last executing test programs:

3m41.017254328s ago: executing program 2 (id=1866):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x6)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (fail_nth: 2)

3m40.940936568s ago: executing program 2 (id=1867):
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x57, 0x2, 0xd, {0x4, 0x1}, {0x51, 0x12}, @cond=[{0x6, 0x5, 0x400, 0x2b70, 0x7, 0x3}, {0x94, 0x3, 0xfdf, 0xfff, 0x4, 0xa}]})
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x12d8)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x300000f, 0x12, r2, 0x0)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b40)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x80000, {0x0, 0x0, 0x0, r4, {0x0, 0xffed}, {0xe, 0xb}, {0xd, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0xe70, 0x6, 0x3, 0x0, 0x6960, 0xff}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x6, 0x1, 0x3, 0x1, 0x7, 0x7}}, {0x4}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8021}, 0x4008000)
r5 = socket(0x10, 0x3, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES64=r5], 0x40}}, 0x0)
read(r6, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00')
munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000)
write(r7, &(0x7f0000000380)="18", 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x7, [@enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x5}, {0x4}]}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x5f]}}, 0x0, 0x3b}, 0x20)
mount(&(0x7f0000000080)=@md0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hfs\x00', 0x20, &(0x7f0000000140)='\x98@%\x00')

3m40.778091923s ago: executing program 2 (id=1868):
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCGBITSND(r0, 0x40004580, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x46, '\x00', 0x0, 0x2}, 0x94)
socket$inet_sctp(0x2, 0x1, 0x84)
openat$zero(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
gettid()
r2 = getpid()
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
move_pages(r2, 0x8, &(0x7f0000000040)=[&(0x7f0000934000/0x2000)=nil, &(0x7f0000163000/0x3000)=nil, &(0x7f000028a000/0x4000)=nil, &(0x7f000093b000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f000060a000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil], &(0x7f00000000c0)=[0x2, 0x10000], &(0x7f0000000100)=[0x0], 0x2)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x22081)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f00000001c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
setsockopt$inet_mreq(r1, 0x0, 0x23, 0x0, 0x0)

3m39.786884997s ago: executing program 2 (id=1872):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES8], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="34010000100013070000040000000000ff0200000000000000000001ac1e00010000000000000000000000000000000000000000000000005e00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff0100000000000000000000000000010000000032000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000080000000000000000000000000000000000100000fdffffffffffffff00000000020000000200000000000000000000000a00040b40000000480002006563622d73657270656e742d61767800"/236], 0x134}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0xb0, 0x0, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0xa}, [@CTA_TUPLE_REPLY={0x4c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}, @CTA_TUPLE_REPLY={0x48, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x24040040}, 0x20000800)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0) (async)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='debugfs\x00', 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000300)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xae\xd1md\xc8\x85\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;2\xb5\xe1jS\xeb\xbf%||\xa0\x8e\x01\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000440)) (async)
ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000440))
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000340)='./file0/file0\x00', 0x89901)
umount2(&(0x7f0000000400)='./file1\x00', 0xc)
mknod$loop(&(0x7f0000000000)='./file1\x00', 0x1000, 0x1)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2) (async)
set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000a, 0x4c831, 0xffffffffffffffff, 0x0)

3m39.785989571s ago: executing program 2 (id=1874):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
r0 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000100)='udf\x00', 0x2008087, 0x0)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)

3m39.423598406s ago: executing program 2 (id=1875):
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x44}, @hci_rp_read_local_commands={{0x2d}, {0x6, "8f23e93dbf411511a1d7b45070ff1def0737a9ab0f480b1b371bbe5806bd4d543c193412e9d770a6b18c79ff0253b4b40e390a967b85c8c3586c23c6b762e2dc"}}}}, 0x47)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, &(0x7f0000000000)={0x2c, @private=0xa010101, 0x4e23, 0x3, 'dh\x00', 0x2c, 0x0, 0x20}, 0x2c)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x7fff0000}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xd4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)

3m39.346927947s ago: executing program 32 (id=1875):
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x44}, @hci_rp_read_local_commands={{0x2d}, {0x6, "8f23e93dbf411511a1d7b45070ff1def0737a9ab0f480b1b371bbe5806bd4d543c193412e9d770a6b18c79ff0253b4b40e390a967b85c8c3586c23c6b762e2dc"}}}}, 0x47)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, &(0x7f0000000000)={0x2c, @private=0xa010101, 0x4e23, 0x3, 'dh\x00', 0x2c, 0x0, 0x20}, 0x2c)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x7fff0000}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000280), 0x80000000002, 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xd4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
openat$sequencer(0xffffff9c, 0x0, 0x88302, 0x0)

2m16.566210493s ago: executing program 3 (id=2299):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000bc0)='GPL\x00', 0x2, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000002c0)=ANY=[])
r4 = dup(r2)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet_mreqn(r4, 0x0, 0x24, 0x0, &(0x7f0000000380))
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f00000003c0)={@loopback, 0x23})
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_open_dev$swradio(&(0x7f0000000380), 0x0, 0x2)
ioctl$VIDIOC_G_CTRL(r6, 0xc008561b, &(0x7f0000000000)={0xf0f040, 0x8})
r7 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000740)=ANY=[], 0x0)
r8 = socket$netlink(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000002c0)=ANY=[@ANYRESDEC=r3, @ANYRES16=r9, @ANYRESOCT=r0], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x48000)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet(r10, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r10, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r10, 0x6, 0xd, 0x0, 0x0)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0)
preadv(r11, &(0x7f0000000440)=[{&(0x7f0000000180)=""/82, 0x52}], 0x1, 0xd651, 0x472b)
sendto$inet(r10, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0)

2m14.715029091s ago: executing program 3 (id=2306):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000340)="a8", 0x1}], 0x1}, 0x4040001)
recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a8230800090400bc6435fb4d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r3, 0x0, 0x0)
read$char_usb(r3, 0x0, 0x0)
write$char_usb(r3, 0x0, 0x0)
syz_usb_disconnect(r2)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCGSND(r5, 0x40044581, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRESDEC=r5], 0x4)

2m13.090266988s ago: executing program 3 (id=2315):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000001100)='./file0\x00')
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)

2m13.049018593s ago: executing program 3 (id=2316):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c250000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000005600)='sys_enter\x00', r0}, 0x10)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000004000000040000000040000000300000000000001000000002d003af3ffffff000000000300000000030000000100000007000000070000000000000a040000000d0000000000001202000000002e2e00"], &(0x7f0000000280)=""/65, 0x5c, 0x41, 0x0, 0x40}, 0x28)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000280)=@file={0x1}, 0x6e)
r4 = openat$vcsa(0xffffff9c, &(0x7f0000000340), 0x200, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000ae000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r5}, 0x90)
signalfd(0xffffffffffffffff, 0x0, 0x0)
read(r6, &(0x7f0000000140)=""/119, 0x77)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r7, 0x0)
setpgid(0x0, r7)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0)
r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
chmod(&(0x7f00000001c0)='./file0\x00', 0x9)
ioctl$AUTOFS_IOC_CATATONIC(r8, 0x9362, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0x7, &(0x7f0000000380)={0x3, 0xfffffff7, 0x9, 0xffff}, 0x10)
shutdown(r3, 0x0)
listen(r3, 0x0)
connect$unix(r2, &(0x7f0000000640)=@file={0x1}, 0x6e)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x80, 0x1e, 0x4, 0x9280, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x2, 0xe, @value=r1}, 0x50)
get_mempolicy(0x0, 0x0, 0x2, &(0x7f0000240000/0x1000)=nil, 0x3)

2m12.734462739s ago: executing program 3 (id=2318):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x9, 0x7fff0000}]})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000280)={0x3, 0x0, 0xfdfdffff, 0xff600000})
munlockall()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000580))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
mmap$IORING_OFF_CQ_RING(&(0x7f00003e4000/0x2000)=nil, 0x2000, 0x2000001, 0x1010, r3, 0x8000000)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f0000000040)={0x1, 0x6}, 0x2)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="34010000", @ANYRES16=0x0, @ANYBLOB="010925bd7000fedbdf256800000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990005000000710000001200c700080001070206b3c775282b95374500002600c70009035201040740010e070802090776040205040410070401050305ec272e722be05200003400c7000c005705090002070600ae000906010003050100000100070d02070568020305000705049d87aa217a4c710ba65c14af2800c70002040004800308030a050c0681030d02c006fe00020505010300090083355aa1d1e3bca02000c7f20a050502ff020005010508060905040703025900945214f435df6a6a2e00c700640201020502080601057f04060308060303080606041902040152070003fa060e04982048c506b6368c00002200c70001040303100281000301040603058005f207040709001ab6676cb563ecce0000"], 0x134}}, 0x4000)
write$USERIO_CMD_REGISTER(r5, &(0x7f0000000100), 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffe73)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x800007)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x377e1ea87857fb7f, 0xe, &(0x7f0000000640)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2020000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

2m11.934921103s ago: executing program 3 (id=2322):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32, @ANYRESHEX, @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffb000/0x3000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) (async)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x4000)=nil) (async)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x4000)=nil)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r2 = fcntl$dupfd(r1, 0x406, r1)
recvmsg(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)=""/71, 0x47}, {&(0x7f0000000ec0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/242, 0xf2}, {0x0}, {&(0x7f0000000800)=""/241, 0xf1}], 0x5, &(0x7f00000009c0)=""/180, 0xb4}, 0x122) (async)
recvmsg(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)=""/71, 0x47}, {&(0x7f0000000ec0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/242, 0xf2}, {0x0}, {&(0x7f0000000800)=""/241, 0xf1}], 0x5, &(0x7f00000009c0)=""/180, 0xb4}, 0x122)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) (async)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4) (async)
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
socket$nl_xfrm(0x10, 0x3, 0x6)
readlink(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000004c0)=""/83, 0x53)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'wlan1\x00', 0x118})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r3}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0xd7}) (async)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0xd7})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@can_newroute={0x34, 0x18, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@CGW_MOD_AND={0x15, 0x1, {{{}, 0xfc, 0x0, 0x0, 0x0, "3bad90732d8c59f7"}, 0x7}}, @CGW_CS_XOR={0x8, 0x5, {0xfffffffffffffffe, 0xfffffffffffffff7, 0x6, 0xab}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0)
close(r5) (async)
close(r5)

2m11.871542516s ago: executing program 33 (id=2322):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32, @ANYRESHEX, @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ffb000/0x3000)=nil)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) (async)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x4000)=nil) (async)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x4000)=nil)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r2 = fcntl$dupfd(r1, 0x406, r1)
recvmsg(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)=""/71, 0x47}, {&(0x7f0000000ec0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/242, 0xf2}, {0x0}, {&(0x7f0000000800)=""/241, 0xf1}], 0x5, &(0x7f00000009c0)=""/180, 0xb4}, 0x122) (async)
recvmsg(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)=""/71, 0x47}, {&(0x7f0000000ec0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/242, 0xf2}, {0x0}, {&(0x7f0000000800)=""/241, 0xf1}], 0x5, &(0x7f00000009c0)=""/180, 0xb4}, 0x122)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) (async)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4) (async)
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
socket$nl_xfrm(0x10, 0x3, 0x6)
readlink(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000004c0)=""/83, 0x53)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8923, &(0x7f0000000040)={'wlan1\x00', 0x118})
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='io_uring_create\x00', r3}, 0x18)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0xd7}) (async)
io_uring_setup(0x1de0, &(0x7f00000000c0)={0x0, 0x45d6, 0x0, 0x0, 0xd7})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@can_newroute={0x34, 0x18, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@CGW_MOD_AND={0x15, 0x1, {{{}, 0xfc, 0x0, 0x0, 0x0, "3bad90732d8c59f7"}, 0x7}}, @CGW_CS_XOR={0x8, 0x5, {0xfffffffffffffffe, 0xfffffffffffffff7, 0x6, 0xab}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0)
close(r5) (async)
close(r5)

7.994038854s ago: executing program 1 (id=2888):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
inotify_init1(0x80000)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r7)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000002000000140001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000100)="ab", 0x1, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
socket$netlink(0x10, 0x3, 0x0)

7.763340509s ago: executing program 4 (id=2890):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x5, 0x4, 0xfff, 0x9, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r2, 0x0, 0x0}, 0x10)
r3 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x4, 0x2}) (async)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x4, 0x2})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000300)=[<r6=>0x0], &(0x7f0000000140), 0x1, r5})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000280)={0x601, 0x1, &(0x7f0000000440)=[r5], &(0x7f0000000600)=[0x2], &(0x7f00000003c0)=[r6, r6], &(0x7f0000000580)})
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8})
syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) (async)
r9 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r10})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000480)={0x0, 0x0, <r11=>0x0, 0x0, 0x0, 0x7, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000500)={0x1, 0x0, &(0x7f00000004c0)=[<r12=>0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc01c64b9, &(0x7f0000000640)={&(0x7f00000005c0)=[<r13=>0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0], 0x3, 0x0, 0xdededede})
r14 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r14, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r14, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r14, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r15=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r14, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, <r16=>0x0], &(0x7f0000000200), 0x4, r15})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r14, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r14, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r17=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r14, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r17], &(0x7f0000000200), &(0x7f0000000580)=[r16], &(0x7f0000000040)}) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r14, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r17], &(0x7f0000000200), &(0x7f0000000580)=[r16], &(0x7f0000000040)})
syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) (async)
r18 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r18, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r19=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r18, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, r19}) (async)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r18, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, r19})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f00000007c0)={0x1, 0xa, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, r6, r8, r10, 0x0, r11, r12], &(0x7f0000000580)=[0x7, 0x15ef0, 0x7], &(0x7f0000000700)=[r13, r16, 0x0, r19], &(0x7f0000000740)=[0x10, 0x29, 0x4bb0, 0x5, 0x3, 0x8, 0xfffffffffffffff8, 0x2a23278b, 0x1]}) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f00000007c0)={0x1, 0xa, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, r6, r8, r10, 0x0, r11, r12], &(0x7f0000000580)=[0x7, 0x15ef0, 0x7], &(0x7f0000000700)=[r13, r16, 0x0, r19], &(0x7f0000000740)=[0x10, 0x29, 0x4bb0, 0x5, 0x3, 0x8, 0xfffffffffffffff8, 0x2a23278b, 0x1]})

