last executing test programs:

7.937623416s ago: executing program 2 (id=4521):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="28001300100001082abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000800250001000000"], 0x28}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r1, 0x0, 0x15, &(0x7f0000000040), 0xffffffffffffff99)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x84)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800000, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x300ca4d, 0x150)
write$UHID_DESTROY(r2, &(0x7f0000000380), 0x4)

7.650101453s ago: executing program 2 (id=4527):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000080))

7.610913478s ago: executing program 2 (id=4529):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x30, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xfffff001}]}, 0x30}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

7.603583437s ago: executing program 2 (id=4530):
syz_open_procfs(0x0, &(0x7f0000000200)='uid_map\x00')
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000040)={'wlan1\x00', 0x12e})
open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
pipe2(&(0x7f0000001440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x14)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r3, 0x0, r2, 0x0, 0x6, 0x0)
write(r2, &(0x7f00000002c0)="fe", 0xfdef)
read$watch_queue(r1, &(0x7f0000000780)=""/221, 0xfdef)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno='])
sendmsg$NFNL_MSG_CTHELPER_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000010901"], 0x14}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002f80)=[{{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000001240)='f', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000001800)="db", 0x1}], 0x1}}], 0x2, 0x0)

6.97833176s ago: executing program 0 (id=4532):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r2, &(0x7f0000019240)=""/102356, 0x18fd4, 0x200)
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000010002000000000002000700", @ANYRES32=0x0, @ANYBLOB="aeff04005ea28278515ce0b735ff81cf63d5a5b7b179260910c04901c1e0e17db3a6116d7c3a0958fd4b812c304bc209db3ed70722dbffd4f37cbf102d81868d8d8e", @ANYRES32=0x0, @ANYBLOB="02000700", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=0x0, @ANYBLOB="02000300", @ANYRES32, @ANYBLOB="040004000000000008000600", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="100004000000000020000c0000000000"], 0x5c, 0x1)
mmap$binder(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x9)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
write$tun(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="000008000100000000003d00000048f800400000000000f78490783fffffffac1414aa440c670000000004000000030000000005f2250dbb08444b", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x4e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x80, &(0x7f0000000180)=ANY=[@ANYBLOB="bb6233c1eb870180c200000086dd6410f746004a2f0100000000000000000000ffffffffffffff0200000000000000000000000000010401000904000800010086ddef2f6de0080088be000000041c0930000100"], 0x0)
r5 = syz_open_dev$ndb(0x0, 0x0, 0x400)
readahead(r5, 0x2, 0x8)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd25, 0xfffffffc, {0x7}}, 0x14}}, 0x0)
r6 = openat$nvme_fabrics(0xffffff9c, &(0x7f0000000000), 0x80081, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000840)={'syz0\x00', {0x1, 0x8000, 0x9, 0xac23}, 0x40, [0x10, 0x8000, 0x7, 0x7, 0xffcf, 0x7, 0x8, 0x1ff, 0xe95ab6b, 0x1, 0x4cc59373, 0x0, 0x8001, 0x1, 0x6, 0x8000, 0x4, 0x1, 0x2, 0x6, 0x3, 0x4, 0x10000, 0x0, 0x4e3, 0x1, 0x7fff, 0x5, 0x0, 0x2, 0x1, 0xe, 0x8000, 0x1, 0x9d, 0x80, 0x7, 0x3, 0xbc49, 0x696, 0x8000, 0x1, 0xb, 0x7, 0x7, 0x7, 0x2, 0x3, 0x3, 0xff, 0x1, 0x4, 0x5, 0xffffffff, 0x0, 0x8, 0x7ff, 0x4, 0x8, 0xffffffff, 0x3, 0x100, 0x5, 0xb], [0x7, 0x9d2, 0x80000001, 0x800, 0x3, 0x9, 0x7, 0x8, 0x5, 0x80000001, 0x80008, 0x40, 0x9, 0x8, 0x80000001, 0x4, 0x0, 0xd, 0xfffffff7, 0x3, 0x0, 0x2, 0x2, 0x3, 0xb, 0x66fe, 0x6, 0x5, 0xe03, 0x3ff, 0x10004, 0xfffffc00, 0x1, 0x4, 0x3ff, 0x3, 0x7f, 0x3, 0xd08, 0x1, 0x1, 0x22, 0xfc000000, 0x35, 0x1, 0x4, 0xe37, 0x3, 0x0, 0x1, 0xe8, 0xffff8000, 0x2, 0xb, 0xd7a8, 0x6, 0xbdc, 0x3e6, 0x2, 0x9, 0x0, 0x8, 0x7fffffff, 0x6], [0x1, 0x9, 0x7, 0x590, 0x10000000, 0xb0, 0x8, 0x5, 0x2, 0x4, 0x6, 0x7, 0x3, 0x3, 0x4, 0xe, 0x8001, 0x1, 0x0, 0x9, 0x200, 0xbf1c, 0x79fc, 0x1, 0xf9, 0xffffff26, 0x0, 0xfffffff7, 0x9, 0x1, 0x7, 0x2, 0x8000, 0x10, 0x5, 0x3, 0x1, 0x10, 0xb8, 0x6, 0xec5f, 0x8001, 0x7fffffff, 0x1b9, 0x8a7, 0x1, 0x8, 0x3, 0x1, 0x1, 0x4, 0x3, 0x74da, 0xec9, 0x140, 0x6, 0x3, 0x6, 0x1, 0x7fff, 0xa, 0x86c, 0x7, 0x1], [0x0, 0x20f, 0x80000001, 0x200, 0x0, 0x3, 0xb, 0x2, 0xffff, 0x4, 0x9, 0x80000000, 0xffff, 0xb7, 0x3a1, 0xfffffff1, 0xffff, 0xc, 0x8000, 0xfffffffe, 0x9, 0x3ff, 0x1, 0xdf76, 0x63, 0xa, 0x7f, 0x100, 0x40, 0x3, 0x2, 0x8, 0x8, 0x7, 0x4, 0x2170, 0x0, 0x2, 0x6b2, 0x9, 0xcd5e, 0x59, 0x9, 0x6, 0x6, 0x6, 0x5, 0x1, 0x0, 0x4, 0x9, 0x6, 0x1, 0x6, 0x2, 0x3, 0x9, 0xfff, 0x5, 0x3, 0x8, 0x1, 0x5, 0x6]}, 0x45c)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
syz_emit_ethernet(0x6a, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
mkdir(&(0x7f0000000040)='./file0\x00', 0x14)
r7 = openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
preadv(r7, &(0x7f0000003240)=[{0x0}, {&(0x7f0000002100)=""/4096, 0x1000}], 0x2, 0x1, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
preadv2(r8, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1f, 0x0, 0x4, 0x8)
socket$nl_route(0x10, 0x3, 0x0)

6.200530006s ago: executing program 3 (id=4537):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x4, 0x0, &(0x7f00000000c0))

5.990293795s ago: executing program 3 (id=4538):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe)
ioctl$int_in(r1, 0x5452, &(0x7f0000000280)=0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000100)={0x9, 0x0, 0x4000000000, 0x0, 0xa48f, 0x0, 0x800010100000}, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r1, &(0x7f0000000300)="8b", 0x1, 0x54, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r1, 0x1)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
r3 = socket(0x1, 0x803, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x58, 0x10, 0x401, 0xfffffffe, 0x4, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81a07e, 0xc574450d1af335be}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_VLAN_TUNNEL={0x5}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000580)=""/71, 0x47, 0x55)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x18, 0x3, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@CTA_TUPLE_ORIG={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20040004}, 0x48044)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r6], 0x50}}, 0x0)
r8 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r8, &(0x7f0000000800)="900000001c001f4d154a817393278bff0a80a57802000000e503740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e00a2c5fed0759cb068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cef7cff81d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
sendto$inet6(r8, &(0x7f0000000180)="900000001d001f4d154a817393278bff0a80a578020000000404840014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000766436c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
r9 = socket(0x1, 0x803, 0x0)
r10 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$sock_SIOCADDRT(r10, 0x890b, &(0x7f0000000280)={0x0, @l2tp={0x2, 0x0, @rand_addr=0x64010101, 0x3}, @nl=@proc={0x10, 0x0, 0x25dfdbff, 0x20000}, @isdn={0x22, 0x2, 0x7, 0x2, 0x9}, 0xa55c, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)='ip6_vti0\x00', 0x7, 0x4, 0x3})
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="500000001000210400000000fedbdf25000000", @ANYRES32=0x0, @ANYBLOB="adffa888e16000002800128009000100766c616e00000000180002800c0002000e0000000a000000060001000001000008000500", @ANYRES32=r11], 0x50}}, 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_hsr\x00', <r12=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r12}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

2.659607501s ago: executing program 1 (id=4539):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_START_POLL(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000001c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0126c4b29eefd50d1940120833da83230023010000340207000600000008000300ffffffff08000100", @ANYRES32=0x0, @ANYBLOB="08000e0080000000"], 0x2c}}, 0x40)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000000201010157000000000000d4388560123b4d27da56ac6446798e5495399afe9df996b437ba6d006d6906404dc4f1f0191262d309adaee3256201e944ed1dd36b7b4beba43d4db8859da1dee0347d8b97d54490ca0ad7ecdf62aa93780679bdfde64482e8be58fe479784238e099fd01cfc27105e01321bf7be107c5805dc6f97150d692487ee8c31e55651efe1ded49b93865b529031f112fb72954b093f2d2d2a40f6342cf6f814cf35f0f15e3cbcdde54f69486258afbf00bf23065a78"], 0x1c}, 0x1, 0x0, 0x0, 0x4880}, 0x0)
r6 = io_uring_setup(0x7ba6, &(0x7f0000000140)={0x0, 0x12fd, 0x1, 0x1, 0x36a})
io_uring_enter(r6, 0x6972, 0xefd7, 0x2, &(0x7f0000000080)={[0x669e]}, 0x8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r7 = syz_open_dev$vim2m(&(0x7f0000000200), 0x4f93, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000000400)={0x13, 0x1, 0x2, "18e889cb5bfb8276529323b392b837e339070000000000000000008000", 0x38416761})
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000000206030000000000000000000000000011000300686173683a6e65742c6e657400000000050001000700000005000540020000000900020073797a300000000005000400000000000c0007800500140081000000"], 0x58}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r9 = dup(r8)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x800, 0x20000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r9, 0x2000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000240)={@hyper})

2.658877321s ago: executing program 0 (id=4540):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000000)={0x200000000000001}, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}}], 0x1, 0x400c404)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x3, 0x60d3, 0x4})
r1 = socket$kcm(0x21, 0x5, 0xa)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000480)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e23, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="100000ee2ff956001001000001000000"], 0x10}, 0x0)
r2 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @ipv4={'\x00', '\xff\xff', @remote}, 0x1df}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="100000001001000001000000dc000000c03f69fcc0d116f0aea362b3291e7aa1b8c39681e665da48f068246d20"], 0x10}, 0x40)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r3 = socket(0x1e, 0x1, 0x0)
connect$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x3, 0x2}}, 0x10)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000dc0)="29298d1c7c9c25a0b28c4e3431d821211f2410ee6f458d1014e476a5606deb1f63418a3721a9adb736dc0028bf1b33032cabb66fd858090f1cfdea5475ac9b1243f9985357e35c7a2761ea8ae029c69e92fe6e1da22649fbe6e487f14ff7b0b97f0e7c6729f66f373bcb7269da6eff200185f42f14f2f22c02729e0c063b9d7efb3562c70ea4a40f54999ac9e2976ef4b01fec2d7491aa9700a8d042845e0ea11e0000ffddfc0002000024f54adea0057f752ee6d0ce025dc9dce8ec45476bccb16b2f201476f5b1f342bc6b6b53f0256082b8b3e7ee9ed0732e0208c95b2d85da4b1491c472252dc016c3072fa66b2d5ac552baaf17c742551b5429000000000000000000000000000000481463d89d8d09b44cdd49584d8f4e709d4da5f487c34a71f85bd3c2c7044cb1e359a2cbcb20fd77c16f356ffb7ee7bfb2e699f3bf19436234072cbb9d3d8cb75a135efb6378c745fa4503caa49f1cab150286ce54089758b00d799d3481caf62d95ef624ea3f30c96f265b204f1638e110ca10a33e97adc7ef5afc3ec5bcd8429549411e3d1aaa142db794f1e1545c107ab9490cd496503cd726fe8fd6b455fcca27887e6f4546bfc5ff1c2ee8d9fabf9770f749efe000000004b3f44f27b37cae6e2f4b391f409ab3a0a52c7d70900734219838adc87e31042f4a6ac1326f792c0160ec08de12b390716409d1a00ded9d170067b9bb9724dee98e240c6aba864f847950472da096b9bfb2698d3ce9850fd48cd7e1ab4cfeaf77a863c6ac4ae30c7244e37d788b6bdbd4dffea5f7b3bab98fde3f414aea897632898fcced00f530b323cd7c741", 0x252)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1100000004000000040000000600000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a26a283ec0f60a45f40ef2bcaef635c40e9af13afa578bc3988ac1b677ec818f3d321dcefab506c6acba965322537ca315e454126e7cebf4080c8c00957fffedb22a40ca7a0d4bef27a0da8787e69253add11cbfdbf5a82b1246fc18365a8f58c6894d1ec18203c27a7c1b8346b3c658ff74327e721740dd04f76beff7a224d0a7137724261b9867b331a9030d3c7e4b2f41526e4daa262ac7286e2b3978e1b7f29b066dba91981005c56384b94c38587f9447c71975683c75a015dbfbd2d1b799705fa2f85332657a0eec622a15dde8b6785e75469ec6d9b0f5296b68712d4bf1b9b6de3a070ec6a221b31bf7f9724819fa02f2652d37d175e5ab8a74d938b62142fc8f0f9ec8ddd34c1110c1ba55d1b394f2e88a8743200eea65dfdcc73ecfed384e891c78bed1d62ff145725d0b5897acb55b78698226796281331559e907de7e103b1342d86e339e5460ef28cb3e4395605af4648a7ee39441368e50c5145c58e9959e298a755cea61dac6d9e2de7c5549ef8ec18bc219af854f661a3469ad6fbefa6689"], 0x48)
bpf$BPF_GET_MAP_INFO(0x4, &(0x7f00000001c0)={r5, 0xffffffffffffffa2, &(0x7f0000000240)}, 0x10)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="780000001000390423bd7000fbdbdf2500000000", @ANYRES32=r7, @ANYBLOB="81b0000000000000580012800e000100697036677265746170000000440002800500160001000000060010004e210000080004000b00000005000b00ff000000060010004e2000000600030008000000060018000900000006000f0006000200"], 0x78}}, 0x4040844)
writev(r4, &(0x7f0000000b00)=[{&(0x7f0000000940)='\r', 0xfdef}], 0x2)
r8 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r8, 0x80083314, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x1}]})

2.424889987s ago: executing program 3 (id=4541):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0xfff9}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x2d}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_BITWISE_OP={0x8}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_BITWISE_MASK={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}})
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000080)=0x40000)
write$dsp(r3, 0x0, 0xfffffe59)
r4 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r4)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000280)={0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffc, 0x0, 0x0, 0x1c, 0x18, "43443af4ff8c8ad271d16eb2123b3b1bd68150cf090004a3a3026f60c75585bee41b9ac4620700000022c014cc874a103a4a7408000000009dd38cb4a000", "e2e6b11135c1ce32ffcca6b388251926088888aad5f38476d748212e81691cfcdaf180c177dd28f6fa00006ca0981b01ab00", "f9285f39feffbcfdb3eaebf6b08cf712fe7f00", [0x200000000000000d, 0x8000000d]})
ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000380))

2.2883474s ago: executing program 0 (id=4542):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x54, 0x24, 0x1, 0x40000, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)

2.220323018s ago: executing program 0 (id=4543):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x2c01, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

2.078251383s ago: executing program 3 (id=4544):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="28001300100001082abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000800250001000000"], 0x28}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r1, 0x0, 0x15, &(0x7f0000000040), 0xffffffffffffff99)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800000, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x300ca4d, 0x150)
write$UHID_DESTROY(r2, &(0x7f0000000380), 0x4)

2.010009447s ago: executing program 3 (id=4545):
preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f0000000340)=""/192, 0xc0}], 0x1, 0x2, 0x3ff)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mount(&(0x7f0000000140)=@sr0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$rxrpc(0x21, 0x2, 0xa)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x81)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xb, &(0x7f0000000400)=""/92, &(0x7f0000000300)=0x5c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x20)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/dev_mcast\x00')
pread64(r4, &(0x7f0000003b00)=""/195, 0xc3, 0x591f)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2442, 0x20)
fcntl$setlease(r5, 0x400, 0x0)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file1\x00')
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={0x0, 0xb8}}, 0x20000080)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendto$inet6(r6, &(0x7f0000000240)="c8", 0x1, 0x51, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000000180), 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

1.750178202s ago: executing program 1 (id=4546):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x2, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x0, 0x8000000000002})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x8, 0x0, &(0x7f00000005c0)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x1058, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r5}, @flat=@weak_handle={0x77682a85, 0x1, 0x2}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1, 0xca}}, &(0x7f0000000600)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
bind$tipc(r2, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000280)={0x30, r8, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x1004)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
r11 = syz_open_dev$dvb_frontend(&(0x7f0000000100), 0x0, 0x400)
ioctl$FE_SET_PROPERTY(r11, 0x40086f52, &(0x7f00000001c0)={0x1b, &(0x7f0000000880)=[{0x18, '\x00', @data=0x8001, 0x2}]})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r13 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r13, 0xffffffffffffffff, 0x0)

1.45697128s ago: executing program 1 (id=4547):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x2, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x0, 0x8000000000002})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x8, 0x0, &(0x7f00000005c0)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x1058, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r5}, @flat=@weak_handle={0x77682a85, 0x1, 0x2}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1, 0xca}}, &(0x7f0000000600)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
bind$tipc(r2, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000280)={0x30, r8, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x1004)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
r11 = syz_open_dev$dvb_frontend(&(0x7f0000000100), 0x0, 0x400)
ioctl$FE_SET_PROPERTY(r11, 0x40086f52, &(0x7f00000001c0)={0x1b, &(0x7f0000000880)=[{0x18, '\x00', @data=0x8001, 0x2}]})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r13 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r13, 0xffffffffffffffff, 0x0)

1.320187475s ago: executing program 0 (id=4548):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000c40)={{0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x36}, 0x0, [0x1688, 0x3, 0x1000000, 0x0, 0xdf3, 0x0, 0x0, 0xffbffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x4, 0x80000, 0xf, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x4, 0x7, 0x0, 0x7, 0x7ff, 0xfffffffe, 0x0, 0x40, 0x0, 0x0, 0x100000001, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x4, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x8000000000000000, 0x5, 0x0, 0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x80000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffb, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0x0, 0xde4, 0x7, 0x0, 0x100000000]})

1.246659725s ago: executing program 0 (id=4549):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
accept4$inet6(r2, 0x0, &(0x7f00000001c0), 0x100000)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440), 0x5f, 0x0, &(0x7f0000000480)="0cce0523552df5799e844ca6558f6adffcf24e07e5aafad225a33a8e32337edc3c2fbfc0bc8e4b3186f8a3370b1f55a74ae0226a953523162a7a9f41178a9e3faa7b1913c6f39572ca71b3990d00e4f182d285a6ff07bbee81bb648e4347fe"})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4043, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r4, 0x6, 0xd, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f0000000000)={0x0, 'caif0\x00', {}, 0x8})
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000000640)={0x2020}, 0x2020)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x44, 0x2, 0x8, 0x301, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x201}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf9}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
openat$dir(0xffffff9c, &(0x7f00000003c0)='./file1\x00', 0x305341, 0x106)
r5 = socket$kcm(0x21, 0x2, 0xa)
syz_usb_connect$hid(0x2, 0x36, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x9c000000, @ipv4={'\x00', '\xff\xff', @remote}, 0x1df}}, 0x80, 0x0, 0x0, 0x0, 0x10}, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1.236330727s ago: executing program 1 (id=4550):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe2$watch_queue(&(0x7f0000001f80)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000002000))
r2 = socket(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mremap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffc000/0x3000)=nil)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000500)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x300, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe10804000000af8e0e3dc11d875397bdb22d0000b420a1a93e527d3d458d080000000000000000000000000000000000000000004300", "f4bd00000080190000efffca0000000000001a000000ff00", [0x2]}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000b40)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x4101}, {0xffff, 0xffff}, {0x7, 0xa}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x560, 0x7, 0x6c, 0x0, 0x0, 0xbfffffff}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x94, 0x8, 0x0, 0x8, 0x7}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2004c0c4}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)

