c3b33c157e5b0fcb2eb074db1b2e36d", @ANYRES32=0x0, @ANYBLOB="0431000000b401001c0012800b00010067726574617000000c00028008000100", @ANYRES32=r6, @ANYBLOB], 0x3c}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r9, 0x5b14, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

5.25864456s ago: executing program 3 (id=3355):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0xffffff24, &(0x7f0000000000)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x4}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xac}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r1, 0x0)
r3 = socket(0x10, 0x80003, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10, 0x0}, 0x34004811)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f00000000c0), r6, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r6}}, 0x48)
setsockopt$sock_attach_bpf(r4, 0x6, 0x25, &(0x7f0000000040), 0x4)
close_range(r3, 0xffffffffffffffff, 0x0)
syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r7, 0x0, 0x0)
syz_io_uring_setup(0x3ecb, &(0x7f0000000200)={0x0, 0xe032, 0x10000, 0x3, 0xd8, 0x0, r8}, &(0x7f0000000280), &(0x7f00000002c0))
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010026bd70000400000005000000080009000200000008000c000300000008000b00000000000600010007"], 0x40}}, 0x20)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x30, r13, 0x801, 0x70bd29, 0x0, {0x7}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x9}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x0)
connect$pppl2tp(r11, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000180)="9f", 0x1}], 0x1)
syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')

3.702087436s ago: executing program 3 (id=3364):
openat$ttynull(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8000000000000001, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000001640), 0x0, 0x80801)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000006c0))
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
r4 = creat(0x0, 0x0)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write$binfmt_elf32(r4, &(0x7f0000000980)=ANY=[@ANYRESHEX], 0x58)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x19, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@jmp={0x5, 0x0, 0x8, 0x7, 0x9, 0x30, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x76}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @ldst={0x3, 0x1, 0x2, 0xb, 0xa, 0xfffffffffffffff0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000004c0)='GPL\x00', 0x7, 0x70, &(0x7f0000000500)=""/112, 0x40f00, 0x10, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000680)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000740)=[r4], &(0x7f0000000780)=[{0x0, 0x1, 0x9, 0x4}, {0x3, 0x5, 0x5, 0xc}, {0x2, 0x2, 0x4, 0xc}, {0x4, 0x2, 0xa, 0x7}, {0x2, 0x2, 0x0, 0x3}, {0x1, 0x5, 0x7, 0x4}, {0x5, 0x2, 0xf, 0x7}], 0x10, 0x1}, 0x94)
memfd_create(&(0x7f0000000380)='GPL\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$packet_buf(r4, 0x107, 0x5, &(0x7f0000000280)="dba544e65a7a53ece5066377cbf80e37efc220adaed56f40c47e60e52e5bf8f8cf6a7a3451be1c794f422861403ac39c73d7a70c49979394da54ba7662f7349de5551102", 0x44)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x3], 0x0, 0x0, 0x1}}, 0x3c)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r3, 0x80dc5521, &(0x7f00000011c0)=""/4096)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200014, 0x7fffb, &(0x7f0000006680))
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3ff, 0x100)
ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f0000000200)=""/76)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000180))
r7 = openat$pmem0(0xffffff9c, &(0x7f0000000040), 0x400041, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r9)
eventfd2(0x0, 0x0)
read$FUSE(r9, &(0x7f0000008280)={0x2020}, 0x2020)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB="e0c97101ea290dfeeb93916193152c00d8c60986508eb0fb81fd8eb926399d5e4aa545b1e960b2bcc45d687700deb30124505b7207117865"])
write$eventfd(r9, &(0x7f0000000040)=0x9, 0x8)
ioctl$BLKROSET(r7, 0x125d, &(0x7f0000000080)=0x4f4c1074)

3.679574465s ago: executing program 1 (id=3365):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000380)='./file0\x00', &(0x7f0000000340)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

3.669453542s ago: executing program 1 (id=3366):
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000b, 0x11, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0xffff0000, 0x40)
ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000040000009e"])
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
io_uring_enter(0xffffffffffffffff, 0xeb6, 0x26f7, 0x1c, &(0x7f0000000100)={[0x1]}, 0x8)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000011c0), 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, r3, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @random="766a78056ecf"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="f4ff89f61b93"}]}, 0x38}, 0x1, 0x0, 0x0, 0x60000080}, 0x4000005)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r4, 0xc01064c2, &(0x7f0000000300))
sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0x38, 0x0)
syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendto(r5, 0x0, 0x0, 0x4004040, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x24004010)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.632147509s ago: executing program 0 (id=3367):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0)
r2 = io_uring_setup(0x53b6, &(0x7f0000000140)={0x0, 0x208, 0x0, 0x0, 0x2b7})
r3 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000080)=0x10000)
syz_io_uring_setup(0x2003, &(0x7f00000001c0)={0x0, 0x9f4, 0xe697fc56849d28c4, 0x0, 0x28c, 0x0, r2}, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, 0x0)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x10002)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18)
connect$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
setsockopt$SO_J1939_ERRQUEUE(r4, 0x6b, 0x4, &(0x7f00000003c0)=0x5, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r6, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r7}, 0xc)
sendmmsg(r4, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'vxcan1\x00'}]}, 0x34}}, 0x0)

3.621889368s ago: executing program 0 (id=3375):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000380)='./file0\x00', &(0x7f0000000340)=[0x7], 0x0, 0x0, 0x1}}, 0x40)

3.226057783s ago: executing program 3 (id=3368):
syz_open_dev$evdev(0x0, 0x0, 0x2002)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}]}, &(0x7f0000000380)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
sync_file_range(r2, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2a)
eventfd(0x80200003)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$6lowpan_control(r4, 0x0, 0x0)
r5 = syz_io_uring_setup(0x286, &(0x7f0000000440)={0x0, 0xfad9, 0x400, 0x0, 0x0, 0x0, r4}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x38, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x0, 0x4f, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x8000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x40084}, 0x810)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2})
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r9, &(0x7f0000000580)='1\x00', 0x2)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
write$sysctl(r9, &(0x7f0000000000)='2\x00', 0x2)
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x24}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x4015)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)

3.22410752s ago: executing program 0 (id=3377):
openat$ttynull(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8000000000000001, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000001640), 0x0, 0x80801)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000006c0))
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
r4 = creat(0x0, 0x0)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write$binfmt_elf32(r4, &(0x7f0000000980)=ANY=[@ANYRESHEX], 0x58)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x19, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@jmp={0x5, 0x0, 0x8, 0x7, 0x9, 0x30, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x76}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @ldst={0x3, 0x1, 0x2, 0xb, 0xa, 0xfffffffffffffff0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000004c0)='GPL\x00', 0x7, 0x70, &(0x7f0000000500)=""/112, 0x40f00, 0x10, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000680)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000740)=[r4], &(0x7f0000000780)=[{0x0, 0x1, 0x9, 0x4}, {0x3, 0x5, 0x5, 0xc}, {0x2, 0x2, 0x4, 0xc}, {0x4, 0x2, 0xa, 0x7}, {0x2, 0x2, 0x0, 0x3}, {0x1, 0x5, 0x7, 0x4}, {0x5, 0x2, 0xf, 0x7}], 0x10, 0x1}, 0x94)
memfd_create(&(0x7f0000000380)='GPL\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$packet_buf(r4, 0x107, 0x5, &(0x7f0000000280)="dba544e65a7a53ece5066377cbf80e37efc220adaed56f40c47e60e52e5bf8f8cf6a7a3451be1c794f422861403ac39c73d7a70c49979394da54ba7662f7349de5551102", 0x44)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x3], 0x0, 0x0, 0x1}}, 0x3c)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r3, 0x80dc5521, &(0x7f00000011c0)=""/4096)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200014, 0x7fffb, &(0x7f0000006680))
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3ff, 0x100)
ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f0000000200)=""/76)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000180))
r7 = openat$pmem0(0xffffff9c, &(0x7f0000000040), 0x400041, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r9)
eventfd2(0x0, 0x0)
read$FUSE(r9, &(0x7f0000008280)={0x2020}, 0x2020)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB="e0c97101ea290dfeeb93916193152c00d8c60986508eb0fb81fd8eb926399d5e4aa545b1e960b2bcc45d687700deb30124505b7207117865"])
write$eventfd(r9, &(0x7f0000000040)=0x9, 0x8)
ioctl$BLKROSET(r7, 0x125d, &(0x7f0000000080)=0x4f4c1074)

2.36860607s ago: executing program 1 (id=3369):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_UPDELAY={0x8, 0x4, 0x8c88}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x690}, 0x20048040)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r8], 0x54}}, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r9, 0x0, 0x30, 0x0, @void}, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))

2.117724242s ago: executing program 3 (id=3370):
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}]}, &(0x7f0000000380)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
sync_file_range(r2, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2a)
eventfd(0x80200003)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$6lowpan_control(r4, 0x0, 0x0)
r5 = syz_io_uring_setup(0x286, &(0x7f0000000440)={0x0, 0xfad9, 0x400, 0x0, 0x0, 0x0, r4}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x38, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x0, 0x4f, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x8000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x40084}, 0x810)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2})
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r9, &(0x7f0000000580)='1\x00', 0x2)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
write$sysctl(r9, &(0x7f0000000000)='2\x00', 0x2)
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x24}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x4015)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)