7.599937305s ago: executing program 0 (id=2891):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
inotify_init1(0x80000)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r7)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000014000180"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000100)="ab", 0x1, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
socket$netlink(0x10, 0x3, 0x0)

7.599397794s ago: executing program 4 (id=2892):
openat2$dir(0xffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f0000000180)={0x80100, 0x101, 0x4}, 0x18)
mkdirat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0xe4)
socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
syz_init_net_socket$ax25(0x3, 0x7, 0xcc)
r3 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r3, &(0x7f0000000180)=[{0x0}], 0x1)
chdir(&(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, 0x0, 0x66801, 0x19d)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0xfffffffd, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4, 0x2d}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x0)

7.229640148s ago: executing program 5 (id=2893):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
syz_open_dev$sg(0x0, 0x9, 0x482a80)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
write(r1, &(0x7f0000000100)="ace794", 0x3)
vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r0, r3, 0x8f5, 0x100000000000000)
syz_clone3(&(0x7f0000000100)={0x801400, &(0x7f00000000c0), 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x4c)
mount$9p_fd(0x0, 0x0, 0x0, 0x84, 0x0)
read$FUSE(r2, &(0x7f00000003c0)={0x2020}, 0x2020)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, 0x0)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80046601, 0x0)
timer_getoverrun(r4)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r7, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x6}], 0x1}}], 0x1, 0x20008000)
recvfrom$inet(r7, &(0x7f0000000200)=""/225, 0xe1, 0x40, 0x0, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r8, 0x84, 0x20, &(0x7f0000000180)=0x80000001, 0x4)
openat$hwrng(0xffffff9c, &(0x7f00000000c0), 0x40000, 0x0)

5.977701845s ago: executing program 4 (id=2894):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x40, r2, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xa}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8000}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x24004000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)

5.95756797s ago: executing program 1 (id=2895):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x800, &(0x7f0000000100)={0x2, 0x4e24, @multicast1}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r1, 0x0, 0x0, 0x4c, 0x3)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$inet6_udp(0xa, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000040)={0x3ff, 0x7e7, 0x0, 0x9, 0x1, 0x0, 0x7ffffffb, 0x83f8}, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'veth0_to_bond\x00', &(0x7f0000000140)=@ethtool_gfeatures})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x3261e)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'wlan0\x00', 0x0})

5.818795462s ago: executing program 5 (id=2896):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(0x0, 0x0, &(0x7f0000000880)="22cff5", 0x3, 0x1)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x121000)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r2, 0xc0f85403, &(0x7f0000000180)={{0x3, 0x2, 0x1, 0x0, 0xffc00000}, 0x1, 0x19c, 0xc6a5})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000040)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x2a, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000), 0x4)
r3 = socket$packet(0x11, 0x2, 0x300)
socket(0x1000000010, 0x80000, 0x0)
getsockname(r3, &(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0)
syz_create_resource$binfmt(&(0x7f00000001c0)='./file0\x00')
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000001d80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010104}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x2, 0x48000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, 0x0, &(0x7f0000000000))
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, 0x0, 0x0)
close(r3)
unshare(0x42000000)

5.742101207s ago: executing program 0 (id=2897):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(0x0, 0x0, &(0x7f0000000880)="22cff5", 0x3, 0x1)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x121000)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r2, 0xc0f85403, &(0x7f0000000180)={{0x3, 0x2, 0x1, 0x0, 0xffc00000}, 0x1, 0x19c, 0xc6a5})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40045402, &(0x7f0000000040)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x2a, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000), 0x4)
r3 = socket$packet(0x11, 0x2, 0x300)
socket(0x1000000010, 0x80000, 0x0)
getsockname(r3, &(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0)
syz_create_resource$binfmt(&(0x7f00000001c0)='./file0\x00')
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000001d80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010104}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x2, 0x48000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, 0x0, &(0x7f0000000000))
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0)
ioctl$PPPIOCSMAXCID(r6, 0x40047451, &(0x7f0000000100)=0xffff0080)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, 0x0, 0x0)
close(r3)
unshare(0x42000000)

5.738584147s ago: executing program 4 (id=2898):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112})
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'rose0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r3], 0x20}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x6}, 0x48)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)

5.594393941s ago: executing program 4 (id=2899):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x19)
syz_clone(0x25000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.347107915s ago: executing program 4 (id=2900):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000140)={0x3, [0x2, 0x3]}, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf", @ANYRES32=r0], 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
r4 = dup(r2)
write$UHID_INPUT(r4, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d350987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
r5 = socket(0xa, 0x800, 0x3a)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
iopl(0x9)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x2, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
r9 = syz_io_uring_setup(0x7e75, &(0x7f0000000080)={0x0, 0x8444, 0x13580, 0x200000}, &(0x7f0000000100), &(0x7f0000000140))
io_uring_enter(r9, 0xe85, 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_INIT(r5, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x40}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, {0xa, 0x0, 0x0, @empty}}, 0x5c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)

4.995361212s ago: executing program 1 (id=2901):
openat2$dir(0xffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f0000000180)={0x80100, 0x101, 0x4}, 0x18)
mkdirat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0xe4)
socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
syz_init_net_socket$ax25(0x3, 0x7, 0xcc)
r3 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r3, &(0x7f0000000180)=[{0x0}], 0x1)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
openat(0xffffffffffffff9c, 0x0, 0x66801, 0x19d)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0xfffffffd, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4, 0x2d}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x0)

4.759906756s ago: executing program 0 (id=2902):
openat2$dir(0xffffff9c, &(0x7f0000000000)='./file1\x00', &(0x7f0000000180)={0x80100, 0x101, 0x4}, 0x18)
mkdirat(0xffffffffffffffff, &(0x7f00000001c0)='./file1\x00', 0xe4)
socket(0x1e, 0x4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC, @ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
syz_init_net_socket$ax25(0x3, 0x7, 0xcc)
r3 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r3, &(0x7f0000000180)=[{0x0}], 0x1)
chdir(&(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, 0x0, 0x66801, 0x19d)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0xfffffffd, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4, 0x2d}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x0)

2.554123139s ago: executing program 5 (id=2903):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000040)=@updsa={0x104, 0x1a, 0x1, 0x0, 0x0, {{@in6=@ipv4, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x4d3, 0x3c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in=@broadcast}]}, 0x104}}, 0x0)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
write(r1, &(0x7f0000000180)="2cd8cc8888b87c8e14", 0x9)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), &(0x7f0000000140)=@v2={0x2000000, [{0x22, 0x5}, {0x1, 0x8}]}, 0x14, 0x1)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000280), &(0x7f00000002c0)=0xc)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

2.482400807s ago: executing program 5 (id=2904):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)

2.481592614s ago: executing program 5 (id=2905):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
inotify_init1(0x80000)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r7)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000014000180"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000100)="ab", 0x1, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
socket$netlink(0x10, 0x3, 0x0)

2.275497598s ago: executing program 0 (id=2906):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
syz_open_dev$sg(0x0, 0x9, 0x482a80)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
write(r1, &(0x7f0000000100)="ace794", 0x3)
vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r0, r3, 0x8f5, 0x100000000000000)
syz_clone3(&(0x7f0000000100)={0x801400, &(0x7f00000000c0), 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x4c)
mount$9p_fd(0x0, 0x0, 0x0, 0x84, 0x0)
read$FUSE(r2, &(0x7f00000003c0)={0x2020}, 0x2020)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, 0x0)
sendmsg$can_j1939(r2, 0x0, 0x8810)
timer_getoverrun(r4)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r7, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x6}], 0x1}}], 0x1, 0x20008000)
recvfrom$inet(r7, &(0x7f0000000200)=""/225, 0xe1, 0x40, 0x0, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r8, 0x84, 0x20, &(0x7f0000000180)=0x80000001, 0x4)
openat$hwrng(0xffffff9c, &(0x7f00000000c0), 0x40000, 0x0)

2.275296462s ago: executing program 1 (id=2907):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb4, r2, 0x2, 0x70bd25, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x754}, {0x6, 0x11, 0xfe1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xa3}, {0x6, 0x11, 0x9}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x3}, {0x6}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x1}, 0x24044040)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="190028bd7000ffdbdf251000000008000300", @ANYRES32=r3, @ANYBLOB="88caf230dbf609e10700000088b853fc6ea46cd38c5d98df07213e"], 0x1c}, 0x1, 0x0, 0x0, 0x40011}, 0x0)

2.192283713s ago: executing program 1 (id=2908):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt(r2, 0xff, 0x7, &(0x7f0000000900)="7c73c6e9", 0x4)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r3, &(0x7f00000004c0)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=<r4=>r1, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x4008001}, 0x20000000)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000016c0)={'gretap0\x00', &(0x7f0000000080)=@ethtool_link_settings={0x4d, 0xfffffff9, 0x6, 0x7, 0x7f, 0xb2, 0x7, 0xf9, 0x68, 0x6, [0x3, 0x9, 0xffff7fff, 0x4, 0x8, 0x80, 0x8000]}})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000008b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}}, 0x28}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x400, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x4000010)
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f0000000280)={<r8=>r3, 0x8, 0x6, 0xf})
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000002c0)={'macvlan0\x00', 0x800})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={0x0}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYRES16=r4], 0x4c}}, 0x0)
socket(0x10, 0x3, 0x0)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r9, &(0x7f0000000000)="2e0097ff010002", 0x7)

2.129315851s ago: executing program 1 (id=2909):
r0 = socket$unix(0x1, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
inotify_init1(0x80000)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r7)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000014000180"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000100)="ab", 0x1, 0xe61e2840a154b0c0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
socket$netlink(0x10, 0x3, 0x0)

1.896074085s ago: executing program 0 (id=2910):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs2/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket(0x1d, 0x2, 0x6)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r1, @ANYBLOB="f224377d331410d6d2058d15bb26caf4083ee3ec62525f89b5d9541aaf47bde65cb9d3601098f75a9034597cb5a412ec322d9b604677d75a56bc957990eaa12d575ab43e913fb097f936350119fc6c081f4b4ea24e4c6dc18abf66fa7dec5dcd3eb09a37286874288602daf47071cafd14f9e50dd9a53b19c5153a", @ANYRES64=0x0, @ANYRES16=r4, @ANYRESOCT, @ANYRES64=r3, @ANYRESHEX=r0, @ANYRES8=r5, @ANYRES8])
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r6}, 0x10)
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)
syz_fuse_handle_req(r5, 0x0, 0x0, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
dup3(r2, r7, 0x80000)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
socket$pptp(0x18, 0x1, 0x2)
syz_open_pts(r8, 0x8182)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

878.268482ms ago: executing program 0 (id=2911):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x0, 0x0})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
sched_setscheduler(r1, 0x3, &(0x7f0000000000)=0x3ff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5}]}}}]}, 0x3c}, 0x1, 0xffffffea}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r5 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r5, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4662, 0x400, 0x0, 0x284}, &(0x7f00000004c0)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r5, 0x0, 0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x11983, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r10, @ANYBLOB="000000000000000024001a80080002800400018018000a8014000700006bc127338749a5de00000000000000"], 0x44}}, 0x0)
io_uring_enter(r6, 0x40f5, 0x1f18, 0xa5, 0x0, 0x0)