969.732798ms ago: executing program 3 (id=4551):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)
ioctl$XFS_IOC_PATH_TO_HANDLE(r0, 0xc01c5869, &(0x7f00000003c0)={<r1=>r0, &(0x7f0000000040)='!^\x00', 0x50a40, &(0x7f00000000c0)={@align, {0xa3, 0x4, 0x4, 0x53d}}, 0x8, &(0x7f0000000100)={@_ha_fsid}, &(0x7f0000000280)=0x8002})
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000400)={0x2, 0x6, 0x0, 0x1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mkdir(&(0x7f0000000040)='./file0\x00', 0x118)
mkdir(&(0x7f0000000300)='./bus\x00', 0x68)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000240)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000480)=ANY=[])
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x1, './bus\x00'}, 0x70)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0x2, 0x1, 0xffff, 0x1}, 0x20)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000025c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x60)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x7, 0x0, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
sched_getaffinity(0x0, 0x4, &(0x7f0000000100))
connect$inet(r7, &(0x7f00000002c0)={0x2, 0xc22, @remote}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)

739.493998ms ago: executing program 1 (id=4552):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x10000, 0x2000, &(0x7f000000f000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
close(0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f00000000c0)={0x6, 0x0, [{0x80000007, 0x10f4, 0x1, 0x3, 0x2, 0x33a, 0x57}, {0xc0000013, 0x1000, 0x3, 0x4, 0x3, 0x2, 0x6}, {0x80000008, 0x6, 0x1, 0x2, 0x3, 0xfffffffe, 0x5}, {0x7, 0x75, 0x5, 0xf42, 0xf, 0xfffffffc, 0x3}, {0xa, 0x1ff, 0x3, 0x5, 0x96f, 0xfff, 0x2}, {0x65a3426c26b37cd6, 0x7be1, 0x1, 0x0, 0x0, 0x9, 0xba3}]})
lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000100)=ANY=[@ANYBLOB="00fb7e040b59eb0684c3888a000ba2e3e3e3adf8960e5d4b13812d595aa49354b087fa665224ad67bb0216aa9b5d3138737c604b93688ba829da8b1cddb46b9e398bbfda290abe5e3dba22e50f2e8a4779ba7c520079564781acf74e2d199e24f510946d4072ec0e96f458f3c0c1de675fc09fe5ed0b1c6bd1552fed03be"], 0x7e, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r6, &(0x7f0000000280)={0x0, 0x3, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000010a09020000000000000000020000008e0437162ad7edff7df444e2723eccb86911fe6cc46f9e997d2ad82aa54963a257754026f2217d7d12d9cbd2b38b111e2de77e15e13eea2ed6eee2f57226f9420b09b3265c32c7578e20b81f68451ea35230ed0626e4d23a8f9f7a16d9e1402e096026f2cb43b171c3f5151cb2c7bfb7ffc3ede8ba76798fdde6367772411376418a5908491b61ba49b61ed261f6754bffa166a2f12bc3d218742030824feff3afeb3655ba15948cc0048fbcf02c9cba64b32956b1ae881648ccba30"], 0x14}}, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000002c0)=ANY=[@ANYBLOB="44000000e224d176e4c03c5790422d00"/31, @ANYRES16=r5, @ANYBLOB="010028bd7000ffdbdf250c00000018000380080002000000000008000500d165c85104000400180001801400020076657468305f766972745f7769666900"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x80)

723.607039ms ago: executing program 2 (id=4531):
ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000000000)={0x6, "d1649ff19180eb2df08c5a5f0e92b9ddb4d25ec13b7db7822dd19eb253281ff9", 0x5, 0x200, 0x1000, 0xc, 0x2, 0x2, 0x1, 0x80000000}) (async)
ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000000000)={0x6, "d1649ff19180eb2df08c5a5f0e92b9ddb4d25ec13b7db7822dd19eb253281ff9", 0x5, 0x200, 0x1000, 0xc, 0x2, 0x2, 0x1, 0x80000000})
getpid() (async)
r0 = getpid()
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0, <r1=>0x0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x204c00, 0x0)
kcmp(r0, r1, 0x5, r2, r3)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {0x7}}, './file0\x00'}) (async)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r4=>r2, {0x7}}, './file0\x00'})
connect$l2tp(r4, &(0x7f0000000180)={0x2, 0x0, @multicast1, 0x3}, 0x10)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='\x00', &(0x7f0000000200)='\x00', 0x0)
r5 = syz_genetlink_get_family_id$gtp(&(0x7f0000000280), r4)
sendmsg$GTP_CMD_ECHOREQ(r4, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r5, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @private2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_MS_ADDR6={0x14, 0xc, @mcast1}, @GTPA_FAMILY={0x5, 0xd, 0x27}, @GTPA_FLOW={0x6, 0x6, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x406c000) (async)
sendmsg$GTP_CMD_ECHOREQ(r4, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x5c, r5, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @private2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_MS_ADDR6={0x14, 0xc, @mcast1}, @GTPA_FAMILY={0x5, 0xd, 0x27}, @GTPA_FLOW={0x6, 0x6, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x406c000)
mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000440)='ubifs\x00', 0x100000, &(0x7f0000000480)='/dev/kvm\x00')
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000004c0)=0xe2fd, 0x4)
setpgid(r1, r1)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_CAP_ACK(r6, 0x10e, 0xa, &(0x7f0000000500)=0x5, 0x4)
r7 = openat$hpet(0xffffff9c, &(0x7f0000000540), 0x80000, 0x0)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), r4)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r7, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x34, r8, 0x300, 0x70bd29, 0x25dfdbfe, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x4000044)
ioctl$TCSETS(r7, 0x5402, &(0x7f00000006c0)={0x178, 0x1, 0x8, 0xd8, 0x16, "755e48038edf535064b1e697931117fae5e5d2"}) (async)
ioctl$TCSETS(r7, 0x5402, &(0x7f00000006c0)={0x178, 0x1, 0x8, 0xd8, 0x16, "755e48038edf535064b1e697931117fae5e5d2"})
ioctl$KVM_GET_MSRS_sys(r7, 0xc008ae88, &(0x7f0000000700)={0x8, 0x0, [{0x3a6, 0x0, 0x100}, {0x404, 0x0, 0x2}, {0x997, 0x0, 0x5}, {0x22e, 0x0, 0xa9}, {0x2b3, 0x0, 0x10ed93b2}, {0x9ce, 0x0, 0xfffffffffffffffc}, {0xb55, 0x0, 0x7}, {0xabd, 0x0, 0x80000000}]})
ioctl$DRM_IOCTL_MODE_GETENCODER(r4, 0xc01464a6, &(0x7f00000007c0)={0x0, 0x0, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000800)={0x0, r9, 0x81, 0x2054, 0x81, 0x8, 0x0, 0xd, 0x40c}) (async)
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000800)={0x0, r9, 0x81, 0x2054, 0x81, 0x8, 0x0, 0xd, 0x40c})
open(&(0x7f0000000840)='./file0/file0\x00', 0x8480, 0x40) (async)
r10 = open(&(0x7f0000000840)='./file0/file0\x00', 0x8480, 0x40)
syz_genetlink_get_family_id$tipc(&(0x7f0000000880), r4) (async)
syz_genetlink_get_family_id$tipc(&(0x7f0000000880), r4)
getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f00000008c0)={'filter\x00', 0x89, "804351d651bbb5623a8d88b774f46b8ee11c8800193b99bef337318db745bedd097015e148fce7052d1de331275de46b36061daf241b18a3336607df30c3b959ffebc9f62db9ad6138ae20719ce0796ff05a54295cd53bfd7ce5692c0c2b8135f023efafdf1fe83d4ef5d4403049fba922c44014f3b30b916b2840ae509a137ada0b7b8f11943b0afe"}, &(0x7f0000000980)=0xad) (async)
getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, &(0x7f00000008c0)={'filter\x00', 0x89, "804351d651bbb5623a8d88b774f46b8ee11c8800193b99bef337318db745bedd097015e148fce7052d1de331275de46b36061daf241b18a3336607df30c3b959ffebc9f62db9ad6138ae20719ce0796ff05a54295cd53bfd7ce5692c0c2b8135f023efafdf1fe83d4ef5d4403049fba922c44014f3b30b916b2840ae509a137ada0b7b8f11943b0afe"}, &(0x7f0000000980)=0xad)
setsockopt$inet_buf(r10, 0x0, 0x25, &(0x7f00000009c0)="3d3458e8fbffcf11154d7d78aec7814c408a3305ad7d603e9bcbfecc97a9ddc2b56938531918fb8bf4ceba847c75396635542dc50e4eca8fff0d4f43cfc9eea302b5cbbb8cf1f30a33388a9f49dafaa05d6f4f8a105f011fe4e33b4edcb1dbc3fe31963a8e1b79caff739102663f16a3838c7417f9d2380f56aa005991f626383cf6c44c502f0b16a1a4fd04a2e74084ce58ceb69d86cc1a77f30453f97c6eaca9b4d40d0bb4c6e69077ec36f4e73280276b3f967fda0e279f9234ec179d3caacf4af84b0b12d8cf5113770ce0a6bbf2aad9dd786e72237bf10efc97199edbe6be97167a640bf5c2efc4c65d0a1b0cc93ce74487904dbe76", 0xf8)
ioctl$OCFS2_IOC_REFLINK(r3, 0x40186f04, &(0x7f0000000b40)={&(0x7f0000000ac0)='filter\x00', &(0x7f0000000b00)='filter\x00', 0x7fff})
openat(r10, &(0x7f0000000b80)='./file0/file0\x00', 0x42080, 0x51)
syz_usbip_server_init(0x4)

616.798279ms ago: executing program 1 (id=4553):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYRES32], &(0x7f0000000300)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r3, 0x3, 0x5004)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a180000000c0a010100000000000000000a000006040003801400000000010000000000000000000200000a007bf8c9ba23507ffe6fe1dcfb912f85ce0db70c4852f42f8585743c34a14421bc850a8028e78674e3084416cf4e4b1ea8179cbcd5653d396397ee55f98c444e2b8a27e8f3e12382f70075080d09b10617d09af881d04a7952908ab017b5ec5f1aaca5afa1b3ee086a380e98b5403974748e93015d7ad384a05e0f6f64fb6dce26b9bdc0c0c16764cd11"], 0x40}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
prlimit64(r3, 0xf, &(0x7f0000000280)={0x8, 0xb564}, &(0x7f0000000340))
r7 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000100), 0x100, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000140)={[0x670dab3e, 0x747d, 0x5, 0x1, 0x7fffffff, 0x1, 0x71, 0x401, 0x3, 0xffffffffffffffff, 0x7, 0xd88a, 0xff, 0x800, 0x7, 0x2], 0xffff1000, 0x1400})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x17, 0x0, @ioapic={0x0, 0x2, 0x3, 0xeffffdff, 0x0, [{0x0, 0x80, 0x3}, {0x4, 0x5, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x0, 0x7f, '\x00', 0x2}, {0x8, 0x0, 0x5, '\x00', 0x9}, {0x4}, {0x0, 0x85, 0xbe}, {0x0, 0x5, 0x3, '\x00', 0xfc}, {0x1, 0x0, 0x0, '\x00', 0x7f}, {0x8, 0x6, 0xfe, '\x00', 0x42}, {0x0, 0x2}, {0x0, 0x50}, {0x4, 0x0, 0x24, '\x00', 0x3}, {0x58, 0x4e}, {0x2, 0x2, 0x4}, {0x0, 0x3}, {0x1, 0x0, 0x4, '\x00', 0x4}, {0x0, 0x0, 0x4, '\x00', 0xfd}, {0x1, 0x4, 0x7, '\x00', 0x3}, {0x81, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x17}, {0x0, 0xfd, 0x0, '\x00', 0x70}, {0x1, 0x0, 0x0, '\x00', 0xe}, {0x10, 0x5, 0xe}]}})
socket$inet6(0x10, 0x3, 0x0)

0s ago: executing program 2 (id=4554):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x2, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000240)={0x73622a85, 0x0, 0x8000000000002})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000000c0)={0x8, 0x0, &(0x7f00000005c0)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x1058, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r6}, @flat=@weak_handle={0x77682a85, 0x1, 0x2}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1, 0xca}}, &(0x7f0000000600)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
bind$tipc(r3, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000000280)={0x30, r9, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x1004)
socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
r11 = syz_open_dev$dvb_frontend(&(0x7f0000000100), 0x0, 0x400)
ioctl$FE_SET_PROPERTY(r11, 0x40086f52, &(0x7f00000001c0)={0x1b, &(0x7f0000000880)=[{0x18, '\x00', @data=0x8001, 0x2}]})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r12, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x2, 0x1ff, 0x1, 0x6, 0x224, 0xffffffff, 0x16d86e15, 0x5e58, 0x3}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000010)
r13 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r13, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