2.033089894s ago: executing program 2 (id=3371):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_fuse_handle_req(r1, &(0x7f0000009b40)="de98ee653502c564abeb97fc678bde22efebcf99c2d89952950acc703a3c6268a54c8b1bd1ee165c82980cd315b55a070dc41deeb2d4c1842d936a0bcde5fd7ed6031fdd9cb58ebfe8261528f097f309813b5722c24a1af8e6bc6ddaef7e85d2659690154bc5e6ee73c3fe7176509ad7b30e1098fc9873db91d3c1816825e710374de8d40693578b598922d9c523cfff93a630f121251d17ad40bce021d7fd57945fe2a186618a40b5f3995a9f0ceaa3e22b57e4f68e53fffeb5474fb83afaf5cde6b0aaf5cf0313ede442ddf1df6c280921e43d80dddfd005969272e1719b37fd8f749fcde83f8201826b4cf5b1c1da394568aa7d8833dd11309f46422b0152ede5ab29b17bc1ae80147346155b20a98d6fc2650bec3fe73327c45cad1b38f7c983cd070556a8f8ed5d58e1052f6436fad905099d18fb3e62c2c36a1c2209a94c820e30e5234e77be3beb4cd183015d281e7bf39cdcf0f1e541211c75d64a49df66bea814bab91ed65386d6a491a6295c24dbaf752a5e7a856e0dfe46a6f9e718ca3919c6f8978b0fd65c9e389114e5afd8e9e2a575b854463b63f46d08795f0f1d0d48d6d610fd74e9238de32ee3fa2ffef550336341803c083ac1d749be6c5440bbe4bd3bc3015bcde2b4e2160ba266d281a9641f74d9348fb6fa8550d1e8a8362999452e40b75c412cfa77ab8e1aaf1a9e83c855ec9b7ada38690f0d2e59f67a1f3babbcda8011595ea720816c24726b833beaca0a9d11e7b99373601d27d18c9e29940503d3a12149fdc4fe0065c3d023d6e7712eb853df19f2b4b886e08d61629288ff16c2597d7fae5bfc8b41f92fc325ffe0f61683b1f661409bdd7c3d88a854f8393484f4669b5d9654fd3a0819a32110b9064539a7419c332629b3fc71da35b7ed4f7c693842ce83733a63f2e6af37989cfcb768ab8cea5d21b82a0e9f6fdcec26b0107708867dec54c4e739fe9b931b3c6da013bfae097c57f1e16ba54f9028e672511938a0ad9d681d7feebc65a2f5f588abd66261393f3ba02d7b2cf650a9f7c6a4ca55b4d41132908dc9c90e26f0da8e2259e3a2b63b2d9e27754e278827ab80438070698c690ec375a9aeb4193079a28a2a062961ba0e65af01644af063f3ebefda92c4986379f7b099b2fd3960929578736f09887fc5816cb1b982e5b121b79662d1674dd0c6e82627cf8c63e576e5c1eb0af9415ddc10ff880e8ae3ce8c4fb87b8f9d364974c2a1d8eba4e04bc2bc018bfabc435683b2551c0e4908570b930c4fd7c03ddb95e9ec1d1994e3df0305fdac4e5b914641ae25b0c469b194c0bb78ab04887cdc4262da468475b926a18254d23b4c44705aeca34ef8a7b04dd55a43f39996529a23804e054655c5ba8661f7c02737e7539650364928d62b9b8d80988232009acb54214f06640e9bc6614c0ce02e4a22dc8b91a0aad711e4fd01d7020b7c7185e41e27ce266b9f5aec682cbd4bba3240d6277b17b564937254f37afe580cba0b78c6b0cc81830eaf10d7cc1f7e918d49e935629fe6c24b4368a04af1b99f6981340ee031874f3d4b3a9ebc31719b3b775bfe1fdfa0460a3820bff6f61b49b11ac2ca00836a0c4a74aed92a619f34231196669b942e761538e64f965d23d4f7814256e876263fe5307985c4e6eb69c974f66276764e80ab1de3f5c55e7b2cfdb78dd183a85473e968918ad73f29a266c818b9bf9f62eed86df25b2577bb6d98e3996e94f5bdf119b869541a94eb3536c979c3d77cc0df7c0c48a902ca2f03f5ba5a8ef9431cf95f6fc89744e8440e1d5ebb837e30ef7541fbc27672c31566ac3676a173cb9e466a2d206ba1ebc2b985eddcd6ff937375fbc8415eba46f5ec68cfa9f3a669d41b078867dd9f5160ba45fa4719f32cf877d4b7a6d77c977533659f7c7ac22c68f5e93c1df6c2a3d45b55a4afd3355680aed864f6bbe13da2da28a4851f73c88e555f3bb1c34a21fc45ab6c28287902e8b5fcae6899c804f364cd878a8d1734462bb075cb7bc709cc2c5d7747c4c29a2fa9259752301c26b852b7993adf889d45dbe39094c9b7b168756e5b939ed10bb6df57b8f5e14352cfc7d8b03cda5b978b06cf2430af5db17177b1ef664bc4b00307f970c4fc606a6bab72125f62b0f59655c35b104da7af188a953cfc09b3aa0785abf330830fefedcc8bf9a11d5dc4b5642f679d45cb44fe61ab1d906345c1c345f6b8027bae9585580c20115d2504d9c83ab54ea2557b6d2dd3bc65fa29f091aa46a215e77621836154104e6969fa9107139a19f2e45cc6bf55422a0e1a6d037ad9e63df5f9cd2045e13ac2d6a15bc12008c4cd23782df7d41bfecc0037292d22c7b42f2cc1a22db7502332d9f4fa85f7640c8635b9469681adb6bcec2dfdf6926f1815156d80a835ae918527f549ea6df45f350f618dc1f3ca139759be28e35013034f8bbfd3fa1a8f302594213c18015305911f42e287f2d86f17d76f8a0ea03fb574c60c808669f9f4454fc2eaf0e93873f688e34bd3341f6874d5d8fe754172a751d6ab23dc1642220e7fb1071df0ee3c7e07c338915494a3b360bdc0b38ed221c2c2bc86b29744448b255802b3ddfe600c1d0f9acabb2185e4e9dae5e456d5825f516c857f63e72e4a5f3d45eaf11a0e3a5ad0ba30a0bf0f94cc99586fd202d6118bb6f9c272f6cbe39dd9b8b36ea7fa51dfe0bb87a633be11c16a14d1bce8492387696e195fa3c5f172690b4434aa2e91ce7d225d73b1983d2605ec725aae0ae402cd2f79fc202a307f1896f3dfcf8c0fd8b841dcfeda5d65bb7d76f7c2d2eb1b164c0368e9984f320a224d7d438bc5c699acbc18a587b7589e960af114afbc9f59243646557962fc2e0cb5b5bf160a313bcfd9ade3e140b808e9f19415808aa312ae9c9e8bcd5a47fc721eda59d10670088714984a71d5c0df8b68e675a8e31ec15a92ff6a04d17e0ef849c782b302d11f742efe6486ab904fd65c0aac4ec25c6d877b453dce80e894de703aa8b1e5d00701850f149fe437fd0944cb95e54a924a49bd86bb9a602cf2904fbd9e399f1cdcd0b45b6d8f872e285f9dfeaa26aa760074651393c6451b36c643dd0b7236ec7803d69cec1b09bf1b63fbb68ad7c01507f00083b184ff01a62096f386f4c8fdc85e93eecf3f4b384aec1c10ccc60d8109a6d887bd389c3406163f9600879f0e944443d783e8644f69344f6f44f7bbf1883cda7369c9b9904d991c01552135f158a0bbb7f40c354f292c034824d82c209ebc770f5b756768ae51d45f8875b59904a07090689e65b40625566eed5d209130db812f287b966ae21ba46a3a7a3a0360a4e284d8d91ba9ed9806ea063827c8dda0fa98f758cbfa523ac645421f444a40b95bb065a64256c19354b1ad5002bb7b2add9b5236ad64e9052734b9d263515683db121b5e4dc1eab244dd8fc0fc62d962834ba0b21aad872b127afc0a33c7869a3f213519aa2ef51bab9ab28ed18859fd8239841a6668fc614dedd099121ae6c220a143c119cb9bff9068f65d0554b4c12105e59a22e91203a08ab8c718ec62c42d7ebb7b495e9e1be8fb7e4aab2777025da37b48d9d7b97578841a73898a6eab994e250106e096390c77b0600537be881ab7d81e3cb468bf1fe318b1e804d8df9875e9b8da22e6244997317391cce608085a28b8d070d654a29afab324ba3eecf427b6dfd43501ec0db919f71a932897eb37fe3bd64ab5a34ec60011696298b74ddd7a3710d3e444cedcc5cdc357f9dd58e67dc0ed3fc8df6dad82b3c00b4290c3280c28f78df052ec9cdd9df025abe8834616eddd5bb93379c69092911cd60761e7d14b426a83e335bfc8bf67a14e01df7cefb6023f0c6556534b975ed889de0d96d968526372402ce3d21a2c5c64a449dc3ba4ee0b5ceabc2fa29679e225681c8e946dc94b48af024bb1633e1860c7d8c14500967f24e2f8f46db537232a4e9f4abf8408f53bb52b035bdb89917a6f2f4bd22403ad002c2d936b785ecd965177e9f6235787a185d0eca92532f1aab16756ae86ece13925ba4a1fd08125102ae08c428d073aa426c4e792b5a4acf618605df1707021ce1eed62da4ee87334e34edf43338a0076b8ec739e2c31071e10c6a853e19fbf25b8a356527a67c8f7696dc184e374f4641f4e5b0aa345f1e6c4bfeba3a392d9a994bc271717a051c98d6c5b1f3296caf4c01d80ffb75b6fbdd0a0583f9d4695a44a2878df0c09a85aaab14522320cc3d2611603a34e52da03677a60cc87cc3c689975e5b5366c82e040b6643b8865d8bea0c84cef9ff85245a8b4bc41af1a50775b29fe55e42ac4b29fe80ddaf02e8c9bd07cab823f3d9021ac88236525ec045688a2fc9c6df66f549b10720cebf09ead919524f071cd128fb7575c84190c698b420f89b3c11195b5d83022d1f7e48afc21203995caf8f9286dcd5bd51b65c1af1caadf5a1b3f12579066855ff851075adb959dc3e086a7fb4e9a27fe80e8f3c0959b042486310ae7b785b0612e0385e36f50d4cae3474dd000c3957955534b4907b9480e2e5d83dedbeb76cb78d893c5b64dd51e31abc8e8b4c56b96f67c4b6e43861d91681af3270aae1a8f50712bd97326ee46a2640285b2902f051071d5a3400e99b76459956ac6908688c314bd8e54365383a65b186a6386cc5218e41e0b386759de81bccf5aa68f8608831a9d33ad1af2bdbd8579c5921cd8c3dd2f3bf1f123c742e118c76e2f43618bb7885e44826b7417c9ca5a139d774c16fbf74c8969c038ba6a54f27bab46ecc94d6455188d8dc1edf1da715c8d9976226877096df4158eeecced2248c7b88de0dd11a076db1f06bae4adba8286dc39aa62a55233886e011622ae1cf97238914a55078a7890814529440000004e0d34364e0f3daa9eba6fa54c085777b18c0523818ff8710dee4bfeb3db549c3f38dde73b99a7b1b219282407a4e0ab3794089e21f6f2045ab6254ac3703903edb302fb2f0f97e47cca7969ad6b5b6cf27314137a04d5f4f29c193cfc5540592ab1342a1a9cbd514a7b4d6b23f724a5d7bfa6ffe8e3d9de29b8661139f179a0fafecf234f19bee75c25faffc765e02377d83e0ad0a0029c08f5c71595bc1b2fe88f0fe958f3f1f8ba6821ab834cab9bc902b2d47bd4b5ed52b5b0d7b3bc999b2f68879be39ddcb0428ce3a617b68c11459b746651f413d9e9a098cd2b5c0fcfd0ea1db2cde1672818d7bc73b053015692f9e9259a0153e3c9ac5e73e3343dd350cfbcaa57be93cc881a35063aec2db4ed71df2b1bd90b5ecbd84f399d4530c5450d622188423e151cec49673dc633e503c497d53843f4824750dc09abae9f2f465e92888715b6879f5edbab7bcd58f0899e1430ffb5f3063450945cb0fb3b5c3088ed6966c54dddae3aab489a80341b45a17cac02ae62749f209a7e16ecdfd86b43569c7b34511c65474acf2b2c18834e158e20957bf2320e4a6b9d63caea93b3a7dd4f7ba54443aba1ac2b6f2b27e1bf6f17d3fd1582462e0debc7069bb70e219654cbb99adfed54ab94329382163f2ab6710bb581d189cb3449a02c917c1f2d1d5f51958ce605fdb0e37ae5f3cb3f123276d43b2c26ea948dee863e0b679ecddf0fe41ce78bbca30167c9c7d6b0e9193c98090facd7205a490727e1ac49bb4d639348a32546007459c61c27bf8df87dd2ed3f3228b8193422a72d15f848bac13c6ffa7b8a767cf04866feb7c7a81267d7a8e890128d4709e4873223578aa7febdd562403c6092c0a3f6e0650772ede935ab6ef95e375bcbfa395e23ef1d73532388b845a95f158dc845a123f798176c73e177926d39abd38a910d40653006375110be2f2c5f6efc87b31908be36dd07c8ba5853519a37dfc4dea981af855293f49a3270bb67cdc17b780fbf2a418fcec8953dae927909a6bbbdce230d23113efad9c02474682dafc63311050cb4f3f86c282ff29728eefac5c678360122b4ce221bcec82d24e053b63972d2e9a631a180b48bb8d2d4de7254d91a856071df51a1d87ca7eb5d19ac3def1fdd6ebd8f57c2c9e43cb6ff2fa00d27f279368f5ee29a84ba219a51d1f0f1965781164edbb3aa6209fbce6d40284fbb4a33f59bf9e1248100a623de16613eebc11f510b7718dde9f13b4c9b2b6a10dd932696cdb7fa4b5733b0377453471462762457d42038ebf8c0fb392ca7656ad1f050c326de75fffc698c48f5d809ae360ddb9856b9a54b811073233294bf91e46414441b6665f432201da12e49718b0d7929b6cbcbf310a09ce0d22f07ee5cfa8ffb9f03acd224641171ffafdf50f18be8fa3c907226cc1a6f3b16a776781a6396dbf09f689ad6bba4d537dad490a6f036a45ee3e224e6f519e44b7352ee3e7d3f0d89f8c7c8f54b6d2698c0298a07866c9d9ca09c96c2ac8efd7974294df6dd1bb0598debadb6135e7123bbfddf84870de54476a291586fc0e64784e65fdf78d462e8b51cbac38e7ff1878b11418f188220e3deb5367a2d90ad7d44395f6965cc6d680c59daac268c16814d1085302d0453b48e4a8ae78b8a5b6951a875ef42776f6d11955da7e5734a72b61cefcc6889b8f8d58db51ee78d7b1a8ffebd90e15a64654054767aaec24dd3b5f338b572496c8731049c10622b7f54fdfa43aaea316946291fee7bc9e64640e8bccf33fd1e8693b67020b49cf77faaaa8269e2fecc4e2b43c8c3378a4a9b9b85a4fe2c346c5512cda631542e0ff5706eba996f4f72e629b076d6be1966d44b1835ce664e3c6a4f18c68f5e32f900a0a167e547d5aa79c0aede966f83d00366a623ef8107e328654c8558d5e606f69a12b6c2a6fcbe0e08f945c4ad2738ed0b28d79c98514abe0819569c6e4f4751c665fd651aaa9ee392c330560ef6d57c0a97f0764f88433b2bf7641ba391634316b0ee1dac23a63be21270e50ea1ac24ac3b429a0b46c38dbd48c540bfb1e141b8b3df6caa179c7e54f2b7b1371e8eb05a30f13da95200ab70dc58325f6bea0ee9fe1f04154998df393f2b4ff4431363f3a7450fa5210e883d67620ae63cc41f72e74e26a0244de1ac722b6f1c1d293f7483b331a0efda65a4e4e9144547fe6dce2f4535e29048b07079329b63754bb124b9e046a6e97929b1f4a387765bf93804530791c9f649db6efbebebf46fa4f9af7ff2587130d0e70a32d4aab1dfbee6aadd1f3e5317e3d4c8cde75b1479bc3dd16ea35db3dca11cf1eb1d2bbac60b83605e171619d85fd4b6d0e24be8db76df12efef05eb87473b832e59f3039df44ef034e5e7546b399cc817a41b2f020286ff139072a5b909ebb185a3c955cf88f4a9929b2112e0a9ab43da0288ce3ea268ccc9f46f852d387f5d0a2831dfc8cb0bf593905ba376c069b8c9b70558ec826c5bf9835031199c4c6d84c913da7e9e7db49c1d34511d917b9ad3c40af0598737d58fd61b8f2adc46b73a284957a99943cf73414412fa5440a5f85b63c20794d122c267fba72bfcd0e2741642fd8ff5a0ae1ffd8b30d852c053d0e31f505ca13a21c0223a8ee77cdd92de1b9f87ebee4ea332e9d4573d7efb2ad3f50c35fb7a596c4edb4b72bf6df5a16ffe3c8a236f2cab8c0712ac26c2cbcc68c1dc45209b579c952c7d645642aeed7d60407ee2dc168179d536da950108e962c5c976d3a05bf5142466ee38939ee94e707a0135f99c99b5d6376f63c711e4f64950f08dbc931c812f34735d9eb1c5997770d8159068cdca2e0f192311ca438d613728b544d6a3e50ae0e4e6b1eb611ce55a96bb2f991d49173073d8547f5ede69d8b587a34bb8f637297a15ab4fc45f1384bbd19b3feab5fb81322ba831386eeb6067e55af374c1b1eb9613a6c41dfe2bbbcfad157dd042c67c44400b350f0dc40a8611f2e947f32ea3ac3f609027b5dbc95b157c13216fe7c35edcc82950bd4e38bcb02b63d2576489c331a222e013e73b5333694889b184bedbbb6fdd6fd40a62b1d5d494e68cd2aefc264f74bf70ef38373e599faaa326f574ae32b1aad86854af22db8c9673d14666aa7c0c3bbe0d76a835ba4b391552777ed20c5c6cd0aa84f3be73ca0a3c128914107fb8fc02220317fb111cf13398480cd3325582a7e55f4c4ef5a258bcd01a97615e95f89c8046d41d04340b88cd5f4b1d827a030637145d98422facadbbbce97dc3060402a7bfa73d7b4dde53184a0923c0ee29c6e8e2c35e396808df2481af6aab053b619fcb2833f14f87051c5461567c5f8dd40383a7521971775493f896e18c78bad8219f88258ea686652780c03ebafb63ecbfcb23e24d52a2f88a77ed3b2280637807a5e155f4fad7149b76841772471a3b77aa42e8058c0af1ac2be9d88b5152851708f1a77582b3e31702864ee6a244a38f3f95d9797a60cddeb5ddf08cc48fc677f03f9e717ebe7f472883e5a6a7df31ca4272228f26991460c537ebc8aecb6a0c34a763eb1f57124fbfafd6db4c21bedf6723b252aeb21eb1fd9f4f811fd3e2e764422964761b2ef3aaaf986a48f7be66f6387578f9492feebc97dfbc6bc97380394a5635dbe582e52a1fb18ea8fc4e53974c63d198cf0d878ba8a8d58688a037c0f753c7073337ef3da4c134ef939c98c8806d09943591e6013a1342de7c722f993fd7eb36ba8e8407d1ea60eb5724b0d6262c70469dbd8ea1956b8d7f5a77707a9cbe2137079e7abda3966c5bee4fd86e8a3c4969bc88ff328a2adc8f4546f647575866d5ced16df06bf40d9a5f178f9d19e490bd76e187c441e7de0e571f6cea5512ec9bea48903d91a519dc82defe34a06b0244d623090b5a250786bbc66c1e76db6b18d81ed33c81a7c93782d5cdbe0a7cf7d1ab29c04be6ff4a9bbc10f716a67d52fd52d91425abd2002cf83c3797861db5fbeaec745a552ca4a50604340f2cf2c1b10e9ba76c8ea43b283c73f774f8be213f17f70cf93b9f6a8bab1f516a935e80c3cc6756945edafd572e6e00840eedf61fc40351869f03562d8c13006de585a1141c02f1311fbc8e45e4b3878c32810698e4764a6e8495f165eefee35714a1794f9ab50897c5565ab745425933d9d6272a172c1f2a274f9ca7bc8e1b01a27b8bd06fd9dc61880789696348c99e9a70c9dd2a62ca04d1f86dc87380b618c2a78b16229d614702fce242fa17ea90cda2648f9375bf7e78b4267d558983e08a9566d95871998d23cc6d22c23370ae067b677609844abc140df81cbd9addbf657fffaab5c22c479acca18f3e4b508cf01ff7b2ca308ff116389790f26f2c7635f89c747a5bc66f61de575653069349a89fd7e3dd785266b7bccf16eb8b4a8a86751de60d33e17d64f6e4e0f9d13a16d243ad7364114db7ad011f094c4debf20a39e35e7eeb440bbe8811db2857b965edd1e2675ceb1bc9a1691f123dedb341962fbbe539485d2241b0409adce2587d035187a0dd5a62076ac4eb5c3e2f4455569b6eac0fc16155da1774cbe505dc92e2087585a7846bae699bef32e3c5ec2356dd4433ed29d4b03ff7b38f7b3cb96b92874eefda6c2e0e326214e40f14cc2ef80e1cd3fe226257a423b8ff5bb368b87ac7066c5136487775b5b122a858334c37f6a3f53d758c3c866e2e79daf9aeab36a59eddbae2fa5b6d20973014196ef0a4cde1373c7297833e6f1e46828f4a42eebd829dd4f17999abe285218ed5dc6007b21bceb588a213b29dbb1ab1a79b41a12df26fe35f0cf6a310c9e50cf10d71ad5960626e4efec211032ec4ae52512001362ba4108d86eb774d2d4d0364cbb1dae68f03a774e328c2dc09899ee80c05ac2a8e3ba905b0b3b7a08a3df20b505901123e7dc0a15db48d09c84189ca4345c23c2010c12cc35287fad30211cab9631e148a7c1e8bfab61ced30e098d1c3cf7b6a7fbd8288dfdc48044d0d47c17f129f6b5d751af1984d395ab1b08ccca3e7309a89a8a36dfc3fb82d2a4269bffc32571438d04a7b98137b46ae1fea1bd9ea64f99e2f0c5f12ed84886b10bbd511993b0447036c4e57b9dae6d5bdad6aa3f2d12e62471194e43111613b8b6944c2baf1f539ea14dd76c356bfef7e3d4b6fb91f6d321a796a4bce5a4c6a5caaf0f3eccd914dea21ae909be7ba486075ff6139e7e351fdd7e98013ba51ff0248852398c734f245ffd7fde8cacfa4805496ad7350b1c96d7bf9da9be492f2f414e973937ac9109b6e8b8315aa9b81840f2c21239caf85a28f0e590bb6ad12148e75bd4d7ea69a9ffb053781db98d5fb5aca30a734017be7683a559c203c006ecd4b135afe3650b906e0aa208c889f2af09f3f8263260c3bd07cf8021124b6f0e0d021f9839e47996905c3d7562df810484552de3bcc9ae054b62a01af6a7991e4d63f30c7a92d8b58e01052e53818e64d7540a3208af321709a5d891ceecae5d27a999b00ed01616a73ec8854ca61973ed1fd3d82f8628b215c55eb7908e297d77098a7b0c362709005a7d13c89c54556589b2a926c6e08cc1c0afebc7eeb5d7ae4ef0507c91b8e706e6dbf83d898819192c812554ad1c6377871a8ca50f1325630f7b5266b807ef61d0c8d399fada49cb02a14c16d39f4fa7b81272573808e761c9dce7cfd12f4f18dd06b0ee471c166e095bf84aa4aaa2d82f1afcf09e5d960257c0a8dc404225b4b62187829c59e57da50bf848d72fabfb69362c117c6913541f84095a2a4ccdd2d30860cd96640bb2315e435a4af08c62c584ad129300adb02a871f3c548b96c4f6c47efdf4a1163a8a5ba9b4766b01437bc5957324660a8cd87df0f7e000d1309e896e3ce9f57b17562c9368a95a4cf66b3a5b57f0cca563b045452bbc8ad07b96fd0322728ccb3b05bfda14ef36ecfa2f32c5aa899811a67f2d62ed970db5723d6e4e4913c98c81ed6c03469112c23549f7e20be6401c6544db9078f34e6a4ad3cc868bace2e7ec6ea17225986f9e941ec67d9a3fc57958f9df8a60f585aa38b1769e26ed3f68dd85685b2cefae9dd72a18abc0de6b94689785df377ef4a812a6abc7f738a396f0e99ccbc5731801c36e746ab6b1dda88ca6ecb899528e18543cb3dfd439cd5be566594f01a4533da3638e6331fedf5b67870938ad044aa0dfdae33e3a6258ad40baadd726eacb1f3c1eb8d83ef4e185d7603a4f1eb006d90bf5849e2f65d37ffe750eb061bbad08a0c0cfabb9abf7f27d36ee5687d23feaa923e09d2ae905410a9193f21ed9b1d6331bb1f3babb90da2f2e023a6ceda4b4fe0f5d864738ee7f65a0b136021fbe076b4adf2d3af760e1361bad7ae35cb7ca010ddf4488255a2d3c492d0b26a1a5643f998b5d04a52a59f176d9bda85c916ff901329f09fe953b030b92f6415172476ad89d3e8cdcb4eda7dde5d4fcd5d6a584a312563558e784b0f9bcea7c53d26c3f2d3350c70a5e06a67c4c0373dd6279e29c320e6580fba8ab2df3039c289235c066af1b07dd112f25b25e292020f36c1aba246cba4e054d64b38f53ed57a712dffad7d3dc97f86af511638a2779107fc55da63b6498ea5f3ae36883163e5bf2324211a61a9889278f828e58daae797fdba9218d322da7aa23db7a48a00", 0x2000, &(0x7f0000007a80)={&(0x7f0000006400)={0x50, 0x0, 0x4, {0x7, 0x29, 0x100001, 0x24ff871999b0dea7, 0x1, 0x1, 0xd, 0x8, 0x0, 0x0, 0x8, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f0000004140)="0d9ec529eb18ec94a35378619cb10ff8c913f67139447b7ee0cca809e36c363ba1d3975a7446b70c6bdd99e2cff540eda7589ea89efeb498df568916036f0848ede5f089bf502b483c67c0432c34b98b1bc085a99e2981103397e0b0eed2ec64c1075798b56a42ea532091f5326c97622a47c53fbf42e71c3ed4b954c559424b49a13598c6c63ef65b62384b038b3e6e98ebecd178289831eaecd986a01c751e8cca7a57c009f2b5310fe9dd8a63b91c4b5b13d1c44d2b874b32ae3e961b9e96a511ffaa3ed20248dfb470460d305e44ffcd287b355380319fd31f7538c6d00de06ddb8f72b3a59c4699c94d7379e1e190c6dd7786e12096f9e963a038b6b4375535047135ecc07b16035ceeb27ed09d77f52b6eae27a03071e060b05bf347b9ba44a984e5db346d230ae9c5324ecfd4e7725bc5019a9f4d20237c820359d73b82f9c668ae71f6b85d5350140a16f988bb2b8010effb52636e0b728be1b1ed37c1b8868ec67edd52951dbf65b479aa25e92667a98c755d88995e6303a48a64317bd4b201fc6dea59381abfb5e0fb1035bbd32a97a6324b08f404fe3991879a0c6362032864031737941d9cc534697da61a43c8723ecd1062906b65c504d86383cdf9631f228372b13aee64f8ea8db00dffc37fa092ab5daeb7431dab37091c44f91c9202df60876a6e06ceee3e6a095406fe5cc1f83de1a4adf36fbef5a94a622132cc85e56fb53a9cff67bc69a24d8c259ccfe19b1925061f0cad95d6b4158c1394b8acfa9a8f52a566c6cb4e0b14dd30c85b309289a5f395e01d981735f6fce6ab30994643d70b2f322b7a233a339e621ea2eb00a0082a175c231b330a58062680546c28db8ff5b7e66c0e3df0a9b74ab72abfd241fcbe1e3d27a2d1eab44cf88180dcef4482c866324133f9e4780b891a7c5000b005cab0c131c225e944fd1aab5de9e8d17b8770b4472b6e4a13b6cce90ba152e5144acf74cd8a9821ce3eae72dc7ddc81b76482226098329c3a8ecb923822610aa0b086f44329522dd8f9ae355b4666d1a10911ef8e21377578b42fe6ee0b2a77917157488d6e0bb388951f80551dcaebf212b396d1f922aec595bd340390d310f6006c4b3efdd80838f39d25470db39d6205ba8f52bac634f8145a3c10ed007acc2f25c5dbfe911f18f44a0c57cee33725eb8c5f2d9112f91787c2c323b67b67d9d1f593d26430d77189d4678fd8d7c11c1f2d744ad59a03a8cffc52ee0293c90b00d61897c80184aa63fcf43c109b06af20c808035af0a0bf9cbe544681768f92a2ebe3b4458dd020fb0550822bc2f769631e00d63bd91e7100299bbc4ce53a35e993e24028dc5c81d46f5377d21f2f38a9688ed981044346b865161b68f3390a50c2e625052396cdb6637e9434904c63d8ca45aa2325626293cdd9cd0179b1d995be10281fa8d281db16320f520e42af268ff30dc2d8885aa3d9e7f294eadb4d827d195cd5d18632928f2153261345c231efd143288b881638b61dc5dab8114c1948d83b8ac4e278f131ec3eef4e87e43a36f4b41a699a741ef3a7cd4f0bc5dbd2dffb1d223a5c5b38b98e49092631a176d15c4f3c077d639726a3482bf2fdc73c2bdb09208aaf90bc64b5fee89d231bb1679de3e5d31662db2c5824ce9941f94500e5a11b8fe79da548efed8cc44e9bc1d5175dd77fc16f8219a83b83ccca2181bf411b0945312598817e08e5277530eccffff17d198613cc8c991349141ced56e79031ab6cb98f3f39e5f20bac76017083041a1ee99ca257d0e0cf95e59617139afb08cf0c6a607d3f2ac2b5d3f4394a4a063c9769bb884ec522d46138228c7e9b5c7ea5e3a6c70815b565ce15a13fd0a5deb28e710c15fe25c744b430b4f6482532fb96566381c56e12632cab5acb5e08d6f973003c96a7d81ff76966e0f93c83c462bfcef230939e48c4983bfed78f68b0f540d1fff2196cbd1f1c1a1c310ec10f5a2745407000bc6db1fcc8540282cc7e96cf5582c4eaf874a2fe6369534176429b7505eb0aade883260806be2d86a42e76b315a76e5f686ca669f49e1f9054a77b8eaff14a43e9a9801244e8e94ff50a17b60dee0122ea70819bae3375070466c7f202c4ea0fc0c9aaae50c43cb65febea224c2b554e937f67689b3e18ed543749a7ef0997a7a7530b918c4ef935137137e1ee7e6a8919fb76a8f008ddcc2d8b2e18f3eb90f7a13cf4f49170ccf50c75de82e92a5e2d1f311e59071ff202b6cae4d6243fc3787cb9fbd401938cc18dcf5620f8b8f74e9e3b13dcde85ef896f31f5a2458118addae77206ab1506882f91873b4828950a7b91ddae74888155a9c486c7c60492813ac0e33362dc4e21e00538e5b05b78271d82486a0d156d4a5a07085bb1cd74f5d63763f18648a489352b5d05107909fe54b5d332cde2900c82c150b11071e028eeb275cc9a9614f1eda4e4830b128870e732d473100c24152aff2aa1659daa65d7e9591ebfcae5dca4e84c9a0965a01668e59843ef4a093d9b01067a0ae9d09e3d810c2cb63600ee05b10fc8685e8cb150e2d6d75baecfb8762f7a7d131417eb0721e19e1d21f5adcc1e09489f06b81d91b48608107fc7b3853e214a3c786a9812113ccbcf09907506d0e9cd72c79793584b4fe06a18a627bd969f628a5936367961f1e7d117d03a8fabc85f5ecdd0ddcfae49aa293893a2e5ae376be11031abc0e05ff250b35926345b52f8d3dc02b7497f7513e759247353db9b8e493120e73981aef4c4d9747621537a089848754c14cda1cad18084274e98ea2bf7400ca846184e0e31a571f9bd770222b1038a4ce60dcf8fe9cca4d60048cc29c37c1345de992e9dc7128ef093c1ce80232a88a3da7ae8bc87120c5b1f405d5186141288998fed9e021cd0ad6b12b51c217849390be3ea00cbd6c755958140bfb9b2a2765ad1f51ac045fdc5c28ee5886b1436015b88bd90d19328f91394110b0d891678e63b63d6cc4d35279f6f616d7692c6fe177a79d80ae8f7e4ad5078d8d7096f3ee664dcdb2f634eba98f4788de1f5e34f32ef09e2f0aee4fdc5bec4bc4aeec5721ac3a2da1bf52da017c3312095403d50dcde39671242b610f11832773796557f71455376a7741ab242a9fc94464180bf224d5e8c79b462e3a816f6c08ab0f5503386d34ddfd808b4b8d5d333548d4b873923c6c297b2fa1abe433ec9264385c50dca40316c37ed85db382e7c853ba331c727043cb3345de9f89b1c804e98205eda3d6b6e042c9c41877d456dcb8f12663e6dc1ba809229536fbcc4c58d01a137eb80af8596dfc7b5fa7a044cd141238aa82e440526e55a28c4ed2f4b26157a0eebb4a77c5ab66fcce2602e1a70aea07e5e7e7e5321d58ad128a5ea6b574730037f24a7300e0ad6fc96bd18e03763bbbf21bd3c388aff1cc5ea13728ba2f8e1eb70148d2603e55bb01cce0763c2020b5627a0ccb35ae3a9b3df380e6d9800d9506219a90971a3b8bde1dae6a43fce2aaecbc026be8f4e9bd749e10c87ed7d78f92014342fa449eef28e7175548e5a8ec4fe7d31fc86737aee63ef40b54485380b6898161676f0d82f76113b12a529fbce4482dd278a90aa416077c677aea623ddb3761bc81527ab7e3d73a3b4c8c3e4352c7c083cee8953ebd972a83caed837587e8d7cf360f28ce6ca71de75c9174e8744ba1098513bb6c7fdc6a3c7c8e5870223d6cc0b18b5d6edea926d5376aeb85488d3712e8f67128f0d3fb2b42f82363a0d4c1c806ff283f6e4ddc10ce4a0803be66a247207d6606c7dd67cd293dada159016d7fd7e88c4df53d09bdd9fd9fa3c732da45fb92bdf6f442eda15edd97bf1928a7699008f0b482240a684ff5efef0cadbf1b4f16888650d59b2bdaeae0d1112a79c5522dd0933ccc16fed7cd0ccabe929f625de8947b3b1532dc04253cca988a1584df2b31492b19410d6f681d614eaa20029592c00c948a98973a9fba87f1397f8859ba543edeb5c0b0db92f65462a1103947d780b539433332d65bd1418bc00c9e815f73e0cc0aca5fcc9f95f707c455013a55a0c4a29093b05b94edc5b5284ec7ccf3ec091002b4229036c174e2927127f40769ece890612bbeb960d9392f442765a2ca8990c52ad7d4441e975a7cf079d139945f2b2a8a34f0e85d76cbc96efbb52cf8b5ae681234e14b6648244d41cfee2d9b189cd831cc2f31ae7e5f11aaaff1629f8c2cf73494ac38e58da7010dd986f8b6134ee0dabfdcb30617d15720cffbec7651f22253aea21696d2ece4fe026543ea2f3473e4c12e65dbb3cbf764ffa0b3a396382b9b7f0c24eaaf3495554b2319b66f3cabf01a8d6cfd1382d94ab71cd11eae2a42e4dc841d4a9732c395688d3377c8ccff7e3f88a3129855a5f41a7de6b6a9ac40a87c288f4821295edfc4f5b8fe5a1fc0162e9820205c809935cc6047e8a835c651be02fb41c21de30ac770d7a7f2108c6a3f1cf2649cac444f028a6ebf4db422cbbdb7fd0cb39109a3130ffae17810bb58f5c557c99670224c2678fa07f1064911e6c665c0d1c26cd2f40f7089789208a48eb339bb8885910e035b4b8c69b1c3ad79270ac6e70b963493a6628b90501822878cdfac866268d914d8af2814612b0198f9e4c6b48e739e414d61f34e2f69ff7cdc4fc7ffe45a64c5faf191ef6c4e31cecebe09a2f6a63d60926ebaa7e925ccea5c93e403c7ec0ee55423ce4893471440006d4c09c141e489dda5577f73b57ecfc764ee5bc1bc88f7866dc6a494e3ee560c956dc12ae51842030251f1cedf2caca15549d0bb4ee3bef03702197350cd7586b5916ef6a0abcb5f30548d22ce5d8c4dbd82030b8d7b5481c51676b7d14d35c20346c74dcc7d96ea0b13f890f755a219993e88739da8246283ebbd82eb1b15956b5ec16ad523768c19ceba9199f97d7bb43b85fa11349ff7fb89a97b463b34c584ae9e2af6c8f20ab528750a22ff6c2297e400065fbd9a4660ec2c658afff6db9b67070352d2aa5e6cfe534eeb5ff271575b828dfd7f537e3627a1a6419ed0c84297fc3d362a52f3860a2eb7ae0a50f06d3c68c4a1463ec331ead7af2dba792332218b04d5b585de1a471d296df6e10316852d50f211e07643f749a1d75410e66e47db40bfcefe4b708d0b2879a50ccbd85939b89fe4b905a6a89a2d5a4e28d18c048e66108a06d8b6a64ec5737b5ae283d914484167c8ac7dde7ec007aad1999854c4d6a0e5f887f99de3662610d5e8d49bac7d41d6fb7d90b4b04939638e2151ba67e75362aded50edfb7d9919b345b5b7df6a909193ce64b20470e3480c68bd764968f4d8a5779ffd9a35e58558272a214ae26a094360b9f2ec97c5e0a7693f4b7509b962cd8537e90ce7be70b54e9531e7295f894b94566df49c50c2265842392dff50e17ed3f7beb9ba4ad0520a73db1d8d3b39759e7fffcbf26517316bc74437fef944fc915ec24affc1a53748cfc883e3ddea9e25063ea8383b06f0d5c9db13a0ff335f52699226b391543060ae5e2c25b585b9efdd5ff9495a4873cac58b5feff5f08717b04e81bfea349accc58fcc6a6505de3aa6ff4985d9c38bb83e8daa663ccb356df3ed52343ed7723687e416816f987c565eae22c7548c1d6b56a5b6819583da0ddf92739f65e604e37b3275a6cb1252d4ef7a515c4b1e9068d714be80066bf0d422f1e4d2ce6f95c9eac081d6e4596a6a8e16a57b732b575b7de16f176ff0e34e84b293d3fd77fa30a7b7cf12a1edd54170e56bf7f2d40620ad56acbc5cc615556300ff9e95ce3dda93c8333f23f0d97a5da12a0fe58f95d6b911f614563d343ac6e4f9fee1d149c94fc75a97ac839b6d8d7b27c5efb870d2bfc6dbe6b688490b23597d83982d7858215c59011042b1957a0b386842621c72f89a9b524008794ffa0c179753ab48d0f73e5ff13624b3b90287edaf6a5367dcfe4094a21ffad3e881b428b77ccac6924d5bde9c781d4189654d8f29885fbde07e6334c6406dd3ece359c6ac7c6147f5c4906e56764e9980a669bfdddd9eb780e7f9988630d1eb098b3e4fd4c795f11441fb6d0ff7cf086eb291b1ec8d90092e1eaf9722ccdcd15408617cdb8c49043bf71a6ea0ee6b7e840344fbcd377b995bfb1faf22754fcb363f6c630501b619bbd87cc13d5df0948a176771d2d69236eb50dd313817d9687967e7d71f854db6bff803f4501d999dfe3da37ccfdf894a7914c4c113fa7a18c3468a52d646a5070614a6f02b7ff21c9f6927f5de55be85ba815f4bb9e29f26a94423c58338947c804e0627d69bc5a6e93fc5fe8cae851700253f2d494622c6127b4d77bf54a1ac27957234628cbe2fea1729ec53be7d90806d510ccddfd76fab1b9bf1207db8b05c3eaa88fa4c0a5db13cec9310f4e02c1d8114705446fd6649df3829aa12786b8d10b4540d8c1f1c8208c4b41998435e3fa1ec5199cb2d3d0c5c04c5e0b3ffd69112252106bb39333ff23b38d167a9b45ad1bdabf434c8695e2676d461b34c5f048e70b67a44d824baa090c8be13a22ef0d0970cc7a94ed4b77bfc3a40427c6c11abd2b415817243f6801d535a3adc9924a1671b645100e822a0c1876a37d9c9e230e3d762f1cfbb89a8b28255ba4cc5b46cb1635cf185578fa068b68bac93991982b48e7faacc09745a7e33bb12de6b25a2342a7e03cff06dde29b4d05de84e56c78fc6d9dcd180438da3136767d5846bfe7168faeac5b9434394bd747126c5c1ecc6621d10817ce9b6540433828a3bb8f6da0cd8f2b54a47cd5473f6bc3dc1234bd115a6890aa678d1bce7840d7a4559cda556740860079e46217c20e45ee59b8b7078d9b70cb6a249eb2e5e4071d044f456fb61649f261689b8d7a532afaf88eb30041242ce491fb7e654a1f06add370e2706f75c2fe1afe8e065804414c660ec4d96f496b1ad87592de8b7d04baa7ab142f580f262c64c57fce8ef933f18904f001809cfdf94eb679c9eced5d125b4f1d0064ca2ccf5eaf61bb7841bd408ae213deeb15d860f7ee7224b9d2dd38ee9f6c3fca6590335715c218db8f8c98e6339a6944817a1ce2e115ae984699861631b9893c143f594d6dde0895a0c7edb9912fe9cd8fd0765227b3963033306d15711387044bc373ac10d7be73cd80f1a79cf1ea0989ea9ae8a0dbbd1227bc33df652792a6bd95f1d21c6497c4c35b9a1eadc0217e322285a2eb832753aae74ef42fc983e58a126b7c23e4b0bac16f0de1eff7d41477bb25052f32cc9cc956ebd209d6b945b1fa9182857e180672a6be7edeb5234830668b1ea749d0a0dd3a244684d4dd76221c3bdf98c2f1eacb7a6dcccafd249b0ba2592c88790de40895799ea4dfb045cc2392dbb623bfe420b24e5a425b84a4b24d787a68bbec9db363ac4e9453df597f0224d8b7b21629e1989e53accbae97e189cf9b59ebf8bb89591fe3fda450af548ffc46eff98b5216e238a9246e2fb95810f8f4d89504633a6d223484a765b9e6e5497159b31c51fa6cc10641bafa81b10c5ab853f3136fa1b4334bcbde99cb4689f077ca3c29c2f1aca2a05762943073d5992aac4d9b0d411ba25905c34fd02b8eb7b9db375a6f6516446cc195eb55eda1e007e26328e9e2642a9c4e90c56440cc60a1db77713860a56820901b3022d55c621e9d54f759dd17fc5b59331c63cf30e07081bf0cdee6cc94ddfe8c6179e7ed86607d4ba7d5f1e97fbc1139b43ae5fd04c1c715f4600f028d0852a421d472b1b48e591b6edfebcd86be3db2caf967b06776096e14f0deffc9bb126ec329c49ada996b963e942d9c404967dc23bdbd0eee951b2879f2ef7ae224d4ff25edac4ddeb2c0b8e579af283e87c625d3fae5286fa855930e45207af7054763937a9247dc38e37e6dee2e325b617280846012e463707b6ccfa2fc399a66e534221a45626cd18c79d46f5c77c2d359e19ea870cd230709b5e33cd52fd43388ef91dea0a1e0df6c72688d9fd32bb67f489a3618604ef1dfa0d7f569d40cc68e39994e4edab4007c988998f59485ce4723c1eeb7c72f7e833418bab47735a91c7ab24e8555d2ccf3a812b6c634c0c3a68271ec8b536aaa442e056945feca6fb4e54d2cf60a0334f494b2bdb6fbd597de0ce9d2cf03333a0c7121e086aa4c657360fbfb60f3ce0fc0d90ff12b03464e8ff0e5e546ff79735c5c800a0f9b680a478c772f60173a760e280d8287681986038444f2103e2894d5809d062cfe8380e34bca86475da3d7634131c2a8cdc98c5927bc137db61f94eaf9a74f87cc85072c201766eae17fbd5b732859fb1b1c980b36e377aa41a95bca18ccea529420e742899af7b968c1fb9c0d181da9f86358dbeea877c3e9123a9289c362fa61d96c707ac94b427318a1e5f21078aa9d1fd7a52704e0d73e527f3ca65b7b459734dd30db5335c450f1dbcc1e4259d657d13b6d6b4adddc3d0eae034d1878cd0aa1825991d75f8e6b5b4c0d6d17e8ce709b19ff794a8ef856abdfac65cd13631f1b66b20f2ebf2f3122d18e03cbfff88206a5998fc3cb2b40634fcecdb8f5bdbfe044dbf169ccd2cd60f7bf033272f38f587943fcc75d2d65d9028c02891c8415706c2b2459b7a3c5cc82b0446088d3b3bcc033ad453136afd4ac4678320fc17288dbfa1c5180ad57508a2a298ed4ebc716ede34fded574d9779be5d56517d4dd40f197312390c488f46914b0927b13901ce70c1684801f2811168fab533998a1fdabbb6e683abfa021f6b80077f19455c34cecf5dbdb2fa6e3930eb5940cb14504050cc74249424310dff81116b8f2076b8ebece84c302e758fa90af5a1888aa8a5a2bff4aeb7ebd1c7a216bdbb84bf9c021caf3c8efbfdc5d3aede46381bcda372a5398c89868ad57287736fec2a7e8ed638974fde5875eafa506a6bd7f772d2b221f4bde4920fe0c56f8e0847e2a7e8387c64ddef4203d77a526c46d7871befe0c5f9128bd67319acd963fc040185aac4e7815f728bbd7ffd8f3d125e63320182f202fa9a52505be9585556a5d1308c118ccdf01978027cbace7ab339d6f53d15e795b7f3fedae4f86c3f257ed80ee634375dc2333ceed1ccaeab1b6be7a9611ff33d79dccdec2007558c06dfc06612d56d37882e5f1de340cf05f4fffbe1a5def6d045bc5bdaf633f07360f9028cedd103bf03fec8beb9fdbf8c5fc684d12efae1859c53e2cc3e2f508a9cd0410ec036648d3760dd591f7ae04e4cdd61a2566319c943f0b63d87e422dfe5c0d1edcb2dc515778a0d7bb2c93ced3b1435adbc51d3fdca9c13679397bc4490093d64869998d6a28bb862ead0fa411585289cc00dc199eac6c607b8a84123dad3be80dd8fd86aa202113131046336352235f34c05f5ea6d5265adda98edbbfd11d6839c5b1bfe4fad4e688558d633d4a281df44d9c0a35abd464e01f8ab01a1e272cc8cd155a40b8aca4c6b1dc894c0fdc02f15a8f67ce94c7f99b6fcc0e4a3a8a71365645ad7809d47bb26f46ed8bd02f6e8f3d277224f82f3d41695f367e343ac6d507413f4bdacf9e344a49156c4de36d68c075415f8004748055b38b8a4110f869fafcc59cdae5663eda72a05be365a50e98bfd4b00e35aef687afae7bd6622cdd725326776f6fb1476c8cf8c20a0e5223e2bea494a1bbe4e79b25a5e48ba34bc66a84ecc4a0aba98e74ca2b1f61893e61a29498d855a778a2a9ce7b7fcaa44b4aedcbd0e28d6c49bdb6776975bf69161f372b964e4288ce6a3b877c3126f90c4c9749d45b8c5c840983b035993e484a945be5fc9d2d1bd3f3de4e6de7bc74a7a07b13e9e82acc11db85454f1d928fe52ad42ca783fd20dd3e94471b498c2736af40d2a45ff74f9ef874639e33306daa8a667674571e2ed93a48f49b57e9e3382fa8090774bc795609ee510b6a1ca48d9833819cbe8ac77eeebb0e3b6c59ced2d1ab355264934ff1914a3f654249bba60a692dd36368b8a866b333320e57e9c7d3646c375696ff14e303780ffd7b957d89ccdf57823d2d1e158773c2075233dd2f331eafe3802da683c293eaa24cd8b63a7582ddb202cd6f8c837c74f823727641c7eb680fe51ce7f250adb34956e4cab17b8a5f10edf144c700e376c682dd46c8fc89830fee1a44fafe0a5a2e7581d5d16ad6267d1dc2d5be8547f9352d1591b42de94f2559b44a80038360c6394541a77d95b196558a479b609882fc597b9cbe285ad7c7a41133ed85c8ab6e6dec5bf70f9e787985512d48865022705098a6703b255a6f2b05b62fc7ab32e67f06d785ccb33fb348205a76939e6c2991486c5aae8ec1556b2f8e30ca445a4a495cbf2c6013042b8cea615e58899fccbbf1fc4f17a6dc37e46b17ada0be033dc67904fbd7903086d3417e423af64338426a84ca0c2a3252db62695f9cdf10ebc09b9da5747d30e7f4adfb374e1d2bb24542b0373b1fb897690b49fe24d8575ec9800f019c9c76459421c11f002989ac82c13c04a202cf7f9f38b053f9a680d4d5012887a11d25cad201df20a4eee6d2c0474055579ac729c7514a88b1675bbf6b773448c6c1a5ccd157f44f7e032a6b848f2e734d773f029e48fd13c90d41666f9bd4e9bea91950737b6e7502f9d2677938f240e3f905d6095bb0f8bbe961b99b2d025538c3888bfff8957e3592ee5b26a75399b59c697f59fcdfbbe3bcffb8777340875611bf75486d2378e68de771800bfffe0572fb36ca855ec5fc8cb90c76455773c36ec40b101fb30c48f8a8e775f5220e024b4da9dddc2fcf4da413e7c5db9e0567cbb5fad0c91d779a0939debd9247d3f7d8107fd986f73a9c9067e6594fabde0b9e887040cfbe7d31332f41259de57b38f33275597725392efea51f290b8e1b5c243ffd9eb4c0231600f9b4b204344736849d527156c4720a463bbe88fbbdc333099d949853d5c6fda98bcd35ad3f1fb1d5a7d00541a8a202c8590e35360bb9d25d6431476649e1898f901fad37975d6dce9833956e7a78d0306f533d4aa3c9676017c7abc7e1f8f2f117774a4f5beba55d1c3cd580fb18defccc349cce24e94a4cf1f4c6f45d783ee0167a55369c9b5e1eb6d0a836f3eb2354fad3cd771a9d777ff84c63120baee86ddc52b3e6817dce339ac9c240e75f3e2f77afbffbc1d54eb5936d045370ce3b77365c5320892dc7bc36e488019461d2e552969de9f25bd8de049d693be450c43c5d22d7569fc384e8d56ddb577c5f3c3471f5ba2998bc0c697a06b6d8ba5f2f7236e78aaed69b468e761a5f07145c0326ebb94f50aaa8c5666c92006d8d139036f981003933f8e2eba106a0e251fa9f5407544e44aedbbb271a3bf1c660a9cb8c74dbd0713aaebba2dd046af8b9428709646521d6bf387a92996b35748e1e67b602309b7da0fb642e89de19f550925f4db082ef7e9821ac4b2aee93c9cf791c086751c4cb4172608a4f903dc40727858046851529205b45786e294c17abf5e5f6bc730cbfb8fd977c5501a8140ac7984a267880b53cb94157be9ac157be1cf12d8a9e5612947772b734ed6ae30e548a3b2faecf94a7e03f86317f52ac797aefb957d2a29de8f8ced414ce22c800e0dc7e49d3672fca633248f3e68c00", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)={0x78, 0x0, 0x1000001, {0x8, 0x3d, 0x0, {0x4, 0x7fffffffffffffff, 0x0, 0x400, 0xd, 0xfffffffffffffffd, 0x9ec, 0x35741061, 0x10004, 0xa593e9c1ca988eda, 0x3, 0xee01, 0x0, 0x10, 0xe}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) (fail_nth: 6)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)