0s ago: executing program 5 (id=2912):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
syz_open_dev$sg(0x0, 0x9, 0x482a80)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
write(r1, &(0x7f0000000100)="ace794", 0x3)
vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
tee(r0, r3, 0x8f5, 0x100000000000000)
syz_clone3(&(0x7f0000000100)={0x801400, &(0x7f00000000c0), 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x4c)
mount$9p_fd(0x0, 0x0, 0x0, 0x84, 0x0)
read$FUSE(r2, &(0x7f00000003c0)={0x2020}, 0x2020)
socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$can_j1939(r2, 0x0, 0x8810)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80046601, 0x0)
timer_getoverrun(r4)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r6, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r6, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x6}], 0x1}}], 0x1, 0x20008000)
recvfrom$inet(r6, &(0x7f0000000200)=""/225, 0xe1, 0x40, 0x0, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECVRCVINFO(r7, 0x84, 0x20, &(0x7f0000000180)=0x80000001, 0x4)
openat$hwrng(0xffffff9c, &(0x7f00000000c0), 0x40000, 0x0)

kernel console output (not intermixed with test programs):

e
[  478.548097][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  478.554077][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  478.599015][T13303] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  478.603488][T13303] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.644391][T15609] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.647000][T15609] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.649518][T15609] bridge_slave_1: entered allmulticast mode
[  478.654066][T15609] bridge_slave_1: entered promiscuous mode
[  478.692286][T15609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  478.697010][T15609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  478.752374][T13303] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  478.755713][T13303] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.763688][T15609] team0: Port device team_slave_0 added
[  478.767726][T15609] team0: Port device team_slave_1 added
[  478.808172][T15609] batman_adv: batadv0: Adding interface: batadv_slave_0
[  478.810552][T15609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.826986][T15609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  478.831618][T15609] batman_adv: batadv0: Adding interface: batadv_slave_1
[  478.833916][T15609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.845086][T15609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.941196][T15609] hsr_slave_0: entered promiscuous mode
[  478.943900][T15609] hsr_slave_1: entered promiscuous mode
[  479.190169][ T5981] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  479.353071][ T5981] usb 9-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  479.356008][ T5981] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.358598][ T5981] usb 9-1: Product: syz
[  479.359923][ T5981] usb 9-1: Manufacturer: syz
[  479.363522][ T5981] usb 9-1: SerialNumber: syz
[  479.366206][ T5981] usb 9-1: config 0 descriptor??
[  479.418500][T13303] dvmrp0 (unregistering): left allmulticast mode
[  479.607927][T15627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2327'.
[  479.686166][T13303] bond0 (unregistering): Released all slaves
[  479.709420][T15627] team_slave_0: entered promiscuous mode
[  479.711955][T15627] team_slave_1: entered promiscuous mode
[  479.715425][T15627] macvtap1: entered promiscuous mode
[  479.717674][T15627] team0: entered promiscuous mode
[  479.719862][T15627] macvtap1: entered allmulticast mode
[  479.721758][T15627] team0: entered allmulticast mode
[  479.723452][T15627] team_slave_0: entered allmulticast mode
[  479.734914][T15627] team_slave_1: entered allmulticast mode
[  479.737502][T15627] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  479.756615][T15631] team0: left allmulticast mode
[  479.758240][T15631] team_slave_0: left allmulticast mode
[  479.767233][T15631] team_slave_1: left allmulticast mode
[  479.769206][T15631] team0: left promiscuous mode
[  479.776976][T15631] team_slave_0: left promiscuous mode
[  479.780051][T15631] team_slave_1: left promiscuous mode
[  479.799478][T13303] : left promiscuous mode
[  479.811133][ T5981] cx82310_eth 9-1:0.0: probe with driver cx82310_eth failed with error -22
[  479.819948][ T5981] cxacru 9-1:0.0: usbatm_usb_probe: bind failed: -19!
[  479.831983][ T5981] usb 9-1: USB disconnect, device number 7
[  479.934494][T13303] tipc: Disabling bearer <eth:team0>
[  479.937237][T13303] tipc: Left network mode
[  479.940093][T15609] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  479.976849][T15609] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  480.000080][T15609] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  480.008547][T15609] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  480.060935][T15609] 8021q: adding VLAN 0 to HW filter on device bond0
[  480.079586][T15609] 8021q: adding VLAN 0 to HW filter on device team0
[  480.087811][T13312] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.090509][T13312] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.105896][T13303] hsr_slave_0: left promiscuous mode
[  480.108341][T13303] hsr_slave_1: left promiscuous mode
[  480.138192][T13303] veth1_macvtap: left promiscuous mode
[  480.140129][T13303] veth0_macvtap: left promiscuous mode
[  480.159820][   T40] audit: type=1326 audit(1756398972.204:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.167265][   T40] audit: type=1326 audit(1756398972.204:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.173992][   T40] audit: type=1326 audit(1756398972.204:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.181697][   T40] audit: type=1326 audit(1756398972.204:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.190511][   T40] audit: type=1326 audit(1756398972.204:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.198253][   T40] audit: type=1326 audit(1756398972.204:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.215063][   T40] audit: type=1326 audit(1756398972.204:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.222642][   T40] audit: type=1326 audit(1756398972.204:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.232160][   T40] audit: type=1326 audit(1756398972.213:2414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=340 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.237876][T13303] team0 (unregistering): Port device batadv2 removed
[  480.240511][   T40] audit: type=1326 audit(1756398972.213:2415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15654 comm="syz.0.2331" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  480.258878][   T29] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  480.398920][ T5985] Bluetooth: hci2: command tx timeout
[  480.410879][T15656] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  480.413672][T15656] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  480.427725][   T29] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  480.431678][T15656] vhci_hcd vhci_hcd.0: Device attached
[  480.434720][   T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.438598][   T29] usb 6-1: Product: syz
[  480.448294][   T29] usb 6-1: Manufacturer: syz
[  480.450977][   T29] usb 6-1: SerialNumber: syz
[  480.480210][   T29] usb 6-1: config 0 descriptor??
[  480.487571][T15661] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2332'.
[  480.490555][T15661] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2332'.
[  480.713148][T15643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2330'.
[  480.782727][ T6061] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  481.050166][T15659] vhci_hcd: connection reset by peer
[  481.053242][T13310] vhci_hcd: stop threads
[  481.055988][T13310] vhci_hcd: release socket
[  481.057931][T13310] vhci_hcd: disconnect device
[  481.811521][T15656] netdevsim netdevsim0: Direct firmware load for @ failed with error -2
[  481.816799][T15656] netdevsim netdevsim0: Falling back to sysfs fallback for: @
[  481.818741][T13308] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.822419][T13308] bridge0: port 2(bridge_slave_1) entered forwarding state
[  481.828198][   T29] cx82310_eth 6-1:0.0: probe with driver cx82310_eth failed with error -22
[  481.851181][   T29] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[  481.866227][   T29] usb 6-1: USB disconnect, device number 17
[  482.051516][T15609] 8021q: adding VLAN 0 to HW filter on device batadv0
[  482.060058][T15680] wg1: entered promiscuous mode
[  482.061690][T15680] wg1: entered allmulticast mode
[  482.290796][T15609] veth0_vlan: entered promiscuous mode
[  482.299753][T15609] veth1_vlan: entered promiscuous mode
[  482.317379][T15609] veth0_macvtap: entered promiscuous mode
[  482.379505][T15609] veth1_macvtap: entered promiscuous mode
[  482.410963][T15609] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.420755][T15609] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.448307][T13302] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.491356][T15699] FAT-fs (sr0): bogus number of reserved sectors
[  482.493805][T15699] FAT-fs (sr0): Can't find a valid FAT filesystem
[  482.507737][T13302] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.511926][T13302] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.520608][T13302] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  482.622181][ T5985] Bluetooth: hci2: command tx timeout
[  482.760437][T13303] IPVS: stop unused estimator thread 0...
[  482.779572][T13312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.782021][T13312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.809162][T13312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.812132][T13312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.911685][T15712] 9pnet_virtio: no channels available for device syz
[  484.846625][ T5985] Bluetooth: hci2: command tx timeout
[  485.039718][T15769] FAULT_INJECTION: forcing a failure.
[  485.039718][T15769] name failslab, interval 1, probability 0, space 0, times 0
[  485.043745][T15769] CPU: 0 UID: 0 PID: 15769 Comm: syz.0.2349 Not tainted syzkaller #0 PREEMPT(full) 
[  485.043759][T15769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  485.043766][T15769] Call Trace:
[  485.043770][T15769]  <TASK>
[  485.043775][T15769]  dump_stack_lvl+0x16c/0x1f0
[  485.043793][T15769]  should_fail_ex+0x512/0x640
[  485.043809][T15769]  ? __asan_memcpy+0x3c/0x60
[  485.043822][T15769]  ? dev_prep_valid_name.constprop.0+0x16a/0x6c0
[  485.043840][T15769]  should_failslab+0xc2/0x120
[  485.043854][T15769]  __kmalloc_noprof+0xd2/0x510
[  485.043871][T15769]  dev_prep_valid_name.constprop.0+0x16a/0x6c0
[  485.043887][T15769]  ? __pfx_dev_prep_valid_name.constprop.0+0x10/0x10
[  485.043903][T15769]  ? lockdep_init_map_type+0x5c/0x280
[  485.043920][T15769]  register_netdevice+0x49d/0x2270
[  485.043939][T15769]  ? __pfx_register_netdevice+0x10/0x10
[  485.043956][T15769]  ? dev_addr_mod+0x316/0x540
[  485.043970][T15769]  ip6gre_newlink_common.constprop.0+0x14e/0x340
[  485.043984][T15769]  ? __pfx_ip6gre_newlink_common.constprop.0+0x10/0x10
[  485.043997][T15769]  ? net_generic+0xea/0x2a0
[  485.044010][T15769]  ip6erspan_newlink+0x188/0x400
[  485.044021][T15769]  ? __pfx_ip6erspan_newlink+0x10/0x10
[  485.044104][T15769]  rtnl_newlink+0xc45/0x2000
[  485.044133][T15769]  ? __pfx_rtnl_newlink+0x10/0x10
[  485.044152][T15769]  ? kfree_skbmem+0x1a4/0x1f0
[  485.044171][T15769]  ? rcu_is_watching+0x12/0xc0
[  485.044190][T15769]  ? find_held_lock+0x2b/0x80
[  485.044201][T15769]  ? __pfx_rtnl_newlink+0x10/0x10
[  485.044215][T15769]  ? __pfx_rtnl_newlink+0x10/0x10
[  485.044229][T15769]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  485.044244][T15769]  ? __pfx_rtnl_newlink+0x10/0x10
[  485.044260][T15769]  rtnetlink_rcv_msg+0x95b/0xe90
[  485.044277][T15769]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  485.044296][T15769]  ? ref_tracker_free+0x37c/0x830
[  485.044315][T15769]  netlink_rcv_skb+0x155/0x420
[  485.044333][T15769]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  485.044464][T15769]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  485.044501][T15769]  ? netlink_deliver_tap+0x1ae/0xd30
[  485.044521][T15769]  netlink_unicast+0x5aa/0x870
[  485.044538][T15769]  ? __pfx_netlink_unicast+0x10/0x10
[  485.044553][T15769]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  485.044573][T15769]  netlink_sendmsg+0x8d1/0xdd0
[  485.044596][T15769]  ? __pfx_netlink_sendmsg+0x10/0x10
[  485.044612][T15769]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  485.044634][T15769]  ____sys_sendmsg+0xa95/0xc70
[  485.044655][T15769]  ? __pfx_____sys_sendmsg+0x10/0x10
[  485.044670][T15769]  ? get_compat_msghdr+0x11a/0x170
[  485.044699][T15769]  ___sys_sendmsg+0x134/0x1d0
[  485.044714][T15769]  ? __pfx____sys_sendmsg+0x10/0x10
[  485.044735][T15769]  ? find_held_lock+0x2b/0x80
[  485.044755][T15769]  __sys_sendmsg+0x16d/0x220
[  485.044770][T15769]  ? __pfx___sys_sendmsg+0x10/0x10
[  485.044790][T15769]  ? rcu_is_watching+0x12/0xc0
[  485.044804][T15769]  __do_fast_syscall_32+0x7c/0x3a0
[  485.044821][T15769]  do_fast_syscall_32+0x32/0x80
[  485.044837][T15769]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  485.044852][T15769] RIP: 0023:0xf7f56579
[  485.044861][T15769] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  485.044872][T15769] RSP: 002b:00000000f545555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  485.044883][T15769] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000140
[  485.044890][T15769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  485.044896][T15769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  485.044902][T15769] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  485.044908][T15769] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  485.044922][T15769]  </TASK>
[  485.573747][T15783] Invalid logical block size (6)
[  485.700050][T15790] FAULT_INJECTION: forcing a failure.
[  485.700050][T15790] name failslab, interval 1, probability 0, space 0, times 0
[  485.705356][T15790] CPU: 3 UID: 0 PID: 15790 Comm: syz.1.2356 Not tainted syzkaller #0 PREEMPT(full) 
[  485.705378][T15790] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  485.705388][T15790] Call Trace:
[  485.705394][T15790]  <TASK>
[  485.705401][T15790]  dump_stack_lvl+0x16c/0x1f0
[  485.705427][T15790]  should_fail_ex+0x512/0x640
[  485.705450][T15790]  ? __kmalloc_noprof+0xbf/0x510
[  485.705471][T15790]  ? snd_pcm_plugin_build+0x64/0x650
[  485.705489][T15790]  should_failslab+0xc2/0x120
[  485.705511][T15790]  __kmalloc_noprof+0xd2/0x510
[  485.705536][T15790]  snd_pcm_plugin_build+0x64/0x650
[  485.705562][T15790]  snd_pcm_plugin_build_io+0x207/0x5f0
[  485.705582][T15790]  ? __pfx_snd_pcm_plugin_build_io+0x10/0x10
[  485.705603][T15790]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  485.705629][T15790]  snd_pcm_oss_change_params_locked+0x2e62/0x3a30
[  485.705657][T15790]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  485.705688][T15790]  ? get_pid_task+0xfc/0x250
[  485.705716][T15790]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  485.705734][T15790]  snd_pcm_oss_read+0x39b/0x760
[  485.705751][T15790]  ? security_file_permission+0x71/0x210
[  485.705777][T15790]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  485.705794][T15790]  vfs_read+0x1e4/0xcf0
[  485.705818][T15790]  ? __pfx_vfs_read+0x10/0x10
[  485.705835][T15790]  ? find_held_lock+0x2b/0x80
[  485.705852][T15790]  ? __fget_files+0x204/0x3c0
[  485.705874][T15790]  ? __fget_files+0x20e/0x3c0
[  485.705904][T15790]  ? handle_mm_fault+0x200/0xd10
[  485.705928][T15790]  ksys_read+0x12a/0x250
[  485.705946][T15790]  ? __pfx_ksys_read+0x10/0x10
[  485.705967][T15790]  ? rcu_is_watching+0x12/0xc0
[  485.705988][T15790]  __do_fast_syscall_32+0x7c/0x3a0
[  485.706013][T15790]  do_fast_syscall_32+0x32/0x80
[  485.706035][T15790]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  485.706055][T15790] RIP: 0023:0xf70be579
[  485.706068][T15790] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  485.706084][T15790] RSP: 002b:00000000f54ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003
[  485.706100][T15790] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  485.706110][T15790] RDX: 00000000000000db RSI: 0000000000000000 RDI: 0000000000000000
[  485.706120][T15790] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  485.706130][T15790] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  485.706139][T15790] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  485.706161][T15790]  </TASK>
[  485.922500][T15796] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  486.012631][T15800] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2358'.
[  486.015846][T15799] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  486.016650][T15800] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2358'.
[  486.041429][T15799] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2359'.
[  486.046848][T15799] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2359'.
[  486.288558][T15804] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  486.290327][ T6061] vhci_hcd: vhci_device speed not set
[  486.378916][T15804] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2360'.
[  486.382602][T15804] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2360'.
[  487.074171][ T5985] Bluetooth: hci2: command tx timeout
[  487.449564][   T40] kauditd_printk_skb: 60 callbacks suppressed
[  487.449575][   T40] audit: type=1326 audit(1756398979.026:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.462269][   T40] audit: type=1326 audit(1756398979.035:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f565a7 code=0x7ffc0000
[  487.490601][   T40] audit: type=1326 audit(1756398979.035:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.498899][   T40] audit: type=1326 audit(1756398979.035:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.505152][   T40] audit: type=1326 audit(1756398979.035:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.512270][   T40] audit: type=1326 audit(1756398979.035:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf7f565a7 code=0x7ffc0000
[  487.519043][   T40] audit: type=1326 audit(1756398979.035:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.526574][   T40] audit: type=1326 audit(1756398979.035:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.533431][   T40] audit: type=1326 audit(1756398979.035:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.539599][   T40] audit: type=1326 audit(1756398979.035:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15820 comm="syz.0.2366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56579 code=0x7ffc0000
[  487.567890][T15821] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check.
[  487.697012][T15828] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2368'.
[  487.718027][T15832] FAULT_INJECTION: forcing a failure.
[  487.718027][T15832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  487.722044][T15832] CPU: 1 UID: 0 PID: 15832 Comm: syz.5.2367 Not tainted syzkaller #0 PREEMPT(full) 
[  487.722069][T15832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  487.722076][T15832] Call Trace:
[  487.722081][T15832]  <TASK>
[  487.722085][T15832]  dump_stack_lvl+0x16c/0x1f0
[  487.722103][T15832]  should_fail_ex+0x512/0x640
[  487.722121][T15832]  _copy_from_user+0x2e/0xd0
[  487.722138][T15832]  input_event_from_user+0x137/0x290
[  487.722152][T15832]  ? __pfx_input_event_from_user+0x10/0x10
[  487.722164][T15832]  ? input_inject_event+0x1c0/0x3b0
[  487.722177][T15832]  evdev_write+0x26b/0x440
[  487.722190][T15832]  ? __pfx_evdev_write+0x10/0x10
[  487.722200][T15832]  ? common_file_perm+0x1a9/0x340
[  487.722214][T15832]  ? bpf_lsm_file_permission+0x9/0x10
[  487.722230][T15832]  ? security_file_permission+0x71/0x210
[  487.722246][T15832]  ? rw_verify_area+0xcf/0x6c0
[  487.722258][T15832]  ? __pfx_evdev_write+0x10/0x10
[  487.722268][T15832]  vfs_write+0x2a0/0x11d0
[  487.722283][T15832]  ? __pfx_vfs_write+0x10/0x10
[  487.722294][T15832]  ? find_held_lock+0x2b/0x80
[  487.722307][T15832]  ? __fget_files+0x204/0x3c0
[  487.722321][T15832]  ? __fget_files+0x20e/0x3c0
[  487.722331][T15832]  ? handle_mm_fault+0x200/0xd10
[  487.722346][T15832]  ksys_write+0x1f8/0x250
[  487.722359][T15832]  ? __pfx_ksys_write+0x10/0x10
[  487.722372][T15832]  ? rcu_is_watching+0x12/0xc0
[  487.722386][T15832]  __do_fast_syscall_32+0x7c/0x3a0
[  487.722415][T15832]  do_fast_syscall_32+0x32/0x80
[  487.722430][T15832]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  487.722443][T15832] RIP: 0023:0xf704e579
[  487.722452][T15832] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  487.722462][T15832] RSP: 002b:00000000f53fc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  487.722473][T15832] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000040