ype 1 has an invalid length.
[  947.888550][T17996] netlink: 228 bytes leftover after parsing attributes in process `syz.0.3106'.
[  947.974440][T17999] binder: 17997:17999 unknown command 0
[  947.976420][T17999] binder: 17997:17999 ioctl c0306201 80000080 returned -22
[  947.992765][T18000] binder: 17998:18000 unknown command 0
[  947.995367][T18000] binder: 17998:18000 ioctl c0306201 80000080 returned -22
[  948.019675][T18000] binder: BINDER_SET_CONTEXT_MGR already set
[  948.021732][T18000] binder: 17998:18000 ioctl 4018620d 80000040 returned -16
[  948.623451][T18021] ip6erspan1: entered allmulticast mode
[  949.118972][T18024] ip6erspan0: entered allmulticast mode
[  950.228893][T18038] binder: 18037:18038 unknown command 0
[  950.231561][T18038] binder: 18037:18038 ioctl c0306201 80000080 returned -22
[  950.236353][T18038] binder: BINDER_SET_CONTEXT_MGR already set
[  950.238952][T18038] binder: 18037:18038 ioctl 4018620d 80000040 returned -16
[  950.408178][T18046] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  950.617302][T18044] 9p: Bad value for 'cache'
[  952.524082][T18080] netlink: 'syz.0.3139': attribute type 11 has an invalid length.
[  952.645853][T18087] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  952.842730][T18084] 9p: Bad value for 'cache'
[  953.305533][T18093] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3142'.
[  953.460999][T18095] fuse: Unknown parameter '0x0000000000000004'
[  954.013416][T18119] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  954.016192][T18119] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  954.018877][T18119] vhci_hcd vhci_hcd.0: Device attached
[  954.024991][T18120] vhci_hcd: unknown pdu 1
[  954.026906][   T61] vhci_hcd vhci_hcd.2: stop threads
[  954.029111][   T61] vhci_hcd vhci_hcd.2: release socket
[  954.031680][   T61] vhci_hcd vhci_hcd.2: disconnect device
[  955.021142][T18134] tmpfs: Unknown parameter ''
[  955.023620][T18134] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3154'.
[  955.418371][T18156] (syz.1.3162,18156,3):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[  955.614282][T18168] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3165'.
[  955.617518][T18168] netlink: 'syz.1.3165': attribute type 10 has an invalid length.
[  955.630181][T18168] team0: Port device netdevsim0 added
[  955.635069][T18168] netlink: 'syz.1.3165': attribute type 10 has an invalid length.
[  955.662592][T18168] team0: Port device netdevsim0 removed
[  955.666198][T18168] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  955.756330][T18176] input: syz0 as /devices/virtual/input/input26
[  957.510376][T18214] fuse: Unknown parameter '0x0000000000000004'
[  957.636554][T18220] binder: 18217:18220 ioctl c0285840 80000500 returned -22
[  957.919200][T18223] 9p: Bad value for 'cache'
[  957.972999][T18226] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3184'.
[  958.391912][T18231] netlink: 65165 bytes leftover after parsing attributes in process `syz.2.3186'.
[  958.395869][T18231] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  960.411183][T18249] openvswitch: netlink: Flow actions attr not present in new flow.
[  960.455730][T18250] netlink: 236 bytes leftover after parsing attributes in process `syz.2.3191'.
[  960.793160][T18257] fuse: Unknown parameter '0x0000000000000004'
[  962.331411][T18276] syz.1.3199 (18276): drop_caches: 2
[  963.204028][T18295] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  963.206592][T18295] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  963.211000][T18295] vhci_hcd vhci_hcd.0: Device attached
[  963.213964][T18295] random: crng reseeded on system resumption
[  963.272436][T18285] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  963.480338][ T5981] usb 38-1: SetAddress Request (74) to port 0
[  963.485359][ T5981] usb 38-1: new SuperSpeed USB device number 74 using vhci_hcd
[  963.633355][T18296] vhci_hcd: connection reset by peer
[  963.639061][   T13] vhci_hcd vhci_hcd.0: stop threads
[  963.640860][   T13] vhci_hcd vhci_hcd.0: release socket
[  963.646608][   T13] vhci_hcd vhci_hcd.0: disconnect device
[  963.655522][T18299] pim6reg: entered allmulticast mode
[  963.662521][T18299] team0: entered allmulticast mode
[  963.664261][T18299] team_slave_0: entered allmulticast mode
[  963.666124][T18299] team_slave_1: entered allmulticast mode
[  963.668755][T18299] team0: left allmulticast mode
[  963.670680][T18299] team_slave_0: left allmulticast mode
[  963.672426][T18299] team_slave_1: left allmulticast mode
[  963.674278][T18299] pim6reg: left allmulticast mode
[  963.743559][T18302] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  966.408383][T18319] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  966.410669][T18319] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  966.414125][T18319] vhci_hcd vhci_hcd.0: Device attached
[  966.427602][T18319] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3208'.
[  966.688682][T18338] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3213'.
[  966.965323][T18320] vhci_hcd: connection closed
[  966.966458][   T12] vhci_hcd vhci_hcd.0: stop threads
[  966.971535][   T12] vhci_hcd vhci_hcd.0: release socket
[  966.974964][   T12] vhci_hcd vhci_hcd.0: disconnect device
[  967.035528][T18344] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  967.037740][T18344] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  967.041562][T18344] vhci_hcd vhci_hcd.0: Device attached
[  967.090461][T18347] pimreg: entered allmulticast mode
[  967.163949][T18347] pimreg: left allmulticast mode
[  967.339122][ T1340] usb 44-1: SetAddress Request (85) to port 0
[  967.341418][ T1340] usb 44-1: new SuperSpeed USB device number 85 using vhci_hcd
[  967.589166][T18348] vhci_hcd: connection reset by peer
[  967.710281][   T61] vhci_hcd vhci_hcd.3: stop threads
[  967.711920][   T61] vhci_hcd vhci_hcd.3: release socket
[  967.713683][   T61] vhci_hcd vhci_hcd.3: disconnect device
[  968.579428][ T5981] usb 38-1: device descriptor read/8, error -110
[  969.010402][ T5981] usb usb38-port1: attempt power cycle
[  969.421561][T18386] block nbd3: NBD_DISCONNECT
[  969.423708][T18386] block nbd3: Send disconnect failed -32
[  969.426306][T18385] block nbd3: Disconnected due to user request.
[  969.439896][T18385] block nbd3: shutting down sockets
[  969.590414][ T5981] usb usb38-port1: unable to enumerate USB device
[  969.602275][T18396] Invalid logical block size (768)
[  969.632072][T18391] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  969.634210][T18391] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  969.650952][T18391] vhci_hcd vhci_hcd.0: Device attached
[  969.998154][T12366] usb 42-1: SetAddress Request (70) to port 0
[  970.005898][T12366] usb 42-1: new SuperSpeed USB device number 70 using vhci_hcd
[  971.005404][T18397] vhci_hcd: connection reset by peer
[  971.007989][   T61] vhci_hcd vhci_hcd.2: stop threads
[  971.010231][   T61] vhci_hcd vhci_hcd.2: release socket
[  971.012006][   T61] vhci_hcd vhci_hcd.2: disconnect device
[  972.019587][ T6001] usb 6-1: new low-speed USB device number 58 using dummy_hcd
[  972.149108][ T6001] usb 6-1: device descriptor read/64, error -71
[  972.399112][ T6001] usb 6-1: new low-speed USB device number 59 using dummy_hcd
[  972.411933][T18424] binder: 18423:18424 unknown command 0
[  972.413941][T18424] binder: 18423:18424 ioctl c0306201 80000080 returned -22
[  972.419171][ T1340] usb 44-1: device descriptor read/8, error -110
[  972.529190][ T6001] usb 6-1: device descriptor read/64, error -71
[  972.639517][ T6001] usb usb6-port1: attempt power cycle
[  972.675826][T18430] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  972.809737][ T1340] usb usb44-port1: attempt power cycle
[  972.973351][T18433] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  972.976479][T18433] block device autoloading is deprecated and will be removed.
[  972.979117][ T6001] usb 6-1: new low-speed USB device number 60 using dummy_hcd
[  973.000309][ T6001] usb 6-1: device descriptor read/8, error -71
[  973.086387][T18438] 9p: Bad value for 'rfdno'
[  973.228903][T18442] overlayfs: failed to resolve './file1': -2
[  973.239114][ T6001] usb 6-1: new low-speed USB device number 61 using dummy_hcd
[  973.259789][ T6001] usb 6-1: device descriptor read/8, error -71
[  973.379804][ T6001] usb usb6-port1: unable to enumerate USB device
[  973.518958][T18444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3244'.
[  973.770677][ T1340] usb usb44-port1: unable to enumerate USB device
[  974.085980][T18450] binder: 18449:18450 unknown command 0
[  974.087879][T18450] binder: 18449:18450 ioctl c0306201 80000080 returned -22
[  975.062794][T12366] usb 42-1: device descriptor read/8, error -110
[  975.460854][T12366] usb usb42-port1: attempt power cycle
[  975.567961][T18471] netlink: 'syz.1.3253': attribute type 3 has an invalid length.
[  975.571756][T18471] netlink: 'syz.1.3253': attribute type 1 has an invalid length.
[  975.575598][T18471] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3253'.
[  975.628705][T18474] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  975.631228][T18474] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  975.634958][T18474] vhci_hcd vhci_hcd.0: Device attached
[  975.690364][T18480] binder: 18479:18480 unknown command 0
[  975.699144][T18480] binder: 18479:18480 ioctl c0306201 80000080 returned -22
[  975.758496][T18477] vhci_hcd: connection closed
[  975.758790][   T13] vhci_hcd vhci_hcd.0: stop threads
[  975.767811][   T13] vhci_hcd vhci_hcd.0: release socket
[  975.770532][   T13] vhci_hcd vhci_hcd.0: disconnect device
[  975.851501][T18492] FAULT_INJECTION: forcing a failure.
[  975.851501][T18492] name failslab, interval 1, probability 0, space 0, times 0
[  975.856548][T18492] CPU: 3 UID: 0 PID: 18492 Comm: syz.2.3260 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  975.856580][T18492] Tainted: [L]=SOFTLOCKUP
[  975.856588][T18492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  975.856599][T18492] Call Trace:
[  975.856608][T18492]  <TASK>
[  975.856617][T18492]  dump_stack_lvl+0x100/0x190
[  975.856660][T18492]  should_fail_ex.cold+0x5/0xa
[  975.856686][T18492]  should_failslab+0xc2/0x120
[  975.856711][T18492]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  975.856745][T18492]  ? __alloc_skb+0x140/0x710
[  975.856781][T18492]  __alloc_skb+0x140/0x710
[  975.856808][T18492]  ? __alloc_skb+0x5b7/0x710
[  975.856835][T18492]  ? __pfx___alloc_skb+0x10/0x10
[  975.856869][T18492]  netlink_alloc_large_skb+0x69/0x150
[  975.856893][T18492]  netlink_sendmsg+0x680/0xda0
[  975.856919][T18492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  975.856940][T18492]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  975.856970][T18492]  sock_write_iter+0x524/0x5a0
[  975.856993][T18492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  975.857015][T18492]  ? __pfx_sock_write_iter+0x10/0x10
[  975.857035][T18492]  ? get_pid_task+0xfc/0x250
[  975.857069][T18492]  ? bpf_lsm_file_permission+0x9/0x10
[  975.857107][T18492]  ? security_file_permission+0x76/0x210
[  975.857134][T18492]  ? rw_verify_area+0xce/0x6d0
[  975.857166][T18492]  vfs_write+0x6ac/0x1070
[  975.857187][T18492]  ? __pfx_sock_write_iter+0x10/0x10
[  975.857213][T18492]  ? __pfx_vfs_write+0x10/0x10
[  975.857230][T18492]  ? find_held_lock+0x2b/0x80
[  975.857266][T18492]  ksys_write+0x1f8/0x250
[  975.857285][T18492]  ? __pfx_ksys_write+0x10/0x10
[  975.857305][T18492]  ? __pfx_ksys_write+0x10/0x10
[  975.857330][T18492]  __do_fast_syscall_32+0xe3/0x8c0
[  975.857355][T18492]  do_fast_syscall_32+0x32/0x70
[  975.857376][T18492]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  975.857401][T18492] RIP: 0023:0xf6feef6c
[  975.857419][T18492] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  975.857436][T18492] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  975.857455][T18492] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040
[  975.857468][T18492] RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000000
[  975.857480][T18492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  975.857491][T18492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  975.857503][T18492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  975.857526][T18492]  </TASK>
[  976.174146][T12366] usb usb42-port1: unable to enumerate USB device
[  976.559096][T18512] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  977.228636][T18528] xt_cgroup: invalid path, errno=-2
[  977.264083][T18531] blktrace: Concurrent blktraces are not allowed on nullb0
[  977.464402][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.467290][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.472803][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.491929][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.494907][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.507320][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.521249][T18548] 9p: Bad value for 'rfdno'
[  977.570717][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.573474][T18539] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3273'.
[  977.699160][ T1340] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  977.950853][ T1340] usb 6-1: config 1 has an invalid interface number: 28 but max is 0
[  977.954326][ T1340] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  977.958411][ T1340] usb 6-1: config 1 has no interface number 0
[  977.961632][ T1340] usb 6-1: too many endpoints for config 1 interface 28 altsetting 200: 119, using maximum allowed: 30
[  977.966081][ T1340] usb 6-1: config 1 interface 28 altsetting 200 has 0 endpoint descriptors, different from the interface descriptor's value: 119
[  977.970985][ T1340] usb 6-1: config 1 interface 28 has no altsetting 0
[  977.974904][ T1340] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  977.977968][ T1340] usb 6-1: New USB device strings: Mfr=1, Product=34, SerialNumber=11
[  977.982328][ T1340] usb 6-1: Product: syz
[  977.984539][ T1340] usb 6-1: Manufacturer: syz
[  977.986437][ T1340] usb 6-1: SerialNumber: syz
[  977.989135][T18558] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  977.991667][T18558] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  977.998701][T18558] vhci_hcd vhci_hcd.0: Device attached
[  978.299275][ T5981] usb 44-1: SetAddress Request (89) to port 0
[  978.303230][ T5981] usb 44-1: new SuperSpeed USB device number 89 using vhci_hcd
[  978.649671][T18559] vhci_hcd: connection reset by peer
[  978.652073][   T13] vhci_hcd vhci_hcd.3: stop threads
[  978.653837][   T13] vhci_hcd vhci_hcd.3: release socket
[  978.658483][   T13] vhci_hcd vhci_hcd.3: disconnect device
[  978.756552][ T6326] usb 6-1: USB disconnect, device number 62
[  979.320891][T18581] unsupported nla_type 16384
[  979.565409][T18585] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  979.941211][T18592] 9p: Bad value for 'cache'
[  980.448089][T18599] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  980.964645][T18613] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  980.967392][T18613] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  980.981279][T18613] vhci_hcd vhci_hcd.0: Device attached
[  981.310218][T18622] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  981.637670][T18615] vhci_hcd: connection closed
[  981.638798][  T100] vhci_hcd vhci_hcd.3: stop threads
[  981.643555][  T100] vhci_hcd vhci_hcd.3: release socket
[  981.648054][  T100] vhci_hcd vhci_hcd.3: disconnect device
[  982.062519][T18637] binder: 18636:18637 ioctl 4018620d 0 returned -22
[  982.065460][T18637] binder: 18636:18637 unknown command 0
[  982.067790][T18637] binder: 18636:18637 ioctl c0306201 80000080 returned -22
[  982.472576][T18647] xt_hashlimit: overflow, rate too high: 0
[  983.383447][ T5981] usb 44-1: device descriptor read/8, error -110
[  983.879902][ T5981] usb usb44-port1: attempt power cycle
[  984.294884][T18667] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  984.469748][ T5981] usb usb44-port1: unable to enumerate USB device
[  984.741427][T18674] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  984.744167][T18674] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  984.747734][T18674] vhci_hcd vhci_hcd.0: Device attached
[  984.860245][T18684] program syz.0.3313 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  984.984389][T18687] batman_adv: batadv0: Removing interface: batadv_slave_0
[  984.993375][T18687] batman_adv: batadv0: Removing interface: batadv_slave_1
[  985.002375][T18687] batman_adv: batadv0: Removing interface: gretap1
[  985.029788][ T5981] usb 40-1: SetAddress Request (67) to port 0
[  985.032405][ T5981] usb 40-1: new SuperSpeed USB device number 67 using vhci_hcd
[  985.241284][T18692] x_tables: duplicate underflow at hook 1
[  985.380879][T18682] vhci_hcd: connection reset by peer
[  985.382876][   T46] vhci_hcd vhci_hcd.1: stop threads
[  985.384837][   T46] vhci_hcd vhci_hcd.1: release socket
[  985.387669][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  985.599120][ T1340] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[  985.749182][ T1340] usb 7-1: Using ep0 maxpacket: 8
[  985.752548][ T1340] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  985.755126][ T1340] usb 7-1: config 0 has no interface number 0
[  985.757159][ T1340] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  985.760912][ T1340] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  985.764631][ T1340] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  985.768095][ T1340] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  985.772370][ T1340] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  985.775244][ T1340] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  985.779118][ T1340] usb 7-1: config 0 descriptor??
[  985.784037][ T1340] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  986.053170][ T1340] usb 7-1: USB disconnect, device number 49
[  986.053259][    C3] ldusb 7-1:0.55: usb_submit_urb failed (-19)
[  986.058836][ T1340] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  986.058988][T18698] ldusb: No device or device unplugged -19
[  986.153650][T18704] binder: BINDER_SET_CONTEXT_MGR already set
[  986.156255][T18704] binder: 18703:18704 ioctl 4018620d 80000040 returned -16
[  986.412985][T18720] binder: 18719:18720 ioctl c0306201 80000080 returned -14
[  986.418959][T18720] binder: 18719:18720 ioctl c01c5868 80000240 returned -22
[  986.601121][T18730] binder: BINDER_SET_CONTEXT_MGR already set
[  986.603945][T18730] binder: 18729:18730 ioctl 4018620d 80000040 returned -16
[  986.641938][T18728] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  986.644758][T18728] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  986.654056][T18735] __nla_validate_parse: 1 callbacks suppressed
[  986.654073][T18735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3331'.
[  986.654115][T18736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3331'.
[  986.656098][T18728] vhci_hcd vhci_hcd.0: Device attached
[  986.839796][ T6326] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  986.990876][ T6326] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  986.994784][ T6326] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  986.998158][ T6326] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  987.001766][ T6326] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  987.007573][ T6326] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  987.010791][ T6326] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  987.013925][ T6326] usb 5-1: Product: syz
[  987.015705][ T6326] usb 5-1: Manufacturer: syz
[  987.020670][ T6326] cdc_wdm 5-1:1.0: skipping garbage
[  987.022668][ T6326] cdc_wdm 5-1:1.0: skipping garbage
[  987.025407][ T6326] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  987.027318][ T6326] cdc_wdm 5-1:1.0: Unknown control protocol
[  987.222003][T18731] netlink: 6 bytes leftover after parsing attributes in process `syz.0.3327'.
[  987.225509][T18731] netlink: 6 bytes leftover after parsing attributes in process `syz.0.3327'.
[  987.251764][T18731] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3327'.
[  987.294636][T18732] vhci_hcd: connection closed
[  987.294929][  T100] vhci_hcd vhci_hcd.1: stop threads
[  987.298178][  T100] vhci_hcd vhci_hcd.1: release socket
[  987.300160][  T100] vhci_hcd vhci_hcd.1: disconnect device
[  988.058730][T12366] usb 5-1: USB disconnect, device number 43
[  988.844671][T18762] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  988.984038][T18765] FAULT_INJECTION: forcing a failure.
[  988.984038][T18765] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  988.989784][T18765] CPU: 0 UID: 0 PID: 18765 Comm: syz.1.3340 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  988.989829][T18765] Tainted: [L]=SOFTLOCKUP
[  988.989836][T18765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  988.989847][T18765] Call Trace:
[  988.989855][T18765]  <TASK>
[  988.989863][T18765]  dump_stack_lvl+0x100/0x190
[  988.989899][T18765]  should_fail_ex.cold+0x5/0xa
[  988.989923][T18765]  _copy_from_user+0x2e/0xd0
[  988.989951][T18765]  do_sys_poll+0x345/0xeb0
[  988.989991][T18765]  ? is_bpf_text_address+0x8a/0x1a0
[  988.990020][T18765]  ? is_bpf_text_address+0x8a/0x1a0
[  988.990045][T18765]  ? bpf_ksym_find+0x124/0x1c0
[  988.990068][T18765]  ? is_bpf_text_address+0x94/0x1a0
[  988.990093][T18765]  ? __pfx_do_sys_poll+0x10/0x10
[  988.990107][T18765]  ? __kernel_text_address+0xd/0x30
[  988.990134][T18765]  ? unwind_get_return_address+0x59/0xa0
[  988.990158][T18765]  ? arch_stack_walk+0xa6/0xf0
[  988.990239][T18765]  ? __mutex_unlock_slowpath+0x15c/0x790
[  988.990261][T18765]  ? set_compat_user_sigmask+0x1d9/0x260
[  988.990279][T18765]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  988.990295][T18765]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  988.990319][T18765]  __ia32_compat_sys_ppoll_time32+0x2b6/0x350
[  988.990345][T18765]  ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10
[  988.990367][T18765]  ? ksys_write+0x1ac/0x250
[  988.990392][T18765]  __do_fast_syscall_32+0xe3/0x8c0
[  988.990414][T18765]  do_fast_syscall_32+0x32/0x70
[  988.990433][T18765]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  988.990458][T18765] RIP: 0023:0xf7f92f6c
[  988.990473][T18765] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  988.990490][T18765] RSP: 002b:00000000f543550c EFLAGS: 00000292 ORIG_RAX: 0000000000000135
[  988.990510][T18765] RAX: ffffffffffffffda RBX: 0000000080000280 RCX: 0000000000000001
[  988.990523][T18765] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  988.990533][T18765] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  988.990543][T18765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  988.990555][T18765] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  988.990584][T18765]  </TASK>