1.83275138s ago: executing program 0 (id=3372):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00'})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0xffffff24, &(0x7f0000000000)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x4}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xac}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r1, 0x0)
r3 = socket(0x10, 0x80003, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10, 0x0}, 0x34004811)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f00000000c0), r6, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r6}}, 0x48)
setsockopt$sock_attach_bpf(r4, 0x6, 0x25, &(0x7f0000000040), 0x4)
close_range(r3, 0xffffffffffffffff, 0x0)
syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r7, 0x0, 0x0)
syz_io_uring_setup(0x3ecb, &(0x7f0000000200)={0x0, 0xe032, 0x10000, 0x3, 0xd8, 0x0, r8}, &(0x7f0000000280), &(0x7f00000002c0))
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010026bd70000400000005000000080009000200000008000c000300000008000b00000000000600010007"], 0x40}}, 0x20)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x30, r13, 0x801, 0x70bd29, 0x0, {0x7}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x9}, @L2TP_ATTR_IFNAME={0x14}]}, 0x30}}, 0x0)
connect$pppl2tp(r11, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000180)="9f", 0x1}], 0x1)
syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')

1.433394716s ago: executing program 1 (id=3373):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0xc, &(0x7f0000000100)=<r1=>0x0)
r2 = timerfd_create(0x0, 0x0)
io_submit(r1, 0x1, &(0x7f00000009c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
timerfd_settime(r2, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0x3fd, 0xffffffffffffffff, 0x0, 0xc, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfbcecf5, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)

1.433032441s ago: executing program 2 (id=3374):
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}]}, &(0x7f0000000380)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
sync_file_range(r2, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2a)
eventfd(0x80200003)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$6lowpan_control(r4, 0x0, 0x0)
r5 = syz_io_uring_setup(0x286, &(0x7f0000000440)={0x0, 0xfad9, 0x400, 0x0, 0x0, 0x0, r4}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x38, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x0, 0x4f, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x8000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x40084}, 0x810)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2})
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r9, &(0x7f0000000580)='1\x00', 0x2)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
write$sysctl(r9, &(0x7f0000000000)='2\x00', 0x2)
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x24}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x4015)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)

1.15318301s ago: executing program 3 (id=3376):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_UPDELAY={0x8, 0x4, 0x8c88}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x690}, 0x20048040)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r8], 0x54}}, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r9, 0x0, 0x30, 0x0, @void}, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140))

1.102341217s ago: executing program 1 (id=3385):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000004095"], &(0x7f0000000340)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000240)="6848b2796acd812dce3d01d190a3cab1e8ce", 0x12}], 0x2}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x2040, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
shutdown(r2, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r8, &(0x7f0000000080), 0x10)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006d616373656300000400028008000500", @ANYRES16=r7, @ANYBLOB], 0x70}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000040)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', r6}, 0x14)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r10 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000007c0)={'syz1\x00', {0x7, 0x0, 0xfffb, 0x8001}, 0x3d, [0x3, 0x0, 0x1, 0x6, 0x2, 0x0, 0x2, 0x7, 0xffffffff, 0x4, 0x7, 0xc, 0x33cf, 0x1, 0x7, 0x0, 0x306, 0x0, 0xffffffff, 0x9, 0x2, 0x6, 0x1, 0x0, 0x6, 0x7, 0x1, 0x0, 0x2, 0x10000, 0xc, 0x6, 0x10001, 0x2, 0x1000000, 0x1, 0x4, 0x8, 0x7, 0x6, 0x660, 0x3, 0xc643ecb1, 0x8, 0x5, 0x4, 0x200018a1, 0x401, 0x7, 0x6d, 0x5, 0xc, 0x6, 0x249a, 0x6, 0x5a30, 0xe788, 0x8001, 0x2, 0x5, 0xab, 0x7, 0x4, 0x6], [0x200, 0x139, 0x6, 0x271, 0x2, 0x9a9, 0x3, 0x4, 0x5, 0x5, 0x9, 0x10000, 0x10001, 0x8, 0x3ff, 0x0, 0xfff, 0x8, 0x6, 0x8, 0xc, 0x75b1, 0x0, 0x9d, 0x6, 0xb, 0x1, 0xfffffffd, 0x16f4, 0x1, 0x400, 0x5, 0x9, 0x953b, 0x18, 0x9, 0x8, 0xffffffff, 0xec2, 0xbd, 0x9, 0xff, 0x6596, 0x8, 0x4, 0x7f, 0xb, 0x6, 0x3, 0x9, 0x7, 0x0, 0xf78, 0xd, 0x35ce0cb3, 0x0, 0x0, 0x8, 0x5b0, 0x18f, 0x10, 0x7, 0x3, 0xb], [0x222e, 0xa, 0x2, 0x3, 0x6f083aad, 0x5, 0x0, 0x1, 0xfffffffd, 0x0, 0x7d, 0x8000000, 0x1, 0x1, 0x2, 0x7ff, 0x3, 0x9, 0x1e, 0x3162, 0x800, 0x9, 0x100, 0x0, 0x6, 0x2c, 0x7, 0xfffffff8, 0xffffffff, 0x80000000, 0x3, 0x6, 0x7, 0x0, 0x4a, 0x575b089f, 0xbd3e, 0x4, 0x1, 0x9bd7, 0x3, 0x0, 0x9, 0x6, 0x7, 0x7, 0x0, 0x4, 0x54, 0xa55, 0x6, 0x3, 0x0, 0xfff, 0x40000000, 0x5, 0x7, 0x4, 0x7, 0x800, 0xffffffff, 0x81, 0x6, 0xd], [0x25, 0x8000, 0x1, 0x9, 0x3, 0xb, 0x7, 0x10000, 0x5, 0xe47f, 0x117, 0x4, 0x3, 0x3f47, 0x8000006, 0x8, 0x3, 0x1, 0x0, 0x601f, 0x2, 0x9, 0xd, 0x1, 0x9, 0x1000ff, 0x6, 0x10001, 0x5, 0x2, 0x1000, 0x10, 0x4, 0xd8, 0x2, 0x8, 0x9, 0x2, 0x7fffffff, 0x9, 0x40, 0xfffffff7, 0x7, 0x7fff, 0x7, 0x1, 0x3, 0x9, 0x0, 0x8, 0x3, 0x7, 0x1a00000, 0xe72, 0x5, 0x2, 0x1, 0x8, 0xc000000, 0x7fffffff, 0x40, 0x3, 0x2, 0x6]}, 0x45c)
read$msr(r10, 0x0, 0x0)
r11 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x822f01)
write$char_usb(r11, &(0x7f0000000040)="e2", 0x12d8)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[0x0], 0x1})

449.167011ms ago: executing program 0 (id=3378):
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00042dbd7000fd"], 0x14}, 0x1, 0x0, 0x0, 0x2010}, 0x4001)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x38, 0xffe, 0xfffffffffffffffd, 0x180, 0x0, 0x14, 0xf1, 0x6, 0x7fffffffffffe, 0x5, 0x4005, 0x8, 0x7c83, 0x45, 0x1, 0x101], 0xf000, 0x1c4213})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

405.25295ms ago: executing program 2 (id=3379):
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15)
mount$tmpfs(0xf6, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@quota}]})

59.942587ms ago: executing program 3 (id=3380):
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000b, 0x11, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0xffff0000, 0x40)
ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000040000009e"])
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
io_uring_enter(0xffffffffffffffff, 0xeb6, 0x26f7, 0x1c, &(0x7f0000000100)={[0x1]}, 0x8)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000011c0), 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, r3, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @random="766a78056ecf"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="f4ff89f61b93"}]}, 0x38}, 0x1, 0x0, 0x0, 0x60000080}, 0x4000005)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r4, 0xc01064c2, &(0x7f0000000300))
sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0x38, 0x0)
syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendto(r5, 0x0, 0x0, 0x4004040, 0x0, 0x0)
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x24004010)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

59.666226ms ago: executing program 1 (id=3381):
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xd, &(0x7f00000003c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}}]}, &(0x7f0000000380)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
sync_file_range(r2, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2a)
eventfd(0x80200003)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$6lowpan_control(r4, 0x0, 0x0)
r5 = syz_io_uring_setup(0x286, &(0x7f0000000440)={0x0, 0xfad9, 0x400, 0x0, 0x0, 0x0, r4}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x38, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x0, 0x4f, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x8000001}]}, 0x38}, 0x1, 0x0, 0x0, 0x40084}, 0x810)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2})
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r9, &(0x7f0000000580)='1\x00', 0x2)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
write$sysctl(r9, &(0x7f0000000000)='2\x00', 0x2)
io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x24}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=0x0], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x4015)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)

57.540157ms ago: executing program 0 (id=3389):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000002500), 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0x40046806, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xfffffffd, 0xb7}, &(0x7f0000000000), &(0x7f0000000280))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x2)
ioctl$TIOCPKT(r4, 0x5420, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="180200000000000400000000000000008500000030000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000100)={0x8, 0x2fa7b659, 0x400, 0x5, 0x7, "7100582f16b97e082ec6490f82fe52bfd5e646"})
io_uring_enter(r3, 0x47f6, 0x0, 0x4, 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x40046607, &(0x7f0000000080)=0x3)

0s ago: executing program 2 (id=3382):
openat$ttynull(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8000000000000001, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000001640), 0x0, 0x80801)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x80, 0x5, 0x7fff0003}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f00000006c0))
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
r4 = creat(0x0, 0x0)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
write$binfmt_elf32(r4, &(0x7f0000000980)=ANY=[@ANYRESHEX], 0x58)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x19, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@jmp={0x5, 0x0, 0x8, 0x7, 0x9, 0x30, 0xfffffffffffffffc}, @call={0x85, 0x0, 0x0, 0x76}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @ldst={0x3, 0x1, 0x2, 0xb, 0xa, 0xfffffffffffffff0, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffe}, @map_idx={0x18, 0x2, 0x5, 0x0, 0x9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000004c0)='GPL\x00', 0x7, 0x70, &(0x7f0000000500)=""/112, 0x40f00, 0x10, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000680)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000740)=[r4], &(0x7f0000000780)=[{0x0, 0x1, 0x9, 0x4}, {0x3, 0x5, 0x5, 0xc}, {0x2, 0x2, 0x4, 0xc}, {0x4, 0x2, 0xa, 0x7}, {0x2, 0x2, 0x0, 0x3}, {0x1, 0x5, 0x7, 0x4}, {0x5, 0x2, 0xf, 0x7}], 0x10, 0x1}, 0x94)
memfd_create(&(0x7f0000000380)='GPL\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$packet_buf(r4, 0x107, 0x5, &(0x7f0000000280)="dba544e65a7a53ece5066377cbf80e37efc220adaed56f40c47e60e52e5bf8f8cf6a7a3451be1c794f422861403ac39c73d7a70c49979394da54ba7662f7349de5551102", 0x44)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x3], 0x0, 0x0, 0x1}}, 0x3c)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r3, 0x80dc5521, &(0x7f00000011c0)=""/4096)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200014, 0x7fffb, &(0x7f0000006680))
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0x3ff, 0x100)
ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f0000000200)=""/76)
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000180))
r7 = openat$pmem0(0xffffff9c, &(0x7f0000000040), 0x400041, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r9)
eventfd2(0x0, 0x0)
read$FUSE(r9, &(0x7f0000008280)={0x2020}, 0x2020)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB="e0c97101ea290dfeeb93916193152c00d8c60986508eb0fb81fd8eb926399d5e4aa545b1e960b2bcc45d687700deb30124505b7207117865"])
write$eventfd(r9, &(0x7f0000000040)=0x9, 0x8)
ioctl$BLKROSET(r7, 0x125d, &(0x7f0000000080)=0x4f4c1074)

kernel console output (not intermixed with test programs):