[  487.722480][T15832] RDX: 00000000000012d8 RSI: 0000000000000000 RDI: 0000000000000000
[  487.722486][T15832] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  487.722492][T15832] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  487.722498][T15832] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  487.722511][T15832]  </TASK>
[  488.550762][T15842] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  488.596960][T15842] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2371'.
[  488.600089][T15842] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2371'.
[  488.786731][T15852] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:0
[  488.835357][ T6019] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  489.022901][ T6019] usb 5-1: Using ep0 maxpacket: 8
[  489.050463][ T6019] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  489.052936][ T6019] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  489.056482][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  489.070780][ T6019] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  489.079542][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  489.089203][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  489.119002][ T6019] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  489.123341][ T6019] usb 5-1: config 168 interface 0 has no altsetting 0
[  489.127624][ T6019] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  489.130271][ T6019] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  489.134225][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  489.140107][ T6019] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  489.144046][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  489.152170][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  489.156567][ T6019] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  489.161079][ T6019] usb 5-1: config 168 interface 0 has no altsetting 0
[  489.164817][ T6019] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  489.167554][ T6019] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  489.171219][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  489.175163][ T6019] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  489.179349][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  489.182999][ T6019] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  489.186887][ T6019] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  489.191456][ T6019] usb 5-1: config 168 interface 0 has no altsetting 0
[  489.198336][ T6019] usb 5-1: string descriptor 0 read error: -22
[  489.201394][ T6019] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  489.204784][ T6019] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.230645][ T6019] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  489.432613][ T6019] usb 5-1: USB disconnect, device number 10
[  490.010152][T15881] binder: 15878:15881 ioctl c0306201 0 returned -14
[  490.786236][T15902] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  490.900897][T15906] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2382'.
[  490.908853][T15908] syzkaller0: entered promiscuous mode
[  491.143788][T15916] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  491.417960][T15923] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  491.419984][T15923] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  491.422907][T15923] vhci_hcd vhci_hcd.0: Device attached
[  491.429034][T15923] netdevsim netdevsim4: Direct firmware load for @ failed with error -2
[  491.431629][T15923] netdevsim netdevsim4: Falling back to sysfs fallback for: @
[  491.722928][    T9] usb 46-1: SetAddress Request (6) to port 0
[  491.725107][    T9] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  491.763564][T15939] random: crng reseeded on system resumption
[  492.244871][T15956] wireguard0: entered promiscuous mode
[  492.246541][T15956] wireguard0: entered allmulticast mode
[  492.254849][T15961] random: crng reseeded on system resumption
[  492.274229][T15925] vhci_hcd: connection reset by peer
[  492.276101][T13307] vhci_hcd: stop threads
[  492.277492][T13307] vhci_hcd: release socket
[  492.280807][T13307] vhci_hcd: disconnect device
[  492.473719][ T5985] Bluetooth: hci2: Malformed LE Event: 0x02
[  492.899154][ T6317] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  493.070795][ T6317] usb 10-1: Using ep0 maxpacket: 8
[  493.074657][ T6317] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  493.077098][ T6317] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  493.080879][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  493.084447][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  493.088717][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  493.092930][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  493.096528][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  493.100420][ T6317] usb 10-1: config 168 interface 0 has no altsetting 0
[  493.105914][ T6317] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  493.108426][ T6317] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  493.111973][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  493.116029][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  493.119865][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  493.123509][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  493.427179][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  493.431896][ T6317] usb 10-1: config 168 interface 0 has no altsetting 0
[  493.435094][ T6317] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  493.437454][ T6317] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  493.440952][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  493.445023][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  493.448762][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  493.452239][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  493.456169][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  493.460475][ T6317] usb 10-1: config 168 interface 0 has no altsetting 0
[  493.465239][ T6317] usb 10-1: string descriptor 0 read error: -22
[  493.468832][ T6317] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  493.472855][ T6317] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.481955][ T6317] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  493.545105][T15985] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  493.618784][T15993] FAULT_INJECTION: forcing a failure.
[  493.618784][T15993] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  493.623208][T15993] CPU: 2 UID: 0 PID: 15993 Comm: syz.0.2407 Not tainted syzkaller #0 PREEMPT(full) 
[  493.623223][T15993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  493.623230][T15993] Call Trace:
[  493.623234][T15993]  <TASK>
[  493.623238][T15993]  dump_stack_lvl+0x16c/0x1f0
[  493.623256][T15993]  should_fail_ex+0x512/0x640
[  493.623274][T15993]  _copy_to_user+0x32/0xd0
[  493.623285][T15993]  copy_to_sockptr_offset+0x15c/0x1b0
[  493.623297][T15993]  ? copy_from_sockptr_offset.constprop.0+0xe5/0x170
[  493.623309][T15993]  ? __pfx_copy_to_sockptr_offset+0x10/0x10
[  493.623322][T15993]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  493.623339][T15993]  sk_getsockopt+0xbbd/0x30a0
[  493.623354][T15993]  ? __lock_acquire+0x62e/0x1ce0
[  493.623372][T15993]  ? __pfx_sk_getsockopt+0x10/0x10
[  493.623392][T15993]  ? get_pid_task+0xfc/0x250
[  493.623409][T15993]  ? aa_sk_perm+0x2f4/0xb10
[  493.623428][T15993]  ? aa_sock_opt_perm+0xfd/0x1c0
[  493.623441][T15993]  do_sock_getsockopt+0x3a3/0x440
[  493.623459][T15993]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  493.623475][T15993]  ? __fget_files+0x204/0x3c0
[  493.623493][T15993]  __sys_getsockopt+0x123/0x1b0
[  493.623510][T15993]  __ia32_sys_getsockopt+0xbc/0x160
[  493.623523][T15993]  ? lockdep_hardirqs_on+0x7c/0x110
[  493.623536][T15993]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  493.623551][T15993]  __do_fast_syscall_32+0x7c/0x3a0
[  493.623567][T15993]  do_fast_syscall_32+0x32/0x80
[  493.623582][T15993]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  493.623596][T15993] RIP: 0023:0xf7f56579
[  493.623604][T15993] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  493.623616][T15993] RSP: 002b:00000000f547655c EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[  493.623626][T15993] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000001
[  493.623633][T15993] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000080000080
[  493.623640][T15993] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  493.623646][T15993] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  493.623652][T15993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  493.623665][T15993]  </TASK>
[  493.693558][T15994] __nla_validate_parse: 1 callbacks suppressed
[  493.693629][T15994] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2404'.
[  493.701226][ T6019] usb 10-1: USB disconnect, device number 2
[  493.701492][T15994] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2404'.
[  495.677692][T16041] kvm: kvm [16040]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0xa0000000051
[  495.694599][T16041] kvm: kvm [16040]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x4c0000000072
[  495.724107][T16041] kvm: kvm [16040]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x8e00000000b3
[  495.777212][T16041] kvm: kvm [16040]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0xd4000000012f
[  496.349650][T16051] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  496.355589][T16050] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  496.465128][T16050] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2419'.
[  496.469206][T16050] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2419'.
[  496.588001][T16056] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  496.591954][T16059] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2420'.
[  496.596326][T16059] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2420'.
[  497.168874][    T9] usb 46-1: device descriptor read/8, error -110
[  497.407696][T16068] bridge0: entered allmulticast mode
[  497.527542][T16075] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  497.555762][T16075] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2425'.
[  497.558487][T16075] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2425'.
[  497.588324][    T9] usb usb46-port1: attempt power cycle
[  498.163237][T16082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2428'.
[  498.167499][T16082] netlink: 124 bytes leftover after parsing attributes in process `syz.4.2428'.
[  498.321735][    T9] usb usb46-port1: unable to enumerate USB device
[  500.402598][T16103] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  500.455696][T16105] FAULT_INJECTION: forcing a failure.
[  500.455696][T16105] name failslab, interval 1, probability 0, space 0, times 0
[  500.461521][T16105] CPU: 3 UID: 0 PID: 16105 Comm: syz.5.2434 Not tainted syzkaller #0 PREEMPT(full) 
[  500.461537][T16105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  500.461544][T16105] Call Trace:
[  500.461548][T16105]  <TASK>
[  500.461553][T16105]  dump_stack_lvl+0x16c/0x1f0
[  500.461572][T16105]  should_fail_ex+0x512/0x640
[  500.461587][T16105]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  500.461603][T16105]  should_failslab+0xc2/0x120
[  500.461617][T16105]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  500.461630][T16105]  ? mas_alloc_nodes+0x18b/0x8b0
[  500.461644][T16105]  mas_alloc_nodes+0x18b/0x8b0
[  500.461659][T16105]  mas_node_count_gfp+0x105/0x130
[  500.461672][T16105]  mas_preallocate+0x7e0/0xde0
[  500.461691][T16105]  ? __pfx_mas_preallocate+0x10/0x10
[  500.461710][T16105]  ? anon_vma_name+0x81/0x2f0
[  500.461728][T16105]  __split_vma+0x34a/0x1070
[  500.461742][T16105]  ? __pfx___split_vma+0x10/0x10
[  500.461753][T16105]  ? mas_prev_setup.constprop.0+0xb6/0x9d0
[  500.461776][T16105]  vms_gather_munmap_vmas+0x3b1/0x1340
[  500.461791][T16105]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  500.461805][T16105]  ? mas_walk+0x6f5/0x980
[  500.461822][T16105]  __mmap_region+0x436/0x27b0
[  500.461836][T16105]  ? __pfx___mmap_region+0x10/0x10
[  500.461848][T16105]  ? find_held_lock+0x2b/0x80
[  500.461862][T16105]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  500.461875][T16105]  ? is_bpf_text_address+0x94/0x1a0
[  500.461889][T16105]  ? kernel_text_address+0x8d/0x100
[  500.461900][T16105]  ? __kernel_text_address+0xd/0x40
[  500.461910][T16105]  ? unwind_get_return_address+0x59/0xa0
[  500.461922][T16105]  ? arch_stack_walk+0xa6/0x100
[  500.461935][T16105]  ? __lock_acquire+0x62e/0x1ce0
[  500.461951][T16105]  ? __lock_acquire+0xb97/0x1ce0
[  500.461964][T16105]  ? _parse_integer_limit+0x17f/0x1d0
[  500.461994][T16105]  ? mm_get_unmapped_area+0x95/0xe0
[  500.462013][T16105]  mmap_region+0x1ab/0x3f0
[  500.462026][T16105]  ? __get_unmapped_area+0x267/0x440
[  500.462043][T16105]  do_mmap+0xa3e/0x1210
[  500.462060][T16105]  ? __pfx_do_mmap+0x10/0x10
[  500.462076][T16105]  ? __pfx_down_write_killable+0x10/0x10
[  500.462095][T16105]  vm_mmap_pgoff+0x29e/0x470
[  500.462113][T16105]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  500.462127][T16105]  ? handle_mm_fault+0x200/0xd10
[  500.462142][T16105]  ? ksys_write+0x1ac/0x250
[  500.462156][T16105]  ksys_mmap_pgoff+0x7d/0x5c0
[  500.462170][T16105]  ? rcu_is_watching+0x12/0xc0
[  500.462181][T16105]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  500.462197][T16105]  __do_fast_syscall_32+0x7c/0x3a0
[  500.462214][T16105]  do_fast_syscall_32+0x32/0x80
[  500.462228][T16105]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  500.462242][T16105] RIP: 0023:0xf704e579
[  500.462251][T16105] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  500.462261][T16105] RSP: 002b:00000000f543e55c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0
[  500.462273][T16105] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000
[  500.462280][T16105] RDX: 0000000006ebbeef RSI: 0000000000008031 RDI: 00000000ffffffff
[  500.462287][T16105] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  500.462293][T16105] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  500.462299][T16105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  500.462312][T16105]  </TASK>
[  500.832177][T16113] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.011905][T16113] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.122222][T16113] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.324974][T16113] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.441685][T13307] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  501.457361][T13307] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  501.487875][T13307] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  501.501707][T13307] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  501.919118][T16132] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  502.001003][T16132] __nla_validate_parse: 2 callbacks suppressed
[  502.001022][T16132] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2440'.
[  502.006940][T16132] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2440'.
[  502.158307][T16136] FAULT_INJECTION: forcing a failure.
[  502.158307][T16136] name failslab, interval 1, probability 0, space 0, times 0
[  502.165275][T16136] CPU: 0 UID: 0 PID: 16136 Comm: syz.1.2441 Not tainted syzkaller #0 PREEMPT(full) 
[  502.165294][T16136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  502.165313][T16136] Call Trace:
[  502.165319][T16136]  <TASK>
[  502.165324][T16136]  dump_stack_lvl+0x16c/0x1f0
[  502.165355][T16136]  should_fail_ex+0x512/0x640
[  502.165372][T16136]  ? fs_reclaim_acquire+0xae/0x150
[  502.165390][T16136]  ? tomoyo_encode2+0x100/0x3e0
[  502.165412][T16136]  should_failslab+0xc2/0x120
[  502.165427][T16136]  __kmalloc_noprof+0xd2/0x510
[  502.165440][T16136]  ? d_absolute_path+0x136/0x1a0
[  502.165458][T16136]  tomoyo_encode2+0x100/0x3e0
[  502.165475][T16136]  tomoyo_encode+0x29/0x50
[  502.165489][T16136]  tomoyo_realpath_from_path+0x18f/0x6e0
[  502.165509][T16136]  tomoyo_path_number_perm+0x245/0x580
[  502.165521][T16136]  ? tomoyo_path_number_perm+0x237/0x580
[  502.165535][T16136]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  502.165563][T16136]  ? find_held_lock+0x2b/0x80
[  502.165574][T16136]  ? hook_file_ioctl_common+0x145/0x410
[  502.165591][T16136]  ? __fget_files+0x20e/0x3c0
[  502.165606][T16136]  security_file_ioctl_compat+0x9b/0x240
[  502.165621][T16136]  __ia32_compat_sys_ioctl+0xc3/0x370
[  502.165641][T16136]  __do_fast_syscall_32+0x7c/0x3a0
[  502.165657][T16136]  do_fast_syscall_32+0x32/0x80
[  502.165672][T16136]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  502.165686][T16136] RIP: 0023:0xf70be579
[  502.165695][T16136] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  502.165705][T16136] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  502.165716][T16136] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000c004743e
[  502.165723][T16136] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  502.165729][T16136] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  502.165735][T16136] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  502.165741][T16136] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  502.165755][T16136]  </TASK>
[  502.165824][T16136] ERROR: Out of memory at tomoyo_realpath_from_path.
[  502.632759][T16141] FAULT_INJECTION: forcing a failure.
[  502.632759][T16141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  502.636891][T16141] CPU: 2 UID: 0 PID: 16141 Comm: syz.0.2443 Not tainted syzkaller #0 PREEMPT(full) 
[  502.636906][T16141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  502.636913][T16141] Call Trace:
[  502.636918][T16141]  <TASK>
[  502.636923][T16141]  dump_stack_lvl+0x16c/0x1f0
[  502.636942][T16141]  should_fail_ex+0x512/0x640
[  502.636960][T16141]  _copy_to_user+0x32/0xd0
[  502.636971][T16141]  simple_read_from_buffer+0xcb/0x170
[  502.636984][T16141]  proc_fail_nth_read+0x197/0x240
[  502.636997][T16141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  502.637009][T16141]  ? rw_verify_area+0xcf/0x6c0
[  502.637020][T16141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  502.637032][T16141]  vfs_read+0x1e4/0xcf0
[  502.637047][T16141]  ? __pfx_vfs_read+0x10/0x10
[  502.637058][T16141]  ? find_held_lock+0x2b/0x80
[  502.637073][T16141]  ? __fget_files+0x20e/0x3c0
[  502.637088][T16141]  ksys_read+0x12a/0x250
[  502.637100][T16141]  ? __pfx_ksys_read+0x10/0x10
[  502.637113][T16141]  ? rcu_is_watching+0x12/0xc0
[  502.637127][T16141]  __do_fast_syscall_32+0x7c/0x3a0
[  502.637148][T16141]  do_fast_syscall_32+0x32/0x80
[  502.637168][T16141]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  502.637189][T16141] RIP: 0023:0xf7f56579
[  502.637205][T16141] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  502.637219][T16141] RSP: 002b:00000000f5476590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  502.637230][T16141] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5476620
[  502.637237][T16141] RDX: 000000000000000f RSI: 00000000f73e4ff4 RDI: 0000000000000000
[  502.637243][T16141] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  502.637249][T16141] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  502.637256][T16141] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  502.637269][T16141]  </TASK>
[  502.740698][T16144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  502.830314][T16150] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  502.833937][   T24] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  503.005109][   T24] usb 6-1: Using ep0 maxpacket: 8
[  503.009671][   T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  503.012922][   T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  503.019642][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  503.024331][   T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  503.029456][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  503.034474][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  503.042777][   T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  503.049129][   T24] usb 6-1: config 168 interface 0 has no altsetting 0
[  503.053059][   T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  503.056286][   T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  503.063487][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  503.068263][   T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  503.074233][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  503.078801][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  503.090604][   T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  503.096024][   T24] usb 6-1: config 168 interface 0 has no altsetting 0