[  990.109451][ T5981] usb 40-1: device descriptor read/8, error -110
[  990.404273][T18796] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  990.511956][ T5981] usb usb40-port1: attempt power cycle
[  990.611242][T18805] tmpfs: Bad value for 'mpol'
[  990.693318][T18807] 9pnet_virtio: no channels available for device syz
[  990.697324][T18807] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3354'.
[  991.155572][ T5981] usb usb40-port1: unable to enumerate USB device
[  991.337537][T18834] overlayfs: missing 'lowerdir'
[  991.619208][ T6326] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  991.717818][T18837] binder: 18836:18837 ioctl c0306201 0 returned -14
[  991.778223][ T6326] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  991.782742][ T6326] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  991.786512][ T6326] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  991.794072][ T6326] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  991.797706][ T6326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201
[  991.801318][ T6326] usb 5-1: Product: syz
[  991.802807][ T6326] usb 5-1: Manufacturer: syz
[  991.804388][ T6326] usb 5-1: SerialNumber: syz
[  991.808552][ T6326] usb 5-1: config 0 descriptor??
[  993.089678][T18869] XFS (nbd2): no-recovery mounts must be read-only.
[  993.391710][T18881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3378'.
[  993.464425][T18886] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  993.845145][T18903] netlink: 'syz.1.3385': attribute type 1 has an invalid length.
[  993.864930][T18903] 8021q: adding VLAN 0 to HW filter on device bond2
[  993.874846][T18903] netlink: 'syz.1.3385': attribute type 1 has an invalid length.
[  993.946266][T18912] FAULT_INJECTION: forcing a failure.
[  993.946266][T18912] name failslab, interval 1, probability 0, space 0, times 0
[  993.950675][T18912] CPU: 2 UID: 0 PID: 18912 Comm: syz.1.3387 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  993.950696][T18912] Tainted: [L]=SOFTLOCKUP
[  993.950700][T18912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  993.950707][T18912] Call Trace:
[  993.950711][T18912]  <TASK>
[  993.950717][T18912]  dump_stack_lvl+0x100/0x190
[  993.950742][T18912]  should_fail_ex.cold+0x5/0xa
[  993.950758][T18912]  ? tomoyo_realpath_from_path+0xb6/0x690
[  993.950777][T18912]  should_failslab+0xc2/0x120
[  993.950792][T18912]  __kmalloc_noprof+0xe0/0x850
[  993.950813][T18912]  tomoyo_realpath_from_path+0xb6/0x690
[  993.950833][T18912]  tomoyo_path_number_perm+0x23c/0x580
[  993.950847][T18912]  ? tomoyo_path_number_perm+0x22e/0x580
[  993.950862][T18912]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  993.950890][T18912]  ? find_held_lock+0x2b/0x80
[  993.950903][T18912]  ? hook_file_ioctl_common+0x146/0x410
[  993.950917][T18912]  ? __fget_files+0x215/0x3d0
[  993.950932][T18912]  ? __fget_files+0x21f/0x3d0
[  993.950946][T18912]  security_file_ioctl_compat+0xd3/0x230
[  993.951004][T18912]  __ia32_compat_sys_ioctl+0xc2/0x360
[  993.951027][T18912]  __do_fast_syscall_32+0xe3/0x8c0
[  993.951049][T18912]  do_fast_syscall_32+0x32/0x70
[  993.951066][T18912]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  993.951086][T18912] RIP: 0023:0xf7f92f6c
[  993.951101][T18912] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  993.951118][T18912] RSP: 002b:00000000f545650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  993.951135][T18912] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040045730
[  993.951145][T18912] RDX: 0000000080001400 RSI: 0000000000000000 RDI: 0000000000000000
[  993.951155][T18912] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  993.951164][T18912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  993.951175][T18912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  993.951199][T18912]  </TASK>
[  993.951206][T18912] ERROR: Out of memory at tomoyo_realpath_from_path.
[  994.035897][ T6326] usb 5-1: USB disconnect, device number 44
[  994.496440][T18938] mac80211_hwsim hwsim18 .
: renamed from wlan1
[  995.540898][T18950] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  995.731780][T18955] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  997.013468][T18966] ceph: No mds server is up or the cluster is laggy
[  997.020266][T12366] libceph: connect (1)[c::]:6789 error -101
[  997.022742][T12366] libceph: mon0 (1)[c::]:6789 connect error
[  997.794283][T18991] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  997.861788][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[  997.864428][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[  999.589213][   T40] kauditd_printk_skb: 33 callbacks suppressed
[  999.589227][   T40] audit: type=1326 audit(1775344864.623:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19013 comm="syz.0.3415" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706ef6c code=0x0
[  999.666393][T19012] 9p: Bad value for 'cache'
[ 1000.053274][T19041] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1002.190722][T19080] netlink: 'syz.0.3432': attribute type 1 has an invalid length.
[ 1003.323410][T19098] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1003.510672][T19102] 9p: Bad value for 'cache'
[ 1004.334857][T19114] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3443'.
[ 1004.339114][T19114] netlink: 168 bytes leftover after parsing attributes in process `syz.0.3443'.
[ 1004.343673][T19114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3443'.
[ 1004.353214][T19115] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[ 1004.423121][T19117] misc userio: Begin command sent, but we're already running
[ 1004.478152][T19122] syzkaller0: entered promiscuous mode
[ 1004.480513][T19122] syzkaller0: entered allmulticast mode
[ 1005.289617][T19134] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1005.584964][T19142] 9pnet_fd: Insufficient options for proto=fd
[ 1005.593065][T19142] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[ 1005.744420][T19147] binder: 19146:19147 unknown command 0
[ 1005.747062][T19147] binder: 19146:19147 ioctl c0306201 80000080 returned -22
[ 1005.768421][T19147] binder: 19146:19147 ioctl 4018620d 0 returned -22
[ 1006.113209][   T40] audit: type=1326 audit(1775344871.153:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19154 comm="syz.2.3457" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feef6c code=0x0
[ 1007.770358][T19169] binder: 19166:19169 ioctl c010644f 80001400 returned -22
[ 1008.009590][T19176] netlink: 'syz.0.3462': attribute type 3 has an invalid length.
[ 1008.093067][T19176] gretap2: entered promiscuous mode
[ 1008.119230][T19182] binder: 19181:19182 unknown command 0
[ 1008.121524][T19182] binder: 19181:19182 ioctl c0306201 80000080 returned -22
[ 1008.125647][T19182] binder: 19181:19182 ioctl 4018620d 0 returned -22
[ 1008.196072][T19187] vivid-000: =================  START STATUS  =================
[ 1008.199528][T19187] vivid-000: Test Pattern: 75% Colorbar
[ 1008.202767][T19187] vivid-000: Fill Percentage of Frame: 100
[ 1008.205534][T19187] vivid-000: Horizontal Movement: No Movement
[ 1008.208324][T19187] vivid-000: Vertical Movement: No Movement
[ 1008.212830][T19187] vivid-000: OSD Text Mode: All
[ 1008.219145][T19187] vivid-000: Show Border: true
[ 1008.220830][T19187] vivid-000: Show Square: false
[ 1008.222403][T19187] vivid-000: Sensor Flipped Horizontally: false
[ 1008.224499][T19187] vivid-000: Sensor Flipped Vertically: false
[ 1008.226659][T19187] vivid-000: Insert SAV Code in Image: false
[ 1008.228663][T19187] vivid-000: Insert EAV Code in Image: false
[ 1008.231824][T19187] vivid-000: Insert Video Guard Band: false
[ 1008.233793][T19187] vivid-000: Reduced Framerate: false
[ 1008.235676][T19187] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[ 1008.239853][T19187] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[ 1008.242462][T19187] vivid-000: Enable Capture Cropping: false
[ 1008.244415][T19187] vivid-000: Enable Capture Composing: true
[ 1008.246525][T19187] vivid-000: Enable Capture Scaler: false
[ 1008.248491][T19187] vivid-000: Timestamp Source: End of Frame
[ 1008.250535][T19187] vivid-000: Colorspace: sRGB
[ 1008.252113][T19187] vivid-000: Transfer Function: Default
[ 1008.253964][T19187] vivid-000: Y'CbCr Encoding: Default
[ 1008.255774][T19187] vivid-000: HSV Encoding: Hue 0-179
[ 1008.257627][T19187] vivid-000: Quantization: Default
[ 1008.259352][T19187] vivid-000: Apply Alpha To Red Only: false
[ 1008.261346][T19187] vivid-000: Standard Aspect Ratio: 4x3
[ 1008.263222][T19187] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[ 1008.265788][T19187] vivid-000: DV Timings: 640x480p59 inactive
[ 1008.267909][T19187] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[ 1008.270423][T19187] vivid-000: Maximum EDID Blocks: 2
[ 1008.272147][T19187] vivid-000: Limited RGB Range (16-235): false
[ 1008.274150][T19187] vivid-000: Rx RGB Quantization Range: Automatic
[ 1008.276275][T19187] vivid-000: Power Present: 0x00000001
[ 1008.278214][T19187] tpg source WxH: 320x240 (Y'CbCr)
[ 1008.279987][T19187] tpg field: 1
[ 1008.281301][T19187] tpg crop: (0,0)/320x240
[ 1008.282815][T19187] tpg compose: (0,0)/320x240
[ 1008.284359][T19187] tpg colorspace: 8
[ 1008.285669][T19187] tpg transfer function: 0/2
[ 1008.287550][T19187] tpg Y'CbCr encoding: 0/1
[ 1008.289106][T19187] tpg quantization: 0/2
[ 1008.290468][T19187] tpg RGB range: 0/2
[ 1008.291830][T19187] vivid-000: ==================  END STATUS  ==================
[ 1008.429908][T19193] autofs4:pid:19193:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(65021.1), cmd(0xc018937e)
[ 1008.434130][T19193] autofs4:pid:19193:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e)
[ 1008.588261][T19201] bond2: entered allmulticast mode
[ 1008.592741][T19201] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1008.674562][T19207] binder: 19206:19207 unknown command 0
[ 1008.676369][T19207] binder: 19206:19207 ioctl c0306201 80000080 returned -22
[ 1008.680195][T19207] binder: 19206:19207 ioctl 4018620d 0 returned -22
[ 1009.572888][T19219] netlink: 'syz.1.3476': attribute type 21 has an invalid length.
[ 1009.575966][T19219] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3476'.
[ 1009.579385][T19219] netlink: 'syz.1.3476': attribute type 4 has an invalid length.
[ 1009.582046][T19219] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3476'.
[ 1009.736662][T19221] dvmrp0: entered allmulticast mode
[ 1010.115292][ T1150] dvmrp0 (unregistering): left allmulticast mode
[ 1010.190035][T19230] binder: 19229:19230 unknown command 0
[ 1010.196704][T19231] syzkaller0: entered promiscuous mode
[ 1010.201696][T19231] syzkaller0: entered allmulticast mode
[ 1010.210719][T19230] binder: 19229:19230 ioctl c0306201 80000080 returned -22
[ 1010.216039][T19230] binder: 19229:19230 ioctl c0306201 0 returned -14
[ 1010.395509][T19238] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1011.414483][T19255] FAULT_INJECTION: forcing a failure.
[ 1011.414483][T19255] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1011.420208][T19255] CPU: 2 UID: 0 PID: 19255 Comm: syz.2.3488 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1011.420239][T19255] Tainted: [L]=SOFTLOCKUP
[ 1011.420245][T19255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1011.420255][T19255] Call Trace:
[ 1011.420261][T19255]  <TASK>
[ 1011.420268][T19255]  dump_stack_lvl+0x100/0x190
[ 1011.420305][T19255]  should_fail_ex.cold+0x5/0xa
[ 1011.420333][T19255]  _copy_from_user+0x2e/0xd0
[ 1011.420360][T19255]  get_compat_msghdr+0xb3/0x4b0
[ 1011.420391][T19255]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1011.420433][T19255]  ___sys_sendmsg+0x1b6/0x1e0
[ 1011.420459][T19255]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1011.420509][T19255]  __sys_sendmsg+0x170/0x220
[ 1011.420539][T19255]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1011.420575][T19255]  ? __pfx_ksys_write+0x10/0x10
[ 1011.420603][T19255]  __do_fast_syscall_32+0xe3/0x8c0
[ 1011.420628][T19255]  do_fast_syscall_32+0x32/0x70
[ 1011.420648][T19255]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1011.420672][T19255] RIP: 0023:0xf6feef6c
[ 1011.420687][T19255] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[ 1011.420705][T19255] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[ 1011.420725][T19255] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[ 1011.420735][T19255] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1011.420744][T19255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1011.420752][T19255] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1011.420762][T19255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1011.420786][T19255]  </TASK>
[ 1011.741817][T19270] binder: 19268:19270 unknown command 0
[ 1011.744015][T19270] binder: 19268:19270 ioctl c0306201 80000080 returned -22
[ 1011.748206][T19270] binder: 19268:19270 ioctl c0306201 0 returned -14
[ 1012.214325][T19278] block device autoloading is deprecated and will be removed.
[ 1012.685016][T19285] syzkaller0: entered promiscuous mode
[ 1012.687069][T19285] syzkaller0: entered allmulticast mode
[ 1012.743988][T19287] mac80211_hwsim hwsim22 .
: renamed from wlan1
[ 1012.745465][T19289] netlink: 'syz.2.3497': attribute type 1 has an invalid length.
[ 1012.831497][T19290] netlink: 228 bytes leftover after parsing attributes in process `syz.2.3497'.
[ 1013.852637][T19315] FAULT_INJECTION: forcing a failure.
[ 1013.852637][T19315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1013.856831][T19315] CPU: 3 UID: 0 PID: 19315 Comm: syz.0.3505 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1013.856849][T19315] Tainted: [L]=SOFTLOCKUP
[ 1013.856854][T19315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1013.856861][T19315] Call Trace:
[ 1013.856866][T19315]  <TASK>
[ 1013.856871][T19315]  dump_stack_lvl+0x100/0x190
[ 1013.856896][T19315]  should_fail_ex.cold+0x5/0xa
[ 1013.856912][T19315]  save_fsave_header+0x14c/0x2f0
[ 1013.856928][T19315]  ? debug_object_activate+0x331/0x490
[ 1013.856943][T19315]  ? __pfx_save_fsave_header+0x10/0x10
[ 1013.856963][T19315]  ? copy_fpstate_to_sigframe+0x2b8/0xb20
[ 1013.856979][T19315]  ? __local_bh_enable_ip+0x9e/0x120
[ 1013.856996][T19315]  copy_fpstate_to_sigframe+0x789/0xb20
[ 1013.857014][T19315]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1013.857033][T19315]  ? x86_task_fpu+0x5f/0x90
[ 1013.857047][T19315]  get_sigframe+0x3fb/0x940
[ 1013.857100][T19315]  ? __pfx_get_sigframe+0x10/0x10
[ 1013.857114][T19315]  ? rcu_is_watching+0x12/0xc0
[ 1013.857134][T19315]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1013.857155][T19315]  ? siginfo_layout+0x156/0x290
[ 1013.857168][T19315]  ia32_setup_rt_frame+0xed/0xb00
[ 1013.857191][T19315]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[ 1013.857210][T19315]  ? __mutex_unlock_slowpath+0x15c/0x790
[ 1013.857225][T19315]  arch_do_signal_or_restart+0x43f/0x770
[ 1013.857244][T19315]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1013.857263][T19315]  ? ksys_write+0x1ac/0x250
[ 1013.857278][T19315]  exit_to_user_mode_loop+0x86/0x4a0
[ 1013.857296][T19315]  do_int80_emulation+0x4b8/0x6b0
[ 1013.857311][T19315]  asm_int80_emulation+0x1a/0x20
[ 1013.857323][T19315] RIP: 0023:0xf71a5cab
[ 1013.857334][T19315] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1013.857345][T19315] RSP: 002b:00000000f545d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[ 1013.857357][T19315] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00000000f545d5c0
[ 1013.857364][T19315] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 1013.857370][T19315] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1013.857377][T19315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1013.857384][T19315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1013.857398][T19315]  </TASK>
[ 1014.004671][T19321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3507'.
[ 1014.325335][T19327] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3509'.
[ 1014.491840][T19336] syz_tun: entered allmulticast mode
[ 1014.496872][T19335] syz_tun: left allmulticast mode
[ 1014.500690][T19338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3514'.
[ 1014.503705][T19338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3514'.
[ 1014.542331][T19338] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3514'.
[ 1014.546326][T19338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3514'.
[ 1014.579242][T19345] binder: 19344:19345 unknown command 0
[ 1014.581689][T19345] binder: 19344:19345 ioctl c0306201 80000080 returned -22
[ 1014.684391][T19353] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(13)
[ 1014.687282][T19353] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1014.692755][T19353] vhci_hcd vhci_hcd.0: Device attached
[ 1014.696271][T19355] vhci_hcd: connection closed
[ 1014.696540][ T1150] vhci_hcd vhci_hcd.3: stop threads
[ 1014.701318][ T1150] vhci_hcd vhci_hcd.3: release socket
[ 1014.703504][ T1150] vhci_hcd vhci_hcd.3: disconnect device
[ 1014.981696][T19360] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3521'.
[ 1015.947634][T19382] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3527'.
[ 1016.022621][T19384] binder: 19383:19384 unknown command 0
[ 1016.024989][T19384] binder: 19383:19384 ioctl c0306201 80000080 returned -22
[ 1016.141567][T19388] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3530'.
[ 1016.636785][T19380] 9p: Bad value for 'cache'
[ 1017.092525][T19410] syz_tun: entered allmulticast mode
[ 1017.143447][T19413] binder: 19412:19413 unknown command 0
[ 1017.145312][T19413] binder: 19412:19413 ioctl c0306201 80000080 returned -22
[ 1017.208190][T19398] syz_tun: left allmulticast mode
[ 1017.214268][T19419] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3539'.
[ 1017.265768][T19416] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3536'.
[ 1018.315597][T19448] binder: 19447:19448 unknown command 0
[ 1018.317463][T19448] binder: 19447:19448 ioctl c0306201 80000080 returned -22
[ 1018.478327][T19461] libceph: resolve '0' (ret=-3): failed
[ 1018.938210][T19470] lo speed is unknown, defaulting to 1000
[ 1019.166070][T19470] lo speed is unknown, defaulting to 1000
[ 1019.172388][T19470] lo speed is unknown, defaulting to 1000
[ 1019.244253][T19471] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1019.319889][ T6001] lo speed is unknown, defaulting to 1000
[ 1019.322401][T19470] infiniband syU�: set down
[ 1019.323988][T19470] infiniband syU�: added lo
[ 1019.404609][T19470] RDS/IB: syU�: added
[ 1019.406877][T19470] smc: adding ib device syU� with port count 1
[ 1019.409206][T19470] smc:    ib device syU� port 1 has no pnetid
[ 1019.413523][T15495] lo speed is unknown, defaulting to 1000
[ 1019.416605][T19470] lo speed is unknown, defaulting to 1000
[ 1019.441222][T19479] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3553'.
[ 1019.552121][T19484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3552'.
[ 1019.565856][T19470] lo speed is unknown, defaulting to 1000
[ 1019.744797][T19470] lo speed is unknown, defaulting to 1000
[ 1019.931108][T19470] lo speed is unknown, defaulting to 1000
[ 1020.591498][T19513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3564'.
[ 1021.001575][T19525] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (eth1-tx-0)
[ 1021.007238][T19525] FAULT_INJECTION: forcing a failure.
[ 1021.007238][T19525] name failslab, interval 1, probability 0, space 0, times 0
[ 1021.013331][T19525] CPU: 2 UID: 0 PID: 19525 Comm: syz.0.3567 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1021.013372][T19525] Tainted: [L]=SOFTLOCKUP
[ 1021.013384][T19525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1021.013396][T19525] Call Trace:
[ 1021.013403][T19525]  <TASK>
[ 1021.013411][T19525]  dump_stack_lvl+0x100/0x190
[ 1021.013447][T19525]  should_fail_ex.cold+0x5/0xa
[ 1021.013466][T19525]  should_failslab+0xc2/0x120
[ 1021.013488][T19525]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1021.013513][T19525]  ? do_getname+0x35/0x390
[ 1021.013537][T19525]  do_getname+0x35/0x390
[ 1021.013561][T19525]  acct_on+0x91/0x9e0
[ 1021.013587][T19525]  ? __pfx_acct_on+0x10/0x10
[ 1021.013611][T19525]  ? bpf_lsm_capable+0x9/0x10
[ 1021.013634][T19525]  ? security_capable+0x80/0x260
[ 1021.013654][T19525]  __ia32_sys_acct+0x80/0x1e0
[ 1021.013679][T19525]  ? lockdep_hardirqs_on+0x78/0x100
[ 1021.013702][T19525]  __do_fast_syscall_32+0xe3/0x8c0
[ 1021.013725][T19525]  do_fast_syscall_32+0x32/0x70
[ 1021.013740][T19525]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1021.013762][T19525] RIP: 0023:0xf706ef6c
[ 1021.013775][T19525] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[ 1021.013790][T19525] RSP: 002b:00000000f541b50c EFLAGS: 00000292 ORIG_RAX: 0000000000000033
[ 1021.013808][T19525] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000000
[ 1021.013839][T19525] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1021.013850][T19525] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1021.013860][T19525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1021.013872][T19525] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1021.013896][T19525]  </TASK>
[ 1021.015092][T19525] netlink: 'syz.0.3567': attribute type 3 has an invalid length.
[ 1021.140470][T19530] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3569'.
[ 1021.144427][T19530] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3569'.
[ 1021.580919][T19545] dvmrp0: entered allmulticast mode
[ 1021.812349][T19553] fuse: Unknown parameter '&d#ᗑ��0�^���wP�iŽ�t'
��eX(�0��_9�D7S�8�Z�YX���8b__b���R��f�G��0x0000000000000004'
[ 1022.613328][T19576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3585'.
[ 1022.889198][   T40] audit: type=1326 audit(1775344887.793:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19574 comm="syz.1.3585" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f92f6c code=0x0
[ 1025.134749][T19587] random: crng reseeded on system resumption
[ 1025.505318][T19594] lo speed is unknown, defaulting to 1000
[ 1025.903841][T19621] netlink: 'syz.1.3595': attribute type 3 has an invalid length.
[ 1026.729698][T19636] random: crng reseeded on system resumption
[ 1027.230064][T19650] lo speed is unknown, defaulting to 1000
[ 1027.249688][T19652] loop2: detected capacity change from 0 to 7
[ 1027.255349][T19652] Dev loop2: unable to read RDB block 7
[ 1027.257152][T19652]  loop2: AHDI p1 p2 p3
[ 1027.258704][T19652] loop2: partition table partially beyond EOD, truncated
[ 1027.261135][T19652] loop2: p1 start 1818582900 is beyond EOD, truncated
[ 1027.263321][T19652] loop2: p3 start 335544320 is beyond EOD, truncated
[ 1027.269151][ T6001] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[ 1027.296984][T19652] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0