 R08: 0000000000000000 R09: 0000000000000000
[  616.263608][T16393] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  616.263614][T16393] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  616.263628][T16393]  </TASK>
[  616.418371][T16397] FAULT_INJECTION: forcing a failure.
[  616.418371][T16397] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  616.423283][T16397] CPU: 0 UID: 0 PID: 16397 Comm: syz.3.2892 Not tainted syzkaller #0 PREEMPT(full) 
[  616.423300][T16397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  616.423307][T16397] Call Trace:
[  616.423311][T16397]  <TASK>
[  616.423317][T16397]  dump_stack_lvl+0x16c/0x1f0
[  616.423353][T16397]  should_fail_ex+0x512/0x640
[  616.423375][T16397]  _copy_to_user+0x32/0xd0
[  616.423394][T16397]  simple_read_from_buffer+0xcb/0x170
[  616.423414][T16397]  proc_fail_nth_read+0x197/0x240
[  616.423428][T16397]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  616.423441][T16397]  ? rw_verify_area+0xcf/0x6c0
[  616.423452][T16397]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  616.423464][T16397]  vfs_read+0x1e4/0xcf0
[  616.423479][T16397]  ? __pfx_vfs_read+0x10/0x10
[  616.423489][T16397]  ? find_held_lock+0x2b/0x80
[  616.423506][T16397]  ? __fget_files+0x20e/0x3c0
[  616.423521][T16397]  ksys_read+0x12a/0x250
[  616.423533][T16397]  ? __pfx_ksys_read+0x10/0x10
[  616.423547][T16397]  ? rcu_is_watching+0x12/0xc0
[  616.423561][T16397]  __do_fast_syscall_32+0x7c/0x300
[  616.423578][T16397]  do_fast_syscall_32+0x32/0x80
[  616.423593][T16397]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  616.423612][T16397] RIP: 0023:0xf70dd579
[  616.423621][T16397] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  616.423632][T16397] RSP: 002b:00000000f54cd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  616.423644][T16397] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54cd620
[  616.423651][T16397] RDX: 000000000000000f RSI: 00000000f7476ff4 RDI: 0000000000000000
[  616.423657][T16397] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  616.423664][T16397] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  616.423670][T16397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  616.423684][T16397]  </TASK>
[  616.469161][T16398] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -90
[  616.470122][    C0] vkms_vblank_simulate: vblank timer overrun
[  616.517565][   T61] usb 7-1: USB disconnect, device number 64
[  616.604164][T16402] netlink: 512 bytes leftover after parsing attributes in process `syz.0.2894'.
[  616.749704][   T60] usb 8-1: new high-speed USB device number 77 using dummy_hcd
[  616.879680][T16409] netlink: 'syz.2.2897': attribute type 1 has an invalid length.
[  616.882149][T16409] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2897'.
[  616.909836][   T60] usb 8-1: Using ep0 maxpacket: 8
[  616.920720][   T60] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.925009][   T60] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  616.929429][   T60] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  616.936924][   T60] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  616.942635][   T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.946379][   T60] usb 8-1: Product: syz
[  616.948144][   T60] usb 8-1: Manufacturer: syz
[  616.950891][   T60] usb 8-1: SerialNumber: syz
[  616.954851][   T60] usb 8-1: config 0 descriptor??
[  616.959643][   T60] ati_remote 8-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  617.335588][T16419] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2900'.
[  617.765367][T16426] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  617.768213][T16426] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  617.771921][T16426] vhci_hcd vhci_hcd.0: Device attached
[  617.919944][T16433] nvme_fabrics: missing parameter 'transport=%s'
[  617.922065][T16433] nvme_fabrics: missing parameter 'nqn=%s'
[  617.926018][T16433] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2903'.
[  618.685594][T16428] vhci_hcd: connection closed
[  618.686006][ T6085] vhci_hcd: stop threads
[  618.689202][ T6085] vhci_hcd: release socket
[  618.690649][ T6085] vhci_hcd: disconnect device
[  618.730938][ T6021] usb 38-1: enqueue for inactive port 0
[  618.844877][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2912'.
[  619.251696][ T6021] usb usb38-port1: attempt power cycle
[  619.341982][T16445] overlayfs: missing 'lowerdir'
[  619.471826][T16447] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2906'.
[  619.518294][ T6023] usb 8-1: USB disconnect, device number 77
[  619.528958][T16447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2906'.
[  619.838266][T16464] netlink: 'syz.0.2911': attribute type 1 has an invalid length.
[  619.852517][ T6021] usb usb38-port1: unable to enumerate USB device
[  619.869750][T16464] 8021q: adding VLAN 0 to HW filter on device bond6
[  619.876990][T16464] bond6: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  619.886930][T16464] bond6: entered allmulticast mode
[  620.093076][T16466] nvme_fabrics: missing parameter 'transport=%s'
[  620.095172][T16466] nvme_fabrics: missing parameter 'nqn=%s'
[  620.113934][T16466] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2913'.
[  620.223564][T16470] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  620.227068][T16470] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  620.232036][T16470] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  620.522005][ T6021] usb 8-1: new high-speed USB device number 78 using dummy_hcd
[  620.712519][T16480] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2917'.
[  620.739809][T16479] program syz.1.2918 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  620.792122][ T6021] usb 8-1: Using ep0 maxpacket: 8
[  620.798422][ T6021] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  620.803626][ T6021] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  620.808161][ T6021] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  620.895524][T16485] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  620.945609][ T6021] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  620.949641][ T6021] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.956820][ T6021] usb 8-1: Product: syz
[  620.958547][ T6021] usb 8-1: Manufacturer: syz
[  620.960102][ T6021] usb 8-1: SerialNumber: syz
[  620.963436][ T6021] usb 8-1: config 0 descriptor??
[  620.966855][ T6021] ati_remote 8-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  620.972190][ T5947] Bluetooth: hci4: command 0x0406 tx timeout
[  621.504011][ T1112] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  621.506256][ T1112] ata1: failed to read log page 10h (errno=-5)
[  621.508221][ T1112] ata1.00: exception Emask 0x1 SAct 0x1 SErr 0x0 action 0x0
[  621.510585][ T1112] ata1.00: irq_stat 0x40000000
[  621.512165][ T1112] ata1.00: failed command: WRITE FPDMA QUEUED
[  621.515145][ T1112] ata1.00: cmd 61/30:00:d6:18:10/00:00:00:00:00/40 tag 0 ncq dma 24576 out
[  621.515145][ T1112]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  621.520814][ T1112] ata1.00: status: { DRDY }
[  621.523432][ T1112] ata1.00: configured for UDMA/100
[  621.525308][ T1112] ata1: EH complete
[  621.598550][T16489] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2919'.
[  621.648119][T16498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2919'.
[  621.742307][T16499] 8021q: adding VLAN 0 to HW filter on device bond0
[  621.752094][T16499] bond0: (slave rose0): Enslaving as an active interface with an up link
[  622.226945][T16511] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  622.229701][T16511] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  622.233848][T16511] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  622.356448][T16515] netlink: 'syz.0.2926': attribute type 1 has an invalid length.
[  622.386017][T16515] 8021q: adding VLAN 0 to HW filter on device bond7
[  622.399558][T16515] bond7: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  622.411299][T16515] bond7: entered allmulticast mode
[  622.824071][T16518] netlink: 'syz.2.2927': attribute type 1 has an invalid length.
[  622.827463][T16518] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2927'.
[  622.871511][T16522] FAULT_INJECTION: forcing a failure.
[  622.871511][T16522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  622.875675][T16522] CPU: 0 UID: 0 PID: 16522 Comm: syz.2.2928 Not tainted syzkaller #0 PREEMPT(full) 
[  622.875692][T16522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  622.875698][T16522] Call Trace:
[  622.875702][T16522]  <TASK>
[  622.875707][T16522]  dump_stack_lvl+0x16c/0x1f0
[  622.875730][T16522]  should_fail_ex+0x512/0x640
[  622.875757][T16522]  _copy_to_user+0x32/0xd0
[  622.875783][T16522]  simple_read_from_buffer+0xcb/0x170
[  622.875814][T16522]  proc_fail_nth_read+0x197/0x240
[  622.875832][T16522]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.875852][T16522]  ? rw_verify_area+0xcf/0x6c0
[  622.875867][T16522]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.875887][T16522]  vfs_read+0x1e4/0xcf0
[  622.875909][T16522]  ? __pfx_vfs_read+0x10/0x10
[  622.875919][T16522]  ? find_held_lock+0x2b/0x80
[  622.875936][T16522]  ? __fget_files+0x20e/0x3c0
[  622.875951][T16522]  ksys_read+0x12a/0x250
[  622.875963][T16522]  ? __pfx_ksys_read+0x10/0x10
[  622.875977][T16522]  ? rcu_is_watching+0x12/0xc0
[  622.875991][T16522]  __do_fast_syscall_32+0x7c/0x300
[  622.876008][T16522]  do_fast_syscall_32+0x32/0x80
[  622.876023][T16522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  622.876037][T16522] RIP: 0023:0xf70dd579
[  622.876046][T16522] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  622.876057][T16522] RSP: 002b:00000000f54cd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  622.876068][T16522] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54cd620
[  622.876075][T16522] RDX: 000000000000000f RSI: 00000000f7476ff4 RDI: 0000000000000000
[  622.876081][T16522] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  622.876088][T16522] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  622.876107][T16522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  622.876122][T16522]  </TASK>
[  623.031343][T16524] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2929'.
[  623.582010][ T6022] usb 8-1: USB disconnect, device number 78
[  623.682416][T16543] FAULT_INJECTION: forcing a failure.
[  623.682416][T16543] name failslab, interval 1, probability 0, space 0, times 0
[  623.690230][T16543] CPU: 3 UID: 0 PID: 16543 Comm: syz.3.2934 Not tainted syzkaller #0 PREEMPT(full) 
[  623.690248][T16543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  623.690255][T16543] Call Trace:
[  623.690260][T16543]  <TASK>
[  623.690265][T16543]  dump_stack_lvl+0x16c/0x1f0
[  623.690293][T16543]  should_fail_ex+0x512/0x640
[  623.690317][T16543]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[  623.690332][T16543]  should_failslab+0xc2/0x120
[  623.690350][T16543]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[  623.690367][T16543]  ? d_lookup+0xe7/0x190
[  623.690392][T16543]  ? alloc_inode+0x64/0x240
[  623.690418][T16543]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  623.690437][T16543]  ? alloc_inode+0x64/0x240
[  623.690459][T16543]  alloc_inode+0x64/0x240
[  623.690481][T16543]  new_inode+0x22/0x1c0
[  623.690506][T16543]  __debugfs_create_file+0x11c/0x6b0
[  623.690522][T16543]  debugfs_create_file_full+0x41/0x60
[  623.690536][T16543]  ? __pfx_ip6_tnl_dev_setup+0x10/0x10
[  623.690549][T16543]  ref_tracker_dir_debugfs+0x19d/0x290
[  623.690561][T16543]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  623.690585][T16543]  ? alloc_netdev_mqs+0xd7/0x1550
[  623.690597][T16543]  ? lockdep_init_map_type+0x5c/0x280
[  623.690618][T16543]  alloc_netdev_mqs+0x314/0x1550
[  623.690634][T16543]  rtnl_create_link+0xc08/0xf90
[  623.690649][T16543]  rtnl_newlink+0xb69/0x2000
[  623.690666][T16543]  ? __pfx_rtnl_newlink+0x10/0x10
[  623.690686][T16543]  ? kfree_skbmem+0x1a4/0x1f0
[  623.690721][T16543]  ? rcu_is_watching+0x12/0xc0
[  623.690740][T16543]  ? find_held_lock+0x2b/0x80
[  623.690751][T16543]  ? __pfx_rtnl_newlink+0x10/0x10
[  623.690764][T16543]  ? __pfx_rtnl_newlink+0x10/0x10
[  623.690775][T16543]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  623.690788][T16543]  ? __pfx_rtnl_newlink+0x10/0x10
[  623.690801][T16543]  rtnetlink_rcv_msg+0x95e/0xe90
[  623.690815][T16543]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  623.690833][T16543]  ? ref_tracker_free+0x37c/0x830
[  623.690846][T16543]  netlink_rcv_skb+0x158/0x420
[  623.690859][T16543]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  623.690874][T16543]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  623.690892][T16543]  ? netlink_deliver_tap+0x1ae/0xd30
[  623.690907][T16543]  netlink_unicast+0x5aa/0x870
[  623.690922][T16543]  ? __pfx_netlink_unicast+0x10/0x10
[  623.690935][T16543]  ? __pfx___might_resched+0x10/0x10
[  623.690953][T16543]  netlink_sendmsg+0x8c8/0xdd0
[  623.690969][T16543]  ? __pfx_netlink_sendmsg+0x10/0x10
[  623.690984][T16543]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  623.691005][T16543]  ____sys_sendmsg+0xa98/0xc70
[  623.691022][T16543]  ? __pfx_____sys_sendmsg+0x10/0x10
[  623.691036][T16543]  ? get_compat_msghdr+0x11a/0x170
[  623.691055][T16543]  ___sys_sendmsg+0x134/0x1d0
[  623.691067][T16543]  ? __pfx____sys_sendmsg+0x10/0x10
[  623.691087][T16543]  ? find_held_lock+0x2b/0x80
[  623.691109][T16543]  __sys_sendmsg+0x16d/0x220
[  623.691121][T16543]  ? __pfx___sys_sendmsg+0x10/0x10
[  623.691140][T16543]  ? rcu_is_watching+0x12/0xc0
[  623.691154][T16543]  __do_fast_syscall_32+0x7c/0x300
[  623.691172][T16543]  do_fast_syscall_32+0x32/0x80
[  623.691187][T16543]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.691202][T16543] RIP: 0023:0xf70dd579
[  623.691211][T16543] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  623.691222][T16543] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  623.691237][T16543] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  623.691244][T16543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  623.691251][T16543] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  623.691257][T16543] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  623.691263][T16543] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.691303][T16543]  </TASK>
[  623.691671][T16543] debugfs: out of free dentries, can not create file 'netdev@ffff88805d596618'
[  624.022007][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  624.526162][T16553] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2937'.
[  624.823986][T16559] netlink: 'syz.2.2939': attribute type 1 has an invalid length.
[  624.902086][T16559] 8021q: adding VLAN 0 to HW filter on device bond10
[  624.905004][T16563] bond10: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  624.929999][T16564] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2940'.
[  624.936806][T16563] bond10: entered allmulticast mode
[  625.140787][T16570] 9pnet_fd: Insufficient options for proto=fd
[  625.175250][ T1023] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  625.334721][ T1023] usb 5-1: Using ep0 maxpacket: 8
[  625.338658][ T1023] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  625.342850][ T1023] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  625.347146][ T1023] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  625.354017][ T1023] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  625.357691][ T1023] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.360890][ T1023] usb 5-1: Product: syz
[  625.362622][ T1023] usb 5-1: Manufacturer: syz
[  625.364973][ T1023] usb 5-1: SerialNumber: syz
[  625.368978][ T1023] usb 5-1: config 0 descriptor??
[  625.372786][ T1023] ati_remote 5-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  626.097037][ T5948] Bluetooth: hci3: command 0x0406 tx timeout
[  626.154304][T16591] kvm: user requested TSC rate below hardware speed
[  626.387365][T16600] netlink: 'syz.3.2952': attribute type 1 has an invalid length.
[  626.436792][T16600] 8021q: adding VLAN 0 to HW filter on device bond2
[  626.446083][T16602] bond2: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  626.450966][T16602] bond2: entered allmulticast mode
[  626.697244][T16604] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2953'.
[  626.992063][T16612] 9pnet_fd: p9_fd_create_tcp (16612): problem connecting socket to 127.0.0.1
[  626.997793][T16612] blktrace: Concurrent blktraces are not allowed on nullb0
[  627.265949][T16617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2955'.
[  627.748549][T16623] binder: 16622:16623 ioctl c0306201 80000480 returned -22
[  627.938248][T16629] nvme_fabrics: missing parameter 'transport=%s'
[  627.940955][T16629] nvme_fabrics: missing parameter 'nqn=%s'
[  627.958085][T16629] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2960'.
[  628.234478][   T53] usb 5-1: USB disconnect, device number 52
[  628.811266][T16637] netlink: 'syz.1.2963': attribute type 1 has an invalid length.
[  628.868056][T16642] usb usb8: usbfs: process 16642 (syz.3.2965) did not claim interface 0 before use
[  628.906314][T16637] 8021q: adding VLAN 0 to HW filter on device bond10
[  628.909220][T16643] bond10: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  628.922542][T16643] bond10: entered allmulticast mode
[  629.763467][T16659] nvme_fabrics: missing parameter 'transport=%s'
[  629.765818][T16659] nvme_fabrics: missing parameter 'nqn=%s'
[  629.860000][T16659] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2970'.
[  629.896152][ T6344] usb 8-1: new high-speed USB device number 79 using dummy_hcd
[  630.046109][ T6344] usb 8-1: Using ep0 maxpacket: 8
[  630.053086][ T6344] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.056548][ T6344] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  630.060186][ T6344] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  630.063794][ T6344] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  630.067478][T16664] Cannot find del_set index 0 as target
[  630.069333][ T6344] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  630.075267][ T6344] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  630.078413][ T6344] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.080915][ T6344] usb 8-1: Product: syz
[  630.082315][ T6344] usb 8-1: Manufacturer: syz
[  630.084003][ T6344] usb 8-1: SerialNumber: syz
[  630.098121][ T6344] usb 8-1: config 0 descriptor??
[  630.101217][T16658] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  630.106571][ T6344] ati_remote 8-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  630.272085][T16671] nvme_fabrics: missing parameter 'transport=%s'
[  630.274755][T16671] nvme_fabrics: missing parameter 'nqn=%s'
[  630.275481][T16673] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2974'.
[  630.417259][   T40] audit: type=1326 audit(1762984421.000:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.2976" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.424176][   T40] audit: type=1326 audit(1762984421.000:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.2976" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.429027][T16675] netlink: 4 bytes leftover after parsing attributes in process `'.
[  630.431232][   T40] audit: type=1326 audit(1762984421.000:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="syz.1.2976" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.440701][T16675] netlink: '': attribute type 10 has an invalid length.
[  630.440754][   T40] audit: type=1326 audit(1762984421.000:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.449857][   T40] audit: type=1326 audit(1762984421.000:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.456294][   T40] audit: type=1326 audit(1762984421.000:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.462613][   T40] audit: type=1326 audit(1762984421.000:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.469035][   T40] audit: type=1326 audit(1762984421.000:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.474972][T16675] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  630.475502][   T40] audit: type=1326 audit(1762984421.000:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.485828][   T40] audit: type=1326 audit(1762984421.000:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16674 comm="" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  630.630183][T16678] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2977'.
[  630.633526][T16678] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2977'.
[  630.752474][T16684] netlink: 'syz.1.2978': attribute type 1 has an invalid length.
[  630.755476][T16684] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2978'.
[  630.775041][T16684] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  630.918787][T16689] netlink: 'syz.1.2979': attribute type 1 has an invalid length.
[  630.986914][T16689] 8021q: adding VLAN 0 to HW filter on device bond11
[  630.991259][T16691] bond11: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  631.038068][T16691] bond11: entered allmulticast mode
[  631.066708][T16694] netlink: 'syz.2.2980': attribute type 1 has an invalid length.
[  631.069363][T16694] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2980'.
[  631.091126][T16698] netlink: 'syz.0.2981': attribute type 1 has an invalid length.
[  631.110471][T16698] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  631.223812][T16705] bridge_slave_1: left allmulticast mode
[  631.225702][T16705] bridge_slave_1: left promiscuous mode
[  631.228957][T16705] bridge0: port 2(bridge_slave_1) entered disabled state
[  631.234422][T16705] bridge_slave_0: left allmulticast mode
[  631.236417][T16705] bridge_slave_0: left promiscuous mode
[  631.238293][T16705] bridge0: port 1(bridge_slave_0) entered disabled state
[  631.291253][T16704] Cannot find del_set index 0 as target
[  631.670189][T16717] usb usb8: usbfs: process 16717 (syz.1.2987) did not claim interface 0 before use
[  631.894432][T16722] __nla_validate_parse: 3 callbacks suppressed
[  631.894473][T16722] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2988'.
[  631.958743][T16720] nvme_fabrics: missing parameter 'transport=%s'
[  631.960999][T16720] nvme_fabrics: missing parameter 'nqn=%s'
[  632.432374][ T6344] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  632.599585][T16724] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2989'.
[  632.602825][T16724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2989'.
[  632.724645][ T1023] usb 8-1: USB disconnect, device number 79
[  632.735077][T16731] netlink: 'syz.2.2991': attribute type 1 has an invalid length.
[  632.738718][T16731] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2991'.
[  632.807019][ T6344] usb 5-1: Using ep0 maxpacket: 16
[  632.815371][ T6344] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  632.824876][ T6344] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  632.828024][ T6344] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.832020][ T6344] usb 5-1: Product: syz
[  632.833645][ T6344] usb 5-1: Manufacturer: syz
[  632.835715][ T6344] usb 5-1: SerialNumber: syz
[  632.841422][ T6344] usb 5-1: config 0 descriptor??
[  632.844709][ T6344] hub 5-1:0.0: bad descriptor, ignoring hub
[  632.846808][ T6344] hub 5-1:0.0: probe with driver hub failed with error -5
[  632.849611][T16740] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2994'.
[  632.852632][ T6344] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input56
[  632.852922][T16740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2994'.
[  633.308083][   T53] usb 5-1: USB disconnect, device number 53
[  633.402651][T16760] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2999'.
[  633.409144][T16760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2999'.
[  633.421968][T16761] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2998'.
[  633.676471][   T61] usb 8-1: new high-speed USB device number 80 using dummy_hcd
[  633.766173][   T53] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[  633.818022][T16765] netlink: 'syz.1.3002': attribute type 1 has an invalid length.
[  633.821365][T16765] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3002'.
[  633.834758][T16765] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  633.846229][   T61] usb 8-1: Using ep0 maxpacket: 8
[  633.849492][   T61] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  633.852762][   T61] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  633.857093][   T61] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  633.858047][T16769] netlink: '': attribute type 10 has an invalid length.
[  633.861215][   T61] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  633.861230][   T61] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  633.861252][   T61] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  633.861264][   T61] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.904119][T16769] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  633.916792][   T53] usb 7-1: Using ep0 maxpacket: 8
[  633.922405][   T53] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  633.927519][   T53] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  633.932267][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  633.955285][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  633.962183][   T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  633.969965][   T53] usb 7-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  633.973755][   T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.986306][   T53] usb 7-1: Product: syz
[  633.988122][   T53] usb 7-1: Manufacturer: syz
[  633.990073][   T53] usb 7-1: SerialNumber: syz
[  634.021596][   T53] usb 7-1: config 0 descriptor??
[  634.037727][T16763] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  634.055985][   T53] ati_remote 7-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  634.092530][   T61] usb 8-1: GET_CAPABILITIES returned 0
[  634.094289][   T61] usbtmc 8-1:16.0: can't read capabilities
[  634.100471][T16780] Cannot find del_set index 0 as target
[  634.142832][T16782] delete_channel: no stack
[  634.262805][T16788] delete_channel: no stack
[  634.292318][T16791] FAULT_INJECTION: forcing a failure.
[  634.292318][T16791] name failslab, interval 1, probability 0, space 0, times 0
[  634.296383][T16791] CPU: 2 UID: 0 PID: 16791 Comm: syz.0.3011 Not tainted syzkaller #0 PREEMPT(full) 
[  634.296398][T16791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  634.296405][T16791] Call Trace:
[  634.296409][T16791]  <TASK>
[  634.296413][T16791]  dump_stack_lvl+0x16c/0x1f0
[  634.296431][T16791]  should_fail_ex+0x512/0x640
[  634.296449][T16791]  ? fs_reclaim_acquire+0xae/0x150
[  634.296466][T16791]  should_failslab+0xc2/0x120
[  634.296482][T16791]  __kmalloc_noprof+0xdd/0x880
[  634.296500][T16791]  ? tomoyo_encode2+0x100/0x3e0
[  634.296516][T16791]  ? tomoyo_encode2+0x100/0x3e0
[  634.296528][T16791]  tomoyo_encode2+0x100/0x3e0
[  634.296542][T16791]  tomoyo_encode+0x29/0x50
[  634.296554][T16791]  tomoyo_realpath_from_path+0x18f/0x6e0
[  634.296571][T16791]  tomoyo_path_number_perm+0x245/0x580
[  634.296590][T16791]  ? tomoyo_path_number_perm+0x237/0x580
[  634.296609][T16791]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  634.296642][T16791]  ? find_held_lock+0x2b/0x80
[  634.296654][T16791]  ? hook_file_ioctl_common+0x145/0x410
[  634.296669][T16791]  ? __fget_files+0x20e/0x3c0
[  634.296684][T16791]  security_file_ioctl_compat+0x9b/0x240
[  634.296696][T16791]  __ia32_compat_sys_ioctl+0xc3/0x370
[  634.296716][T16791]  __do_fast_syscall_32+0x7c/0x300
[  634.296732][T16791]  do_fast_syscall_32+0x32/0x80
[  634.296746][T16791]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  634.296760][T16791] RIP: 0023:0xf70ad579
[  634.296769][T16791] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  634.296780][T16791] RSP: 002b:00000000f549d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  634.296791][T16791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040946400
[  634.296798][T16791] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  634.296804][T16791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  634.296811][T16791] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  634.296817][T16791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  634.296831][T16791]  </TASK>
[  634.296841][T16791] ERROR: Out of memory at tomoyo_realpath_from_path.
[  634.366507][T16791] comedi comedi0: Minor 7 could not be opened
[  634.404640][T16793] netlink: 'syz.0.3012': attribute type 1 has an invalid length.
[  634.418993][T16793] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  634.428559][T16797] netlink: 'syz.1.3009': attribute type 1 has an invalid length.
[  634.443394][T16797] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  634.689762][T16811] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  634.691917][T16811] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  634.694699][T16811] vhci_hcd vhci_hcd.0: Device attached
[  634.700166][T16811] smc: net device ip6_vti0 applied user defined pnetid SYZ1
[  634.966222][ T1023] usb 38-1: SetAddress Request (64) to port 0
[  634.968856][ T1023] usb 38-1: new SuperSpeed USB device number 64 using vhci_hcd
[  635.371625][T16813] vhci_hcd: connection reset by peer
[  635.377444][ T6083] vhci_hcd: stop threads
[  635.379811][ T6083] vhci_hcd: release socket
[  635.382068][ T6083] vhci_hcd: disconnect device
[  635.606928][T16820] FAULT_INJECTION: forcing a failure.
[  635.606928][T16820] name failslab, interval 1, probability 0, space 0, times 0
[  635.612042][T16820] CPU: 0 UID: 0 PID: 16820 Comm: syz.1.3020 Not tainted syzkaller #0 PREEMPT(full) 
[  635.612057][T16820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  635.612064][T16820] Call Trace:
[  635.612069][T16820]  <TASK>
[  635.612074][T16820]  dump_stack_lvl+0x16c/0x1f0
[  635.612091][T16820]  should_fail_ex+0x512/0x640
[  635.612109][T16820]  ? __kmalloc_cache_noprof+0x5f/0x780
[  635.612122][T16820]  should_failslab+0xc2/0x120
[  635.612138][T16820]  __kmalloc_cache_noprof+0x72/0x780
[  635.612154][T16820]  ? flow_change+0x3a8/0x1b30
[  635.612168][T16820]  ? flow_change+0x3a8/0x1b30
[  635.612179][T16820]  flow_change+0x3a8/0x1b30
[  635.612193][T16820]  ? __pfx_flow_change+0x10/0x10
[  635.612204][T16820]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  635.612227][T16820]  ? __pfx_flow_change+0x10/0x10
[  635.612238][T16820]  tc_new_tfilter+0xa35/0x2340
[  635.612259][T16820]  ? __pfx_tc_new_tfilter+0x10/0x10
[  635.612275][T16820]  ? kfree_skbmem+0x1a4/0x1f0
[  635.612300][T16820]  ? find_held_lock+0x2b/0x80
[  635.612312][T16820]  ? __pfx_tc_new_tfilter+0x10/0x10
[  635.612324][T16820]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  635.612337][T16820]  ? __pfx_tc_new_tfilter+0x10/0x10
[  635.612350][T16820]  rtnetlink_rcv_msg+0x95e/0xe90
[  635.612364][T16820]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  635.612380][T16820]  ? ref_tracker_free+0x37c/0x830
[  635.612392][T16820]  netlink_rcv_skb+0x158/0x420
[  635.612405][T16820]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  635.612419][T16820]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  635.612436][T16820]  ? netlink_deliver_tap+0x1ae/0xd30
[  635.612450][T16820]  netlink_unicast+0x5aa/0x870
[  635.612464][T16820]  ? __pfx_netlink_unicast+0x10/0x10
[  635.612476][T16820]  ? __pfx___might_resched+0x10/0x10
[  635.612493][T16820]  netlink_sendmsg+0x8c8/0xdd0
[  635.612507][T16820]  ? __pfx_netlink_sendmsg+0x10/0x10
[  635.612521][T16820]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  635.612540][T16820]  ____sys_sendmsg+0xa98/0xc70
[  635.612557][T16820]  ? __pfx_____sys_sendmsg+0x10/0x10
[  635.612570][T16820]  ? get_compat_msghdr+0x11a/0x170
[  635.612587][T16820]  ___sys_sendmsg+0x134/0x1d0
[  635.612599][T16820]  ? __pfx____sys_sendmsg+0x10/0x10
[  635.612617][T16820]  ? find_held_lock+0x2b/0x80
[  635.612637][T16820]  __sys_sendmsg+0x16d/0x220
[  635.612648][T16820]  ? __pfx___sys_sendmsg+0x10/0x10
[  635.612666][T16820]  ? rcu_is_watching+0x12/0xc0
[  635.612680][T16820]  __do_fast_syscall_32+0x7c/0x300
[  635.612709][T16820]  do_fast_syscall_32+0x32/0x80
[  635.612724][T16820]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  635.612738][T16820] RIP: 0023:0xf707d579