[  503.100000][   T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  503.105202][   T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  503.108815][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  503.113021][   T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  503.116948][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  503.120428][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  503.125725][   T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  503.129917][   T24] usb 6-1: config 168 interface 0 has no altsetting 0
[  503.136122][   T24] usb 6-1: string descriptor 0 read error: -22
[  503.138199][   T24] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  503.141271][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.153942][   T24] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  503.369523][ T6019] usb 6-1: USB disconnect, device number 18
[  503.427153][T16144] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2442'.
[  503.438609][T16144] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2442'.
[  503.449043][T16150] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2444'.
[  503.452701][T16150] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2444'.
[  504.081163][T16167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2448'.
[  504.255832][T16170] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  504.292982][T16160] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  504.520320][T16160] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2446'.
[  504.524392][T16160] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2446'.
[  505.069991][T16178] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2450'.
[  505.327191][T16189] 9pnet_fd: Insufficient options for proto=fd
[  505.345259][T16187] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  505.528777][ T6317] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  505.545772][T16194] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  505.699843][ T6317] usb 10-1: Using ep0 maxpacket: 8
[  505.704877][ T6317] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  505.714351][ T6317] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  505.718190][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  505.722940][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  505.726997][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  505.731129][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  505.735829][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  505.741712][ T6317] usb 10-1: config 168 interface 0 has no altsetting 0
[  505.745948][ T6317] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  505.748828][ T6317] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  505.752998][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  505.756813][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  505.761233][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  505.764983][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  505.768757][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  505.772874][ T6317] usb 10-1: config 168 interface 0 has no altsetting 0
[  505.776239][ T6317] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  505.790421][ T6317] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  505.795110][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  505.802227][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  505.807559][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  505.811036][ T6317] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  505.814711][ T6317] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  505.820341][ T6317] usb 10-1: config 168 interface 0 has no altsetting 0
[  505.826767][ T6317] usb 10-1: string descriptor 0 read error: -22
[  505.829773][ T6317] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  505.833769][ T6317] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.850988][ T6317] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  506.087596][   T24] usb 10-1: USB disconnect, device number 3
[  506.118385][   T53] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  506.277356][   T53] usb 6-1: Using ep0 maxpacket: 8
[  506.289026][   T53] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  506.292466][   T53] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  506.297297][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  506.302249][   T53] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  506.309511][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  506.322186][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  506.327739][   T53] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  506.333559][   T53] usb 6-1: config 168 interface 0 has no altsetting 0
[  506.337560][   T53] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  506.340643][   T53] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  506.345282][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  506.350025][   T53] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  506.357474][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  506.361828][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  506.367575][   T53] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  506.373030][   T53] usb 6-1: config 168 interface 0 has no altsetting 0
[  506.378437][   T53] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  506.381371][   T53] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  506.385684][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  506.389987][   T53] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  506.393726][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  506.397421][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  506.400984][   T53] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  506.405180][   T53] usb 6-1: config 168 interface 0 has no altsetting 0
[  506.410214][   T53] usb 6-1: string descriptor 0 read error: -22
[  506.412295][   T53] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  506.415202][   T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.457910][   T53] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  506.655385][ T8809] usb 6-1: USB disconnect, device number 19
[  506.912523][T16215] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  507.365049][T16224] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  507.394482][T16224] __nla_validate_parse: 8 callbacks suppressed
[  507.394495][T16224] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2464'.
[  507.399598][T16224] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2464'.
[  507.492764][T16223] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  507.738361][T16223] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2463'.
[  507.741252][T16223] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2463'.
[  508.129167][T16237] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  508.583190][T16237] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2467'.
[  508.587801][T16237] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2467'.
[  508.909127][T16243] 9pnet_fd: Insufficient options for proto=fd
[  509.132475][T16251] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  509.271834][   T53] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  509.445057][T16251] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2477'.
[  509.449358][T16251] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2477'.
[  509.474871][   T53] usb 6-1: Using ep0 maxpacket: 8
[  509.483322][   T53] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  509.486324][   T53] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  509.489909][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  509.493706][   T53] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  509.497770][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  509.502092][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  509.505874][   T53] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  509.511058][   T53] usb 6-1: config 168 interface 0 has no altsetting 0
[  509.514939][   T53] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  509.517282][   T53] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  509.521597][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  509.526554][   T53] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  509.532228][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  509.535696][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  509.539503][   T53] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  509.543698][   T53] usb 6-1: config 168 interface 0 has no altsetting 0
[  509.546756][   T53] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  509.549077][   T53] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  509.553065][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  509.556550][   T53] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  509.560309][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  509.564073][   T53] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  509.567687][   T53] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  509.572056][   T53] usb 6-1: config 168 interface 0 has no altsetting 0
[  509.576803][   T53] usb 6-1: string descriptor 0 read error: -22
[  509.578694][   T53] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  509.581522][   T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.593800][   T53] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  509.774547][   T61] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  509.860541][   T53] usb 6-1: USB disconnect, device number 20
[  509.957009][   T61] usb 5-1: Using ep0 maxpacket: 8
[  509.960174][   T61] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  509.962696][   T61] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  509.966390][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  509.970416][   T61] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  509.974321][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  509.978858][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  509.982866][   T61] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  509.987714][   T61] usb 5-1: config 168 interface 0 has no altsetting 0
[  509.991788][   T61] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  509.994694][   T61] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  509.999129][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  510.003543][   T61] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  510.007901][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  510.016601][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  510.020691][   T61] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  510.025234][   T61] usb 5-1: config 168 interface 0 has no altsetting 0
[  510.028324][   T61] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  510.030737][   T61] usb 5-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  510.034326][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  510.038235][   T61] usb 5-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  510.042238][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  510.046029][   T61] usb 5-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  510.050100][   T61] usb 5-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  510.054752][   T61] usb 5-1: config 168 interface 0 has no altsetting 0
[  510.059457][   T61] usb 5-1: string descriptor 0 read error: -22
[  510.061387][   T61] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  510.064445][   T61] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.140551][   T61] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  510.292855][ T8809] usb 5-1: USB disconnect, device number 11
[  510.748668][T16269] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  510.869856][T16269] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2476'.
[  510.873488][T16269] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2476'.
[  511.012461][T16276] 9pnet_fd: Insufficient options for proto=fd
[  511.049005][T16274] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  511.106867][T16281] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  512.092950][T16290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  512.198047][T16292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  512.891348][T16296] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  513.029173][T16297] __nla_validate_parse: 4 callbacks suppressed
[  513.029187][T16297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2484'.
[  513.034098][T16297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2484'.
[  513.115245][T16300] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  513.223109][T16300] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2485'.
[  513.227336][T16300] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2485'.
[  514.229648][T16306] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  514.307369][T16306] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2486'.
[  514.310622][T16306] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2486'.
[  514.449185][T16309] 9pnet_fd: Insufficient options for proto=fd
[  514.656723][T16314] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  514.905407][T16321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2492'.
[  514.916093][T16321] bridge_slave_1: left allmulticast mode
[  514.919373][T16321] bridge_slave_1: left promiscuous mode
[  514.922745][T16321] bridge0: port 2(bridge_slave_1) entered disabled state
[  514.933832][T16321] bridge_slave_0: left allmulticast mode
[  514.935850][T16321] bridge_slave_0: left promiscuous mode
[  514.938128][T16321] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.228061][T16324] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  516.006016][T16337] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2496'.
[  516.008997][T16337] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2496'.
[  516.013920][T16336] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  516.407762][T16343] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  516.587655][T16346] 9pnet_fd: Insufficient options for proto=fd
[  516.591235][T16343] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2497'.
[  517.257234][T16358] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  518.408734][T16374] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  518.493570][T16376] 9pnet_fd: Insufficient options for proto=fd
[  518.820746][T16374] __nla_validate_parse: 6 callbacks suppressed
[  518.820760][T16374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2507'.
[  518.828320][T16383] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  518.834690][T16374] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2507'.
[  518.944716][T16385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2509'.
[  518.948354][T16385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2509'.
[  519.528326][   T53] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  519.638399][T16392] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  519.687724][   T53] usb 9-1: Using ep0 maxpacket: 8
[  519.688831][T16392] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2512'.
[  519.691786][   T53] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  519.695823][   T53] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  519.698372][T16392] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2512'.
[  519.703787][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  519.708837][   T53] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  519.715741][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  519.720963][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  519.725572][   T53] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  519.734079][   T53] usb 9-1: config 168 interface 0 has no altsetting 0
[  519.739847][   T53] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  519.749347][   T53] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  519.757812][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  519.765041][   T53] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  519.769932][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  519.775095][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  519.779538][   T53] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  519.785576][   T53] usb 9-1: config 168 interface 0 has no altsetting 0
[  519.789824][   T53] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  519.792993][   T53] usb 9-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  519.798879][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  519.803682][   T53] usb 9-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  519.809509][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  519.814202][   T53] usb 9-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  519.821123][   T53] usb 9-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  519.827360][   T53] usb 9-1: config 168 interface 0 has no altsetting 0
[  519.840315][   T53] usb 9-1: string descriptor 0 read error: -22
[  519.843043][   T53] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  519.846150][   T53] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.859093][   T53] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  520.070173][   T53] usb 9-1: USB disconnect, device number 8
[  521.208189][T16416] No buffer was provided with the request
[  521.441071][T16416] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  521.444728][T16416] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  521.456890][T16416] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  521.816955][T16425] misc userio: No port type given on /dev/userio
[  522.293189][T16436] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  522.487356][T16436] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2524'.
[  522.490351][T16436] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2524'.
[  522.543072][   T61] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  522.703429][   T61] usb 10-1: Using ep0 maxpacket: 8
[  522.707846][   T61] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  522.711306][   T61] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  522.719607][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  522.725253][   T61] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  522.730319][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  522.735085][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  522.740037][   T61] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  522.746572][   T61] usb 10-1: config 168 interface 0 has no altsetting 0
[  522.751733][   T61] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  522.754838][   T61] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  522.767686][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  522.772329][   T61] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  522.777192][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  522.789204][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  522.792867][   T61] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  522.796990][   T61] usb 10-1: config 168 interface 0 has no altsetting 0
[  522.803372][   T61] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  522.806559][   T61] usb 10-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  522.812248][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  522.816442][   T61] usb 10-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  522.820205][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  522.824227][   T61] usb 10-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  522.827910][   T61] usb 10-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  522.832220][   T61] usb 10-1: config 168 interface 0 has no altsetting 0
[  522.838906][   T61] usb 10-1: string descriptor 0 read error: -22
[  522.840960][   T61] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  522.844388][   T61] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.866232][   T61] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  523.026014][T16444] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  523.087189][   T24] usb 10-1: USB disconnect, device number 4
[  523.612589][ T5985] Bluetooth: hci2: command 0x0c1a tx timeout
[  524.101872][T16455] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  524.959580][T16464] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  525.060027][T16459] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2530'.
[  525.064298][T16459] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2530'.