syzkaller
syzkaller login: [ 1027.399853][T19652] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1027.430968][ T6001] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1027.434332][ T6001] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1027.437465][ T6001] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1027.440863][ T6001] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1027.446388][ T6001] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1027.449833][ T6001] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1027.454275][ T6001] usb 6-1: Product: syz
[ 1027.455955][ T6001] usb 6-1: Manufacturer: syz
[ 1027.467590][ T6001] cdc_wdm 6-1:1.0: skipping garbage
[ 1027.469639][ T6001] cdc_wdm 6-1:1.0: skipping garbage
[ 1027.472466][ T6001] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1027.474442][ T6001] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1027.492759][T19656] binder: 19654:19656 ioctl c0306201 80000640 returned -22
[ 1027.522936][T19652] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1027.706693][T19657] bond1 (unregistering): Released all slaves
[ 1027.811022][T19652] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1027.901487][   T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.910683][   T13] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.917889][   T13] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1027.926169][   T13] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1028.231900][T19664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1028.237661][T19664] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1028.274340][T19665] input: syz1 as /devices/virtual/input/input29
[ 1028.447041][ T6001] usb 6-1: USB disconnect, device number 63
[ 1028.760310][T19675] netlink: 'syz.0.3610': attribute type 8 has an invalid length.
[ 1029.929117][ T6326] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1030.079118][ T6326] usb 5-1: Using ep0 maxpacket: 32
[ 1030.085074][ T6326] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1030.088611][ T6326] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1030.099281][ T6326] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1030.103114][ T6326] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1030.107134][ T6326] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1030.119149][ T6326] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1030.129260][ T6326] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1030.133074][ T6326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.142827][ T6326] usb 5-1: config 0 descriptor??
[ 1030.355896][ T6326] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 45 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1030.499239][T19709] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1030.509645][T19709] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3622'.
[ 1030.512647][T19709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3622'.
[ 1030.513079][T19712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3623'.
[ 1030.525302][T19709] bridge_slave_0: left allmulticast mode
[ 1030.527376][T19709] bridge_slave_0: left promiscuous mode
[ 1030.530142][T19709] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1030.544717][T19709] bridge_slave_1: left allmulticast mode
[ 1030.546702][T19709] bridge_slave_1: left promiscuous mode
[ 1030.553491][T19709] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1030.567969][T19709] bond0: (slave bond_slave_0): Releasing backup interface
[ 1030.595589][T19709] bond0: (slave bond_slave_1): Releasing backup interface
[ 1030.649934][T19709] team0: Port device team_slave_0 removed
[ 1030.729292][T19714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1030.733412][T19714] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1031.503630][T19717] binder: 19716:19717 unknown command 0
[ 1031.505563][T19717] binder: 19716:19717 ioctl c0306201 80000080 returned -22
[ 1032.698105][T19709] team0: Port device team_slave_1 removed
[ 1032.714350][  T841] usb 5-1: USB disconnect, device number 45
[ 1032.714771][T19709] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1032.724612][  T841] usblp0: removed
[ 1032.729187][T19709] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1032.735937][T19709] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1032.750920][T19709] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1032.755916][T19709] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1032.949597][T19739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3634'.
[ 1033.290974][T19747] 9p: Bad value for 'cache'
[ 1033.410699][   T29] libceph: connect (1)[c::]:6789 error -101
[ 1033.413325][   T29] libceph: mon0 (1)[c::]:6789 connect error
[ 1033.452429][T19750] ceph: No mds server is up or the cluster is laggy
[ 1033.834917][T19755] create_pit_timer: 18 callbacks suppressed
[ 1033.835166][T19755] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1033.843067][T19755] kvm: requested 90514 ns i8254 timer period limited to 200000 ns
[ 1033.848477][T19755] kvm: requested 115657 ns i8254 timer period limited to 200000 ns
[ 1033.853672][T19755] kvm: requested 25142 ns i8254 timer period limited to 200000 ns
[ 1033.860998][T19755] kvm: requested 165942 ns i8254 timer period limited to 200000 ns
[ 1033.864744][T19755] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[ 1033.871435][T19755] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1033.878158][T19755] kvm: requested 129066 ns i8254 timer period limited to 200000 ns
[ 1033.887663][T19755] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1033.893438][T19755] kvm: requested 16761 ns i8254 timer period limited to 200000 ns
[ 1034.730354][T19776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3643'.
[ 1034.735740][T19776] netlink: 176 bytes leftover after parsing attributes in process `syz.0.3643'.
[ 1034.739970][T19776] netlink: 176 bytes leftover after parsing attributes in process `syz.0.3643'.
[ 1034.773417][T19778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3644'.
[ 1035.182386][T19786] lo speed is unknown, defaulting to 1000
[ 1037.138340][T19810] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1037.155457][T19800] 9p: Bad value for 'cache'
[ 1037.311132][T19815] lo speed is unknown, defaulting to 1000
[ 1037.381221][T19816] dvmrp0: entered allmulticast mode
[ 1037.702949][T19829] netlink: 'syz.0.3656': attribute type 14 has an invalid length.
[ 1037.876506][T19835] overlayfs: failed to clone lowerpath
[ 1038.971995][T19847] netlink: 'syz.1.3663': attribute type 4 has an invalid length.
[ 1038.974458][T19847] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3663'.
[ 1039.044807][T19851] lo speed is unknown, defaulting to 1000
[ 1039.110408][T19849] tipc: Started in network mode
[ 1039.114625][T19849] tipc: Node identity 000000000000000002, cluster identity 4711
[ 1039.194136][T19855] binder: 19854:19855 unknown command 0
[ 1039.196029][T19855] binder: 19854:19855 ioctl c0306201 80000080 returned -22
[ 1039.272484][T19857] syzkaller0: entered promiscuous mode
[ 1039.274958][T19857] syzkaller0: entered allmulticast mode
[ 1039.283901][T19857] sch_tbf: burst 256 is lower than device syzkaller0 mtu (1500) !
[ 1039.807520][   T40] audit: type=1326 audit(1775345133.845:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.836339][   T40] audit: type=1326 audit(1775345133.845:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.855578][   T40] audit: type=1326 audit(1775345133.845:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.863253][   T40] audit: type=1326 audit(1775345133.845:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.871053][   T40] audit: type=1326 audit(1775345133.845:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.878819][   T40] audit: type=1326 audit(1775345133.845:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.899911][   T40] audit: type=1326 audit(1775345133.845:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.907500][   T40] audit: type=1326 audit(1775345133.845:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.915537][   T40] audit: type=1326 audit(1775345133.845:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1039.923320][   T40] audit: type=1326 audit(1775345133.845:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19871 comm="syz.0.3670" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf706ef6c code=0x7ffc0000
[ 1040.550089][T19887] openvswitch: netlink: VXLAN extension 307 out of range max 1
[ 1040.582591][T19887] 9p: Bad value for 'wfdno'
[ 1041.874656][T19903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3678'.
[ 1042.546168][T19913] create_pit_timer: 11 callbacks suppressed
[ 1042.546458][T19913] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1042.557079][T19913] kvm: requested 90514 ns i8254 timer period limited to 200000 ns
[ 1042.561977][T19913] kvm: requested 115657 ns i8254 timer period limited to 200000 ns
[ 1042.570198][T19913] kvm: requested 25142 ns i8254 timer period limited to 200000 ns
[ 1042.575545][T19913] kvm: requested 165942 ns i8254 timer period limited to 200000 ns
[ 1042.581247][T19913] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[ 1042.590609][T19913] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1042.597431][T19913] kvm: requested 129066 ns i8254 timer period limited to 200000 ns
[ 1042.607889][T19913] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1042.612626][T19913] kvm: requested 16761 ns i8254 timer period limited to 200000 ns
[ 1043.024629][T19929] lo speed is unknown, defaulting to 1000
[ 1043.183210][T19934] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3685'.
[ 1043.267405][T19934] lo speed is unknown, defaulting to 1000
[ 1043.663712][T19944] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3690'.
[ 1044.261405][T19952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3693'.
[ 1044.351556][T19950] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1044.366289][T19950] CIFS mount error: No usable UNC path provided in device string!
[ 1044.366289][T19950] 
[ 1044.376966][T19950] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1044.422367][T19952] netlink: 'syz.0.3693': attribute type 12 has an invalid length.
[ 1044.425767][T19952] netlink: 'syz.0.3693': attribute type 29 has an invalid length.
[ 1044.428842][T19952] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3693'.
[ 1044.432189][T19952] netlink: 43 bytes leftover after parsing attributes in process `syz.0.3693'.
[ 1045.134749][T19977] lo speed is unknown, defaulting to 1000
[ 1045.240323][T19979] 9p: Bad value for 'cache'
[ 1045.240325][T19975] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1045.245154][T19975] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1045.249243][T19978] dvmrp0: entered allmulticast mode
[ 1045.255101][T19975] vhci_hcd vhci_hcd.0: Device attached
[ 1045.529243][   T24] usb 38-1: SetAddress Request (79) to port 0
[ 1045.531271][   T24] usb 38-1: new SuperSpeed USB device number 79 using vhci_hcd
[ 1046.456907][T19980] vhci_hcd: connection reset by peer
[ 1046.459736][   T61] vhci_hcd vhci_hcd.0: stop threads
[ 1046.461979][   T61] vhci_hcd vhci_hcd.0: release socket
[ 1046.464685][   T61] vhci_hcd vhci_hcd.0: disconnect device
[ 1046.681340][T19999] No control pipe specified
[ 1046.868813][T20005] lo speed is unknown, defaulting to 1000
[ 1046.894149][T20007] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3712'.
[ 1046.905896][T20008] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3712'.
[ 1048.371183][T20039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3722'.
[ 1048.747478][T20044] x_tables: duplicate underflow at hook 1
[ 1048.960954][T20048] loop5: detected capacity change from 0 to 7
[ 1048.967073][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1048.971492][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1048.976427][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1048.980224][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1048.983706][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1048.986889][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1048.990359][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1048.994015][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1048.997610][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1049.000958][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1049.003911][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1049.007089][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1049.011074][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1049.014310][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1049.017413][T20048] ldm_validate_partition_table(): Disk read failed.
[ 1049.063481][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1049.067673][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1049.072605][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1049.076615][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1049.080406][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1049.084566][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1049.088304][T20048] Dev loop5: unable to read RDB block 0
[ 1049.091278][T20048]  loop5: unable to read partition table
[ 1049.093374][T20048] loop5: partition table beyond EOD, truncated
[ 1049.095676][T20048] loop_reread_partitions: partition scan of loop5 (��) failed (rc=-5)
[ 1050.579399][   T24] usb 38-1: device descriptor read/8, error -110
[ 1051.095251][   T24] usb usb38-port1: attempt power cycle
[ 1051.658352][   T24] usb usb38-port1: unable to enumerate USB device
[ 1051.749967][T20091] A link change request failed with some changes committed already. Interface bond2 may have been left with an inconsistent configuration, please check.
[ 1051.869562][T20098] netlink: 'syz.0.3738': attribute type 13 has an invalid length.
[ 1051.872492][T20098] netlink: 'syz.0.3738': attribute type 17 has an invalid length.
[ 1051.875479][T20098] netlink: 'syz.0.3738': attribute type 27 has an invalid length.
[ 1051.890832][T20098] Bluetooth: hci0: unsupported parameter 255
[ 1051.892649][T20098] Bluetooth: hci0: unsupported parameter 255
[ 1053.850773][T20145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3751'.
[ 1054.081932][T20158] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3756'.
[ 1054.229860][T20162] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3755'.
[ 1054.283507][   T40] kauditd_printk_skb: 41 callbacks suppressed
[ 1054.283560][   T40] audit: type=1326 audit(1775345148.325:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20155 comm="syz.1.3755" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f92f6c code=0x0
[ 1055.423665][T20171] overlayfs: failed to clone lowerpath
[ 1056.008286][T20178] loop8: detected capacity change from 0 to 8
[ 1056.015353][T20178] Dev loop8: unable to read RDB block 8
[ 1056.017275][T20178]  loop8: unable to read partition table
[ 1056.020256][T20178] loop8: partition table beyond EOD, truncated
[ 1056.022534][T20178] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1056.523587][T20195] lo speed is unknown, defaulting to 1000
[ 1057.032459][T20205] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1057.825753][T20224] Device name cannot be null; rc = [-22]
[ 1058.078244][T20226] lo speed is unknown, defaulting to 1000
[ 1059.091969][   T40] audit: type=1326 audit(1775345409.137:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20233 comm="syz.0.3775" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x0
[ 1059.301995][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[ 1059.304766][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[ 1059.476077][T20237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3776'.
[ 1059.623204][T20245] batadv_slave_1: entered promiscuous mode
[ 1059.767944][T20257] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 1059.774279][T20257] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1059.777076][T20257] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1059.787870][T20257] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1059.950150][T20263] 9p: Bad value for 'wfdno'
[ 1060.117679][T20272] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3788'.
[ 1060.326799][T20279] overlayfs: missing 'lowerdir'
[ 1060.781203][T20237] overlayfs: failed to clone upperpath
[ 1064.646394][T20293] fuse: Bad value for 'user_id'
[ 1064.648565][T20293] fuse: Bad value for 'user_id'
[ 1064.895843][T20306] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3799'.
[ 1064.938050][T20308] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3801'.
[ 1065.044204][   T40] audit: type=1326 audit(1775345415.086:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20307 comm="syz.1.3801" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f92f6c code=0x0
[ 1065.423902][T20329] random: crng reseeded on system resumption
[ 1065.545414][T20338] netlink: 'syz.3.3809': attribute type 1 has an invalid length.
[ 1065.583875][   T40] audit: type=1326 audit(1775345415.626:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20339 comm="syz.3.3810" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1065.590909][   T40] audit: type=1326 audit(1775345415.626:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20339 comm="syz.3.3810" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1065.610469][   T40] audit: type=1326 audit(1775345415.646:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20339 comm="syz.3.3810" exe="/syz-executor" sig=0 arch=40000003 syscall=283 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1065.629863][   T40] audit: type=1326 audit(1775345415.656:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20339 comm="syz.3.3810" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1065.640256][   T40] audit: type=1326 audit(1775345415.656:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20339 comm="syz.3.3810" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1065.696749][T20346] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3813'.
[ 1065.799355][   T40] audit: type=1326 audit(1775345415.836:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20353 comm="syz.1.3815" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92f6c code=0x7ffc0000
[ 1065.807771][   T40] audit: type=1326 audit(1775345415.836:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20353 comm="syz.1.3815" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92f6c code=0x7ffc0000
[ 1065.820075][   T40] audit: type=1326 audit(1775345415.836:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20353 comm="syz.1.3815" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f92f6c code=0x7ffc0000
[ 1065.828550][   T40] audit: type=1326 audit(1775345415.836:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20353 comm="syz.1.3815" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f92f6c code=0x7ffc0000
[ 1066.354138][T20376] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3821'.
[ 1068.510834][T20421] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3834'.
[ 1072.176902][T20482] geneve2: entered promiscuous mode
[ 1072.178659][T20482] geneve2: entered allmulticast mode
[ 1072.685202][T20487] netlink: 'syz.2.3852': attribute type 11 has an invalid length.
[ 1072.898016][T20501] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3857'.
[ 1072.975463][T20506] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3858'.
[ 1073.841755][T20514] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3861'.
[ 1074.528219][T20524] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3864'.
[ 1075.131527][T20542] syzkaller0: entered promiscuous mode
[ 1075.133426][T20542] syzkaller0: entered allmulticast mode
[ 1075.473138][T20549] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3870'.
[ 1076.866233][T20561] lo speed is unknown, defaulting to 1000
[ 1076.980241][T20562] dvmrp0: entered allmulticast mode
[ 1077.051981][T20564] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1077.114533][T20563] lo speed is unknown, defaulting to 1000
[ 1077.435173][T20573] input: syz0 as /devices/virtual/input/input30
[ 1077.448638][T20573] netlink: 'syz.0.3877': attribute type 13 has an invalid length.
[ 1077.505820][T20574] netlink: 'syz.3.3875': attribute type 12 has an invalid length.
[ 1077.529375][T20574] sctp: [Deprecated]: syz.3.3875 (pid 20574) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1077.529375][T20574] Use struct sctp_sack_info instead
[ 1077.542765][T20574] sctp: [Deprecated]: syz.3.3875 (pid 20574) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1077.542765][T20574] Use struct sctp_sack_info instead
[ 1077.748765][T20580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3879'.
[ 1077.994352][T20595] lo speed is unknown, defaulting to 1000
[ 1078.480608][T20600] syz.2.3884: page allocation failure: order:0, mode:0x10cc0(GFP_KERNEL|__GFP_NORETRY), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1078.486686][T20600] CPU: 3 UID: 0 PID: 20600 Comm: syz.2.3884 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1078.486705][T20600] Tainted: [L]=SOFTLOCKUP
[ 1078.486709][T20600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1078.486716][T20600] Call Trace:
[ 1078.486753][T20600]  <TASK>
[ 1078.486758][T20600]  dump_stack_lvl+0x100/0x190
[ 1078.486971][T20600]  warn_alloc.cold+0x95/0x1c1
[ 1078.487029][T20600]  ? __pfx_warn_alloc+0x10/0x10
[ 1078.487119][T20600]  ? find_held_lock+0x2b/0x80
[ 1078.487165][T20600]  ? psi_memstall_leave+0x19c/0x2e0
[ 1078.487181][T20600]  ? psi_memstall_leave+0x1df/0x2e0
[ 1078.487195][T20600]  ? psi_memstall_leave+0x1e4/0x2e0
[ 1078.487208][T20600]  ? lockdep_hardirqs_on+0x78/0x100
[ 1078.487355][T20600]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[ 1078.487380][T20600]  ? __kernel_text_address+0xd/0x30
[ 1078.487413][T20600]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1078.487435][T20600]  ? irqentry_exit+0x180/0x670
[ 1078.487451][T20600]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1078.487490][T20600]  ? policy_nodemask+0xed/0x4f0
[ 1078.487505][T20600]  alloc_pages_mpol+0x1fb/0x550
[ 1078.487519][T20600]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1078.487533][T20600]  ? kasan_check_range+0xf6/0x1e0
[ 1078.487566][T20600]  alloc_pages_noprof+0x136/0x390
[ 1078.487580][T20600]  kimage_alloc_pages+0x72/0x380
[ 1078.487638][T20600]  kimage_alloc_control_pages+0x157/0xa20
[ 1078.487655][T20600]  ? __pfx_kimage_alloc_control_pages+0x10/0x10
[ 1078.487672][T20600]  do_kexec_load+0x275/0x810
[ 1078.487687][T20600]  ? __pfx_do_kexec_load+0x10/0x10
[ 1078.487705][T20600]  __ia32_compat_sys_kexec_load+0x37f/0x400
[ 1078.487721][T20600]  ? __pfx___ia32_compat_sys_kexec_load+0x10/0x10
[ 1078.487740][T20600]  __do_fast_syscall_32+0xe3/0x8c0
[ 1078.487755][T20600]  do_fast_syscall_32+0x32/0x70
[ 1078.487768][T20600]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1078.487783][T20600] RIP: 0023:0xf6feef6c
[ 1078.487796][T20600] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[ 1078.487808][T20600] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 000000000000011b
[ 1078.487840][T20600] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000003
[ 1078.487848][T20600] RDX: 0000000080001080 RSI: 00000000003e0000 RDI: 0000000000000000
[ 1078.487855][T20600] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1078.487862][T20600] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1078.487873][T20600] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1078.487888][T20600]  </TASK>
[ 1078.487976][T20600] Mem-Info:
[ 1078.586477][T20600] active_anon:6244 inactive_anon:769 isolated_anon:0
[ 1078.586477][T20600]  active_file:998 inactive_file:14363 isolated_file:0
[ 1078.586477][T20600]  unevictable:1768 dirty:172 writeback:0
[ 1078.586477][T20600]  slab_reclaimable:6539 slab_unreclaimable:66429
[ 1078.586477][T20600]  mapped:30146 shmem:7531 pagetables:1307
[ 1078.586477][T20600]  sec_pagetables:317 bounce:0
[ 1078.586477][T20600]  kernel_misc_reclaimable:0
[ 1078.586477][T20600]  free:22124 free_pcp:408 free_cma:0
[ 1078.601032][T20600] Node 0 active_anon:340kB inactive_anon:112kB active_file:24kB inactive_file:5156kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2204kB dirty:0kB writeback:0kB shmem:3668kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8300kB pagetables:1616kB sec_pagetables:1152kB all_unreclaimable? yes Balloon:0kB
[ 1078.611855][T20600] Node 1 active_anon:24576kB inactive_anon:2908kB active_file:3968kB inactive_file:52208kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:118408kB dirty:776kB writeback:0kB shmem:26404kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5068kB pagetables:3552kB sec_pagetables:116kB all_unreclaimable? no Balloon:0kB
[ 1078.625808][T20600] Node 0 DMA free:2572kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:4kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1078.635747][T20600] lowmem_reserve[]: 0 285 285 285 285
[ 1078.637525][T20600] Node 0 DMA32 free:17096kB boost:4096kB min:17164kB low:20428kB high:23692kB reserved_highatomic:2048KB free_highatomic:88KB active_anon:340kB inactive_anon:112kB active_file:24kB inactive_file:5156kB unevictable:3536kB writepending:0kB zspages:1192kB present:1032196kB managed:292464kB mlocked:0kB bounce:0kB free_pcp:192kB local_pcp:0kB free_cma:0kB
[ 1078.650322][T20600] lowmem_reserve[]: 0 0 0 0 0
[ 1078.657036][T20600] Node 1 DMA32 free:69252kB boost:12288kB min:59432kB low:71216kB high:83000kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24684kB inactive_anon:2608kB active_file:3968kB inactive_file:52208kB unevictable:3536kB writepending:776kB zspages:4960kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:1532kB local_pcp:536kB free_cma:0kB
[ 1078.686690][T20600] lowmem_reserve[]: 0 0 0 0 0
[ 1078.688749][T20600] Node 0 DMA: 33*4kB (U) 13*8kB (U) 4*16kB (U) 11*32kB (U) 6*64kB (U) 0*128kB 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2572kB
[ 1078.695227][T20600] Node 0 DMA32: 19*4kB (UMEH) 64*8kB (ME) 122*16kB (UMEH) 141*32kB (UMEH) 44*64kB (UME) 18*128kB (UME) 11*256kB (UME) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 17036kB
[ 1078.701069][T20600] Node 1 DMA32: 1382*4kB (ME) 687*8kB (UME) 669*16kB (ME) 432*32kB (UME) 210*64kB (ME) 83*128kB (ME) 29*256kB (UM) 2*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 69088kB
[ 1078.706890][T20600] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1078.710833][T20600] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1078.732558][T20600] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1078.736268][T20600] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1078.739852][T20600] 21948 total pagecache pages
[ 1078.746018][T20600] 807 pages in swap cache
[ 1078.748026][T20600] Free swap  = 82244kB