[  635.612747][T16820] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  635.612758][T16820] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  635.612769][T16820] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580
[  635.612776][T16820] RDX: 000000002008c010 RSI: 0000000000000000 RDI: 0000000000000000
[  635.612783][T16820] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  635.612789][T16820] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  635.612795][T16820] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  635.612809][T16820]  </TASK>
[  635.996603][T16824] delete_channel: no stack
[  636.096884][T16829] netlink: 'syz.0.3024': attribute type 1 has an invalid length.
[  636.109485][T16829] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  636.227131][   T61] usb 8-1: USB disconnect, device number 80
[  636.386268][   T53] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  636.536548][   T53] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  636.539791][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.542595][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.545944][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.549170][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.553131][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.557893][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.561725][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.565514][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.570107][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.573903][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.577676][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.582243][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.586218][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.589919][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.594320][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.597736][   T61] usb 7-1: USB disconnect, device number 65
[  636.598392][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.603719][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.612187][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.616021][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.619846][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.624282][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.628082][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  636.631767][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  636.636380][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  636.641601][   T53] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  636.645366][   T53] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  636.651237][   T53] usb 6-1: Product: syz
[  636.652996][   T53] usb 6-1: Manufacturer: syz
[  636.654937][   T53] usb 6-1: SerialNumber: syz
[  636.660539][   T53] usb 6-1: config 0 descriptor??
[  636.670521][   T53] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  636.887714][ T6023] usb 6-1: USB disconnect, device number 51
[  636.892173][ T6023] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  637.120116][T16849] can0: slcan on pty24.
[  637.397564][T16850] can0 (unregistered): slcan off pty24.
[  637.986170][   T60] usb 8-1: new high-speed USB device number 81 using dummy_hcd
[  638.038226][T16871] __nla_validate_parse: 5 callbacks suppressed
[  638.038276][T16871] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3036'.
[  638.294191][T16877] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3038'.
[  638.336106][   T60] usb 8-1: Using ep0 maxpacket: 8
[  638.372483][T16875] nvme_fabrics: missing parameter 'transport=%s'
[  638.375327][T16875] nvme_fabrics: missing parameter 'nqn=%s'
[  638.396140][   T61] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  638.556131][   T61] usb 6-1: Using ep0 maxpacket: 8
[  638.571252][   T61] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  638.574585][   T61] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  638.578147][   T61] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  638.581552][   T61] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  638.677823][   T60] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  638.722475][   T61] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  638.726647][   T61] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  638.729485][   T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.969360][   T60] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  638.973749][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  638.978485][   T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  638.984038][   T60] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  638.997884][   T60] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  639.001720][   T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.005254][   T60] usb 8-1: Product: syz
[  639.006489][   T60] usb 8-1: Manufacturer: syz
[  639.007918][   T60] usb 8-1: SerialNumber: syz
[  639.012821][   T60] usb 8-1: config 0 descriptor??
[  639.016298][T16869] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  639.023490][   T60] ati_remote 8-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  639.122982][   T61] usb 6-1: GET_CAPABILITIES returned 0
[  639.124721][   T61] usbtmc 6-1:16.0: can't read capabilities
[  640.006745][ T1023] usb 38-1: device descriptor read/8, error -110
[  640.397847][ T1023] usb usb38-port1: attempt power cycle
[  640.776945][ T6021] usb 6-1: USB disconnect, device number 52
[  640.782623][T16886] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3040'.
[  640.944400][T16892] netlink: 'syz.1.3041': attribute type 1 has an invalid length.
[  641.006709][T16892] 8021q: adding VLAN 0 to HW filter on device bond12
[  641.032292][T16892] bond12: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  641.043877][T16892] bond12: entered allmulticast mode
[  641.431296][ T1023] usb usb38-port1: unable to enumerate USB device
[  641.560417][   T53] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[  641.581740][   T60] usb 8-1: USB disconnect, device number 81
[  641.738100][T16896] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  641.740161][T16896] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  641.776410][   T53] usb 7-1: Using ep0 maxpacket: 16
[  641.779701][   T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  641.805790][   T53] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  641.809706][   T53] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.812564][   T53] usb 7-1: Product: syz
[  641.813862][   T53] usb 7-1: Manufacturer: syz
[  641.815789][   T53] usb 7-1: SerialNumber: syz
[  641.822045][   T53] usb 7-1: config 0 descriptor??
[  641.842494][   T53] hub 7-1:0.0: bad descriptor, ignoring hub
[  641.850240][   T53] hub 7-1:0.0: probe with driver hub failed with error -5
[  641.854785][   T53] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input57
[  642.346338][T16908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3046'.
[  642.350299][T16908] bridge_slave_1: left allmulticast mode
[  642.352615][T16908] bridge_slave_1: left promiscuous mode
[  642.355274][T16908] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.379689][T16908] bridge_slave_0: left allmulticast mode
[  642.388777][T16908] bridge_slave_0: left promiscuous mode
[  642.396487][T16908] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.417971][T16916] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3047'.
[  642.587970][T16914] nvme_fabrics: missing parameter 'transport=%s'
[  642.598862][T16914] nvme_fabrics: missing parameter 'nqn=%s'
[  643.128438][T16922] netlink: 'syz.3.3050': attribute type 1 has an invalid length.
[  643.131601][T16922] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3050'.
[  643.158049][T16922] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  643.906322][ T1023] usb 7-1: USB disconnect, device number 66
[  643.956352][T16938] netlink: 'syz.2.3055': attribute type 1 has an invalid length.
[  643.958742][T16938] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3055'.
[  644.053943][T16941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3053'.
[  644.057648][T16941] bridge_slave_1: left allmulticast mode
[  644.059414][T16941] bridge_slave_1: left promiscuous mode
[  644.061210][T16941] bridge0: port 2(bridge_slave_1) entered disabled state
[  644.067749][T16941] bridge_slave_0: left allmulticast mode
[  644.070095][T16941] bridge_slave_0: left promiscuous mode
[  644.072547][T16941] bridge0: port 1(bridge_slave_0) entered disabled state
[  644.398738][T16949] bridge_slave_0: left allmulticast mode
[  644.400552][T16949] bridge_slave_0: left promiscuous mode
[  644.402422][T16949] bridge0: port 1(bridge_slave_0) entered disabled state
[  644.409096][T16949] bridge_slave_1: left allmulticast mode
[  644.411837][T16949] bridge_slave_1: left promiscuous mode
[  644.414392][T16949] bridge0: port 2(bridge_slave_1) entered disabled state
[  644.422943][T16949] bond0: (slave bond_slave_0): Releasing backup interface
[  644.434097][T16949] bond0: (slave bond_slave_1): Releasing backup interface
[  644.446918][T16949] team0: Port device team_slave_0 removed
[  644.454062][T16949] team0: Port device team_slave_1 removed
[  644.458628][T16949] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  644.461394][T16949] batman_adv: batadv0: Removing interface: batadv_slave_0
[  644.465462][T16949] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  644.469189][T16949] batman_adv: batadv0: Removing interface: batadv_slave_1
[  644.474468][T16949] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  644.511276][T16951] team0: Mode changed to "loadbalance"
[  644.551021][T16949] netlink: 'syz.1.3058': attribute type 10 has an invalid length.
[  644.567396][T16949] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.575104][T16949] team0: Port device bond0 added
[  644.604134][T16949] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3058'.
[  644.721282][T16949] team0 (unregistering): Port device bond0 removed
[  645.063318][T16954] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3059'.
[  645.265942][T16960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3060'.
[  645.535348][T16963] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3062'.
[  645.539415][T16963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3062'.
[  645.544517][T16963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3062'.
[  645.626136][   T61] usb 8-1: new high-speed USB device number 82 using dummy_hcd
[  645.657500][T16973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3064'.
[  645.796331][   T61] usb 8-1: Using ep0 maxpacket: 16
[  645.808054][   T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  645.817280][   T61] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  645.828082][   T61] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.831360][   T61] usb 8-1: Product: syz
[  645.833059][   T61] usb 8-1: Manufacturer: syz
[  645.835037][   T61] usb 8-1: SerialNumber: syz
[  645.839598][   T61] usb 8-1: config 0 descriptor??
[  645.846957][   T61] hub 8-1:0.0: bad descriptor, ignoring hub
[  645.849373][   T61] hub 8-1:0.0: probe with driver hub failed with error -5
[  645.854769][   T61] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input58
[  646.100758][T16984] nvme_fabrics: missing parameter 'transport=%s'
[  646.103602][T16984] nvme_fabrics: missing parameter 'nqn=%s'
[  646.548149][   T53] usb 8-1: USB disconnect, device number 82
[  647.633029][T17013] nvme_fabrics: missing parameter 'transport=%s'
[  647.635791][T17013] nvme_fabrics: missing parameter 'nqn=%s'
[  648.360370][T17031] netlink: 'syz.3.3084': attribute type 17 has an invalid length.
[  648.475062][T17036] __nla_validate_parse: 4 callbacks suppressed
[  648.475081][T17036] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3086'.
[  648.481571][T17036] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3086'.
[  648.602382][T17039] 8021q: adding VLAN 0 to HW filter on device bond3
[  648.642731][T17039] bond3: (slave ip6gretap1): making interface the new active one
[  648.646337][T17039] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  648.802102][T17046] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3095'.
[  649.029130][T17039] 8021q: adding VLAN 0 to HW filter on device bond3
[  649.415982][T17044] nvme_fabrics: missing parameter 'transport=%s'
[  649.418797][T17044] nvme_fabrics: missing parameter 'nqn=%s'
[  650.815423][   T40] kauditd_printk_skb: 157 callbacks suppressed
[  650.815436][   T40] audit: type=1326 audit(2000000000.610:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.824214][   T40] audit: type=1326 audit(2000000000.610:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.835189][   T40] audit: type=1326 audit(2000000000.610:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.845323][   T40] audit: type=1326 audit(2000000000.610:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.854547][   T40] audit: type=1326 audit(2000000000.610:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.862587][   T40] audit: type=1326 audit(2000000000.610:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.871065][   T40] audit: type=1326 audit(2000000000.620:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=150 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.877877][   T40] audit: type=1326 audit(2000000000.650:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.884636][   T40] audit: type=1326 audit(2000000000.650:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  650.891827][   T40] audit: type=1326 audit(2000000000.660:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17066 comm="syz.3.3096" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  651.549542][T17075] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3097'.
[  651.602349][T17076] nvme_fabrics: missing parameter 'transport=%s'
[  651.604920][T17076] nvme_fabrics: missing parameter 'nqn=%s'
[  651.615438][T17076] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3098'.
[  651.826145][ T6021] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  651.976607][ T6021] usb 5-1: Using ep0 maxpacket: 8
[  652.005337][ T6021] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  652.115979][ T6021] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  652.120044][ T6021] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  652.123977][ T6021] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  652.130141][ T6021] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  652.135454][ T6021] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  652.139269][ T6021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.416109][T17084] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3100'.
[  652.496385][ T6021] usb 5-1: GET_CAPABILITIES returned 0
[  652.498569][ T6021] usbtmc 5-1:16.0: can't read capabilities
[  652.716124][   T61] usb 8-1: new high-speed USB device number 83 using dummy_hcd
[  652.866144][   T61] usb 8-1: Using ep0 maxpacket: 8
[  652.870297][   T61] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  652.873840][   T61] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  652.878041][   T61] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  652.881303][   T61] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  652.884230][   T61] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  652.888067][   T61] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  652.890707][   T61] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.133674][   T61] usb 8-1: GET_CAPABILITIES returned 0
[  653.135386][   T61] usbtmc 8-1:16.0: can't read capabilities
[  654.354715][ T6344] usb 5-1: USB disconnect, device number 54
[  654.630658][T17096] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3101'.
[  654.818166][T17093] nvme_fabrics: missing parameter 'transport=%s'
[  654.821022][T17093] nvme_fabrics: missing parameter 'nqn=%s'
[  655.338509][   T61] usb 8-1: USB disconnect, device number 83
[  655.784795][T17111] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3106'.
[  655.790221][T17111] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3106'.
[  656.061134][T17118] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  656.063305][T17118] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  656.136965][T17124] netlink: 'syz.1.3110': attribute type 1 has an invalid length.
[  656.139150][T17124] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3110'.
[  656.140744][T17118] vhci_hcd vhci_hcd.0: Device attached
[  656.159128][T17123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3109'.
[  656.163103][T17124] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  656.362791][T17134] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3111'.
[  656.580576][T17131] nvme_fabrics: missing parameter 'transport=%s'
[  656.582675][T17131] nvme_fabrics: missing parameter 'nqn=%s'
[  656.636309][   T61] usb 44-1: SetAddress Request (42) to port 0
[  656.638946][   T61] usb 44-1: new SuperSpeed USB device number 42 using vhci_hcd
[  656.709629][T17119] vhci_hcd: connection reset by peer
[  656.747714][ T6090] vhci_hcd: stop threads
[  656.749250][ T6090] vhci_hcd: release socket
[  656.755212][ T6090] vhci_hcd: disconnect device
[  656.771456][T17141] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3112'.
[  656.963874][T17139] nvme_fabrics: missing parameter 'transport=%s'
[  656.966690][T17139] nvme_fabrics: missing parameter 'nqn=%s'
[  657.252315][T17147] netlink: 'syz.2.3114': attribute type 1 has an invalid length.
[  657.254900][T17147] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3114'.
[  657.430476][T17155] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  657.432613][T17155] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  657.665625][T17159] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3119'.
[  657.671604][T17159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3119'.
[  657.705091][T17165] FAULT_INJECTION: forcing a failure.
[  657.705091][T17165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.710566][T17165] CPU: 1 UID: 0 PID: 17165 Comm: syz.2.3121 Not tainted syzkaller #0 PREEMPT(full) 
[  657.710589][T17165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  657.710599][T17165] Call Trace:
[  657.710606][T17165]  <TASK>
[  657.710613][T17165]  dump_stack_lvl+0x16c/0x1f0
[  657.710638][T17165]  should_fail_ex+0x512/0x640
[  657.710667][T17165]  _copy_to_user+0x32/0xd0
[  657.710695][T17165]  simple_read_from_buffer+0xcb/0x170
[  657.710723][T17165]  proc_fail_nth_read+0x197/0x240
[  657.710744][T17165]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  657.710764][T17165]  ? rw_verify_area+0xcf/0x6c0
[  657.710780][T17165]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  657.710800][T17165]  vfs_read+0x1e4/0xcf0
[  657.710823][T17165]  ? __pfx_vfs_read+0x10/0x10
[  657.710839][T17165]  ? find_held_lock+0x2b/0x80
[  657.710864][T17165]  ? __fget_files+0x20e/0x3c0
[  657.710890][T17165]  ksys_read+0x12a/0x250
[  657.710908][T17165]  ? __pfx_ksys_read+0x10/0x10
[  657.710928][T17165]  ? rcu_is_watching+0x12/0xc0
[  657.710975][T17165]  __do_fast_syscall_32+0x7c/0x300
[  657.711001][T17165]  do_fast_syscall_32+0x32/0x80
[  657.711036][T17165]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  657.711057][T17165] RIP: 0023:0xf70dd579
[  657.711070][T17165] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  657.711087][T17165] RSP: 002b:00000000f54cd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  657.711103][T17165] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f54cd620
[  657.711114][T17165] RDX: 000000000000000f RSI: 00000000f7476ff4 RDI: 0000000000000000
[  657.711125][T17165] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  657.711135][T17165] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  657.711145][T17165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  657.711169][T17165]  </TASK>
[  657.849573][T17172] netlink: 'syz.1.3120': attribute type 1 has an invalid length.
[  657.876879][T17172] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  657.940022][T17177] nvme_fabrics: missing parameter 'transport=%s'
[  657.942072][T17177] nvme_fabrics: missing parameter 'nqn=%s'
[  657.979550][T17187] 9pnet_virtio: no channels available for device syz
[  658.196004][T17198] FAULT_INJECTION: forcing a failure.
[  658.196004][T17198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.200421][T17198] CPU: 1 UID: 0 PID: 17198 Comm: syz.1.3132 Not tainted syzkaller #0 PREEMPT(full) 
[  658.200447][T17198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  658.200454][T17198] Call Trace:
[  658.200459][T17198]  <TASK>
[  658.200463][T17198]  dump_stack_lvl+0x16c/0x1f0
[  658.200480][T17198]  should_fail_ex+0x512/0x640
[  658.200501][T17198]  _copy_to_user+0x32/0xd0
[  658.200520][T17198]  simple_read_from_buffer+0xcb/0x170
[  658.200540][T17198]  proc_fail_nth_read+0x197/0x240
[  658.200554][T17198]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  658.200568][T17198]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  658.200581][T17198]  vfs_read+0x1e4/0xcf0
[  658.200596][T17198]  ? __pfx_vfs_read+0x10/0x10
[  658.200607][T17198]  ? find_held_lock+0x2b/0x80
[  658.200624][T17198]  ? __fget_files+0x20e/0x3c0
[  658.200640][T17198]  ksys_read+0x12a/0x250
[  658.200651][T17198]  ? __pfx_ksys_read+0x10/0x10
[  658.200665][T17198]  ? rcu_is_watching+0x12/0xc0
[  658.200679][T17198]  __do_fast_syscall_32+0x7c/0x300
[  658.200696][T17198]  do_fast_syscall_32+0x32/0x80
[  658.200711][T17198]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  658.200725][T17198] RIP: 0023:0xf707d579
[  658.200735][T17198] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  658.200746][T17198] RSP: 002b:00000000f546d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  658.200757][T17198] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f546d620
[  658.200764][T17198] RDX: 000000000000000f RSI: 00000000f7416ff4 RDI: 0000000000000000
[  658.200771][T17198] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  658.200777][T17198] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  658.200783][T17198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  658.200798][T17198]  </TASK>
[  658.509489][T17203] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  658.512278][T17203] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  658.515808][T17203] vhci_hcd vhci_hcd.0: Device attached
[  658.767236][T17210] FAULT_INJECTION: forcing a failure.
[  658.767236][T17210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.771419][T17210] CPU: 3 UID: 0 PID: 17210 Comm: syz.3.3135 Not tainted syzkaller #0 PREEMPT(full) 
[  658.771435][T17210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  658.771441][T17210] Call Trace:
[  658.771446][T17210]  <TASK>
[  658.771463][T17210]  dump_stack_lvl+0x16c/0x1f0
[  658.771482][T17210]  should_fail_ex+0x512/0x640
[  658.771502][T17210]  _copy_to_user+0x32/0xd0
[  658.771522][T17210]  bpf_test_finish.isra.0+0x570/0x6e0
[  658.771545][T17210]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  658.771567][T17210]  ? __asan_memset+0x23/0x50
[  658.771581][T17210]  bpf_prog_test_run_skb+0x1384/0x2290
[  658.771598][T17210]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  658.771612][T17210]  ? fput+0x9b/0xd0
[  658.771629][T17210]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  658.771641][T17210]  __sys_bpf+0x1035/0x4980
[  658.771655][T17210]  ? __pfx___sys_bpf+0x10/0x10
[  658.771668][T17210]  ? __lock_acquire+0x622/0x1c90
[  658.771685][T17210]  ? find_held_lock+0x2b/0x80
[  658.771700][T17210]  ? lock_acquire+0x179/0x350
[  658.771726][T17210]  ? find_held_lock+0x2b/0x80
[  658.771744][T17210]  ? __might_fault+0xe3/0x190
[  658.771756][T17210]  ? __might_fault+0x13b/0x190
[  658.771767][T17210]  ? find_held_lock+0x2b/0x80
[  658.771778][T17210]  ? syscall_trace_enter+0x1cb/0x240
[  658.771800][T17210]  __ia32_sys_bpf+0x76/0xe0
[  658.771812][T17210]  __do_fast_syscall_32+0x7c/0x300
[  658.771828][T17210]  do_fast_syscall_32+0x32/0x80
[  658.771843][T17210]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  658.771857][T17210] RIP: 0023:0xf70dd579
[  658.771866][T17210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  658.771878][T17210] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  658.771890][T17210] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800003c0
[  658.771897][T17210] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  658.771903][T17210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  658.771910][T17210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  658.771916][T17210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  658.771931][T17210]  </TASK>
[  658.786159][   T24] usb 38-1: SetAddress Request (68) to port 0
[  658.828499][T17212] netlink: 'syz.2.3136': attribute type 1 has an invalid length.
[  658.830771][    C2] vkms_vblank_simulate: vblank timer overrun
[  658.854889][    C2] vkms_vblank_simulate: vblank timer overrun
[  658.917984][   T24] usb 38-1: new SuperSpeed USB device number 68 using vhci_hcd
[  658.961612][T17220] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.000117][T17204] vhci_hcd: connection reset by peer
[  659.002298][ T1183] vhci_hcd: stop threads
[  659.004155][ T1183] vhci_hcd: release socket
[  659.006513][ T1183] vhci_hcd: disconnect device
[  659.281820][T17233] nvme_fabrics: missing parameter 'transport=%s'
[  659.284744][T17233] nvme_fabrics: missing parameter 'nqn=%s'
[  659.562576][T17240] FAULT_INJECTION: forcing a failure.
[  659.562576][T17240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  659.580147][T17240] CPU: 0 UID: 0 PID: 17240 Comm: syz.2.3145 Not tainted syzkaller #0 PREEMPT(full) 
[  659.580164][T17240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  659.580171][T17240] Call Trace:
[  659.580176][T17240]  <TASK>
[  659.580180][T17240]  dump_stack_lvl+0x16c/0x1f0
[  659.580198][T17240]  should_fail_ex+0x512/0x640
[  659.580219][T17240]  _copy_from_user+0x2e/0xd0
[  659.580238][T17240]  bpf_prog_test_run_xdp+0x126e/0x1660
[  659.580256][T17240]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  659.580268][T17240]  ? __pfx___might_fault+0x10/0x10
[  659.580283][T17240]  ? fput+0x9b/0xd0
[  659.580299][T17240]  ? __bpf_prog_get+0x97/0x2a0
[  659.580315][T17240]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  659.580327][T17240]  __sys_bpf+0x1035/0x4980
[  659.580341][T17240]  ? __pfx___sys_bpf+0x10/0x10
[  659.580352][T17240]  ? find_held_lock+0x2b/0x80
[  659.580367][T17240]  ? find_held_lock+0x2b/0x80
[  659.580382][T17240]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  659.580405][T17240]  ? fput+0x9b/0xd0
[  659.580419][T17240]  ? ksys_write+0x1ac/0x250
[  659.580432][T17240]  ? __pfx_ksys_write+0x10/0x10
[  659.580446][T17240]  __ia32_sys_bpf+0x76/0xe0
[  659.580459][T17240]  __do_fast_syscall_32+0x7c/0x300
[  659.580476][T17240]  do_fast_syscall_32+0x32/0x80
[  659.580490][T17240]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.580505][T17240] RIP: 0023:0xf70dd579
[  659.580514][T17240] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  659.580525][T17240] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  659.580537][T17240] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000240
[  659.580544][T17240] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  659.580550][T17240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  659.580557][T17240] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  659.580563][T17240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.580578][T17240]  </TASK>
[  659.837571][T17252] __nla_validate_parse: 6 callbacks suppressed
[  659.837583][T17252] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3148'.
[  659.850403][T17252] vlan2: entered promiscuous mode
[  659.852116][T17252] bond0: entered promiscuous mode
[  659.853777][T17252] bond_slave_0: entered promiscuous mode
[  659.855700][T17252] bond_slave_1: entered promiscuous mode
[  659.858263][T17252] mac80211_hwsim hwsim19 wlan1: entered promiscuous mode
[  660.291025][T17264] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3151'.
[  660.369822][T17271] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3152'.
[  660.374505][T17271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3152'.
[  660.420184][T17276] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  660.460301][T17279] netlink: 'syz.0.3155': attribute type 1 has an invalid length.
[  660.462620][T17279] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3155'.
[  660.527341][T17279] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  660.536772][ T6021] usb 8-1: new high-speed USB device number 84 using dummy_hcd
[  661.009348][T17274] syz.1.3153 (17274): /proc/17267/oom_adj is deprecated, please use /proc/17267/oom_score_adj instead.
[  661.195498][ T6021] usb 8-1: Using ep0 maxpacket: 8
[  661.249714][T17309] program syz.2.3161 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  661.254059][T17309] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3161'.
[  661.257300][ T6021] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  661.260563][ T6021] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  661.263987][ T6021] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  661.268699][ T6021] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  661.272667][ T6021] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  661.282073][ T6021] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  661.287723][ T6021] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.407583][T17317] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3164'.
[  661.412062][T17317] FAULT_INJECTION: forcing a failure.
[  661.412062][T17317] name failslab, interval 1, probability 0, space 0, times 0
[  661.417517][T17317] CPU: 3 UID: 0 PID: 17317 Comm: syz.1.3164 Not tainted syzkaller #0 PREEMPT(full) 
[  661.417534][T17317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  661.417542][T17317] Call Trace:
[  661.417546][T17317]  <TASK>
[  661.417551][T17317]  dump_stack_lvl+0x16c/0x1f0
[  661.417570][T17317]  should_fail_ex+0x512/0x640
[  661.417588][T17317]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  661.417602][T17317]  should_failslab+0xc2/0x120
[  661.417618][T17317]  kmem_cache_alloc_node_noprof+0x78/0x770
[  661.417630][T17317]  ? __alloc_skb+0x2b2/0x380
[  661.417647][T17317]  ? mark_held_locks+0x49/0x80
[  661.417666][T17317]  ? __alloc_skb+0x2b2/0x380
[  661.417682][T17317]  __alloc_skb+0x2b2/0x380
[  661.417699][T17317]  ? __pfx___alloc_skb+0x10/0x10
[  661.417716][T17317]  ? __pfx_debug_object_assert_init+0x10/0x10
[  661.417733][T17317]  ? __igmp_group_dropped+0x26a/0xe80
[  661.417749][T17317]  inet_ifmcaddr_notify+0xc7/0x1c0
[  661.417761][T17317]  ? __pfx_inet_ifmcaddr_notify+0x10/0x10
[  661.417780][T17317]  __ip_mc_dec_group+0x442/0x5b0
[  661.417795][T17317]  inetdev_event+0x3b2/0x18a0
[  661.417810][T17317]  ? ib_netdevice_event+0xfc/0x330
[  661.417822][T17317]  ? __pfx_inetdev_event+0x10/0x10
[  661.417837][T17317]  ? wext_netdev_notifier_call+0xe/0x20
[  661.417850][T17317]  ? cfg802154_netdev_notifier_call+0x391/0xa00
[  661.417866][T17317]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  661.417888][T17317]  notifier_call_chain+0xbc/0x410
[  661.417903][T17317]  ? __pfx_inetdev_event+0x10/0x10
[  661.417920][T17317]  call_netdevice_notifiers_info+0xbe/0x140
[  661.417937][T17317]  netif_close_many+0x319/0x630
[  661.417954][T17317]  ? __pfx_netif_close_many+0x10/0x10
[  661.417969][T17317]  ? netif_close_many_and_unlock+0x24/0x270
[  661.417987][T17317]  unregister_netdevice_many_notify+0x549/0x25c0
[  661.418003][T17317]  ? __pfx___mutex_lock+0x10/0x10
[  661.418017][T17317]  ? __pfx___nla_validate_parse+0x10/0x10
[  661.418032][T17317]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  661.418046][T17317]  ? unregister_netdevice_queue+0x22e/0x3f0
[  661.418060][T17317]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  661.418078][T17317]  rtnl_dellink+0x3d5/0xa90
[  661.418089][T17317]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  661.418102][T17317]  ? consume_skb+0xcc/0x100
[  661.418113][T17317]  ? nlmon_xmit+0xa5/0xe0
[  661.418128][T17317]  ? dev_hard_start_xmit+0x97/0x740
[  661.418149][T17317]  ? __dev_queue_xmit+0xa46/0x4490