[  525.685482][T16472] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  525.818070][T16472] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2535'.
[  525.820975][T16472] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2535'.
[  525.826148][ T5985] Bluetooth: hci2: command 0x0c1a tx timeout
[  526.412644][T16478] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  527.344930][   T24] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  527.362166][T16500] 9pnet_fd: Insufficient options for proto=fd
[  527.436159][T16502] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  527.455561][T16502] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2544'.
[  527.461593][T16502] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2544'.
[  527.775581][   T24] usb 6-1: Using ep0 maxpacket: 8
[  527.782050][   T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  527.785003][   T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  527.788920][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  527.792865][   T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  527.797411][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  527.800902][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  527.804734][   T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  527.808752][   T24] usb 6-1: config 168 interface 0 has no altsetting 0
[  527.811702][   T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  527.816476][   T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  527.819977][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  527.823577][   T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  527.827595][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  527.831140][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  527.834872][   T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  527.839103][   T24] usb 6-1: config 168 interface 0 has no altsetting 0
[  527.842286][   T24] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  527.844804][   T24] usb 6-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  527.848627][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  527.852174][   T24] usb 6-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  527.855610][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  527.861022][   T24] usb 6-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  527.866457][   T24] usb 6-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  527.872907][   T24] usb 6-1: config 168 interface 0 has no altsetting 0
[  527.880236][   T24] usb 6-1: string descriptor 0 read error: -22
[  527.882869][   T24] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  527.885960][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.895316][   T24] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  527.991433][T16508] 9pnet_fd: Insufficient options for proto=fd
[  528.050548][ T5985] Bluetooth: hci2: command 0x0c1a tx timeout
[  528.106264][   T24] usb 6-1: USB disconnect, device number 21
[  528.728367][T16517] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  528.738401][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  528.741107][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  528.803020][T16517] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2549'.
[  528.806315][T16517] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2549'.
[  528.947788][T16528] 9pnet_fd: Insufficient options for proto=fd
[  528.966930][T16520] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  529.128950][T16520] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2550'.
[  529.132416][T16520] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2550'.
[  529.136388][T16535] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  531.444450][T16566] 9pnet_fd: Insufficient options for proto=fd
[  531.703874][T16578] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  531.772904][T16578] __nla_validate_parse: 2 callbacks suppressed
[  531.773345][T16578] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2565'.
[  531.779023][T16578] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2565'.
[  532.119050][T16589] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  532.218611][T16593] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  532.229310][T16590] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  533.161941][T16600] 9pnet_fd: Insufficient options for proto=fd
[  533.870283][T16623] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  534.027495][T16623] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2579'.
[  534.031174][T16623] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2579'.
[  534.170153][T16630] 9pnet_fd: Insufficient options for proto=fd
[  534.530290][T16635] overlayfs: failed to resolve './file1': -2
[  534.536693][T16635] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  534.539923][T16635] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  534.542552][T16635] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  534.544681][T16635] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  534.546853][T16635] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  534.814983][   T40] kauditd_printk_skb: 195 callbacks suppressed
[  534.814993][   T40] audit: type=1326 audit(1756399023.317:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.831228][   T40] audit: type=1326 audit(1756399023.326:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.839617][   T40] audit: type=1326 audit(1756399023.326:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.850480][   T40] audit: type=1326 audit(1756399023.326:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.859615][   T40] audit: type=1326 audit(1756399023.326:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.878295][   T40] audit: type=1326 audit(1756399023.326:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.892161][   T40] audit: type=1326 audit(1756399023.326:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.901653][   T40] audit: type=1326 audit(1756399023.326:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.908691][   T40] audit: type=1326 audit(1756399023.336:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf704e579 code=0x7ffc0000
[  534.915452][   T40] audit: type=1326 audit(1756399023.336:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16643 comm="syz.5.2587" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  535.981660][T16668] overlayfs: failed to resolve './file1': -2
[  536.073226][T16674] 9pnet_fd: Insufficient options for proto=fd
[  536.733769][T16685] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2600'.
[  536.737102][T16685] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2600'.
[  537.091424][T16690] net_ratelimit: 38 callbacks suppressed
[  537.091431][T16690] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  537.180949][T16690] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2602'.
[  537.184821][T16690] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2602'.
[  537.209098][T16692] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2603'.
[  537.212056][T16692] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2603'.
[  537.214947][T16692] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2603'.
[  537.357227][T16698] tipc: Started in network mode
[  537.359000][T16698] tipc: Node identity 46a346bf3612, cluster identity 4711
[  537.361310][T16698] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  537.364499][T16698] syzkaller0: entered promiscuous mode
[  537.366614][T16698] syzkaller0: entered allmulticast mode
[  537.403066][T16698] syzkaller0: mtu greater than device maximum
[  537.407245][T16697] tipc: Resetting bearer <eth:syzkaller0>
[  537.418032][T16697] tipc: Disabling bearer <eth:syzkaller0>
[  537.991590][T16704] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  538.374026][T16713] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  539.582511][T16733] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  539.787093][T16737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2615'.
[  539.789908][T16737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2615'.
[  539.814581][T16736] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  539.872950][T16739] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2616'.
[  539.875793][T16739] netlink: 45 bytes leftover after parsing attributes in process `syz.4.2616'.
[  539.879110][T16739] netlink: 45 bytes leftover after parsing attributes in process `syz.4.2616'.
[  540.837419][T16754] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  540.887625][T16753] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  540.984752][T16760] tmpfs: Unknown parameter 'grpquota_block_hardli
'
[  541.148385][   T40] kauditd_printk_skb: 41 callbacks suppressed
[  541.148397][   T40] audit: type=1804 audit(1756399029.236:2732): pid=16764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2622" name="/newroot/156/bus/file0" dev="overlay" ino=874 res=1 errno=0
[  541.892213][T16779] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  542.561964][T16784] __nla_validate_parse: 7 callbacks suppressed
[  542.561976][T16784] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2628'.
[  542.567150][T16784] netlink: 45 bytes leftover after parsing attributes in process `syz.5.2628'.
[  542.570516][T16784] netlink: 45 bytes leftover after parsing attributes in process `syz.5.2628'.
[  542.693462][T16792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  542.746689][T16792] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2630'.
[  542.749715][T16792] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2630'.
[  543.753016][T16807] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  543.819745][T16810] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2635'.
[  544.918087][T16831] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  544.941982][T16830] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  545.150561][T16834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  545.331514][T16839] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2644'.
[  545.521024][T16843] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2645'.
[  545.892683][T16853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2648'.
[  545.897393][T16853] IPVS: Error joining to the multicast group
[  546.240739][T16858] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  546.261016][T16858] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2649'.
[  546.465901][T16861] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  547.774692][T16888] kvm: kvm [16887]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc1) = 0x1ca75ae62ad6
[  548.116574][T16899] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  548.167406][T16900] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  548.169674][T16902] __nla_validate_parse: 4 callbacks suppressed
[  548.169687][T16902] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2661'.
[  548.177459][T16902] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2661'.
[  548.213302][T16899] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2660'.
[  548.216437][T16899] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2660'.
[  548.938060][T16910] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  549.742301][T16924] 9pnet_fd: Insufficient options for proto=fd
[  549.783057][T16926] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2668'.
[  549.786033][T16926] netlink: 45 bytes leftover after parsing attributes in process `syz.4.2668'.
[  549.788808][T16926] netlink: 45 bytes leftover after parsing attributes in process `syz.4.2668'.
[  550.118628][T16935] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2670'.
[  550.132942][T16937] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2671'.
[  550.397708][T16945] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  550.506839][T16948] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  550.508513][T16949] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2673'.
[  550.597480][T16950] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  551.660530][T16966] FAT-fs (sr0): bogus number of reserved sectors
[  551.662665][T16966] FAT-fs (sr0): Can't find a valid FAT filesystem
[  552.885118][T16971] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  554.854305][T17017] wg1: entered promiscuous mode
[  554.855925][T17017] wg1: entered allmulticast mode
[  555.130025][T17023] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  555.337608][T17028] __nla_validate_parse: 5 callbacks suppressed
[  555.338041][T17028] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2693'.
[  555.344431][T17028] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2693'.
[  555.473271][T17027] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2691'.
[  555.476735][T17027] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2691'.
[  555.601887][   T40] audit: type=1326 audit(1756399042.755:2733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.613945][   T40] audit: type=1326 audit(1756399042.755:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.623521][   T40] audit: type=1326 audit(1756399042.765:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.639778][   T40] audit: type=1326 audit(1756399042.765:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.649409][   T40] audit: type=1326 audit(1756399042.765:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.659885][   T40] audit: type=1326 audit(1756399042.765:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.669089][   T40] audit: type=1326 audit(1756399042.765:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.678264][   T40] audit: type=1326 audit(1756399042.765:2740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.693180][   T40] audit: type=1326 audit(1756399042.765:2741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70be579 code=0x7ffc0000
[  555.700738][   T40] audit: type=1326 audit(1756399042.765:2742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17031 comm="syz.1.2694" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000
[  556.159312][T17041] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  556.194924][T17041] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2695'.
[  556.201017][T17041] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2695'.
[  556.561966][T17051] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2700'.
[  556.564939][T17051] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2700'.
[  556.568216][T17051] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2700'.
[  557.294481][T17063] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2702'.
[  557.929958][T17071] Invalid logical block size (6)
[  558.082592][T17075] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  558.602110][T17082] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  558.666531][T17084] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  559.776114][T17095] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  560.091441][T17102] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  561.629537][T17124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  561.650420][T17124] __nla_validate_parse: 10 callbacks suppressed
[  561.650439][T17124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2718'.
[  561.668767][T17124] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2718'.
[  562.122998][T17134] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2720'.
[  562.418789][T17140] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  562.448817][T17142] 9pnet_fd: Insufficient options for proto=fd
[  563.642901][   T40] kauditd_printk_skb: 33 callbacks suppressed
[  563.642913][   T40] audit: type=1804 audit(1756399050.275:2776): pid=17158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2727" name="/newroot/189/bus/bus" dev="tmpfs" ino=1064 res=1 errno=0
[  564.598860][T17186] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  564.623121][T17186] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2734'.
[  564.626092][T17186] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2734'.
[  564.717317][T17187] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  565.245574][T17199] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2739'.
[  565.248622][T17199] netlink: 45 bytes leftover after parsing attributes in process `syz.5.2739'.
[  565.251744][T17199] netlink: 45 bytes leftover after parsing attributes in process `syz.5.2739'.
[  565.985229][T17212] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2742'.
[  565.988103][T17212] netlink: 45 bytes leftover after parsing attributes in process `syz.1.2742'.
[  567.111089][T17230] syzkaller0: entered promiscuous mode
[  568.107749][T17241] 9pnet_fd: Insufficient options for proto=fd
[  568.158692][T17243] __nla_validate_parse: 1 callbacks suppressed
[  568.158711][T17243] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2752'.
[  568.165458][T17243] netlink: 45 bytes leftover after parsing attributes in process `syz.0.2752'.
[  568.169395][T17243] netlink: 45 bytes leftover after parsing attributes in process `syz.0.2752'.
[  568.337098][T17247] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2750'.
[  568.654542][T17244] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  569.271782][T17259] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2754'.
[  569.274709][T17259] netlink: 45 bytes leftover after parsing attributes in process `syz.0.2754'.
[  569.278879][T17259] netlink: 45 bytes leftover after parsing attributes in process `syz.0.2754'.
[  569.821012][T17271] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  571.984651][T17299] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  572.412138][T17305] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  572.455009][T17299] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2764'.
[  572.458014][T17299] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2764'.
[  572.507867][T17306] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2766'.
[  573.642671][T17323] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  573.727530][T17323] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2769'.
[  573.730703][T17323] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2769'.
[  574.064995][T17330] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  574.785445][T17330] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2772'.
[  574.789202][T17330] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2772'.
[  575.176362][T17353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  575.205891][T17355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.208679][T17355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.217483][T17353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.225141][T17355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.229686][T17353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.235937][T17355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.241657][T17353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.249929][T17353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.457352][ T1466] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  575.885064][T17367] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2781'.
[  576.097810][T17371] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2783'.
[  576.102488][T17371] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2783'.
[  576.384337][T17360] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  576.411442][T17369] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  576.652034][T17378] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2785'.
[  576.657212][T17378] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2785'.
[  576.688139][T17375] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  578.203322][T17400] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  578.231592][T17401] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  578.442728][T17397] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2790'.
[  579.733721][T17437] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  579.761843][T17437] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2801'.
[  579.764898][T17437] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2801'.
[  579.859932][T17434] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  581.030022][T17454] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  581.142049][ T6145] kernel write not supported for file /784/attr/sockcreate (pid: 6145 comm: kworker/3:3)
[  581.234716][T17463] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2804'.
[  582.058723][T17475] 9pnet: Could not find request transport: fd0x0000000000000003
[  582.140008][T17482] fuse: Unknown parameter '%Ct��<x	��opu{/7|\��U�H�*���rXum�7BD�&��t�Cb»��[�}J��J߁�v�|��yGD��+�y�'