[ 1078.749837][T20600] Total swap = 124996kB
[ 1078.751616][T20600] 524155 pages RAM
[ 1078.754421][T20600] 0 pages HighMem/MovableOnly
[ 1078.756157][T20600] 210146 pages reserved
[ 1078.757976][T20600] 0 pages cma reserved
[ 1079.104843][T20600] kexec: Could not allocate control_code_buffer
[ 1079.579623][T20614] sp0: Synchronizing with TNC
[ 1080.129778][T20627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3891'.
[ 1080.219557][T20632] lo speed is unknown, defaulting to 1000
[ 1081.999331][T20656] ieee802154 phy0 wpan0: encryption failed: -22
[ 1082.463958][T20662] lo speed is unknown, defaulting to 1000
[ 1084.301256][T20697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3912'.
[ 1084.376095][T20703] lo speed is unknown, defaulting to 1000
[ 1086.470024][T20755] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3927'.
[ 1086.747119][T20761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3930'.
[ 1086.885584][T20765] lo speed is unknown, defaulting to 1000
[ 1087.142333][T20769] syzkaller0: entered promiscuous mode
[ 1087.144843][T20769] syzkaller0: entered allmulticast mode
[ 1087.925362][T20778] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3936'.
[ 1088.704756][T20788] lo speed is unknown, defaulting to 1000
[ 1088.900140][T20794] syzkaller0: entered promiscuous mode
[ 1088.901935][T20794] syzkaller0: entered allmulticast mode
[ 1088.979528][T20798] fuse: Bad value for 'user_id'
[ 1088.981163][T20798] fuse: Bad value for 'user_id'
[ 1090.212200][T20823] lo speed is unknown, defaulting to 1000
[ 1090.263595][T20824] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1090.313547][T20829] mac80211_hwsim hwsim16 .
: renamed from wlan1
[ 1090.563550][T20843] 9p: Bad value for 'cache'
[ 1091.053064][T20856] lo speed is unknown, defaulting to 1000
[ 1091.486176][T20859] fuse: Bad value for 'group_id'
[ 1091.487844][T20859] fuse: Bad value for 'group_id'
[ 1091.516413][T20861] fuse: Unknown parameter '��'
[ 1091.539744][T20857] 9p: Bad value for 'wfdno'
[ 1092.028540][T20871] lo speed is unknown, defaulting to 1000
[ 1093.547589][T20902] lo speed is unknown, defaulting to 1000
[ 1094.333583][T20927] 9p: Bad value for 'cache'
[ 1095.127430][T20946] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1095.388819][T20953] lo speed is unknown, defaulting to 1000
[ 1096.067236][T20981] FAULT_INJECTION: forcing a failure.
[ 1096.067236][T20981] name failslab, interval 1, probability 0, space 0, times 0
[ 1096.070806][T20981] CPU: 2 UID: 0 PID: 20981 Comm: syz.0.3994 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1096.070831][T20981] Tainted: [L]=SOFTLOCKUP
[ 1096.070835][T20981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1096.070843][T20981] Call Trace:
[ 1096.070847][T20981]  <TASK>
[ 1096.070852][T20981]  dump_stack_lvl+0x100/0x190
[ 1096.070878][T20981]  should_fail_ex.cold+0x5/0xa
[ 1096.070944][T20981]  should_failslab+0xc2/0x120
[ 1096.070959][T20981]  kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1096.070978][T20981]  ? do_getname+0x35/0x390
[ 1096.071021][T20981]  do_getname+0x35/0x390
[ 1096.071037][T20981]  user_path_at+0x26/0x60
[ 1096.071049][T20981]  __ia32_sys_mount+0x1fb/0x310
[ 1096.071065][T20981]  ? __pfx___ia32_sys_mount+0x10/0x10
[ 1096.071084][T20981]  __do_fast_syscall_32+0xe3/0x8c0
[ 1096.071100][T20981]  do_fast_syscall_32+0x32/0x70
[ 1096.071113][T20981]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1096.071128][T20981] RIP: 0023:0xf706ef6c
[ 1096.071141][T20981] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[ 1096.071153][T20981] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000015
[ 1096.071171][T20981] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000180
[ 1096.071178][T20981] RDX: 00000000800000c0 RSI: 0000000001214040 RDI: 0000000000000000
[ 1096.071185][T20981] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1096.071191][T20981] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1096.071198][T20981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1096.071212][T20981]  </TASK>
[ 1096.154704][T20985] lo speed is unknown, defaulting to 1000
[ 1096.187379][T20983] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1096.189497][T20983] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1096.195651][T20983] vhci_hcd vhci_hcd.0: Device attached
[ 1096.266526][T20995] 9p: Bad value for 'cache'
[ 1096.484129][   T24] usb 44-1: SetAddress Request (93) to port 0
[ 1096.488416][   T24] usb 44-1: new SuperSpeed USB device number 93 using vhci_hcd
[ 1096.751708][T20989] vhci_hcd: connection reset by peer
[ 1096.753636][   T46] vhci_hcd vhci_hcd.3: stop threads
[ 1096.755865][   T46] vhci_hcd vhci_hcd.3: release socket
[ 1096.764174][   T46] vhci_hcd vhci_hcd.3: disconnect device
[ 1096.851395][T21022] lo speed is unknown, defaulting to 1000
[ 1096.861648][T21029] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4008'.
[ 1097.052817][T21043] fuse: Bad value for 'fd'
[ 1097.209054][T21052] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4015'.
[ 1097.247092][T21049] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1097.249212][T21049] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1097.274685][T21049] vhci_hcd vhci_hcd.0: Device attached
[ 1097.278699][T21049] random: crng reseeded on system resumption
[ 1097.348827][T21049] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[ 1097.544407][T21063] 9p: Bad value for 'cache'
[ 1097.544647][  T841] usb 38-1: SetAddress Request (83) to port 0
[ 1097.549029][  T841] usb 38-1: new SuperSpeed USB device number 83 using vhci_hcd
[ 1097.738753][T21069] lo speed is unknown, defaulting to 1000
[ 1097.938890][T21053] vhci_hcd: connection reset by peer
[ 1097.941020][T14629] vhci_hcd vhci_hcd.0: stop threads
[ 1097.942745][T14629] vhci_hcd vhci_hcd.0: release socket
[ 1097.944892][T14629] vhci_hcd vhci_hcd.0: disconnect device
[ 1097.960167][   T29] IPVS: starting estimator thread 0...
[ 1097.964605][T21077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4023'.
[ 1098.054309][T21078] IPVS: using max 43 ests per chain, 103200 per kthread
[ 1098.077413][T21081] syzkaller0: entered promiscuous mode
[ 1098.079344][T21081] syzkaller0: entered allmulticast mode
[ 1098.415754][T21095] lo speed is unknown, defaulting to 1000
[ 1098.650443][T21105] lo speed is unknown, defaulting to 1000
[ 1099.020592][T21121] 9p: Bad value for 'cache'
[ 1099.215835][   T29] kernel read not supported for file /dsp1 (pid: 29 comm: kworker/1:0)
[ 1099.803510][T21139] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1099.805567][T21139] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1099.808409][T21139] vhci_hcd vhci_hcd.0: Device attached
[ 1099.841840][T21148] vhci_hcd: connection closed
[ 1099.842404][   T46] vhci_hcd vhci_hcd.0: stop threads
[ 1099.846068][   T46] vhci_hcd vhci_hcd.0: release socket
[ 1099.847984][   T46] vhci_hcd vhci_hcd.0: disconnect device
[ 1099.855978][T21137] lo speed is unknown, defaulting to 1000
[ 1100.651244][T21168] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1100.653960][T21168] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1100.661295][T21168] vhci_hcd vhci_hcd.0: Device attached
[ 1100.831214][T21182] lo speed is unknown, defaulting to 1000
[ 1100.912037][T21186] 9p: Bad value for 'cache'
[ 1100.924461][T21185] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1101.301684][T21173] vhci_hcd: connection closed
[ 1101.302040][   T61] vhci_hcd vhci_hcd.0: stop threads
[ 1101.311625][   T61] vhci_hcd vhci_hcd.0: release socket
[ 1101.317312][   T61] vhci_hcd vhci_hcd.0: disconnect device
[ 1101.548074][   T24] usb 44-1: device descriptor read/8, error -110
[ 1101.961742][   T24] usb usb44-port1: attempt power cycle
[ 1102.140468][T21222] lo speed is unknown, defaulting to 1000
[ 1102.546960][   T24] usb usb44-port1: unable to enumerate USB device
[ 1102.586787][  T841] usb 38-1: device descriptor read/8, error -110
[ 1102.975553][  T841] usb usb38-port1: attempt power cycle
[ 1103.206859][T21240] 9p: Bad value for 'cache'
[ 1103.239055][T21247] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4070'.
[ 1103.513675][T21257] tipc: Started in network mode
[ 1103.515647][T21257] tipc: Node identity 4a9352b0c04b, cluster identity 4711
[ 1103.517939][T21257] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1103.522440][T21258] syzkaller0: entered promiscuous mode
[ 1103.524274][T21258] syzkaller0: entered allmulticast mode
[ 1103.546354][  T841] usb usb38-port1: unable to enumerate USB device
[ 1103.560091][T21261] tipc: Resetting bearer <eth:syzkaller0>
[ 1103.572045][T21261] tipc: Resetting bearer <eth:syzkaller0>
[ 1103.581226][T21261] tipc: Disabling bearer <eth:syzkaller0>
[ 1103.664940][T21266] lo speed is unknown, defaulting to 1000
[ 1104.211219][ T6326] libceph: connect (1)[c::]:6789 error -101
[ 1104.213322][ T6326] libceph: mon0 (1)[c::]:6789 connect error
[ 1104.263115][T21288] ceph: No mds server is up or the cluster is laggy
[ 1105.327941][T21298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4084'.
[ 1105.365728][T21286] 9p: Bad value for 'cache'
[ 1105.378518][T21303] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1105.424520][T21296] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1105.426866][T21296] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1105.440897][T21296] vhci_hcd vhci_hcd.0: Device attached
[ 1105.588584][T21306] vhci_hcd: connection closed
[ 1105.588824][T15540] vhci_hcd vhci_hcd.0: stop threads
[ 1105.588842][T15540] vhci_hcd vhci_hcd.0: release socket
[ 1105.588855][T15540] vhci_hcd vhci_hcd.0: disconnect device
[ 1107.018313][T21348] netlink: 190972 bytes leftover after parsing attributes in process `syz.1.4103'.
[ 1107.315061][T21354] vxcan0: tx address claim with dest, not broadcast
[ 1108.652641][T21372] lo speed is unknown, defaulting to 1000
[ 1108.880379][T21376] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4108'.
[ 1108.920612][T21376] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1108.923042][T21376] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1108.987981][T21376] vhci_hcd vhci_hcd.0: Device attached
[ 1109.275529][ T6001] usb 44-1: SetAddress Request (97) to port 0
[ 1109.278144][ T6001] usb 44-1: new SuperSpeed USB device number 97 using vhci_hcd
[ 1109.373993][T21380] vhci_hcd: connection reset by peer
[ 1109.377467][   T13] vhci_hcd vhci_hcd.3: stop threads
[ 1109.379726][   T13] vhci_hcd vhci_hcd.3: release socket
[ 1109.387295][   T13] vhci_hcd vhci_hcd.3: disconnect device
[ 1109.480817][T21393] syzkaller0: entered promiscuous mode
[ 1109.482747][T21393] syzkaller0: entered allmulticast mode
[ 1110.625319][T21412] __vm_enough_memory: pid: 21412, comm: syz.2.4122, bytes: 4294963200 not enough memory for the allocation
[ 1110.719880][T21416] lo speed is unknown, defaulting to 1000
[ 1111.242750][T21428] syzkaller0: entered promiscuous mode
[ 1111.249743][T21428] syzkaller0: entered allmulticast mode
[ 1111.468018][T21444] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.4133'.
[ 1112.383253][T21456] lo speed is unknown, defaulting to 1000
[ 1112.517562][T21464] netlink: 'syz.0.4139': attribute type 1 has an invalid length.
[ 1112.520019][T21464] netlink: 'syz.0.4139': attribute type 2 has an invalid length.
[ 1112.658461][T21478] netlink: 'syz.1.4145': attribute type 1 has an invalid length.
[ 1112.680803][T21478] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1112.701457][T21478] bond3: (slave geneve2): making interface the new active one
[ 1112.704841][T21478] bond3: (slave geneve2): Enslaving as an active interface with an up link
[ 1112.730903][T21478] 9p: Bad value for 'rfdno'
[ 1113.412031][T21492] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1113.414608][T21492] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1113.418063][T21492] vhci_hcd vhci_hcd.0: Device attached
[ 1113.555121][T21502] lo speed is unknown, defaulting to 1000
[ 1113.774320][T21511] netlink: 'syz.0.4155': attribute type 10 has an invalid length.
[ 1113.848963][T21514] netlink: 'syz.0.4155': attribute type 10 has an invalid length.
[ 1114.107479][T21493] vhci_hcd: connection closed
[ 1114.107845][T15540] vhci_hcd vhci_hcd.3: stop threads
[ 1114.116172][T15540] vhci_hcd vhci_hcd.3: release socket
[ 1114.126025][T15540] vhci_hcd vhci_hcd.3: disconnect device
[ 1114.277286][T21532] lo speed is unknown, defaulting to 1000
[ 1114.813228][T21536] 9p: Bad value for 'wfdno'
[ 1114.821522][T21536] Mount JFS Failure: -22
[ 1114.823027][T21536] jfs_mount failed w/return code = -22
[ 1115.042532][ T6001] usb 44-1: device descriptor read/8, error -110
[ 1115.607005][T21550] 9p: Bad value for 'rfdno'
[ 1115.704834][T21562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4170'.
[ 1115.709458][T21563] lo speed is unknown, defaulting to 1000
[ 1115.847269][ T6001] usb usb44-port1: attempt power cycle
[ 1116.246085][T21587] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4174'.
[ 1116.417007][ T6001] usb usb44-port1: unable to enumerate USB device
[ 1116.692446][T21605] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1116.695212][T21605] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1116.741891][T21605] vhci_hcd vhci_hcd.0: Device attached
[ 1117.016391][T12366] usb 38-1: SetAddress Request (87) to port 0
[ 1117.019099][T12366] usb 38-1: new SuperSpeed USB device number 87 using vhci_hcd
[ 1117.345335][T21608] vhci_hcd: connection reset by peer
[ 1117.347952][   T13] vhci_hcd vhci_hcd.0: stop threads
[ 1117.350199][   T13] vhci_hcd vhci_hcd.0: release socket
[ 1117.353542][   T13] vhci_hcd vhci_hcd.0: disconnect device
[ 1117.483801][T21653] 9p: Bad value for 'cache'
[ 1117.572142][T21661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4197'.
[ 1117.853023][   T40] kauditd_printk_skb: 74 callbacks suppressed
[ 1117.853036][   T40] audit: type=1804 audit(1775345467.890:862): pid=21670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4201" name="/newroot/418/file0/file0" dev="9p" ino=79692003 res=1 errno=0
[ 1118.001497][T21664] x_tables: duplicate underflow at hook 1
[ 1118.255701][T21679] overlayfs: failed to clone upperpath
[ 1119.595164][T21713] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4214'.
[ 1120.684972][T21739] 9p: Bad value for 'cache'
[ 1120.749634][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[ 1120.752315][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[ 1120.762893][T21742] lo speed is unknown, defaulting to 1000
[ 1120.841330][T21735] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1121.625964][T21764] fuse: Bad value for 'group_id'
[ 1121.629863][T21764] fuse: Bad value for 'group_id'
[ 1122.107219][T12366] usb 38-1: device descriptor read/8, error -110
[ 1122.388366][T21788] 9p: Bad value for 'cache'
[ 1122.498057][T12366] usb usb38-port1: attempt power cycle
[ 1122.643912][T21792] fuse: Bad value for 'group_id'
[ 1122.645498][T21792] fuse: Bad value for 'group_id'
[ 1122.860854][   T40] audit: type=1800 audit(1775345472.899:863): pid=21804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4240" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1122.976735][T21808] 9p: Bad value for 'rfdno'
[ 1123.057951][   T40] audit: type=1800 audit(1775345473.099:864): pid=21817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4245" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1123.066695][T21817] FAULT_INJECTION: forcing a failure.
[ 1123.066695][T21817] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1123.067529][T12366] usb usb38-port1: unable to enumerate USB device
[ 1123.070943][T21817] CPU: 3 UID: 0 PID: 21817 Comm: syz.3.4245 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1123.070961][T21817] Tainted: [L]=SOFTLOCKUP
[ 1123.071004][T21817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1123.071011][T21817] Call Trace:
[ 1123.071016][T21817]  <TASK>
[ 1123.071021][T21817]  dump_stack_lvl+0x100/0x190
[ 1123.071046][T21817]  should_fail_ex.cold+0x5/0xa
[ 1123.071064][T21817]  _copy_to_user+0x32/0xd0
[ 1123.071173][T21817]  simple_read_from_buffer+0xcb/0x170
[ 1123.071217][T21817]  proc_fail_nth_read+0x1af/0x230
[ 1123.071301][T21817]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1123.071318][T21817]  ? rw_verify_area+0xce/0x6d0
[ 1123.071336][T21817]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1123.071351][T21817]  vfs_read+0x1e4/0xb30
[ 1123.071364][T21817]  ? __pfx_vfs_read+0x10/0x10
[ 1123.071374][T21817]  ? find_held_lock+0x2b/0x80
[ 1123.071388][T21817]  ? __fget_files+0x215/0x3d0
[ 1123.071402][T21817]  ? __fget_files+0x21f/0x3d0
[ 1123.071417][T21817]  ksys_read+0x12a/0x250
[ 1123.071429][T21817]  ? __pfx_ksys_read+0x10/0x10
[ 1123.071444][T21817]  do_int80_emulation+0x141/0x6b0
[ 1123.071461][T21817]  asm_int80_emulation+0x1a/0x20
[ 1123.071473][T21817] RIP: 0023:0xf7115cab
[ 1123.071483][T21817] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1123.071495][T21817] RSP: 002b:00000000f53d64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1123.071507][T21817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f53d65d0
[ 1123.071514][T21817] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[ 1123.071521][T21817] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1123.071528][T21817] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1123.071534][T21817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1123.071548][T21817]  </TASK>
[ 1124.574740][T21835] 9p: Bad value for 'rfdno'
[ 1124.637465][T21839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1125.144770][T21843] lo speed is unknown, defaulting to 1000
[ 1125.311980][T21848] loop5: detected capacity change from 0 to 4096
[ 1125.551380][   T40] audit: type=1326 audit(1775345475.589:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21852 comm="syz.2.4256" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x0
[ 1125.599952][T21859] cgroup: Unknown subsys name 'dont_measure'
[ 1125.755661][T21870] 9p: Bad value for 'rfdno'
[ 1125.788762][T21878] overlayfs: failed to resolve './file1': -2
[ 1125.875712][T21882] lo speed is unknown, defaulting to 1000
[ 1126.205453][T21893] netlink: 'syz.3.4265': attribute type 9 has an invalid length.
[ 1126.550792][T21915] lo speed is unknown, defaulting to 1000
[ 1126.657159][T21921] loop5: detected capacity change from 0 to 4096
[ 1127.579131][T21946] fuse: Bad value for 'group_id'
[ 1127.581408][T21946] fuse: Bad value for 'group_id'
[ 1130.497488][T21963] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1130.865175][T21989] netlink: 'syz.0.4293': attribute type 1 has an invalid length.
[ 1130.869717][T21989] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4293'.
[ 1133.056059][T22022] lo: Caught tx_queue_len zero misconfig
[ 1133.062593][T22022] Device name cannot be null; rc = [-22]
[ 1133.418918][T22037] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4307'.
[ 1133.549201][T22044] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4310'.
[ 1134.824087][T22057] syz_tun: entered allmulticast mode
[ 1134.921696][T22026] x_tables: duplicate underflow at hook 1
[ 1134.929194][T22026] hub 8-0:1.0: USB hub found
[ 1134.933016][T22026] hub 8-0:1.0: 1 port detected
[ 1135.393842][T22066] fuse: Unknown parameter 'grou00000000000000000000'
[ 1135.547236][T22062] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1136.030468][T22089] 9p: Bad value for 'cache'
[ 1136.746206][T22104] fuse: Unknown parameter 'grou00000000000000000000'
[ 1136.885181][T22116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4329'.
[ 1136.997754][T22123] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1137.408659][T22129] 9p: Bad value for 'cache'
[ 1137.752483][   T40] audit: type=1326 audit(1775345487.787:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.759344][   T40] audit: type=1326 audit(1775345487.787:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.765364][   T40] audit: type=1326 audit(1775345487.787:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=278 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.771906][   T40] audit: type=1326 audit(1775345487.787:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.778031][   T40] audit: type=1326 audit(1775345487.787:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.784599][   T40] audit: type=1326 audit(1775345487.787:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.792120][   T40] audit: type=1326 audit(1775345487.797:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.800696][   T40] audit: type=1326 audit(1775345487.797:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.806821][   T40] audit: type=1326 audit(1775345487.807:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1137.813340][   T40] audit: type=1326 audit(1775345487.807:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22132 comm="syz.3.4338" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15f6c code=0x7ffc0000
[ 1138.445354][T22138] fuse: Unknown parameter 'grou00000000000000000000'
[ 1139.397240][T22169] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1139.402586][T22171] 9p: Bad value for 'cache'
[ 1139.899044][ T6001] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1140.060523][ T6001] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1140.063589][ T6001] usb 5-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 1140.067172][ T6001] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1140.070383][ T6001] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1140.074961][ T6001] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1140.078654][ T6001] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1140.083914][ T6001] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1140.087201][ T6001] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1140.090203][ T6001] usb 5-1: Product: syz
[ 1140.091663][ T6001] usb 5-1: Manufacturer: syz
[ 1140.099887][T22190] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1140.103831][ T6001] cdc_wdm 5-1:1.0: skipping garbage
[ 1140.105620][ T6001] cdc_wdm 5-1:1.0: skipping garbage
[ 1140.108678][ T6001] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 1140.111476][ T6001] cdc_wdm 5-1:1.0: Unknown control protocol
[ 1140.277457][T22197] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1140.317485][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.320363][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.323555][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.326629][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.329678][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.331915][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.334100][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.336408][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.339486][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.342012][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.344306][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.346951][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.349942][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.351417][T22198] lo speed is unknown, defaulting to 1000
[ 1140.353067][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.353299][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[ 1140.360163][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[ 1140.362297][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[ 1140.379775][   T24] usb 5-1: USB disconnect, device number 46
[ 1140.394334][T22200] can0: slcan on ttyS3.
[ 1140.489412][T22200] can0 (unregistered): slcan off ttyS3.
[ 1140.941293][T22225] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1141.110975][T22231] 9p: Bad value for 'cache'
[ 1141.123061][T22230] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1141.254454][T22233] Bluetooth: hci0: unsupported parameter 255
[ 1141.258237][T22233] Bluetooth: hci0: unsupported parameter 255
[ 1141.742304][T22249] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1141.927968][T22255] Bluetooth: hci0: unsupported parameter 255
[ 1141.932755][T22255] Bluetooth: hci0: unsupported parameter 255
[ 1142.601145][T22276] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4384'.
[ 1142.767269][T22283] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1142.779273][T22281] Device name cannot be null; rc = [-22]
[ 1143.991599][T22293] lo speed is unknown, defaulting to 1000
[ 1144.362137][T22285] x_tables: duplicate underflow at hook 1
[ 1144.523356][T22305] netlink: 276 bytes leftover after parsing attributes in process `syz.3.4394'.
[ 1144.566886][T22309] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1144.617043][T22314] team0: entered allmulticast mode
[ 1144.619504][T22314] team_slave_0: entered allmulticast mode
[ 1144.621722][T22314] team_slave_1: entered allmulticast mode
[ 1144.697190][T22316] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4398'.
[ 1144.725115][T22303] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.4393'.
[ 1145.775095][T22354] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4410'.
[ 1145.840597][T22357] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4411'.
[ 1146.021974][T22369] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4416'.
[ 1146.027841][T22369] input: syz1 as /devices/virtual/input/input31
[ 1147.487174][T22386] fuse: Bad value for 'user_id'
[ 1147.488866][T22386] fuse: Bad value for 'user_id'
[ 1147.588410][T22391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4421'.
[ 1147.638490][  T100] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1147.816577][T22400] lo: Caught tx_queue_len zero misconfig
[ 1147.827448][T22400] Device name cannot be null; rc = [-22]
[ 1147.906732][T22408] netlink: 'syz.1.4427': attribute type 11 has an invalid length.
[ 1147.909259][T22408] netlink: 199788 bytes leftover after parsing attributes in process `syz.1.4427'.
[ 1147.960947][T22409] 9p: Bad value for 'cache'
[ 1147.973394][T22411] fuse: Bad value for 'user_id'
[ 1147.975006][T22411] fuse: Bad value for 'user_id'
[ 1148.011261][T22416] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4431'.
[ 1148.279219][T22427] lo speed is unknown, defaulting to 1000
[ 1148.346837][T22428] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1148.995325][T22443] netlink: 'syz.3.4438': attribute type 1 has an invalid length.
[ 1149.080497][T22447] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1149.085073][T22447] veth1_to_bond: entered allmulticast mode
[ 1149.102708][T22446] tipc: Disabling bearer <eth:syzkaller0>
[ 1149.110330][T22452] fuse: Bad value for 'fd'
[ 1149.111998][T22450] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4442'.
[ 1149.290562][T22462] netlink: 'syz.2.4446': attribute type 13 has an invalid length.
[ 1149.878322][T22495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4453'.