[  661.418165][T17317]  ? __pfx_rtnl_dellink+0x10/0x10
[  661.418175][T17317]  ? ____sys_sendmsg+0xa98/0xc70
[  661.418188][T17317]  ? ___sys_sendmsg+0x134/0x1d0
[  661.418198][T17317]  ? __sys_sendmsg+0x16d/0x220
[  661.418208][T17317]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  661.418248][T17317]  ? __lock_acquire+0x622/0x1c90
[  661.418264][T17317]  ? rcu_is_watching+0x12/0xc0
[  661.418282][T17317]  ? find_held_lock+0x2b/0x80
[  661.418294][T17317]  ? __pfx_rtnl_dellink+0x10/0x10
[  661.418304][T17317]  ? __pfx_rtnl_dellink+0x10/0x10
[  661.418314][T17317]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  661.418327][T17317]  ? __pfx_rtnl_dellink+0x10/0x10
[  661.418339][T17317]  rtnetlink_rcv_msg+0x95e/0xe90
[  661.418352][T17317]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  661.418369][T17317]  ? ref_tracker_free+0x37c/0x830
[  661.418382][T17317]  netlink_rcv_skb+0x158/0x420
[  661.418394][T17317]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  661.418408][T17317]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  661.418425][T17317]  ? netlink_deliver_tap+0x1ae/0xd30
[  661.418439][T17317]  netlink_unicast+0x5aa/0x870
[  661.418454][T17317]  ? __pfx_netlink_unicast+0x10/0x10
[  661.418471][T17317]  netlink_sendmsg+0x8c8/0xdd0
[  661.418486][T17317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  661.418500][T17317]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  661.418520][T17317]  ____sys_sendmsg+0xa98/0xc70
[  661.418535][T17317]  ? __pfx_____sys_sendmsg+0x10/0x10
[  661.418549][T17317]  ? get_compat_msghdr+0x11a/0x170
[  661.418566][T17317]  ___sys_sendmsg+0x134/0x1d0
[  661.418578][T17317]  ? __pfx____sys_sendmsg+0x10/0x10
[  661.418596][T17317]  ? find_held_lock+0x2b/0x80
[  661.418616][T17317]  __sys_sendmsg+0x16d/0x220
[  661.418627][T17317]  ? __pfx___sys_sendmsg+0x10/0x10
[  661.418645][T17317]  ? rcu_is_watching+0x12/0xc0
[  661.418659][T17317]  __do_fast_syscall_32+0x7c/0x300
[  661.418675][T17317]  do_fast_syscall_32+0x32/0x80
[  661.418690][T17317]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  661.418703][T17317] RIP: 0023:0xf707d579
[  661.418712][T17317] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  661.418724][T17317] RSP: 002b:00000000f546d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  661.418734][T17317] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[  661.418742][T17317] RDX: 0000000020000050 RSI: 0000000000000000 RDI: 0000000000000000
[  661.418748][T17317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  661.418754][T17317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  661.418761][T17317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  661.418778][T17317]  </TASK>
[  661.547332][ T6021] usb 8-1: GET_CAPABILITIES returned 0
[  661.594848][ T6021] usbtmc 8-1:16.0: can't read capabilities
[  661.686483][   T61] usb 44-1: device descriptor read/8, error -110
[  662.031559][T17327] netlink: 'syz.0.3166': attribute type 1 has an invalid length.
[  662.034054][T17327] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3166'.
[  662.045961][T17327] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  662.297020][   T61] usb usb44-port1: attempt power cycle
[  662.528903][T17348] syzkaller0: entered promiscuous mode
[  662.531255][T17348] syzkaller0: entered allmulticast mode
[  662.801869][T17361] nvme_fabrics: missing parameter 'transport=%s'
[  662.804716][T17361] nvme_fabrics: missing parameter 'nqn=%s'
[  662.818373][T17361] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3176'.
[  662.916119][   T61] usb usb44-port1: unable to enumerate USB device
[  663.253844][   T61] usb 8-1: USB disconnect, device number 84
[  663.648914][T17374] loop7: detected capacity change from 0 to 16384
[  663.663643][T17376] netlink: 'syz.2.3189': attribute type 1 has an invalid length.
[  663.666242][T17376] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3189'.
[  664.401078][   T24] usb 38-1: device descriptor read/8, error -110
[  664.806236][   T24] usb usb38-port1: attempt power cycle
[  664.860964][T17404] FAULT_INJECTION: forcing a failure.
[  664.860964][T17404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  664.877723][T17404] CPU: 3 UID: 0 PID: 17404 Comm: syz.2.3192 Not tainted syzkaller #0 PREEMPT(full) 
[  664.877750][T17404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  664.877762][T17404] Call Trace:
[  664.877769][T17404]  <TASK>
[  664.877776][T17404]  dump_stack_lvl+0x16c/0x1f0
[  664.877803][T17404]  should_fail_ex+0x512/0x640
[  664.877835][T17404]  _copy_to_user+0x32/0xd0
[  664.877874][T17404]  bpf_test_finish.isra.0+0x570/0x6e0
[  664.877909][T17404]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  664.877944][T17404]  ? __asan_memset+0x23/0x50
[  664.877966][T17404]  bpf_prog_test_run_skb+0x1384/0x2290
[  664.877997][T17404]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  664.878018][T17404]  ? fput+0x9b/0xd0
[  664.878046][T17404]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  664.878066][T17404]  __sys_bpf+0x1035/0x4980
[  664.878091][T17404]  ? __pfx___sys_bpf+0x10/0x10
[  664.878109][T17404]  ? find_held_lock+0x2b/0x80
[  664.878135][T17404]  ? find_held_lock+0x2b/0x80
[  664.878161][T17404]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  664.878202][T17404]  ? fput+0x9b/0xd0
[  664.878225][T17404]  ? ksys_write+0x1ac/0x250
[  664.878244][T17404]  ? __pfx_ksys_write+0x10/0x10
[  664.878270][T17404]  __ia32_sys_bpf+0x76/0xe0
[  664.878292][T17404]  __do_fast_syscall_32+0x7c/0x300
[  664.878318][T17404]  do_fast_syscall_32+0x32/0x80
[  664.878340][T17404]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  664.878362][T17404] RIP: 0023:0xf70dd579
[  664.878377][T17404] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  664.878393][T17404] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  664.878412][T17404] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0
[  664.878423][T17404] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  664.878433][T17404] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  664.878445][T17404] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  664.878455][T17404] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  664.878480][T17404]  </TASK>
[  665.055241][T17402] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3188'.
[  665.336449][ T6021] usb 8-1: new high-speed USB device number 85 using dummy_hcd
[  665.337526][T17411] syzkaller0: entered promiscuous mode
[  665.342623][T17411] syzkaller0: entered allmulticast mode
[  665.526141][ T6021] usb 8-1: Using ep0 maxpacket: 8
[  665.530930][ T6021] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  665.535538][ T6021] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  665.543905][ T6021] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  665.558772][ T6021] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  665.566134][ T6021] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  665.573663][ T6021] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  665.614843][ T6021] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.852934][ T6021] usb 8-1: GET_CAPABILITIES returned 0
[  665.855314][ T6021] usbtmc 8-1:16.0: can't read capabilities
[  666.009931][T17422] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3195'.
[  666.102132][   T24] usb usb38-port1: unable to enumerate USB device
[  666.200016][T17420] nvme_fabrics: missing parameter 'transport=%s'
[  666.202064][T17420] nvme_fabrics: missing parameter 'nqn=%s'
[  666.980702][T17424] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3196'.
[  667.023127][T17432] 9pnet_virtio: no channels available for device syz
[  667.189672][T17442] netlink: 'syz.2.3202': attribute type 1 has an invalid length.
[  667.262305][T17446] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3203'.
[  667.266575][T17442] 8021q: adding VLAN 0 to HW filter on device bond11
[  667.269969][T17445] bond11: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  667.310286][T17445] bond11: entered allmulticast mode
[  667.317322][T17447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3203'.
[  668.127712][ T6021] usb 8-1: USB disconnect, device number 85
[  668.266199][T17451] nvme_fabrics: missing parameter 'transport=%s'
[  668.268409][T17451] nvme_fabrics: missing parameter 'nqn=%s'
[  668.270806][T17451] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3204'.
[  668.327228][T17469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3209'.
[  668.919459][T17484] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3205'.
[  669.075833][T17482] nvme_fabrics: missing parameter 'transport=%s'
[  669.078041][T17482] nvme_fabrics: missing parameter 'nqn=%s'
[  669.396280][  T842] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  669.556098][  T842] usb 5-1: Using ep0 maxpacket: 8
[  669.559220][  T842] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  669.565458][  T842] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  669.570456][T17496] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  669.570932][  T842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  669.577991][T17497] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 1
[  669.580980][  T842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  669.584463][  T842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  669.588393][  T842] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  669.593536][T17498] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 2
[  669.596605][  T842] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  669.601316][  T842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.606243][T17499] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 3
[  669.611014][  T842] usb 5-1: Product: syz
[  669.612769][  T842] usb 5-1: Manufacturer: syz
[  669.614679][  T842] usb 5-1: SerialNumber: syz
[  669.628417][  T842] usb 5-1: config 0 descriptor??
[  669.631322][T17488] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  669.880796][T17508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3220'.
[  669.987412][T17512] FAULT_INJECTION: forcing a failure.
[  669.987412][T17512] name failslab, interval 1, probability 0, space 0, times 0
[  669.992097][T17512] CPU: 1 UID: 0 PID: 17512 Comm: syz.2.3218 Not tainted syzkaller #0 PREEMPT(full) 
[  669.992121][T17512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  669.992132][T17512] Call Trace:
[  669.992139][T17512]  <TASK>
[  669.992146][T17512]  dump_stack_lvl+0x16c/0x1f0
[  669.992172][T17512]  should_fail_ex+0x512/0x640
[  669.992199][T17512]  ? fs_reclaim_acquire+0xae/0x150
[  669.992223][T17512]  should_failslab+0xc2/0x120
[  669.992245][T17512]  __kmalloc_noprof+0xdd/0x880
[  669.992269][T17512]  ? tomoyo_encode2+0x100/0x3e0
[  669.992291][T17512]  ? tomoyo_encode2+0x100/0x3e0
[  669.992309][T17512]  tomoyo_encode2+0x100/0x3e0
[  669.992333][T17512]  tomoyo_encode+0x29/0x50
[  669.992351][T17512]  tomoyo_realpath_from_path+0x18f/0x6e0
[  669.992379][T17512]  tomoyo_mount_acl+0x1ae/0x850
[  669.992396][T17512]  ? bpf_ksym_find+0x124/0x1c0
[  669.992416][T17512]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  669.992439][T17512]  ? is_bpf_text_address+0x94/0x1a0
[  669.992465][T17512]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  669.992483][T17512]  ? unwind_get_return_address+0x59/0xa0
[  669.992530][T17512]  ? tomoyo_domain+0xbb/0x150
[  669.992552][T17512]  ? tomoyo_profile+0x47/0x60
[  669.992577][T17512]  tomoyo_mount_permission+0x16d/0x420
[  669.992595][T17512]  ? tomoyo_mount_permission+0x14f/0x420
[  669.992615][T17512]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  669.992650][T17512]  security_sb_mount+0x9b/0x260
[  669.992679][T17512]  path_mount+0x158/0x23a0
[  669.992704][T17512]  ? __pfx_path_mount+0x10/0x10
[  669.992725][T17512]  ? kmem_cache_free+0x2d4/0x6c0
[  669.992741][T17512]  ? putname+0x154/0x1a0
[  669.992767][T17512]  ? putname+0x154/0x1a0
[  669.992792][T17512]  ? __ia32_sys_mount+0x291/0x310
[  669.992811][T17512]  __ia32_sys_mount+0x291/0x310
[  669.992831][T17512]  ? __pfx___ia32_sys_mount+0x10/0x10
[  669.992854][T17512]  ? rcu_is_watching+0x12/0xc0
[  669.992877][T17512]  __do_fast_syscall_32+0x7c/0x300
[  669.992903][T17512]  do_fast_syscall_32+0x32/0x80
[  669.992925][T17512]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  669.992945][T17512] RIP: 0023:0xf70dd579
[  669.992959][T17512] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  669.992976][T17512] RSP: 002b:00000000f548b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  669.992993][T17512] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000040
[  669.993004][T17512] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 00000000800000c0
[  669.993015][T17512] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  669.993026][T17512] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  669.993036][T17512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  669.993065][T17512]  </TASK>
[  669.993083][T17512] ERROR: Out of memory at tomoyo_realpath_from_path.
[  670.154932][T17514] 9pnet_fd: Insufficient options for proto=fd
[  670.859146][T17528] 9pnet_fd: Insufficient options for proto=fd
[  670.926083][  T842] rc_core: IR keymap rc-snapstream-firefly not found
[  670.928542][  T842] Registered IR keymap rc-empty
[  670.930756][  T842] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  670.938185][  T842] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input59
[  670.951405][  T842] input: syz syz mouse as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input60
[  671.319306][T17539] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3228'.
[  671.347081][T17537] nvme_fabrics: missing parameter 'transport=%s'
[  671.352188][T17537] nvme_fabrics: missing parameter 'nqn=%s'
[  671.980234][T17556] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3232'.
[  672.177669][   T53] usb 5-1: USB disconnect, device number 55
[  672.177769][    C3] ati_remote 5-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  672.357392][T17576] 9pnet_fd: Insufficient options for proto=fd
[  673.806499][ T6344] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  673.956134][ T6344] usb 5-1: Using ep0 maxpacket: 8
[  673.960123][ T6344] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  673.964027][ T6344] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  673.968923][ T6344] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  673.973299][ T6344] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  673.986145][ T6344] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  673.990695][  T842] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  673.994009][ T6344] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  674.002196][ T6344] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  674.006568][ T6344] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.010076][ T6344] usb 5-1: Product: syz
[  674.011987][ T6344] usb 5-1: Manufacturer: syz
[  674.013952][ T6344] usb 5-1: SerialNumber: syz
[  674.019138][ T6344] usb 5-1: config 0 descriptor??
[  674.022427][T17591] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  674.126177][  T842] usb 6-1: device descriptor read/64, error -71
[  674.221544][T17601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3249'.
[  674.386176][  T842] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  674.427302][T17604] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  674.516507][  T842] usb 6-1: device descriptor read/64, error -71
[  674.521010][T17607] trusted_key: syz.2.3252 sent an empty control message without MSG_MORE.
[  674.626694][  T842] usb usb6-port1: attempt power cycle
[  674.856145][   T60] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[  674.987011][  T842] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  675.016476][  T842] usb 6-1: device descriptor read/8, error -71
[  675.025130][   T60] usb 7-1: Using ep0 maxpacket: 32
[  675.029410][   T60] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  675.032299][   T60] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  675.034848][   T60] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  675.038000][   T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  675.040962][   T60] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  675.044384][   T60] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  675.048385][   T60] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  675.051140][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.055087][   T60] usb 7-1: config 0 descriptor??
[  675.091241][T17621] netlink: 'syz.3.3256': attribute type 1 has an invalid length.
[  675.094631][T17621] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3256'.
[  675.112624][T17621] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  675.256132][  T842] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  675.262229][   T60] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 67 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  675.270289][   T60] usb 7-1: USB disconnect, device number 67
[  675.276271][   T60] usblp0: removed
[  675.279144][  T842] usb 6-1: device descriptor read/8, error -71
[  675.366270][ T6344] rc_core: IR keymap rc-snapstream-firefly not found
[  675.368426][ T6344] Registered IR keymap rc-empty
[  675.370416][ T6344] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0
[  675.374006][ T6344] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input61
[  675.381011][ T6344] input: syz syz mouse as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input62
[  675.386540][  T842] usb usb6-port1: unable to enumerate USB device
[  675.561207][T17634] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3260'.
[  675.564705][T17634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3260'.
[  675.707755][T13010] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[  675.721399][T17639] netlink: 80 bytes leftover after parsing attributes in process `syz.3.3261'.
[  675.725013][T17639] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3261'.
[  675.856221][T13010] usb 7-1: Using ep0 maxpacket: 32
[  675.868105][T13010] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  675.871619][T13010] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  675.875169][T13010] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  675.879764][T13010] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  675.883772][T13010] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  675.887992][T13010] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  675.893570][T13010] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  675.897474][T13010] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.910830][T13010] usb 7-1: config 0 descriptor??
[  675.939223][T17645] nvme_fabrics: missing parameter 'transport=%s'
[  675.941911][T17645] nvme_fabrics: missing parameter 'nqn=%s'
[  675.952656][T17645] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3262'.
[  676.715086][ T6344] usb 5-1: USB disconnect, device number 56
[  676.715140][    C3] ati_remote 5-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  676.858685][T17657] netlink: 'syz.3.3264': attribute type 1 has an invalid length.
[  676.871680][T17657] 8021q: adding VLAN 0 to HW filter on device bond4
[  676.876901][T17657] bond4: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  676.884454][T17657] bond4: entered allmulticast mode
[  676.965014][T17660] 9pnet_fd: Insufficient options for proto=fd
[  677.044337][T13010] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 68 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  677.049316][T13010] usb 7-1: USB disconnect, device number 68
[  677.052718][T13010] usblp0: removed
[  677.249622][T17668] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3268'.
[  677.559970][T17666] nvme_fabrics: missing parameter 'transport=%s'
[  677.562134][T17666] nvme_fabrics: missing parameter 'nqn=%s'
[  677.982514][   T40] kauditd_printk_skb: 49 callbacks suppressed
[  677.982529][   T40] audit: type=1804 audit(2000000027.780:1038): pid=17677 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3271" name="file0" dev="ramfs" ino=67971 res=1 errno=0
[  678.372397][T13010] usb 8-1: new high-speed USB device number 86 using dummy_hcd
[  678.452141][T17694] netlink: 'syz.0.3278': attribute type 1 has an invalid length.
[  678.485836][T17694] 8021q: adding VLAN 0 to HW filter on device bond8
[  678.502747][T17696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3276'.
[  678.511089][T17694] bond8: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  678.520355][T17694] bond8: entered allmulticast mode
[  678.546164][T13010] usb 8-1: Using ep0 maxpacket: 8
[  678.550437][T13010] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  678.554922][T13010] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  678.561228][T13010] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  678.568049][T13010] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  678.575134][T13010] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  678.585026][T13010] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  678.595987][T13010] usb 8-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  678.600531][T13010] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.604353][T13010] usb 8-1: Product: syz
[  678.606571][T13010] usb 8-1: Manufacturer: syz
[  678.608873][T13010] usb 8-1: SerialNumber: syz
[  678.616600][T13010] usb 8-1: config 0 descriptor??
[  678.620469][T17680] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  678.815160][T17699] netlink: 'syz.1.3279': attribute type 1 has an invalid length.
[  678.842730][T17699] 8021q: adding VLAN 0 to HW filter on device bond13
[  678.851927][T17699] bond13: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  679.331458][T17699] bond13: entered allmulticast mode
[  679.402729][   T61] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[  679.566165][   T61] usb 7-1: Using ep0 maxpacket: 8
[  679.584319][   T61] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  679.587061][   T61] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  679.590581][   T61] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  679.594014][   T61] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  679.597422][   T61] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  679.602273][   T61] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  679.605291][   T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.639473][   T40] audit: type=1326 audit(2000000029.440:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.646993][   T40] audit: type=1326 audit(2000000029.440:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.654261][   T40] audit: type=1326 audit(2000000029.440:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=123 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.661044][   T40] audit: type=1326 audit(2000000029.440:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.667799][   T40] audit: type=1326 audit(2000000029.440:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.674430][   T40] audit: type=1326 audit(2000000029.440:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.681074][   T40] audit: type=1326 audit(2000000029.440:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.687874][   T40] audit: type=1326 audit(2000000029.440:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.694314][   T40] audit: type=1326 audit(2000000029.440:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17705 comm="syz.1.3281" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf707d579 code=0x7ffc0000
[  679.832748][   T61] usb 7-1: GET_CAPABILITIES returned 0
[  679.834505][   T61] usbtmc 7-1:16.0: can't read capabilities
[  680.477678][T13010] rc_core: IR keymap rc-snapstream-firefly not found
[  680.480511][T13010] Registered IR keymap rc-empty
[  680.485071][T13010] rc rc0: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0
[  680.491162][T13010] input: syz syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/rc/rc0/input63
[  680.502641][T13010] input: syz syz mouse as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input64
[  681.038495][T17715] 9pnet_fd: Insufficient options for proto=fd
[  681.613733][   T53] usb 8-1: USB disconnect, device number 86
[  681.613960][    C0] ati_remote 8-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  681.786892][ T1472] usb 7-1: USB disconnect, device number 69
[  682.791374][T17754] netlink: 'syz.0.3295': attribute type 1 has an invalid length.
[  682.893464][T17754] 8021q: adding VLAN 0 to HW filter on device bond9
[  682.897896][T17756] bond9: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  683.091570][T17756] bond9: entered allmulticast mode
[  683.676720][T17766] netlink: 'syz.1.3296': attribute type 1 has an invalid length.
[  683.737914][T17766] 8021q: adding VLAN 0 to HW filter on device bond14
[  683.740988][T17769] bond14: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  683.810258][T17770] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3297'.
[  683.849092][T17769] bond14: entered allmulticast mode
[  684.116186][ T1472] usb 7-1: new high-speed USB device number 70 using dummy_hcd
[  684.316211][ T1472] usb 7-1: Using ep0 maxpacket: 8
[  684.374316][ T1472] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  684.376915][ T1472] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  684.380172][ T1472] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  684.384901][ T1472] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  684.388691][ T1472] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  684.393130][ T1472] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  684.396565][ T1472] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  684.710421][ T1472] usb 7-1: GET_CAPABILITIES returned 0
[  684.712164][ T1472] usbtmc 7-1:16.0: can't read capabilities
[  685.115743][T17789] netlink: 'syz.0.3303': attribute type 1 has an invalid length.
[  685.118638][T17789] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3303'.
[  685.131936][T17789] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  685.173891][T17793] netlink: 'syz.0.3304': attribute type 1 has an invalid length.
[  685.177007][T17793] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3304'.
[  685.194535][T17793] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  685.452758][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  685.781047][T17810] FAULT_INJECTION: forcing a failure.
[  685.781047][T17810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  685.785164][T17810] CPU: 0 UID: 0 PID: 17810 Comm: syz.3.3309 Not tainted syzkaller #0 PREEMPT(full) 
[  685.785179][T17810] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  685.785186][T17810] Call Trace:
[  685.785191][T17810]  <TASK>
[  685.785195][T17810]  dump_stack_lvl+0x16c/0x1f0
[  685.785225][T17810]  should_fail_ex+0x512/0x640
[  685.785247][T17810]  _copy_from_user+0x2e/0xd0
[  685.785265][T17810]  get_compat_msghdr+0xa7/0x170
[  685.785278][T17810]  ? __pfx_get_compat_msghdr+0x10/0x10
[  685.785294][T17810]  ___sys_sendmsg+0x1ae/0x1d0
[  685.785306][T17810]  ? __pfx____sys_sendmsg+0x10/0x10
[  685.785325][T17810]  ? find_held_lock+0x2b/0x80
[  685.785346][T17810]  __sys_sendmsg+0x16d/0x220
[  685.785358][T17810]  ? __pfx___sys_sendmsg+0x10/0x10
[  685.785375][T17810]  ? rcu_is_watching+0x12/0xc0
[  685.785390][T17810]  __do_fast_syscall_32+0x7c/0x300
[  685.785406][T17810]  do_fast_syscall_32+0x32/0x80
[  685.785421][T17810]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  685.785435][T17810] RIP: 0023:0xf70dd579
[  685.785444][T17810] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  685.785455][T17810] RSP: 002b:00000000f54ac55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  685.785466][T17810] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800006c0
[  685.785473][T17810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  685.785479][T17810] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  685.785485][T17810] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  685.785492][T17810] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  685.785506][T17810]  </TASK>
[  686.409697][T17823] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3319'.
[  687.356570][T17822] nvme_fabrics: missing parameter 'transport=%s'
[  687.359019][T17822] nvme_fabrics: missing parameter 'nqn=%s'
[  687.402434][   T61] usb 7-1: USB disconnect, device number 70
[  687.527443][T17836] netlink: 'syz.2.3314': attribute type 1 has an invalid length.
[  687.530168][T17836] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3314'.
[  687.567570][T17838] netlink: 'syz.0.3315': attribute type 1 has an invalid length.
[  687.570619][T17838] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3315'.
[  687.598306][T17844] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  687.694033][T17848] netlink: 'syz.0.3317': attribute type 1 has an invalid length.
[  687.697481][T17848] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3317'.
[  687.724050][T17848] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  687.773622][T17853] binder: 17852:17853 ioctl c0306201 80000080 returned -14
[  687.791546][T17853] binder: 17852:17853 ioctl 5307 0 returned -22
[  687.794766][T17853] binder: 17852:17853 ioctl c0306201 800003c0 returned -14
[  687.799134][T17853] binder: 17852:17853 ioctl c018937b 80000040 returned -22
[  687.960849][T17859] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3320'.
[  688.127542][T17857] nvme_fabrics: missing parameter 'transport=%s'
[  688.129554][T17857] nvme_fabrics: missing parameter 'nqn=%s'
[  688.692032][T17877] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3324'.
[  688.864141][T17878] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3323'.
[  688.894897][T17876] nvme_fabrics: missing parameter 'transport=%s'
[  688.897268][T17876] nvme_fabrics: missing parameter 'nqn=%s'
[  689.104935][T17887] program syz.0.3326 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  689.266229][ T1472] usb 8-1: new high-speed USB device number 87 using dummy_hcd
[  689.436163][ T1472] usb 8-1: Using ep0 maxpacket: 8
[  689.443190][ T1472] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  689.456299][ T1472] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  689.460309][ T1472] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  689.464296][ T1472] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  689.470281][ T1472] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  689.475977][ T1472] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  689.480484][ T1472] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.553260][T17889] netlink: 'syz.2.3327': attribute type 1 has an invalid length.
[  689.556776][T17889] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3327'.
[  689.721098][T17896] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3328'.
[  689.736868][ T1472] usb 8-1: GET_CAPABILITIES returned 0
[  689.739166][ T1472] usbtmc 8-1:16.0: can't read capabilities
[  689.919816][T17899] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3330'.
[  689.923388][T17899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3330'.
[  690.373983][T17917] nvme_fabrics: missing parameter 'transport=%s'
[  690.377230][T17917] nvme_fabrics: missing parameter 'nqn=%s'
[  690.445970][T17917] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3335'.
[  690.674870][T17926] netlink: 'syz.1.3338': attribute type 1 has an invalid length.
[  690.681141][T17926] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3338'.
[  690.717641][T17926] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  691.401460][ T1472] usb 8-1: USB disconnect, device number 87
[  691.446154][T17938] 9pnet_fd: Insufficient options for proto=fd
[  691.653292][T17945] 9pnet_fd: Insufficient options for proto=fd
[  692.188768][T17950] FAULT_INJECTION: forcing a failure.
[  692.188768][T17950] name failslab, interval 1, probability 0, space 0, times 0
[  692.193221][T17950] CPU: 1 UID: 0 PID: 17950 Comm: syz.1.3345 Not tainted syzkaller #0 PREEMPT(full) 
[  692.193248][T17950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  692.193255][T17950] Call Trace:
[  692.193259][T17950]  <TASK>
[  692.193264][T17950]  dump_stack_lvl+0x16c/0x1f0
[  692.193281][T17950]  should_fail_ex+0x512/0x640
[  692.193300][T17950]  ? __kmalloc_node_noprof+0xcd/0x8a0