[  583.438700][T17499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  583.673618][T17499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2818'.
[  583.676591][T17499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2818'.
[  583.776366][T17501] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  583.781611][T17506] netlink: 'syz.4.2821': attribute type 12 has an invalid length.
[  583.852124][T17508] loop2: detected capacity change from 0 to 7
[  583.875268][T15087] Dev loop2: unable to read RDB block 7
[  583.877626][T15087]  loop2: unable to read partition table
[  583.880621][T15087] loop2: partition table beyond EOD, truncated
[  583.951737][T17508] Dev loop2: unable to read RDB block 7
[  583.953926][T17508]  loop2: unable to read partition table
[  583.956130][T17508] loop2: partition table beyond EOD, truncated
[  583.958453][T17508] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  583.991060][T17511] openvswitch: netlink: Missing valid actions attribute.
[  583.993425][T17511] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  585.740817][T17526] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  586.439160][T13718] syz_tun (unregistering): left allmulticast mode
[  586.447042][T13535] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  586.452152][T13535] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  586.455607][T13535] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  586.462747][T13535] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  586.466851][T13535] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  586.881952][T17537] chnl_net:caif_netlink_parms(): no params data found
[  587.085335][T17537] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.087610][T17537] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.090032][T17537] bridge_slave_0: entered allmulticast mode
[  587.097920][T17537] bridge_slave_0: entered promiscuous mode
[  587.105101][T17537] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.108126][T17537] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.110411][T17537] bridge_slave_1: entered allmulticast mode
[  587.129799][T17537] bridge_slave_1: entered promiscuous mode
[  587.270116][T17537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  587.275253][T17537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  587.314015][T17537] team0: Port device team_slave_0 added
[  587.318559][T17537] team0: Port device team_slave_1 added
[  587.354304][T17537] batman_adv: batadv0: Adding interface: batadv_slave_0
[  587.356536][T17537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.364585][T17537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  587.426074][T17537] batman_adv: batadv0: Adding interface: batadv_slave_1
[  587.428493][T17537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  587.437245][T17537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  587.463259][T17550] 9pnet: Could not find request transport: fd0x0000000000000003
[  587.521455][T17537] hsr_slave_0: entered promiscuous mode
[  587.523820][T17537] hsr_slave_1: entered promiscuous mode
[  587.526065][T17537] debugfs: 'hsr0' already exists in 'hsr'
[  587.527910][T17537] Cannot create hsr debugfs directory
[  587.602784][T17560] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  587.636065][T17559] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  587.718517][T17537] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.811071][T17564] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2832'.
[  587.814968][T17564] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2832'.
[  587.819471][T17559] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2833'.
[  587.823642][T17559] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2833'.
[  587.889355][T17537] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  587.981643][T17537] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.049024][T17537] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  588.204025][T17537] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  588.209575][T17537] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  588.214163][T17537] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  588.220133][T17537] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  588.300204][T17537] 8021q: adding VLAN 0 to HW filter on device bond0
[  588.316461][T17537] 8021q: adding VLAN 0 to HW filter on device team0
[  588.326617][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.329694][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  588.337219][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.339713][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  588.632515][T13535] Bluetooth: hci0: command tx timeout
[  588.645045][T17537] 8021q: adding VLAN 0 to HW filter on device batadv0
[  588.669737][T17537] veth0_vlan: entered promiscuous mode
[  588.677121][T17537] veth1_vlan: entered promiscuous mode
[  588.694510][T17537] veth0_macvtap: entered promiscuous mode
[  588.701820][T17537] veth1_macvtap: entered promiscuous mode
[  588.717222][T17537] batman_adv: batadv0: Interface activated: batadv_slave_0
[  588.739788][T17537] batman_adv: batadv0: Interface activated: batadv_slave_1
[  588.757512][T13310] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  588.768939][T13310] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  588.773725][T13310] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  588.776661][T13310] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  588.876485][T13310] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  588.882793][T13310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  588.896696][T13310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  588.899226][T13310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  589.100083][T17593] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  590.090620][T17605] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  590.116308][T17609] 9pnet_fd: Insufficient options for proto=fd
[  590.226670][T17605] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2838'.
[  590.230739][T17605] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2838'.
[  590.320514][T17615] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  590.414419][T17615] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2842'.
[  590.417524][T17615] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2842'.
[  590.846097][T13535] Bluetooth: hci0: command tx timeout
[  591.411802][T17632] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  591.433805][T17632] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2844'.
[  591.444671][T17632] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2844'.
[  591.823889][T17651] 9pnet_fd: Insufficient options for proto=fd
[  592.658339][T17640] ceph: No mds server is up or the cluster is laggy
[  593.070609][T13535] Bluetooth: hci0: command tx timeout
[  593.937042][T17681] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  594.383895][T17681] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2855'.
[  594.388090][T17681] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2855'.
[  594.445435][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  594.448021][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  594.489445][T17690] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2857'.
[  594.492501][T17690] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2857'.
[  594.499759][T17689] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  594.803264][T17694] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  594.887664][T17695] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2858'.
[  594.891680][T17695] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2858'.
[  595.118268][T17701] 9pnet_fd: Insufficient options for proto=fd
[  595.233792][T17704] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  595.295087][T13535] Bluetooth: hci0: command tx timeout
[  595.449946][T17704] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2861'.
[  595.452849][T17704] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2861'.
[  596.023400][T17711] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  596.287391][T17717] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2863'.
[  596.292563][T17717] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2863'.
[  596.850096][T17727] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  598.000567][T17739] 9pnet_fd: Insufficient options for proto=fd
[  598.684324][T17748] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  599.644652][T17763] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  599.659920][T17767] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  599.853879][T17763] __nla_validate_parse: 4 callbacks suppressed
[  599.853920][T17763] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2877'.
[  599.860411][T17763] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2877'.
[  600.342580][T17778] 9pnet_fd: Insufficient options for proto=fd
[  601.000032][T17791] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  601.254521][T17791] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2883'.
[  601.257565][T17791] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2883'.
[  601.576402][T17801] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2885'.
[  601.580076][T17801] netlink: 45 bytes leftover after parsing attributes in process `syz.5.2885'.
[  601.586823][T17801] netlink: 45 bytes leftover after parsing attributes in process `syz.5.2885'.
[  602.016535][T17810] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  602.096324][T17810] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2888'.
[  602.105142][T17810] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2888'.
[  602.373816][T17819] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  602.451636][T17819] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2891'.
[  604.983422][   T29] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  607.307905][T17861] __nla_validate_parse: 1 callbacks suppressed
[  607.307918][T17861] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2903'.
[  607.332539][   T29] usb 9-1: Using ep0 maxpacket: 16
[  607.479437][   T29] usb 9-1: config 0 has an invalid interface number: 8 but max is 0
[  607.482934][   T29] usb 9-1: config 0 has no interface number 0
[  607.485280][   T29] usb 9-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  607.491170][   T29] usb 9-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  607.494811][   T29] usb 9-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  607.497741][   T29] usb 9-1: Product: syz
[  607.499054][   T29] usb 9-1: SerialNumber: syz
[  607.505858][   T29] usb 9-1: config 0 descriptor??
[  607.514218][   T29] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.8/input/input71
[  607.675901][T17871] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2908'.
[  607.706530][T17872] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  607.813023][T17877] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  607.821726][T17872] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2905'.
[  607.826739][T17872] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2905'.
[  607.926395][T17877] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2909'.
[  607.929432][T17877] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2909'.
[  608.082007][T17885] fuse: Unknown parameter '01777777777777777777777�$7}3����&��>��bR_���T�G��\��`��Z�4Y|���2-�`Fw�ZV��y��-WZ�>�?���65
�lKN�NLm���f�}�]�>��7(ht(���pq����٥;�:'
[  609.947787][    C1] cm109 9-1:0.8: cm109_urb_irq_callback: urb status -71
[  609.950515][    C1] ------------[ cut here ]------------
[  609.953234][    C1] URB ffff888024fb4e00 submitted while active
[  609.956031][    C1] WARNING: CPU: 1 PID: 0 at drivers/usb/core/urb.c:379 usb_submit_urb+0x1519/0x1770
[  609.959460][    C1] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  609.961502][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  609.966402][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  609.970329][    C1] RIP: 0010:usb_submit_urb+0x1519/0x1770
[  609.972494][    C1] Code: fd eb cb bb fe ff ff ff e9 96 f3 ff ff e8 af de 7c fa c6 05 14 ba 55 09 01 90 48 c7 c7 a0 06 74 8c 48 89 de e8 28 d7 3b fa 90 <0f> 0b 90 90 e9 ac fe ff ff bb f8 ff ff ff e9 66 f3 ff ff 48 89 ef
[  609.978918][    C1] RSP: 0018:ffffc90000590a80 EFLAGS: 00010086
[  609.980831][    C1] RAX: 0000000000000000 RBX: ffff888024fb4e00 RCX: ffffffff817a02c8
[  609.983441][    C1] RDX: ffff88801d2da440 RSI: ffffffff817a02d5 RDI: 0000000000000001
[  609.986053][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  609.988665][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  609.991386][    C1] R13: ffff88805aa68057 R14: ffff888028e48600 R15: 000000000000000f
[  609.994154][    C1] FS:  0000000000000000(0000) GS:ffff8880975c3000(0000) knlGS:0000000000000000
[  609.997636][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  610.000193][    C1] CR2: 0000000080031000 CR3: 000000005ba51000 CR4: 0000000000352ef0
[  610.003372][    C1] Call Trace:
[  610.004662][    C1]  <IRQ>
[  610.005763][    C1]  ? find_held_lock+0x2b/0x80
[  610.007418][    C1]  ? __pfx____ratelimit+0x10/0x10
[  610.008951][    C1]  cm109_urb_irq_callback+0x2ed/0xb80
[  610.010980][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  610.013224][    C1]  __usb_hcd_giveback_urb+0x388/0x610
[  610.015607][    C1]  usb_hcd_giveback_urb+0x39b/0x450
[  610.017872][    C1]  dummy_timer+0x1814/0x3a30
[  610.019874][    C1]  ? find_held_lock+0x2b/0x80
[  610.021663][    C1]  ? debug_object_deactivate+0x1ec/0x3a0
[  610.023564][    C1]  ? debug_object_deactivate+0x1ec/0x3a0
[  610.025459][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[  610.027539][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  610.029082][    C1]  ? rcu_is_watching+0x12/0xc0
[  610.030571][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  610.032419][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  610.033974][    C1]  __hrtimer_run_queues+0x1ff/0xad0
[  610.035817][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  610.037987][    C1]  ? read_tsc+0x9/0x20
[  610.039356][    C1]  hrtimer_run_softirq+0x17d/0x350
[  610.040977][    C1]  handle_softirqs+0x219/0x8e0
[  610.042464][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  610.044141][    C1]  __irq_exit_rcu+0x109/0x170
[  610.045846][    C1]  irq_exit_rcu+0x9/0x30
[  610.047470][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  610.049473][    C1]  </IRQ>
[  610.050509][    C1]  <TASK>
[  610.051590][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  610.053799][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  610.055662][    C1] Code: fc 64 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 61 19 00 fb f4 <e9> 3c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  610.062887][    C1] RSP: 0018:ffffc9000046fdf8 EFLAGS: 00000286
[  610.065287][    C1] RAX: 00000000024910d9 RBX: 0000000000000001 RCX: ffffffff8b90abf9
[  610.068533][    C1] RDX: 0000000000000000 RSI: ffffffff8de4cbd1 RDI: ffffffff8c162d00
[  610.072002][    C1] RBP: ffffed1003a5b488 R08: 0000000000000001 R09: ffffed1005666655
[  610.075063][    C1] R10: ffff88802b3332ab R11: 0000000000000000 R12: 0000000000000001
[  610.077964][    C1] R13: ffff88801d2da440 R14: ffffffff90ab8390 R15: 0000000000000000
[  610.080396][    C1]  ? ct_kernel_exit+0x139/0x190
[  610.081923][    C1]  default_idle+0x13/0x20
[  610.083489][    C1]  default_idle_call+0x6d/0xb0
[  610.085193][    C1]  do_idle+0x391/0x510
[  610.086486][    C1]  ? __pfx_do_idle+0x10/0x10
[  610.087954][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[  610.089582][    C1]  cpu_startup_entry+0x4f/0x60
[  610.091087][    C1]  start_secondary+0x21d/0x2b0
[  610.092795][    C1]  ? __pfx_start_secondary+0x10/0x10
[  610.094616][    C1]  common_startup_64+0x13e/0x148
[  610.096464][    C1]  </TASK>
[  610.097541][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  610.100171][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  610.103582][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  610.107410][    C1] Call Trace:
[  610.108516][    C1]  <IRQ>
[  610.109595][    C1]  dump_stack_lvl+0x3d/0x1f0
[  610.111342][    C1]  vpanic+0x6e8/0x7a0
[  610.112853][    C1]  ? __pfx_vpanic+0x10/0x10
[  610.114286][    C1]  ? usb_submit_urb+0x1519/0x1770
[  610.115881][    C1]  panic+0xca/0xd0
[  610.117065][    C1]  ? __pfx_panic+0x10/0x10
[  610.118423][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  610.120071][    C1]  check_panic_on_warn+0xab/0xb0
[  610.121760][    C1]  __warn+0xf6/0x3c0
[  610.122949][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  610.124809][    C1]  ? usb_submit_urb+0x1519/0x1770
[  610.126532][    C1]  report_bug+0x3c3/0x580
[  610.128105][    C1]  ? usb_submit_urb+0x1519/0x1770
[  610.130021][    C1]  handle_bug+0x184/0x210
[  610.131655][    C1]  exc_invalid_op+0x17/0x50
[  610.133294][    C1]  asm_exc_invalid_op+0x1a/0x20
[  610.134915][    C1] RIP: 0010:usb_submit_urb+0x1519/0x1770
[  610.136723][    C1] Code: fd eb cb bb fe ff ff ff e9 96 f3 ff ff e8 af de 7c fa c6 05 14 ba 55 09 01 90 48 c7 c7 a0 06 74 8c 48 89 de e8 28 d7 3b fa 90 <0f> 0b 90 90 e9 ac fe ff ff bb f8 ff ff ff e9 66 f3 ff ff 48 89 ef
[  610.143609][    C1] RSP: 0018:ffffc90000590a80 EFLAGS: 00010086
[  610.145596][    C1] RAX: 0000000000000000 RBX: ffff888024fb4e00 RCX: ffffffff817a02c8
[  610.148325][    C1] RDX: ffff88801d2da440 RSI: ffffffff817a02d5 RDI: 0000000000000001
[  610.150674][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  610.153126][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  610.155497][    C1] R13: ffff88805aa68057 R14: ffff888028e48600 R15: 000000000000000f
[  610.157911][    C1]  ? __warn_printk+0x198/0x350
[  610.159425][    C1]  ? __warn_printk+0x1a5/0x350
[  610.160901][    C1]  ? find_held_lock+0x2b/0x80
[  610.162351][    C1]  ? __pfx____ratelimit+0x10/0x10
[  610.163944][    C1]  cm109_urb_irq_callback+0x2ed/0xb80
[  610.165619][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  610.167233][    C1]  __usb_hcd_giveback_urb+0x388/0x610
[  610.168956][    C1]  usb_hcd_giveback_urb+0x39b/0x450
[  610.170629][    C1]  dummy_timer+0x1814/0x3a30
[  610.172146][    C1]  ? find_held_lock+0x2b/0x80
[  610.173657][    C1]  ? debug_object_deactivate+0x1ec/0x3a0
[  610.175422][    C1]  ? debug_object_deactivate+0x1ec/0x3a0
[  610.177169][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[  610.178991][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  610.180528][    C1]  ? rcu_is_watching+0x12/0xc0
[  610.181977][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  610.183801][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  610.185344][    C1]  __hrtimer_run_queues+0x1ff/0xad0
[  610.186941][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  610.188698][    C1]  ? read_tsc+0x9/0x20
[  610.189997][    C1]  hrtimer_run_softirq+0x17d/0x350
[  610.191603][    C1]  handle_softirqs+0x219/0x8e0
[  610.193090][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  610.194705][    C1]  __irq_exit_rcu+0x109/0x170
[  610.196132][    C1]  irq_exit_rcu+0x9/0x30
[  610.197427][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  610.199275][    C1]  </IRQ>
[  610.200148][    C1]  <TASK>
[  610.201070][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  610.202901][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  610.204667][    C1] Code: fc 64 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 61 19 00 fb f4 <e9> 3c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  610.210460][    C1] RSP: 0018:ffffc9000046fdf8 EFLAGS: 00000286
[  610.212338][    C1] RAX: 00000000024910d9 RBX: 0000000000000001 RCX: ffffffff8b90abf9
[  610.214789][    C1] RDX: 0000000000000000 RSI: ffffffff8de4cbd1 RDI: ffffffff8c162d00
[  610.217218][    C1] RBP: ffffed1003a5b488 R08: 0000000000000001 R09: ffffed1005666655
[  610.219611][    C1] R10: ffff88802b3332ab R11: 0000000000000000 R12: 0000000000000001
[  610.221922][    C1] R13: ffff88801d2da440 R14: ffffffff90ab8390 R15: 0000000000000000
[  610.224305][    C1]  ? ct_kernel_exit+0x139/0x190
[  610.225767][    C1]  default_idle+0x13/0x20
[  610.227158][    C1]  default_idle_call+0x6d/0xb0
[  610.228701][    C1]  do_idle+0x391/0x510
[  610.230014][    C1]  ? __pfx_do_idle+0x10/0x10
[  610.231541][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[  610.233271][    C1]  cpu_startup_entry+0x4f/0x60
[  610.234847][    C1]  start_secondary+0x21d/0x2b0
[  610.236366][    C1]  ? __pfx_start_secondary+0x10/0x10
[  610.238026][    C1]  common_startup_64+0x13e/0x148
[  610.239599][    C1]  </TASK>
[  610.241250][    C1] Kernel Offset: disabled
[  610.242538][    C1] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:31:12  Registers:
info registers vcpu 0