[ 1150.118081][T22520] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4460'.
[ 1150.264015][T22528] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4462'.
[ 1150.301582][ T1340] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1150.452457][ T1340] usb 5-1: config 0 has no interfaces?
[ 1150.459083][ T1340] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1150.474045][ T1340] usb 5-1: New USB device strings: Mfr=1, Product=34, SerialNumber=11
[ 1150.479144][ T1340] usb 5-1: Product: syz
[ 1150.480594][ T1340] usb 5-1: Manufacturer: syz
[ 1150.482063][ T1340] usb 5-1: SerialNumber: syz
[ 1150.492411][ T1340] usb 5-1: config 0 descriptor??
[ 1150.714691][ T6001] usb 5-1: USB disconnect, device number 47
[ 1150.777442][T22532] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:7f00:0001 with DS=0xb
[ 1151.310326][    C2] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1152.425157][T22564] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4471'.
[ 1153.464165][T22592] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1153.545912][T22588] ptrace attach of "/syz-executor exec"[22597] was attempted by "/syz-executor exec"[22588]
[ 1153.585352][T22601] nfs: Unknown parameter 'nointr�PY��zK��o���)U���\'�.�lj��Fz�'
[ 1156.477909][T22653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4493'.
[ 1156.544978][T22656] netlink: 'syz.2.4494': attribute type 13 has an invalid length.
[ 1156.628705][T22661] 9p: Bad value for 'rfdno'
[ 1156.637652][T22663] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4496'.
[ 1156.672631][T22661] netlink: 'syz.1.4495': attribute type 23 has an invalid length.
[ 1158.637150][T22701] 9p: Bad value for 'wfdno'
[ 1158.713798][T22705] netlink: 'syz.0.4505': attribute type 13 has an invalid length.
[ 1158.742692][T22705] netlink: 'syz.0.4505': attribute type 1 has an invalid length.
[ 1159.151027][    C2] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[ 1159.404950][T22717] lo speed is unknown, defaulting to 1000
[ 1159.457798][T22721] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1159.921899][T22728] FAULT_INJECTION: forcing a failure.
[ 1159.921899][T22728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1159.926655][T22728] CPU: 1 UID: 0 PID: 22728 Comm: syz.0.4511 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1159.926683][T22728] Tainted: [L]=SOFTLOCKUP
[ 1159.926690][T22728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1159.926699][T22728] Call Trace:
[ 1159.926706][T22728]  <TASK>
[ 1159.926714][T22728]  dump_stack_lvl+0x100/0x190
[ 1159.926753][T22728]  should_fail_ex.cold+0x5/0xa
[ 1159.926777][T22728]  _copy_to_user+0x32/0xd0
[ 1159.926806][T22728]  simple_read_from_buffer+0xcb/0x170
[ 1159.926860][T22728]  proc_fail_nth_read+0x1af/0x230
[ 1159.926887][T22728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1159.926911][T22728]  ? rw_verify_area+0xce/0x6d0
[ 1159.926940][T22728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1159.926963][T22728]  vfs_read+0x1e4/0xb30
[ 1159.926985][T22728]  ? __pfx_vfs_read+0x10/0x10
[ 1159.927000][T22728]  ? find_held_lock+0x2b/0x80
[ 1159.927021][T22728]  ? __fget_files+0x215/0x3d0
[ 1159.927045][T22728]  ? __fget_files+0x21f/0x3d0
[ 1159.927071][T22728]  ksys_read+0x12a/0x250
[ 1159.927089][T22728]  ? __pfx_ksys_read+0x10/0x10
[ 1159.927115][T22728]  do_int80_emulation+0x141/0x6b0
[ 1159.927143][T22728]  asm_int80_emulation+0x1a/0x20
[ 1159.927161][T22728] RIP: 0023:0xf71a5cab
[ 1159.927176][T22728] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1159.927191][T22728] RSP: 002b:00000000f545d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 1159.927210][T22728] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f545d5d0
[ 1159.927220][T22728] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[ 1159.927229][T22728] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1159.927239][T22728] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1159.927248][T22728] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1159.927270][T22728]  </TASK>
[ 1160.094143][T22737] netlink: 84 bytes leftover after parsing attributes in process `syz.2.4516'.
[ 1160.124371][T22740] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4515'.
[ 1160.291273][T22759] 9p: Bad value for 'wfdno'
[ 1160.621095][ T6001] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[ 1160.772233][ T6001] usb 8-1: Using ep0 maxpacket: 8
[ 1160.777129][ T6001] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[ 1160.780458][ T6001] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1160.785454][ T6001] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1160.789406][ T6001] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1160.794142][ T6001] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1160.798417][ T6001] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1160.803666][ T6001] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1160.806463][ T6001] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1160.857455][T22791] 9p: Bad value for 'wfdno'
[ 1161.032909][ T6001] usb 8-1: usb_control_msg returned -32
[ 1161.035215][ T6001] usbtmc 8-1:16.0: can't read capabilities
[ 1161.088446][T16733] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1161.095608][T16733] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1161.099613][T16733] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1161.103720][T16733] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1161.107559][T16733] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1161.120425][ T5936] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1161.137627][ T5936] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1161.140450][ T5936] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1161.144283][ T5936] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1161.147404][ T5936] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1161.188297][T22793] lo speed is unknown, defaulting to 1000
[ 1161.385050][T22802] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -71
[ 1161.388074][T22802] usbtmc 8-1:16.0: usb_control_msg returned -32
[ 1161.391600][T12366] usb 8-1: USB disconnect, device number 26
[ 1161.400731][T22800] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[ 1161.482954][T22793] chnl_net:caif_netlink_parms(): no params data found
[ 1161.499070][   T13] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1161.583132][T22793] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1161.585708][T22793] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1161.588605][T22793] bridge_slave_0: entered allmulticast mode
[ 1161.591519][T22793] bridge_slave_0: entered promiscuous mode
[ 1161.595963][T22793] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1161.598975][T22793] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1161.602275][T22793] bridge_slave_1: entered allmulticast mode
[ 1161.606471][T22793] bridge_slave_1: entered promiscuous mode
[ 1161.615433][   T13] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1161.645233][T22793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1161.650818][T22793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1161.677903][T22793] team0: Port device team_slave_0 added
[ 1161.685033][   T13] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1161.699115][T22793] team0: Port device team_slave_1 added
[ 1161.722218][T22793] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1161.725114][T22793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1161.735729][T22793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1161.741697][T22793] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1161.744531][T22793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1161.754328][T22793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1161.760552][   T13] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1161.792048][T22793] hsr_slave_0: entered promiscuous mode
[ 1161.794477][T22793] hsr_slave_1: entered promiscuous mode
[ 1161.797068][T22793] debugfs: 'hsr0' already exists in 'hsr'
[ 1161.799193][T22793] Cannot create hsr debugfs directory
[ 1161.994456][   T13] batman_adv: batadv0: Interface deactivated: ip6gretap1
[ 1162.070688][   T13] batman_adv: batadv0: Removing interface: ip6gretap1
[ 1162.120304][   T13] dvmrp8 (unregistering): left allmulticast mode
[ 1162.125298][   T13] dvmrp0 (unregistering): left allmulticast mode
[ 1162.529663][T22826] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4538'.
[ 1163.233319][T16733] Bluetooth: hci3: command tx timeout
[ 1165.311949][T16733] Bluetooth: hci3: command tx timeout
[ 1165.446855][   T13] bond0 (unregistering): Released all slaves
[ 1165.455018][   T13] bond1 (unregistering): Released all slaves
[ 1165.466473][   T13] bond2 (unregistering): Released all slaves
[ 1165.496404][T22822] vlan2: entered promiscuous mode
[ 1165.498168][T22822] vlan2: entered allmulticast mode
[ 1165.499822][T22822] hsr_slave_1: entered allmulticast mode
[ 1165.528110][T22823] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4538'.
[ 1165.625592][T22834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4539'.
[ 1165.633547][T22832] [U] 
[ 1165.634464][T22832] [U] 
[ 1165.634954][   T13] tipc: Left network mode
[ 1165.635362][T22832] [U] 
[ 1165.638269][T22832] [U] y�4���-��bN����e��c��
[ 1165.639879][T22832] [U] 3�z�~����[̈́)T��Ѫ�B�yOE�����Ie�ro��kE_̢x���Tk�_����wt��
[ 1165.643024][T22832] [U] R��	
[ 1165.644113][T22832] [U] 
[ 1165.644995][T22832] [U] 
[ 1165.645846][T22832] [U] 
[ 1165.652977][T22832] [U] 
[ 1165.653912][T22832] [U] 
[ 1165.654748][T22832] [U] 
[ 1165.655632][T22832] [U] 
[ 1165.656541][T22832] [U] 
[ 1165.657476][T22832] [U] 
[ 1165.658370][T22832] [U] 
[ 1165.659282][T22832] [U] 
[ 1165.660290][T22832] [U] 
[ 1165.661264][T22832] [U] 
[ 1165.662501][T22832] [U] 
[ 1165.663548][T22832] [U] 
[ 1165.665013][T22832] [U] 
[ 1165.665983][T22832] [U] 
[ 1165.666871][T22832] [U] 
[ 1165.667778][T22832] [U] 
[ 1165.668804][T22832] [U] 
[ 1165.669715][T22832] [U] 
[ 1165.670595][T22832] [U] 
[ 1165.671518][T22832] [U] 
[ 1165.672481][T22832] [U] 
[ 1165.673529][T22832] [U] 
[ 1165.674420][T22832] [U] 
[ 1165.675400][T22832] [U] 
[ 1165.676487][T22832] [U] 
[ 1165.677607][T22832] [U] 
[ 1165.678494][T22832] [U] 
[ 1165.679374][T22832] [U] 
[ 1165.680258][T22832] [U] 
[ 1165.681265][T22832] [U] 
[ 1165.682185][T22832] [U] 
[ 1165.683070][T22832] [U] 
[ 1165.683975][T22832] [U] 
[ 1165.685815][T22832] [U] 
[ 1165.687023][T22832] [U] 
[ 1165.688217][T22832] [U] 
[ 1165.688399][T22836] random: crng reseeded on system resumption
[ 1165.689266][T22832] [U] 
[ 1165.689348][T22832] [U] 
[ 1165.693770][T22832] [U] 
[ 1165.694654][T22832] [U] 
[ 1165.695539][T22832] [U] 
[ 1165.704524][   T40] kauditd_printk_skb: 54 callbacks suppressed
[ 1165.704536][   T40] audit: type=1326 audit(1775345515.734:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22831 comm="syz.0.4540" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x0
[ 1165.713400][T22832] [U] 
[ 1165.714318][T22832] [U] 
[ 1165.715208][T22832] [U] 
[ 1165.716098][T22832] [U] 
[ 1165.717040][T22832] [U] 
[ 1165.718051][T22832] [U] 
[ 1165.718950][T22832] [U] 
[ 1165.719838][T22832] [U] 
[ 1165.721058][T22832] [U] 
[ 1165.722014][T22832] [U] 
[ 1165.722905][T22832] [U] 
[ 1165.723809][T22832] [U] 
[ 1165.724844][T22832] [U] 
[ 1165.725771][T22832] [U] 
[ 1165.726658][T22832] [U] 
[ 1165.727571][T22832] [U] 
[ 1165.728653][T22832] [U] 
[ 1165.729608][T22832] [U] 
[ 1165.730488][T22832] [U] 
[ 1165.731375][T22832] [U] 
[ 1165.732601][T22832] [U] 
[ 1165.733551][T22832] [U] 
[ 1165.734438][T22832] [U] 
[ 1165.735327][T22832] [U] 
[ 1165.740629][T22832] [U] 
[ 1165.741693][T22832] [U] 
[ 1165.742611][T22832] [U] 
[ 1165.743551][T22832] [U] 
[ 1165.744576][T22832] [U] 
[ 1165.745489][T22832] [U] 
[ 1165.746374][T22832] [U] 
[ 1165.747272][T22832] [U] 
[ 1165.750421][T22832] [U] 
[ 1165.751385][T22832] [U] 
[ 1165.752301][T22832] [U] 
[ 1165.753221][T22832] [U] 
[ 1165.754603][T22832] [U] 
[ 1165.755492][T22832] [U] 
[ 1165.756396][T22832] [U] 
[ 1165.757327][T22832] [U] 
[ 1165.761791][T22832] [U] 
[ 1165.762698][T22832] [U] 
[ 1165.763613][T22832] [U] 
[ 1165.764561][T22832] [U] 
[ 1165.767378][T22832] [U] 
[ 1165.768298][T22832] [U] 
[ 1165.769202][T22832] [U] 
[ 1165.770085][T22832] [U] 
[ 1165.771869][T22832] [U] 
[ 1165.772970][T22832] [U] 
[ 1165.773961][T22832] [U] 
[ 1165.774901][T22832] [U] 
[ 1165.776099][T22832] [U] 
[ 1165.777094][T22832] [U] 
[ 1165.778076][T22832] [U] 
[ 1165.779061][T22832] [U] 
[ 1165.780303][T22832] [U] 
[ 1165.781039][T22841] loop5: detected capacity change from 0 to 7
[ 1165.781250][T22832] [U] 
[ 1165.784425][T22832] [U] 
[ 1165.785421][T22832] [U] 
[ 1165.808480][T22832] [U] 
[ 1165.809490][T22832] [U] 
[ 1165.810406][T22832] [U] 
[ 1165.811316][T22832] [U] 
[ 1165.817816][T22832] [U] 
[ 1165.818756][T22832] [U] 
[ 1165.819677][T22832] [U] 
[ 1165.820626][T22832] [U] 
[ 1165.823114][T22832] [U] 
[ 1165.824069][T22832] [U] 
[ 1165.825015][T22832] [U] 
[ 1165.825984][T22832] [U] 
[ 1165.827046][T22832] [U] 
[ 1165.828078][T22832] [U] 
[ 1165.828979][T22832] [U] 
[ 1165.829904][T22832] [U] 
[ 1165.830853][T22832] [U] 
[ 1165.831772][T22832] [U] 
[ 1165.832670][T22832] [U] 
[ 1165.869013][T22831] [U] 
[ 1165.975966][T22841] Dev loop5: unable to read RDB block 7
[ 1165.977842][T22841]  loop5: unable to read partition table
[ 1165.982972][T22841] loop5: partition table beyond EOD, truncated
[ 1165.990358][T22841] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1166.140807][T22793] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1166.167598][T22793] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1166.174290][T22793] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1166.193266][T22793] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1166.257055][   T13] hsr_slave_0: left promiscuous mode
[ 1166.259994][   T13] hsr_slave_1: left promiscuous mode
[ 1166.273579][   T13] veth1_macvtap: left promiscuous mode
[ 1166.275429][   T13] veth0_macvtap: left promiscuous mode
[ 1166.277606][   T13] veth1_vlan: left promiscuous mode
[ 1166.279312][   T13] veth0_vlan: left promiscuous mode
[ 1166.413175][T22866] /dev/sr0: Can't open blockdev
[ 1166.442252][T22868] netlink: 'syz.1.4546': attribute type 13 has an invalid length.
[ 1166.749458][T22877] netlink: 'syz.1.4547': attribute type 13 has an invalid length.
[ 1166.841013][T22793] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1166.863437][T22793] 8021q: adding VLAN 0 to HW filter on device team0
[ 1166.885307][  T100] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1166.888082][  T100] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1166.901299][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1166.904470][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1166.964843][   T13] IPVS: stop unused estimator thread 0...
[ 1167.129562][T22793] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1167.154311][T22793] veth0_vlan: entered promiscuous mode
[ 1167.160104][T22793] veth1_vlan: entered promiscuous mode
[ 1167.177731][T22793] veth0_macvtap: entered promiscuous mode
[ 1167.182654][T22793] veth1_macvtap: entered promiscuous mode
[ 1167.191256][T22793] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1167.200769][T22793] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1167.209721][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1167.213184][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1167.218498][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1167.221338][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1167.297645][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1167.300904][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1167.330299][T14629] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1167.339962][T14629] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1167.391988][T16733] Bluetooth: hci3: command tx timeout
[ 1167.561672][T22902] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1167.563943][T22902] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1167.592224][T22902] vhci_hcd vhci_hcd.0: Device attached
[ 1167.596538][T22905] vhci_hcd: connection closed
[ 1167.596745][  T100] vhci_hcd vhci_hcd.2: stop threads
[ 1167.600114][  T100] vhci_hcd vhci_hcd.2: release socket
[ 1167.612727][  T100] vhci_hcd vhci_hcd.2: disconnect device
[ 1168.205556][T22911] netlink: 'syz.2.4554': attribute type 13 has an invalid length.
[ 1168.269101][T22911] ==================================================================
[ 1168.271632][T22911] BUG: KASAN: slab-out-of-bounds in try_module_get+0x4c/0xd0
[ 1168.273970][T22911] Write of size 4 at addr ffff888020ee8f08 by task syz.2.4554/22911
[ 1168.276884][T22911] 
[ 1168.278572][T22911] CPU: 3 UID: 0 PID: 22911 Comm: syz.2.4554 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1168.278591][T22911] Tainted: [L]=SOFTLOCKUP
[ 1168.278596][T22911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1168.278603][T22911] Call Trace:
[ 1168.278609][T22911]  <TASK>
[ 1168.278614][T22911]  dump_stack_lvl+0x100/0x190
[ 1168.278637][T22911]  print_report+0x156/0x4c9
[ 1168.278657][T22911]  ? __virt_addr_valid+0x81/0x620
[ 1168.278706][T22911]  ? __phys_addr+0xe8/0x180
[ 1168.278721][T22911]  ? try_module_get+0x4c/0xd0
[ 1168.278734][T22911]  kasan_report+0xdf/0x1e0
[ 1168.278749][T22911]  ? try_module_get+0x4c/0xd0
[ 1168.278763][T22911]  kasan_check_range+0x10f/0x1e0
[ 1168.278777][T22911]  try_module_get+0x4c/0xd0
[ 1168.278789][T22911]  dvb_device_open+0x124/0x3b0
[ 1168.278920][T22911]  ? __pfx_dvb_device_open+0x10/0x10
[ 1168.278933][T22911]  chrdev_open+0x234/0x6a0
[ 1168.278946][T22911]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1168.278979][T22911]  ? __pfx_chrdev_open+0x10/0x10
[ 1168.278993][T22911]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1168.279009][T22911]  do_dentry_open+0x6d8/0x1660
[ 1168.279023][T22911]  ? __pfx_chrdev_open+0x10/0x10
[ 1168.279037][T22911]  vfs_open+0x82/0x3f0
[ 1168.279052][T22911]  path_openat+0x208c/0x31a0
[ 1168.279068][T22911]  ? asm_int80_emulation+0x1a/0x20
[ 1168.279081][T22911]  ? __pfx_path_openat+0x10/0x10
[ 1168.279095][T22911]  do_file_open+0x20e/0x430
[ 1168.279108][T22911]  ? __pfx_do_file_open+0x10/0x10
[ 1168.279124][T22911]  ? _raw_spin_unlock+0x28/0x50
[ 1168.279142][T22911]  ? alloc_fd+0x476/0x790
[ 1168.279156][T22911]  do_sys_openat2+0x10d/0x1e0
[ 1168.279171][T22911]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1168.279187][T22911]  ? __ia32_sys_futex_time32+0x2f4/0x470
[ 1168.279205][T22911]  __ia32_compat_sys_openat+0x12d/0x210
[ 1168.279222][T22911]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[ 1168.279241][T22911]  do_int80_emulation+0x141/0x6b0
[ 1168.279255][T22911]  asm_int80_emulation+0x1a/0x20
[ 1168.279613][T22911] RIP: 0023:0xf71e5cab
[ 1168.279627][T22911] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1168.279639][T22911] RSP: 002b:00000000f549d03c EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1168.279652][T22911] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f549d100
[ 1168.279660][T22911] RDX: 0000000000000400 RSI: 0000000000000000 RDI: 0000000000000000
[ 1168.279667][T22911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1168.279674][T22911] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1168.279682][T22911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1168.279693][T22911]  </TASK>
[ 1168.279697][T22911] 
[ 1168.366073][T22911] Allocated by task 1:
[ 1168.367707][T22911]  kasan_save_stack+0x30/0x50
[ 1168.369594][T22911]  kasan_save_track+0x14/0x30
[ 1168.371453][T22911]  __kasan_kmalloc+0xaa/0xb0
[ 1168.373298][T22911]  bus_add_driver+0x92/0x5b0
[ 1168.375137][T22911]  driver_register+0x1e2/0x360
[ 1168.376672][T22911]  i2c_register_driver+0xd9/0x1f0
[ 1168.378348][T22911]  do_one_initcall+0x11d/0x760
[ 1168.379846][T22911]  kernel_init_freeable+0x6e5/0x7a0
[ 1168.381651][T22911]  kernel_init+0x1f/0x1e0
[ 1168.382997][T22911]  ret_from_fork+0x754/0xd80
[ 1168.384458][T22911]  ret_from_fork_asm+0x1a/0x30
[ 1168.385981][T22911] 
[ 1168.386767][T22911] The buggy address belongs to the object at ffff888020ee8e00
[ 1168.386767][T22911]  which belongs to the cache kmalloc-256 of size 256
[ 1168.391047][T22911] The buggy address is located 56 bytes to the right of
[ 1168.391047][T22911]  allocated 208-byte region [ffff888020ee8e00, ffff888020ee8ed0)
[ 1168.395548][T22911] 
[ 1168.396274][T22911] The buggy address belongs to the physical page:
[ 1168.398179][T22911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20ee8
[ 1168.400776][T22911] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1168.403250][T22911] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1168.405627][T22911] page_type: f5(slab)
[ 1168.406914][T22911] raw: 00fff00000000040 ffff88801b842b40 dead000000000100 dead000000000122
[ 1168.409629][T22911] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 1168.412269][T22911] head: 00fff00000000040 ffff88801b842b40 dead000000000100 dead000000000122
[ 1168.414990][T22911] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 1168.417630][T22911] head: 00fff00000000001 ffffea000083ba01 00000000ffffffff 00000000ffffffff
[ 1168.420290][T22911] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1168.422982][T22911] page dumped because: kasan: bad access detected
[ 1168.425022][T22911] page_owner tracks the page as allocated
[ 1168.426835][T22911] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17378997389, free_ts 11104282516
[ 1168.433041][T22911]  post_alloc_hook+0x153/0x170
[ 1168.434550][T22911]  get_page_from_freelist+0x111d/0x3140
[ 1168.436222][T22911]  __alloc_frozen_pages_noprof+0x27c/0x2ba0
[ 1168.438131][T22911]  new_slab+0xa6/0x6b0
[ 1168.439463][T22911]  refill_objects+0x26b/0x400
[ 1168.440922][T22911]  __pcs_replace_empty_main+0x1ab/0x660
[ 1168.442641][T22911]  __kmalloc_cache_noprof+0x493/0x6f0
[ 1168.444275][T22911]  bus_add_driver+0x92/0x5b0
[ 1168.445749][T22911]  driver_register+0x1e2/0x360
[ 1168.447248][T22911]  usb_register_driver+0x21c/0x3e0
[ 1168.448946][T22911]  do_one_initcall+0x11d/0x760
[ 1168.450487][T22911]  kernel_init_freeable+0x6e5/0x7a0
[ 1168.452149][T22911]  kernel_init+0x1f/0x1e0
[ 1168.453575][T22911]  ret_from_fork+0x754/0xd80
[ 1168.455051][T22911]  ret_from_fork_asm+0x1a/0x30
[ 1168.456569][T22911] page last free pid 1045 tgid 1045 stack trace:
[ 1168.458584][T22911]  __free_frozen_pages+0x7e1/0x10d0
[ 1168.460231][T22911]  qlist_free_all+0x47/0xe0
[ 1168.461695][T22911]  kasan_quarantine_reduce+0x1a0/0x1f0
[ 1168.463425][T22911]  __kasan_slab_alloc+0x69/0x90
[ 1168.464979][T22911]  kmem_cache_alloc_noprof+0x241/0x6e0
[ 1168.466746][T22911]  prepare_kernel_cred+0x35/0x8b0
[ 1168.468461][T22911]  call_usermodehelper_exec_async+0xee/0x4b0
[ 1168.470395][T22911]  ret_from_fork+0x754/0xd80
[ 1168.471883][T22911]  ret_from_fork_asm+0x1a/0x30
[ 1168.473422][T22911] 
[ 1168.474208][T22911] Memory state around the buggy address:
[ 1168.475999][T22911]  ffff888020ee8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1168.478559][T22911]  ffff888020ee8e80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[ 1168.481076][T22911] >ffff888020ee8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1168.483606][T22911]                       ^
[ 1168.485003][T22911]  ffff888020ee8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1168.487561][T22911]  ffff888020ee9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1168.490095][T22911] ==================================================================
[ 1168.496210][T22911] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1168.498667][T22911] CPU: 3 UID: 0 PID: 22911 Comm: syz.2.4554 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1168.502100][T22911] Tainted: [L]=SOFTLOCKUP
[ 1168.503476][T22911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1168.506767][T22911] Call Trace:
[ 1168.507862][T22911]  <TASK>
[ 1168.508831][T22911]  dump_stack_lvl+0x100/0x190
[ 1168.510347][T22911]  vpanic+0x552/0x970
[ 1168.511638][T22911]  ? __pfx_vpanic+0x10/0x10
[ 1168.513095][T22911]  ? try_module_get+0x4c/0xd0
[ 1168.514624][T22911]  panic+0xd1/0xe0
[ 1168.515836][T22911]  ? __pfx_panic+0x10/0x10
[ 1168.517307][T22911]  ? try_module_get+0x4c/0xd0
[ 1168.518845][T22911]  ? preempt_schedule_common+0x42/0xc0
[ 1168.520591][T22911]  check_panic_on_warn.cold+0x19/0x34
[ 1168.522308][T22911]  end_report.part.0+0x3a/0x90
[ 1168.523861][T22911]  kasan_report.cold+0xe/0x18
[ 1168.525410][T22911]  ? try_module_get+0x4c/0xd0
[ 1168.526914][T22911]  kasan_check_range+0x10f/0x1e0
[ 1168.528527][T22911]  try_module_get+0x4c/0xd0
[ 1168.530013][T22911]  dvb_device_open+0x124/0x3b0
[ 1168.531559][T22911]  ? __pfx_dvb_device_open+0x10/0x10
[ 1168.533248][T22911]  chrdev_open+0x234/0x6a0
[ 1168.534693][T22911]  ? __pfx_apparmor_file_open+0x10/0x10
[ 1168.536450][T22911]  ? __pfx_chrdev_open+0x10/0x10
[ 1168.538091][T22911]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[ 1168.540079][T22911]  do_dentry_open+0x6d8/0x1660
[ 1168.541562][T22911]  ? __pfx_chrdev_open+0x10/0x10
[ 1168.543084][T22911]  vfs_open+0x82/0x3f0
[ 1168.544396][T22911]  path_openat+0x208c/0x31a0
[ 1168.545916][T22911]  ? asm_int80_emulation+0x1a/0x20
[ 1168.547586][T22911]  ? __pfx_path_openat+0x10/0x10
[ 1168.549170][T22911]  do_file_open+0x20e/0x430
[ 1168.550626][T22911]  ? __pfx_do_file_open+0x10/0x10
[ 1168.552233][T22911]  ? _raw_spin_unlock+0x28/0x50
[ 1168.553775][T22911]  ? alloc_fd+0x476/0x790
[ 1168.555162][T22911]  do_sys_openat2+0x10d/0x1e0
[ 1168.556677][T22911]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1168.558346][T22911]  ? __ia32_sys_futex_time32+0x2f4/0x470
[ 1168.560142][T22911]  __ia32_compat_sys_openat+0x12d/0x210
[ 1168.561929][T22911]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[ 1168.563857][T22911]  do_int80_emulation+0x141/0x6b0
[ 1168.565497][T22911]  asm_int80_emulation+0x1a/0x20
[ 1168.567073][T22911] RIP: 0023:0xf71e5cab
[ 1168.568384][T22911] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1168.574419][T22911] RSP: 002b:00000000f549d03c EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1168.577059][T22911] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f549d100
[ 1168.579647][T22911] RDX: 0000000000000400 RSI: 0000000000000000 RDI: 0000000000000000
[ 1168.582167][T22911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1168.584754][T22911] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[ 1168.587297][T22911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1168.589734][T22911]  </TASK>
[ 1168.591401][T22911] Kernel Offset: disabled
[ 1168.592784][T22911] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:19:37  Registers:
info registers vcpu 0