[  692.193316][T17950]  should_failslab+0xc2/0x120
[  692.193332][T17950]  __kmalloc_node_noprof+0xe0/0x8a0
[  692.193345][T17950]  ? __get_vm_area_node+0x1dc/0x330
[  692.193360][T17950]  ? __vmalloc_node_range_noprof+0x3e5/0x1480
[  692.193380][T17950]  ? __vmalloc_node_range_noprof+0x3e5/0x1480
[  692.193396][T17950]  __vmalloc_node_range_noprof+0x3e5/0x1480
[  692.193417][T17950]  ? kernel_clone+0xfc/0x930
[  692.193432][T17950]  ? lockdep_hardirqs_on+0x7c/0x110
[  692.193448][T17950]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  692.193466][T17950]  ? memcpy_and_pad+0x55/0x90
[  692.193480][T17950]  ? kasan_check_range+0xad/0x1b0
[  692.193499][T17950]  ? kernel_clone+0xfc/0x930
[  692.193512][T17950]  __vmalloc_node_noprof+0xad/0xf0
[  692.193528][T17950]  ? kernel_clone+0xfc/0x930
[  692.193543][T17950]  copy_process+0x2c77/0x76a0
[  692.193563][T17950]  ? __pfx_copy_process+0x10/0x10
[  692.193581][T17950]  ? _copy_from_user+0x59/0xd0
[  692.193600][T17950]  kernel_clone+0xfc/0x930
[  692.193613][T17950]  ? lock_acquire+0x179/0x350
[  692.193628][T17950]  ? find_held_lock+0x2b/0x80
[  692.193640][T17950]  ? __pfx_kernel_clone+0x10/0x10
[  692.193657][T17950]  ? finish_task_switch.isra.0+0x221/0xc10
[  692.193671][T17950]  ? rcu_is_watching+0x12/0xc0
[  692.193685][T17950]  __do_sys_clone3+0x212/0x290
[  692.193700][T17950]  ? __pfx___do_sys_clone3+0x10/0x10
[  692.193720][T17950]  ? __pfx___schedule+0x10/0x10
[  692.193732][T17950]  ? __fget_files+0x20e/0x3c0
[  692.193743][T17950]  ? handle_mm_fault+0x1e0/0xd10
[  692.193768][T17950]  ? rcu_is_watching+0x12/0xc0
[  692.193782][T17950]  __do_fast_syscall_32+0x7c/0x300
[  692.193798][T17950]  do_fast_syscall_32+0x32/0x80
[  692.193813][T17950]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  692.193831][T17950] RIP: 0023:0xf707d579
[  692.193840][T17950] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  692.193851][T17950] RSP: 002b:00000000f542b42c EFLAGS: 00000286 ORIG_RAX: 00000000000001b3
[  692.193862][T17950] RAX: ffffffffffffffda RBX: 00000000f542b460 RCX: 0000000000000058
[  692.193869][T17950] RDX: 0000000000000000 RSI: 0000000008040000 RDI: 0000000000000000
[  692.193876][T17950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  692.193882][T17950] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  692.193888][T17950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  692.193903][T17950]  </TASK>
[  692.193928][T17950] syz.1.3345: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  692.287820][T17950] CPU: 1 UID: 0 PID: 17950 Comm: syz.1.3345 Not tainted syzkaller #0 PREEMPT(full) 
[  692.287846][T17950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  692.287853][T17950] Call Trace:
[  692.287857][T17950]  <TASK>
[  692.287862][T17950]  dump_stack_lvl+0x16c/0x1f0
[  692.287880][T17950]  warn_alloc+0x248/0x3a0
[  692.287894][T17950]  ? __pfx_warn_alloc+0x10/0x10
[  692.287904][T17950]  ? dump_stack_lvl+0x1a3/0x1f0
[  692.287918][T17950]  ? should_fail_ex+0x354/0x640
[  692.287937][T17950]  ? rcu_is_watching+0x12/0xc0
[  692.287950][T17950]  ? trace_kmalloc+0x2b/0xd0
[  692.287964][T17950]  ? __kmalloc_node_noprof+0x364/0x8a0
[  692.287976][T17950]  ? __get_vm_area_node+0x1dc/0x330
[  692.287991][T17950]  ? __vmalloc_node_range_noprof+0x3e5/0x1480
[  692.288012][T17950]  __vmalloc_node_range_noprof+0xfe2/0x1480
[  692.288034][T17950]  ? kernel_clone+0xfc/0x930
[  692.288051][T17950]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  692.288069][T17950]  ? memcpy_and_pad+0x55/0x90
[  692.288082][T17950]  ? kasan_check_range+0xad/0x1b0
[  692.288102][T17950]  ? kernel_clone+0xfc/0x930
[  692.288115][T17950]  __vmalloc_node_noprof+0xad/0xf0
[  692.288131][T17950]  ? kernel_clone+0xfc/0x930
[  692.288146][T17950]  copy_process+0x2c77/0x76a0
[  692.288167][T17950]  ? __pfx_copy_process+0x10/0x10
[  692.288184][T17950]  ? _copy_from_user+0x59/0xd0
[  692.288204][T17950]  kernel_clone+0xfc/0x930
[  692.288217][T17950]  ? lock_acquire+0x179/0x350
[  692.288232][T17950]  ? find_held_lock+0x2b/0x80
[  692.288244][T17950]  ? __pfx_kernel_clone+0x10/0x10
[  692.288261][T17950]  ? finish_task_switch.isra.0+0x221/0xc10
[  692.288274][T17950]  ? rcu_is_watching+0x12/0xc0
[  692.288288][T17950]  __do_sys_clone3+0x212/0x290
[  692.288302][T17950]  ? __pfx___do_sys_clone3+0x10/0x10
[  692.288323][T17950]  ? __pfx___schedule+0x10/0x10
[  692.288335][T17950]  ? __fget_files+0x20e/0x3c0
[  692.288346][T17950]  ? handle_mm_fault+0x1e0/0xd10
[  692.288371][T17950]  ? rcu_is_watching+0x12/0xc0
[  692.288384][T17950]  __do_fast_syscall_32+0x7c/0x300
[  692.288400][T17950]  do_fast_syscall_32+0x32/0x80
[  692.288415][T17950]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  692.288429][T17950] RIP: 0023:0xf707d579
[  692.288438][T17950] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  692.288450][T17950] RSP: 002b:00000000f542b42c EFLAGS: 00000286 ORIG_RAX: 00000000000001b3
[  692.288460][T17950] RAX: ffffffffffffffda RBX: 00000000f542b460 RCX: 0000000000000058
[  692.288467][T17950] RDX: 0000000000000000 RSI: 0000000008040000 RDI: 0000000000000000
[  692.288474][T17950] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  692.288480][T17950] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  692.288486][T17950] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  692.288500][T17950]  </TASK>
[  692.288525][T17950] Mem-Info:
[  692.496421][T17950] active_anon:11044 inactive_anon:425 isolated_anon:0
[  692.496421][T17950]  active_file:2274 inactive_file:12006 isolated_file:0
[  692.496421][T17950]  unevictable:1768 dirty:466 writeback:0
[  692.496421][T17950]  slab_reclaimable:6519 slab_unreclaimable:59748
[  692.496421][T17950]  mapped:32632 shmem:11357 pagetables:1206
[  692.496421][T17950]  sec_pagetables:333 bounce:0
[  692.496421][T17950]  kernel_misc_reclaimable:0
[  692.496421][T17950]  free:55026 free_pcp:12789 free_cma:0
[  692.509877][T17950] Node 0 active_anon:1660kB inactive_anon:256kB active_file:100kB inactive_file:144kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:1324kB dirty:4kB writeback:0kB shmem:4516kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8912kB pagetables:1620kB sec_pagetables:1168kB all_unreclaimable? no Balloon:0kB
[  692.519345][T17950] Node 1 active_anon:42516kB inactive_anon:1444kB active_file:8996kB inactive_file:47880kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:129204kB dirty:1860kB writeback:0kB shmem:40912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:10772kB pagetables:3104kB sec_pagetables:164kB all_unreclaimable? no Balloon:0kB
[  692.528458][T17950] Node 0 DMA free:2004kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:644kB local_pcp:120kB free_cma:0kB
[  692.537546][T17950] lowmem_reserve[]: 0 294 294 294 294
[  692.539371][T17950] Node 0 DMA32 free:16972kB boost:0kB min:13448kB low:16808kB high:20168kB reserved_highatomic:2048KB free_highatomic:696KB active_anon:1660kB inactive_anon:256kB active_file:100kB inactive_file:144kB unevictable:3536kB writepending:4kB zspages:792kB present:1032196kB managed:301148kB mlocked:0kB bounce:0kB free_pcp:7996kB local_pcp:2432kB free_cma:0kB
[  692.549219][T17950] lowmem_reserve[]: 0 0 0 0 0
[  692.550716][T17950] Node 1 DMA32 free:201128kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:42516kB inactive_anon:1444kB active_file:8996kB inactive_file:47880kB unevictable:3536kB writepending:1860kB zspages:4856kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:42612kB local_pcp:10340kB free_cma:0kB
[  692.560753][T17950] lowmem_reserve[]: 0 0 0 0 0
[  692.562247][T17950] Node 0 DMA: 1*4kB (U) 10*8kB (UM) 10*16kB (UM) 5*32kB (UM) 1*64kB (M) 0*128kB 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2004kB
[  692.566766][T17950] Node 0 DMA32: 387*4kB (UMEH) 176*8kB (UH) 82*16kB (UMEH) 87*32kB (MEH) 51*64kB (UMEH) 24*128kB (UME) 6*256kB (UM) 2*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 16972kB
[  692.572015][T17950] Node 1 DMA32: 256*4kB (UE) 465*8kB (UME) 268*16kB (UE) 421*32kB (UE) 201*64kB (UME) 129*128kB (UE) 93*256kB (UME) 83*512kB (UM) 51*1024kB (U) 9*2048kB (UM) 3*4096kB (UM) = 201128kB
[  692.577715][T17950] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  692.580685][T17950] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  692.583556][T17950] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  692.586571][T17950] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  692.589497][T17950] 26503 total pagecache pages
[  692.591002][T17950] 871 pages in swap cache
[  692.592373][T17950] Free swap  = 83400kB
[  692.593668][T17950] Total swap = 124996kB
[  692.595008][T17950] 524155 pages RAM
[  692.596951][T17950] 0 pages HighMem/MovableOnly
[  692.598455][T17950] 207973 pages reserved
[  692.599784][T17950] 0 pages cma reserved
[  692.883833][T17961] netlink: 'syz.1.3348': attribute type 1 has an invalid length.
[  692.886850][T17961] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3348'.
[  692.905613][ T6115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  692.908669][T17961] sch_tbf: burst 19920 is lower than device lo mtu (65550) !
[  692.911895][ T6115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  693.424487][T17970] netlink: 'syz.1.3349': attribute type 1 has an invalid length.
[  693.532839][T17970] 8021q: adding VLAN 0 to HW filter on device bond15
[  693.537712][T17974] bond15: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  693.808395][T17974] bond15: entered allmulticast mode
[  694.260924][T17984] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3352'.
[  694.296203][T17990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3355'.
[  694.317539][T17988] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3354'.
[  694.410157][T17994] Process accounting resumed
[  694.486234][ T5947] Bluetooth: hci2: command tx timeout
[  694.536262][   T61] usb 7-1: new high-speed USB device number 71 using dummy_hcd
[  694.686141][   T61] usb 7-1: Using ep0 maxpacket: 8
[  694.690358][   T61] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  694.693837][   T61] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  694.698623][   T61] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  694.702659][   T61] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  694.707116][   T61] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  694.712417][   T61] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  694.716210][   T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.796699][   T53] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  694.887074][T18011] netlink: 'syz.0.3363': attribute type 1 has an invalid length.
[  694.906702][T18011] 8021q: adding VLAN 0 to HW filter on device bond10
[  694.930411][T18011] bond10: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  694.940214][T18011] bond10: entered allmulticast mode
[  694.953226][T18015] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3362'.
[  695.084158][T18012] nvme_fabrics: missing parameter 'transport=%s'
[  695.086318][T18012] nvme_fabrics: missing parameter 'nqn=%s'
[  695.648627][T18020] 9pnet_fd: Insufficient options for proto=fd
[  695.819583][   T61] usb 7-1: GET_CAPABILITIES returned 0
[  695.822106][   T61] usbtmc 7-1:16.0: can't read capabilities
[  696.186684][T18030] program syz.1.3366 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  696.421486][T18036] nvme_fabrics: missing parameter 'transport=%s'
[  696.423839][T18036] nvme_fabrics: missing parameter 'nqn=%s'
[  696.435046][T18036] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3368'.
[  696.456133][T18038] 9pnet_fd: Insufficient options for proto=fd
[  697.086351][T18041] netlink: 'syz.1.3369': attribute type 1 has an invalid length.
[  697.174201][T18041] 8021q: adding VLAN 0 to HW filter on device bond16
[  697.178626][T18043] bond16: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  697.252112][T18043] bond16: entered allmulticast mode
[  697.316333][   T61] usb 7-1: USB disconnect, device number 71
[  697.590328][T18048] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3370'.
[  697.848445][T18046] nvme_fabrics: missing parameter 'transport=%s'
[  697.850603][T18046] nvme_fabrics: missing parameter 'nqn=%s'
[  697.857820][T18051] FAULT_INJECTION: forcing a failure.
[  697.857820][T18051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.862046][T18051] CPU: 1 UID: 0 PID: 18051 Comm: syz.2.3371 Not tainted syzkaller #0 PREEMPT(full) 
[  697.862071][T18051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  697.862080][T18051] Call Trace:
[  697.862085][T18051]  <TASK>
[  697.862089][T18051]  dump_stack_lvl+0x16c/0x1f0
[  697.862106][T18051]  should_fail_ex+0x512/0x640
[  697.862128][T18051]  _copy_to_user+0x32/0xd0
[  697.862147][T18051]  simple_read_from_buffer+0xcb/0x170
[  697.862167][T18051]  proc_fail_nth_read+0x197/0x240
[  697.862180][T18051]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  697.862193][T18051]  ? rw_verify_area+0xcf/0x6c0
[  697.862204][T18051]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  697.862216][T18051]  vfs_read+0x1e4/0xcf0
[  697.862231][T18051]  ? __pfx_vfs_read+0x10/0x10
[  697.862242][T18051]  ? find_held_lock+0x2b/0x80
[  697.862258][T18051]  ? __fget_files+0x20e/0x3c0
[  697.862274][T18051]  ksys_read+0x12a/0x250
[  697.862286][T18051]  ? __pfx_ksys_read+0x10/0x10
[  697.862299][T18051]  ? rcu_is_watching+0x12/0xc0
[  697.862314][T18051]  __do_fast_syscall_32+0x7c/0x300
[  697.862330][T18051]  do_fast_syscall_32+0x32/0x80
[  697.862344][T18051]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  697.862359][T18051] RIP: 0023:0xf70dd579
[  697.862368][T18051] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  697.862379][T18051] RSP: 002b:00000000f54ac590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  697.862390][T18051] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54ac620
[  697.862397][T18051] RDX: 000000000000000f RSI: 00000000f7476ff4 RDI: 0000000000000000
[  697.862403][T18051] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  697.862409][T18051] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  697.862416][T18051] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  697.862430][T18051]  </TASK>
[  698.109421][T18056] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3372'.
[  698.421725][T18063] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3374'.
[  698.458317][T18064] netlink: 'syz.3.3376': attribute type 1 has an invalid length.
[  698.505098][T18064] 8021q: adding VLAN 0 to HW filter on device bond5
[  698.555316][T18064] bond5: up delay (35976) is not a multiple of miimon (100), value rounded to 35900 ms
[  698.603415][T18061] nvme_fabrics: missing parameter 'transport=%s'
[  698.605486][T18061] nvme_fabrics: missing parameter 'nqn=%s'
[  698.634308][T18070] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3385'.
[  698.640503][T18064] bond5: entered allmulticast mode
[  699.509161][T15681] ==================================================================
[  699.512689][T15681] BUG: KASAN: slab-use-after-free in __mutex_lock+0xe87/0x1060
[  699.515858][T15681] Read of size 8 at addr ffff88802768c0a0 by task khidpd_10000008/15681
[  699.521356][T15681] 
[  699.522445][T15681] CPU: 1 UID: 0 PID: 15681 Comm: khidpd_10000008 Not tainted syzkaller #0 PREEMPT(full) 
[  699.522470][T15681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  699.522481][T15681] Call Trace:
[  699.522488][T15681]  <TASK>
[  699.522494][T15681]  dump_stack_lvl+0x116/0x1f0
[  699.522520][T15681]  print_report+0xcd/0x630
[  699.522543][T15681]  ? __virt_addr_valid+0x81/0x610
[  699.522587][T15681]  ? __phys_addr+0xe8/0x180
[  699.522611][T15681]  ? __mutex_lock+0xe87/0x1060
[  699.522630][T15681]  kasan_report+0xe0/0x110
[  699.522653][T15681]  ? __mutex_lock+0xe87/0x1060
[  699.522678][T15681]  ? l2cap_unregister_user+0x71/0x240
[  699.522701][T15681]  __mutex_lock+0xe87/0x1060
[  699.522723][T15681]  ? l2cap_unregister_user+0x71/0x240
[  699.522753][T15681]  ? __pfx___mutex_lock+0x10/0x10
[  699.522778][T15681]  ? find_held_lock+0x2b/0x80
[  699.522799][T15681]  ? l2cap_unregister_user+0x71/0x240
[  699.522821][T15681]  l2cap_unregister_user+0x71/0x240
[  699.522845][T15681]  hidp_session_thread+0x45e/0x660
[  699.522863][T15681]  ? __pfx_hidp_session_thread+0x10/0x10
[  699.522881][T15681]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  699.522910][T15681]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  699.522937][T15681]  ? lockdep_hardirqs_on+0x7c/0x110
[  699.522958][T15681]  ? __kthread_parkme+0x19e/0x250
[  699.522980][T15681]  ? __pfx_hidp_session_thread+0x10/0x10
[  699.522997][T15681]  kthread+0x3c5/0x780
[  699.523022][T15681]  ? __pfx_kthread+0x10/0x10
[  699.523048][T15681]  ? rcu_is_watching+0x12/0xc0
[  699.523066][T15681]  ? __pfx_kthread+0x10/0x10
[  699.523091][T15681]  ret_from_fork+0x675/0x7d0
[  699.523116][T15681]  ? __pfx_kthread+0x10/0x10
[  699.523140][T15681]  ret_from_fork_asm+0x1a/0x30
[  699.523170][T15681]  </TASK>
[  699.523177][T15681] 
[  699.585264][T15681] Allocated by task 15364:
[  699.586674][T15681]  kasan_save_stack+0x33/0x60
[  699.588170][T15681]  kasan_save_track+0x14/0x30
[  699.589654][T15681]  __kasan_kmalloc+0xaa/0xb0
[  699.591124][T15681]  __kmalloc_noprof+0x32f/0x880
[  699.592688][T15681]  hci_alloc_dev_priv+0x1d/0x28a0
[  699.594819][T15681]  __vhci_create_device+0xf0/0x880
[  699.596577][T15681]  vhci_write+0x2c0/0x480
[  699.597950][T15681]  vfs_write+0x7d3/0x11d0
[  699.599324][T15681]  ksys_write+0x12a/0x250
[  699.600679][T15681]  __do_fast_syscall_32+0x7c/0x300
[  699.602278][T15681]  do_fast_syscall_32+0x32/0x80
[  699.604248][T15681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.606530][T15681] 
[  699.607593][T15681] Freed by task 16075:
[  699.609310][T15681]  kasan_save_stack+0x33/0x60
[  699.611307][T15681]  kasan_save_track+0x14/0x30
[  699.613305][T15681]  __kasan_save_free_info+0x3b/0x60
[  699.615489][T15681]  __kasan_slab_free+0x5f/0x80
[  699.617492][T15681]  kfree+0x2b8/0x6d0
[  699.619162][T15681]  hci_release_dev+0x4ef/0x610
[  699.621173][T15681]  bt_host_release+0x6a/0xb0
[  699.622548][T15681]  device_release+0xa4/0x240
[  699.624399][T15681]  kobject_put+0x1e7/0x5a0
[  699.625828][T15681]  put_device+0x1f/0x30
[  699.627156][T15681]  vhci_release+0x185/0x230
[  699.628737][T15681]  __fput+0x402/0xb70
[  699.630046][T15681]  task_work_run+0x150/0x240
[  699.631537][T15681]  do_exit+0x86f/0x2bf0
[  699.632903][T15681]  do_group_exit+0xd3/0x2a0
[  699.634356][T15681]  get_signal+0x2671/0x26d0
[  699.635817][T15681]  arch_do_signal_or_restart+0x8f/0x790
[  699.637645][T15681]  exit_to_user_mode_loop+0x85/0x130
[  699.639408][T15681]  __do_fast_syscall_32+0x240/0x300
[  699.641078][T15681]  do_fast_syscall_32+0x32/0x80
[  699.642723][T15681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.644774][T15681] 
[  699.645568][T15681] Last potentially related work creation:
[  699.647459][T15681]  kasan_save_stack+0x33/0x60
[  699.648969][T15681]  kasan_record_aux_stack+0xa7/0xc0
[  699.650660][T15681]  insert_work+0x36/0x230
[  699.652087][T15681]  __queue_work+0x3f8/0x1160
[  699.653566][T15681]  queue_work_on+0x1a4/0x1f0
[  699.655108][T15681]  process_one_work+0x9cf/0x1b70
[  699.656713][T15681]  worker_thread+0x6c8/0xf10
[  699.658220][T15681]  kthread+0x3c5/0x780
[  699.659563][T15681]  ret_from_fork+0x675/0x7d0
[  699.661048][T15681]  ret_from_fork_asm+0x1a/0x30
[  699.662664][T15681] 
[  699.663644][T15681] Second to last potentially related work creation:
[  699.665773][T15681]  kasan_save_stack+0x33/0x60
[  699.667327][T15681]  kasan_record_aux_stack+0xa7/0xc0
[  699.669030][T15681]  insert_work+0x36/0x230
[  699.670425][T15681]  __queue_work+0x97e/0x1160
[  699.671901][T15681]  call_timer_fn+0x19a/0x620
[  699.673435][T15681]  __run_timers+0x569/0x960
[  699.674936][T15681]  run_timer_base+0x114/0x190
[  699.676470][T15681]  run_timer_softirq+0x1a/0x40
[  699.678051][T15681]  handle_softirqs+0x219/0x8e0
[  699.679912][T15681]  __irq_exit_rcu+0x109/0x170
[  699.681423][T15681]  irq_exit_rcu+0x9/0x30
[  699.682854][T15681]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  699.684654][T15681]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  699.686625][T15681] 
[  699.687416][T15681] The buggy address belongs to the object at ffff88802768c000
[  699.687416][T15681]  which belongs to the cache kmalloc-8k of size 8192
[  699.691673][T15681] The buggy address is located 160 bytes inside of
[  699.691673][T15681]  freed 8192-byte region [ffff88802768c000, ffff88802768e000)
[  699.696022][T15681] 
[  699.696810][T15681] The buggy address belongs to the physical page:
[  699.698804][T15681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27688
[  699.701494][T15681] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  699.704185][T15681] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  699.706632][T15681] page_type: f5(slab)
[  699.707925][T15681] raw: 00fff00000000040 ffff88801b443180 ffffea00009c4000 dead000000000003
[  699.710593][T15681] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  699.713474][T15681] head: 00fff00000000040 ffff88801b443180 ffffea00009c4000 dead000000000003
[  699.716395][T15681] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  699.719334][T15681] head: 00fff00000000003 ffffea00009da201 00000000ffffffff 00000000ffffffff
[  699.722118][T15681] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  699.724896][T15681] page dumped because: kasan: bad access detected
[  699.726991][T15681] page_owner tracks the page as allocated
[  699.729009][T15681] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 15211, tgid 15210 (syz.2.2540), ts 557617252021, free_ts 554279081546
[  699.736682][T15681]  post_alloc_hook+0x1c0/0x230
[  699.738676][T15681]  get_page_from_freelist+0x10a3/0x3a30
[  699.740913][T15681]  __alloc_frozen_pages_noprof+0x6d7/0x2470
[  699.743274][T15681]  new_slab+0xa5/0x360
[  699.744980][T15681]  ___slab_alloc+0xd79/0x1a50
[  699.746979][T15681]  __slab_alloc.constprop.0+0x63/0x110
[  699.749262][T15681]  __kmalloc_node_noprof+0x4dd/0x8a0
[  699.751507][T15681]  get_callchain_buffers+0x1ec/0x450
[  699.753717][T15681]  stack_map_alloc+0x313/0x650
[  699.755407][T15681]  map_create+0x65c/0x27e0
[  699.756795][T15681]  __sys_bpf+0x3d9d/0x4980
[  699.758238][T15681]  __ia32_sys_bpf+0x76/0xe0
[  699.759683][T15681]  __do_fast_syscall_32+0x7c/0x300
[  699.761280][T15681]  do_fast_syscall_32+0x32/0x80
[  699.762906][T15681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.764868][T15681] page last free pid 15149 tgid 15148 stack trace:
[  699.767054][T15681]  __free_frozen_pages+0x7df/0x1160
[  699.768685][T15681]  __put_partials+0x130/0x170
[  699.770159][T15681]  qlist_free_all+0x4d/0x120
[  699.771634][T15681]  kasan_quarantine_reduce+0x195/0x1e0
[  699.773529][T15681]  __kasan_slab_alloc+0x69/0x90
[  699.775504][T15681]  __kmalloc_cache_node_noprof+0x28b/0x7a0
[  699.777913][T15681]  __get_vm_area_node+0x101/0x330
[  699.779715][T15681]  __vmalloc_node_range_noprof+0x271/0x1480
[  699.781631][T15681]  __vmalloc_node_noprof+0xad/0xf0
[  699.783291][T15681]  bpf_prog_alloc_no_stats+0x58/0x600
[  699.785030][T15681]  bpf_prog_alloc+0x3b/0x230
[  699.786462][T15681]  bpf_prog_load+0x1c28/0x2850
[  699.788009][T15681]  __sys_bpf+0x3e72/0x4980
[  699.789493][T15681]  __ia32_sys_bpf+0x76/0xe0
[  699.791068][T15681]  __do_fast_syscall_32+0x7c/0x300
[  699.793192][T15681]  do_fast_syscall_32+0x32/0x80
[  699.795228][T15681] 
[  699.796259][T15681] Memory state around the buggy address:
[  699.798615][T15681]  ffff88802768bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  699.801964][T15681]  ffff88802768c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  699.805330][T15681] >ffff88802768c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  699.808591][T15681]                                ^
[  699.810225][T15681]  ffff88802768c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  699.812868][T15681]  ffff88802768c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  699.815472][T15681] ==================================================================
[  699.818190][T15681] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  699.820597][T15681] CPU: 1 UID: 0 PID: 15681 Comm: khidpd_10000008 Not tainted syzkaller #0 PREEMPT(full) 
[  699.824544][T15681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  699.827916][T15681] Call Trace:
[  699.829022][T15681]  <TASK>
[  699.829925][T15681]  dump_stack_lvl+0x3d/0x1f0
[  699.831544][T15681]  vpanic+0x640/0x6f0
[  699.833235][T15681]  panic+0xca/0xd0
[  699.834643][T15681]  ? __pfx_panic+0x10/0x10
[  699.836243][T15681]  ? check_panic_on_warn+0x1f/0xb0
[  699.838132][T15681]  check_panic_on_warn+0xab/0xb0
SYZFAIL: failed to recv rpc
[  699.840423][T15681]  end_report+0x107/0x170
[  699.842406][T15681]  kasan_report+0xee/0x110
[  699.844455][T15681]  ? __mutex_lock+0xe87/0x1060
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  699.846567][T15681]  ? l2cap_unregister_user+0x71/0x240
[  699.848948][T15681]  __mutex_lock+0xe87/0x1060
[  699.850994][T15681]  ? l2cap_unregister_user+0x71/0x240
[  699.853253][T15681]  ? __pfx___mutex_lock+0x10/0x10
[  699.855488][T15681]  ? find_held_lock+0x2b/0x80
[  699.857466][T15681]  ? l2cap_unregister_user+0x71/0x240
[  699.859776][T15681]  l2cap_unregister_user+0x71/0x240
[  699.861960][T15681]  hidp_session_thread+0x45e/0x660
[  699.864112][T15681]  ? __pfx_hidp_session_thread+0x10/0x10
[  699.866541][T15681]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  699.869154][T15681]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  699.871767][T15681]  ? lockdep_hardirqs_on+0x7c/0x110
[  699.873942][T15681]  ? __kthread_parkme+0x19e/0x250
[  699.876081][T15681]  ? __pfx_hidp_session_thread+0x10/0x10
[  699.878454][T15681]  kthread+0x3c5/0x780
[  699.880194][T15681]  ? __pfx_kthread+0x10/0x10
[  699.882219][T15681]  ? rcu_is_watching+0x12/0xc0
[  699.884253][T15681]  ? __pfx_kthread+0x10/0x10
[  699.886206][T15681]  ret_from_fork+0x675/0x7d0
[  699.888187][T15681]  ? __pfx_kthread+0x10/0x10
[  699.890152][T15681]  ret_from_fork_asm+0x1a/0x30
[  699.892195][T15681]  </TASK>
[  699.894327][T15681] Kernel Offset: disabled
[  699.896126][T15681] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:50:34  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88802b23b6c0 RCX=ffffffff81b06b83 RDX=ffff88801cec4900
RSI=ffffffff81b06b5d RDI=0000000000000005 RBP=ffffc9000044fcf8 RSP=ffffc9000044fba0
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1c79e86
R12=1ffff92000089f7c R13=0000000000000002 R14=0000000000000001 R15=ffffed10056476d9
RIP=ffffffff81b06b5f RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809780d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f747d60c CR3=000000004c3f7000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000007a8d DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000008000c0d0 Opmask01=0000000000000000 Opmask02=000000007fffffff Opmask03=0000000001041000
Opmask04=00000000fffffbff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d6e480
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d68a10
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00fe5f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73001605121f0073 431e161e035c1810
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00326963682f6874 6f6f7465756c622f 6c6175747269762f 736563697665642f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00326963682f6874 6f6f7465756c622f 6c6175747269762f 736563697665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 46392c45392c3839 2c36392c45382c43 382c41382c39382c 38382c37382c3638
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7766732c342c332c 322c312c306c6d61 722c32432c31432c 30432c46422c4542
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c44422c43422c42 422c41422c39422c 38422c37422c3242 2c31422c30422c44
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 412c36412c35412c 34412c33412c3141 2c46392c45392c38 392c36392c45382c
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 43382c41382c3938 2c38382c37382c36 382c35382c34382c 33382c32382c3138
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00fe5f1b30 00004d0000304530 0000000000000021 00004e4f27410340
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00004d0000304530 0000000000000021 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85268e75 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc90006d47620
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000064616552
R12=0000000000000000 R13=0000000000000036 R14=ffffffff9adc5da0 R15=ffffffff85268e10
RIP=ffffffff85268e9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88809790d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f143d52cab0 CR3=0000000025372000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fefec000 Opmask01=0000000000000000 Opmask02=000000002ff5ffff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d67a00 000055ed27d67a00
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d5a150
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d6e480
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f00fe5f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffff000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a552ad4606131 2a2a7fc70dc81a3e
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2a2a2a2a2a2a15d5 2a2a2a2a2a415943
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d6e480 000055ed27d6dcf0 000055ed27d68cd0 000055ed27d54840
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d708e0 000055ed27d6e480 000055ed27d6dcf0 000055ed27d68cd0
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ed27d54840 000055ed27d523d0 000055ed27d607c0 000055ed27d57510
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 007766732c342c33 2c322c312c306c6d 61722c32432c3143 2c30432c46422c45
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 422c44422c43422c 42422c41422c3942 2c38422c37422c32 422c31422c30422c
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 44412c36412c3541 2c34412c33412c31 412c46392c45392c 38392c36392c4538
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2c43382c41382c39 382c38382c37382c 36382c35382c3438 2c33382c32382c31
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000703 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000004000 RBX=ffff8880423a0ea0 RCX=000000000000000e RDX=ffff888021584900
RSI=ffffc90000415134 RDI=0000000000000005 RBP=ffff88801d6dd028 RSP=ffffc90003707070
R8 =0000000000000005 R9 =000000000000001f R10=000000000000000e R11=0000000000000001
R12=ffffc90000415100 R13=ffff8880423a0efc R14=ffff8880423a0ea8 R15=000000000000000e
RIP=ffffffff862f7eff RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f165717a300 ffffffff 00c00000
GS =0000 ffff888097a0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000055c4c638bf40 CR3=00000000270dd000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=13088b1b97009f59 762ba9972f9bb0a3 13088b1b97009f59 762ba9972f9bb0a3 13088b1b97009f59 762ba9972f9bb0a3 13088b1b97009f59 762ba9972f9bb0a3
ZMM18=52dd0a18fd22c57a e73215893357a4c0 52dd0a18fd22c57a e73215893357a4c0 52dd0a18fd22c57a e73215893357a4c0 52dd0a18fd22c57a e73215893357a4c0
ZMM19=0221000000000000 0000000000000004 0221000000000000 0000000000000003 0221000000000000 0000000000000002 0221000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0021d80320c48008 0021d0030fffffff ff0421c003000800 21b8030c080021b0
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03004c504701ffff fffffffffffff708 01800301800421a0 0303800421900306
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0800218803300800 2180030c80080004 0800220800060171 a21e000002f70000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080003800201c708 00060140ee003065 6c69662f2e01ffff ffffffffffffef08
ZMM25=e7321589e7321589 e7321589e7321589 e7321589e7321589 e7321589e7321589 e7321589e7321589 e7321589e7321589 e7321589e7321589 e7321589e7321589
ZMM26=fd22c57afd22c57a fd22c57afd22c57a fd22c57afd22c57a fd22c57afd22c57a fd22c57afd22c57a fd22c57afd22c57a fd22c57afd22c57a fd22c57afd22c57a
ZMM27=52dd0a1852dd0a18 52dd0a1852dd0a18 52dd0a1852dd0a18 52dd0a1852dd0a18 52dd0a1852dd0a18 52dd0a1852dd0a18 52dd0a1852dd0a18 52dd0a1852dd0a18
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0121000001210000 0121000001210000 0121000001210000 0121000001210000 0121000001210000 0121000001210000 0121000001210000 0121000001210000
info registers vcpu 3