CPU#0
RAX=00000000014cfb77 RBX=0000000000000000 RCX=ffffffff8b90abf9 RDX=0000000000000000
RSI=ffffffff8de4cbd1 RDI=ffffffff8c162d00 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab8390 R15=0000000000000000
RIP=ffffffff8b90975f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c38eb7c CR3=000000005125c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000043 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85617075 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc900005903f0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000043 R14=ffffffff9b0f96c0 R15=ffffffff85617010
RIP=ffffffff8561709f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080031000 CR3=000000005ba51000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=ffff8880242b8af0 RCX=000000005bc032e2 RDX=7ef831b4071464a0
RSI=0000000000000001 RDI=000000007b664b3a RBP=0000000000000000 RSP=ffffc90002f56ea0
R8 =7ef831b4071464a0 R9 =0000000000000000 R10=0000000000000004 R11=0000000000000000
R12=ffff8880242b8b90 R13=ffff8880242b8000 R14=00000000b0efb07a R15=0000000000000001
RIP=ffffffff81974193 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880976c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007ffedcc45ff8 CR3=0000000065fe3000 CR4=00352ef0
DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=00000172849d2bbc RBX=ffff88802b523a00 RCX=00000000000006e0 RDX=0000000000000172
RSI=ffff88802b523a00 RDI=0000000000000f03 RBP=0000000000000f03 RSP=ffffc90006fc7a68
R8 =0000000000000005 R9 =000000000000003f R10=0000000000000019 R11=0000000000000000
R12=0000000000000001 R13=0000000000000001 R14=0000000000000019 R15=ffff88802b527c80
RIP=ffffffff81680db5 RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73a2fc0 CR3=000000005125c000 CR4=00352ef0
DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000