CPU#0
RAX=0000000001ecb873 RBX=ffffffff8e4975c0 RCX=ffffffff8b8e8c75 RDX=0000000000000000
RSI=ffffffff8de82fd4 RDI=ffffffff8c1b1da0 RBP=0000000000000000 RSP=ffffffff8e407e00
R8 =0000000000000001 R9 =ffffed100564679d R10=ffff88802b233ceb R11=0000000000000000
R12=0000000000000000 R13=fffffbfff1c92eb8 R14=0000000000000000 R15=ffffffff90d9fc10
RIP=ffffffff8b8e75df RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097140000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f547bff4 CR3=000000004ab49000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000046 RBX=0000000000000001 RCX=0000000000000001 RDX=0000000000000000
RSI=ffffffff8df7486b RDI=ffffffff8c1b1da0 RBP=ffff888025d5c980 RSP=ffffc90002d67b88
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=00000000ffffffff R13=0000000000000246 R14=0000000080000040 R15=00000000080002c1
RIP=ffffffff8b8e941d RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097240000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080e15018 CR3=00000000615e7000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000040000000 RBX=0000000000000001 RCX=ffffffff823b5faf RDX=0000000000000001
RSI=0000000000000000 RDI=ffff88801c7d4980 RBP=0000000000000000 RSP=ffffc9000047fb50
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000
R12=1ffff9200008ff6f R13=0000000000000001 R14=ffff88801c7d4980 R15=ffff88802b43b300
RIP=ffffffff823b6363 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097340000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00005599b667cf40 CR3=000000002564e000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=af63fff72a6f7fb4 cf7ed2965e1f9e1b af63fff72a6f7fb4 cf7ed2965e1f9e1b af63fff72a6f7fb4 cf7ed2965e1f9e1b af63fff72a6f7fb4 cf7ed2965e1f9e1b
ZMM18=19362f85557b6ee6 35271d08ce57d765 19362f85557b6ee6 35271d08ce57d765 19362f85557b6ee6 35271d08ce57d765 19362f85557b6ee6 35271d08ce57d765
ZMM19=1d20000000000000 0000000000000004 1d20000000000000 0000000000000003 1d20000000000000 0000000000000002 1d20000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8002029003000800 0288030fffffffff 0202800310080000 020194080006cdbc
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08000191f6080001 08000c010e820a08 00080302d2080000 030fffffffff0202
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0800000800020800 7c08000a014eec04 8c08000208001408 00060173883c0000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0599fec002000800 060178ea00000008 08060599fed80340 8080808080880800
ZMM25=35271d0835271d08 35271d0835271d08 35271d0835271d08 35271d0835271d08 35271d0835271d08 35271d0835271d08 35271d0835271d08 35271d0835271d08
ZMM26=557b6ee6557b6ee6 557b6ee6557b6ee6 557b6ee6557b6ee6 557b6ee6557b6ee6 557b6ee6557b6ee6 557b6ee6557b6ee6 557b6ee6557b6ee6 557b6ee6557b6ee6
ZMM27=19362f8519362f85 19362f8519362f85 19362f8519362f85 19362f8519362f85 19362f8519362f85 19362f8519362f85 19362f8519362f85 19362f8519362f85
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=1c2000001c200000 1c2000001c200000 1c2000001c200000 1c2000001c200000 1c2000001c200000 1c2000001c200000 1c2000001c200000 1c2000001c200000
info registers vcpu 3

CPU#3
RAX=0000000000014839 RBX=0000000000000005 RCX=ffffc9000c7d2000 RDX=0000000000080000
RSI=ffffffff81fc53a5 RDI=ffff888027008000 RBP=ffffffff8d29b7ee RSP=ffffc90007856c20
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000005 R11=00000000000a8e10
R12=0000000000000003 R13=0000000000000020 R14=dffffc0000000000 R15=ffffc90007856d00
RIP=ffffffff82084900 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097440000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f549cff4 CR3=000000007557d000 CR4=00352ef0
DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000