CPU#3
RAX=0000000000cad613 RBX=0000000000000003 RCX=ffffffff8b5d72a9 RDX=0000000000000000
RSI=ffffffff8da28539 RDI=ffffffff8bf075c0 RBP=ffffed10037e5000 RSP=ffffc9000048fde8
R8 =0000000000000001 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001
R12=0000000000000003 R13=ffff88801bf28000 R14=ffffffff908242d0 R15=0000000000000000
RIP=ffffffff8b5d5d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097b0d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f282fffc CR3=000000002951c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000008000007f Opmask01=000000000001ffff Opmask02=000000000101ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 17c0404e08a353be f2d6a4670b08b7ec
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c58bea1a1021845f 8eb4c81efd755b49
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 13863e661d727fa0 83403b6923806691
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a5d94542f10f330f cc75e5f085be0da8
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000009880
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a8000001a8 00800100000001a8
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9cc2108c9cd6f0c4 9cff6d0e000001a8
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 008001009cc5eba0 000001a800800100
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9ceac9f400800100 008001009c7dc674
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fbdd33e9fac34b7f bad142cc0b45cc58
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 aeba488970d34723 a46f5685d16594ce
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000034 746e6576652f7475 706e692f7665642f
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 25203a726f727265 2064616572207265 79616c207475706e 6900000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00051f574a575740 0541444057055740 5c4449055150554b 4c00000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007002400000001 0005000800000000 0004000800000001 0003000800000022
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000556a7bc37778 0000000000000000 0000000200000005 0000556a7bc37388
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000556a7bc366d5 0000000000000001 0000000200000005 0000556a7bc37778
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000200000005 0000556a7bc37388 0000000000000001
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000556a7bc366ac 0000000000000001 0000000000000005 0000556a7bc366c1
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2d2e28332220
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3724bf2f2b2427bf 2d2e2832312435bf 3728252433342c2f 33bf2d2e28332220
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000